[Openswan Users] IPSec, Windows XP/2000 and Dead Peer Detection

Juha Pietikäinen juha.pietikainen at connet.net
Sat Oct 15 09:31:33 CEST 2005


Hi,

I have os 2.4.2dr2 running with kernel 2.4.31.

I have ended up to use these settings with quick trial and error method:

ipsec.conf:
override mtu = 1430

options.l2tpd:
mtu 1360
mru 500

There was discussed in one earlier message that
MRU 500 is caused by incompatible PMTU with Windows clients.

I noticed this low mru issue when I upgrated OS from version 2.2.1 to 
version 2.4

With Os 2.2.1 it was possible to use same MTU and MRU value.

I haven't got any natted clients now but this version (2.4.2dr2) seems to 
work with "nat traversal = yes"
as version 2.4.1 didn't work at all with it. NAT-T worked fine with os 2.2.1 
and Windows XP Pro (SP2) clients.

Juha Pietikäinen 



More information about the Users mailing list