[Openswan Users] IPSec, Windows XP/2000 and Dead Peer Detection
Juha Pietikäinen
juha.pietikainen at connet.net
Sat Oct 15 09:31:33 CEST 2005
Hi,
I have os 2.4.2dr2 running with kernel 2.4.31.
I have ended up to use these settings with quick trial and error method:
ipsec.conf:
override mtu = 1430
options.l2tpd:
mtu 1360
mru 500
There was discussed in one earlier message that
MRU 500 is caused by incompatible PMTU with Windows clients.
I noticed this low mru issue when I upgrated OS from version 2.2.1 to
version 2.4
With Os 2.2.1 it was possible to use same MTU and MRU value.
I haven't got any natted clients now but this version (2.4.2dr2) seems to
work with "nat traversal = yes"
as version 2.4.1 didn't work at all with it. NAT-T worked fine with os 2.2.1
and Windows XP Pro (SP2) clients.
Juha Pietikäinen
More information about the Users
mailing list