[Openswan Users] IPSec, Windows XP/2000 and Dead Peer Detection
Andrej Trobentar
andrej.trobentar at rikom.si
Sat Oct 15 11:49:26 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Juha Pietikäinen wrote:
>
> Hi,
>
> I have os 2.4.2dr2 running with kernel 2.4.31.
>
> I have ended up to use these settings with quick trial and error method:
>
> ipsec.conf:
> override mtu = 1430
>
> options.l2tpd:
> mtu 1360
> mru 500
>
> There was discussed in one earlier message that
> MRU 500 is caused by incompatible PMTU with Windows clients.
>
> I noticed this low mru issue when I upgrated OS from version 2.2.1 to
> version 2.4
>
> With Os 2.2.1 it was possible to use same MTU and MRU value.
>
> I haven't got any natted clients now but this version (2.4.2dr2) seems
> to work with "nat traversal = yes"
> as version 2.4.1 didn't work at all with it. NAT-T worked fine with os
> 2.2.1 and Windows XP Pro (SP2) clients.
Hello,
This works for me too at the moment! My static tunnels and my roadwarior
setup works. I have to test it a little more to be sure, but so far
everything is working.
Regarding the WindowsXP/2000 disconects I have to wait for the feedback
from my co-workers. Maybe this release will resolve this issues...
- --
Thanks for the help and have a nice day,
Andrej.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFDUMKWVd/NU2yFfAoRAk4HAJsFX96aG7CxOyQEJTS53s56iRlwEACeJx/Q
cniRvFIBqIRUEOqEG74IJMk=
=/T+K
-----END PGP SIGNATURE-----
More information about the Users
mailing list