[Openswan Users] Re: IPSec, Windows XP/2000 and Dead Peer Detection
Andrej Trobentar
andrej.trobentar at rikom.si
Mon Oct 17 16:40:50 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Juha Pietikäinen wrote:
> This is just a guess but NAT-T adds some overhead (about 20 bytes) to
> the IP-packets and so it needs extra bytes reserved from the mtu setting.
> Those settings that I send work in my case because I don't have any
> natted clients.
> Could you try again with setting "mtu 1300" in options.l2tpd?
Sorry, but it doesn't work. If I set it anything greater than 500 the
command "ping -l <anything greater than 487> <internal IP>" doesn't work :(
> If it works, you can try to adjust correct values later. I guess that
> optimal value should be somewhere between 1320 and 1340 with these
> settings.
I have set mtu and mru settings in options.l2tpd to 500 and now the
command "ping -l <anything greater than 487> <internal IP>" works with
NATed and not NATed clients (quick tested on ISDN, analog an Cable line).
> It is also possible that nat-t is still broken in os2.4.2dr2 with
> kernel 2.4.31.
> Maybe Paul knows more about this?
I think, that my *NATed* clients couldn't connect because the mtu
setting was not correct. For now everything is working, but this
requires more intensive testing to be 100% sure!
But, why do you have to change these mtu settings when upgrading from os
2.3.1 to os 2.4.1dr2?
- --
Lep pozdrav,
Andrej.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFDU6nhVd/NU2yFfAoRAqG4AJ4vpgbyoCjXsGb8uEnmztTkaVXAcgCgyKJS
+9cOY6rbLKctayKZxb6RQbM=
=drJ+
-----END PGP SIGNATURE-----
More information about the Users
mailing list