[Openswan Users] MTU issue
Antony Gelberg
antony at wayforth.co.uk
Tue Sep 20 19:36:21 CEST 2005
Hi all,
I have a PMTUD issue with my VPN. It manifested itself here:
http://lists.samba.org/archive/samba/2005-September/111079.html
This makes sense. When I ping a LAN host from the roadwarrior, with DF
set, 1450 responds with Fragmentation required but DF set, 1350 responds
normally, but 1400 times out. As if that wasn't enough,
http://lists.openswan.org/pipermail/users/2004-July/001514.html confirms
my suspicions.
However, I can't seem to find the correct settings. On the Openswan box,
both WAN(eth0) and LAN(eth1) have an MTU=1500. I am disregarding the
ipsec0 MTU of 16260 as I believe it's a red herring. Both routers (LAN
and roadwarrior) have MTU=MRU=1458 and MSS=1418.
However, even if I set MTU=1458 on eth0 and eth1 on the Openswan box, no
joy. The ping problem is still present.
Hope someone can shed some light.
Antony
More information about the Users
mailing list