[Openswan Users] MTU issue
Paul Wouters
paul at xelerance.com
Tue Sep 20 21:04:14 CEST 2005
On Tue, 20 Sep 2005, Antony Gelberg wrote:
> This makes sense. When I ping a LAN host from the roadwarrior, with DF
> set, 1450 responds with Fragmentation required but DF set, 1350 responds
> normally, but 1400 times out. As if that wasn't enough,
> http://lists.openswan.org/pipermail/users/2004-July/001514.html confirms
> my suspicions.
>
> However, I can't seem to find the correct settings. On the Openswan box,
> both WAN(eth0) and LAN(eth1) have an MTU=1500. I am disregarding the
> ipsec0 MTU of 16260 as I believe it's a red herring. Both routers (LAN
> and roadwarrior) have MTU=MRU=1458 and MSS=1418.
the ipsec interface has an mtu larger then the underlying physical interface,
so it will never cause fragmentation. fragmentation should not happen there.
> However, even if I set MTU=1458 on eth0 and eth1 on the Openswan box, no
> joy. The ping problem is still present.
Try to set your mtu to 1350 since that seems to work. You can also try to
use overridemtu=1350, which will set the ipsec device mtu.
Paul
More information about the Users
mailing list