[Openswan Users] 2.4.5 klips mtu issue

Brian Candler B.Candler at pobox.com
Mon Apr 10 16:36:08 CEST 2006

On Mon, Apr 10, 2006 at 03:01:21PM +0100, Brian Candler wrote:
> If I can modify l2tpd so that it doesn't set DF, then maybe the problem with
> running it through Openswan for transport mode IPSEC will vanish.

OK, I can do

# echo "1" > /proc/sys/net/ipv4/ip_no_pmtu_disc

and the problem goes away; l2tpd+Openswan 2.4.5 can happily talk to Cisco
IOS. But it seems like pretty bizarre behaviour in Linux if it's trying to
do "PMTU" services on a UDP socket on behalf of the application, when it's
perfectly reasonable for the application to be able to send a UDP packet and
have it fragmented by the network. PMTU with TCP makes a lot more sense.

The behaviour is the same with both 2.4.30 (OpenWRT WR RC5) and 2.6.9
(CentOS 4.2). I can't see any way to turn this off on a socket-by-socket
basis, which means to fix it for L2TP, I have to break TCP PMTU discovery.



More information about the Users mailing list