[Openswan Users] unreachable - need to frag
ted leslie
tleslie at tcn.net
Fri Aug 4 20:58:14 EDT 2006
i ran into something similar,
and the frag or packeting info messages have to be able to pass throught the fw rules,
hence the below.
see if your iptables is complaining.
I added the stuff below (or atleast some of it) and problem solved.
(iptables was logging an exception, i just didnt pick it up right away, becasue
the rejection message wasn't very detailed).
This might not be your sol'n but it sounds like it could be, or something along these lines.
iptables -A OUTPUT -p icmp --icmp-type 0/0 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 8/0 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 3 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0/0 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8/0 -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type 0/0 -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type 8/0 -j ACCEPT
-tl
On Fri, 4 Aug 2006 22:26:54 -0700
"Brian Sheets" <brians at fl240.com> wrote:
> Hi, weird problem
>
>
>
> If I ssh/scp from net A to net B larger transmissions hang the
> connection, when I ssh/scp from net B to net A there is no problem.
>
>
>
> The tcpdump yields unreachable - need to frag messages.
>
>
>
> Net A is behind the openswan connection net B is behind a netscreen 5gt,
> I have an identical configuration from my home, which is behind a
> netscreen 5gt to the openswan and it works fine in both directions.
>
>
>
> Any help?
>
>
>
> Thanks
>
>
>
> Brian
>
>
More information about the Users
mailing list