[Openswan Users] unreachable - need to frag
Cameron Davidson
cam73 at aanet.com.au
Sat Aug 5 19:01:35 EDT 2006
Brian Sheets wrote:
> Hi, weird problem
>
>
>
> If I ssh/scp from net A to net B larger transmissions hang the
> connection, when I ssh/scp from net B to net A there is no problem.
>
> The tcpdump yields unreachable - need to frag messages.
>
> Net A is behind the openswan connection net B is behind a netscreen 5gt,
> I have an identical configuration from my home, which is behind a
> netscreen 5gt to the openswan and it works fine in both directions.
>
Are the ICMP need frag in response to the ESP and/or the tunnelled packets?
Normally the firewall should be allowing them as part of
established/related rules.
Which versions of kernel, Openswan? Using netkey or Klips?
Cameron.
More information about the Users
mailing list