[Openswan Users] unreachable - need to frag
Brian Sheets
brians at fl240.com
Sat Aug 5 02:28:54 EDT 2006
gateway1
Sat Aug 5 05:55:03 GMT 2006
+ _________________________ version
+ ipsec --version
Linux Openswan U2.2.0/K2.6.8-2-386 (native)
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.6.8-2-386 (horms at tabatha.lab.ultramonkey.org) (gcc
version 3.3.5
(Debian 1:3.3.5-13)) #1 Tue Aug 16 12:46:35 UTC 2005
I'm not sure how to figure out if it's netkey or Klips
Brian
-----Original Message-----
From: Cameron Davidson [mailto:cam73 at aanet.com.au]
Sent: Saturday, August 05, 2006 7:02 AM
To: Brian Sheets; users at openswan.org
Subject: Re: [Openswan Users] unreachable - need to frag
Brian Sheets wrote:
> Hi, weird problem
>
>
>
> If I ssh/scp from net A to net B larger transmissions hang the
> connection, when I ssh/scp from net B to net A there is no problem.
>
> The tcpdump yields unreachable - need to frag messages.
>
> Net A is behind the openswan connection net B is behind a netscreen
5gt,
> I have an identical configuration from my home, which is behind a
> netscreen 5gt to the openswan and it works fine in both directions.
>
Are the ICMP need frag in response to the ESP and/or the tunnelled
packets?
Normally the firewall should be allowing them as part of
established/related rules.
Which versions of kernel, Openswan? Using netkey or Klips?
Cameron.
More information about the Users
mailing list