[Openswan Users] unreachable - need to frag
brians at fl240.com
Sat Aug 5 02:28:54 EDT 2006
Sat Aug 5 05:55:03 GMT 2006
+ _________________________ version
+ ipsec --version
Linux Openswan U2.2.0/K2.6.8-2-386 (native)
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.6.8-2-386 (horms at tabatha.lab.ultramonkey.org) (gcc
(Debian 1:3.3.5-13)) #1 Tue Aug 16 12:46:35 UTC 2005
I'm not sure how to figure out if it's netkey or Klips
From: Cameron Davidson [mailto:cam73 at aanet.com.au]
Sent: Saturday, August 05, 2006 7:02 AM
To: Brian Sheets; users at openswan.org
Subject: Re: [Openswan Users] unreachable - need to frag
Brian Sheets wrote:
> Hi, weird problem
> If I ssh/scp from net A to net B larger transmissions hang the
> connection, when I ssh/scp from net B to net A there is no problem.
> The tcpdump yields unreachable - need to frag messages.
> Net A is behind the openswan connection net B is behind a netscreen
> I have an identical configuration from my home, which is behind a
> netscreen 5gt to the openswan and it works fine in both directions.
Are the ICMP need frag in response to the ESP and/or the tunnelled
Normally the firewall should be allowing them as part of
Which versions of kernel, Openswan? Using netkey or Klips?
More information about the Users