[Openswan Users] unreachable - need to frag
brians at fl240.com
Sat Aug 5 06:53:53 EDT 2006
I'm not sure I understand this
When I scp a file from my home system, behind the netscreen,
18:48:49.535015 IP 192.168.23.27.ssh > 10.200.200.10.54855: .
76365:77657(1292) ack 1346 win 50388 <nop,nop,timestamp 118421258
It appears that the packet size is 1292
When I do the same thing from my office site
18:50:42.707862 IP 192.168.21.11.ssh > 10.200.200.10.54857: .
1600:3048(1448) ack 1314 win 1752 <nop,nop,timestamp 633033311
18:50:42.708554 IP gateway1.mxpath.net > 192.168.21.11: icmp 556:
10.200.200.10 unreachable - need to frag (mtu 1500)
The MTU on the netscreen at my home has default to 1492, and the one at
the office is 1500, that's the only difference I can see.
In addition, the box at home is a solaris box, the box at the office is
a debian box. BTW, I can duplicate this on any box behind the openswan
to any box behind the office netscreen so I know that its independent of
any client system.
Who is driving the packet size, why is the packet coming from my home
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Saturday, August 05, 2006 9:11 AM
To: Brian Sheets
Cc: cam73 at aanet.com.au; users at openswan.org
Subject: RE: [Openswan Users] unreachable - need to frag
On Sat, 5 Aug 2006, Brian Sheets wrote:
> Linux Openswan U2.2.0/K2.6.8-2-386 (native)
Both openswan and kernel need an update. Any kernel when using netkey
older the n2.6.11 should be avoided due to missing MTU related patches.
This includes the 2.6.9 based RHEL4 kernel unfortunately
More information about the Users