[Openswan Users] MTU issue
gresko at thr.sk
Thu Aug 10 11:59:29 EDT 2006
I have a problem while using IPsec.
My setup is a network tunnel between two networks, let them call A and B. They
are protected by the gateways A and B with IP's pA and pB (public addresses)
and sA, sB (private addresses). MTU of pA interface is 1460, pB 1492. Gateway
A is a FC5 (latest updates), gateway B is a FC4 (latest updates) - oth using
netkey. On both gateways the source ip's are set to sA and sB respectively.
When I try to scp a file from sB to sA, it hangs. Router B gets the frag
needed icmp message, but it does nothing. ICMP frag needed is surely allowed
in the firewall. Is the a known bug in that sense?
When I try
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN \
-j TCPMSS --clamp-mss-to-pmtu
on Router A it seems to help. It is still not well tested if it helps
definitely. But this solution does not help for UDP traffic.
Is there some "correct" solutionm for this? Is it a kernel bug? What is
THR Systems, a. s.
More information about the Users