[Openswan Users] MTU issues in Hub and Spoke config

Peter Farrow peter at farrows.org
Thu Aug 17 17:25:11 EDT 2006


Windows XP desktops don't seem to need it,

I set it on all the IPSEC Linux boxes running openswan on 2.6 kernels, 
and all servers (linux and windows 2003) in my organisation,  on 2003 
server etc it can be set in the group policy if needed, but I found that 
XP workstations didn't need it.

P.


Jeremy Mann wrote:
>
> would route MTU's solve it, or are you saying I need to set all my
> interface MTUs to 1492?(over 300 desktops between the two sites)
>
> Peter Farrow wrote:
> > MTU problems are prolific,  I set all my MTUs to 1492 on all
> > interfaces to fix this problem at all sites.
> >
> > Additionally Windows 2003 server has an MTU bug as well
> >
> > *MailScanner has detected a possible fraud attempt from 
> "support.microsoft.com" claiming to be* 
> http://support.microsoftcom/kb/898060/ 
> <http://support.microsoft.com/kb/898060/>
> >
> > so you need to force the MTU setting on your 2003 servers if you have
> > any...
> >
> > Doing this fixed it for me even though its a total PITA
> >
> > P.
> >
> >
> > Jeremy Mann wrote:
> >>
> >>     I have a HUB-SPOKE arrangment, and whenever one spoke site 
> wants to
> >> get to another, I get MTU issues.  They have none reaching the HUB
> >> server.
> >>
> >> Any clues how I can debug this?  Even adding a MTU to each individual
> >> route doesn't help matters.  It looks like somewhere around 1450 the
> >> fragmentation occurs.
> >>
> >>
> >> --
> >> This message has been scanned for viruses and
> >> dangerous content by the *Enhancion* <http://www.enhancion.net/>*
> >> system scanner,
> >> and is believed to be clean. *
> >> *_______________________________________________
> >> Users at openswan.org
> >> http://lists.openswan.org/mailman/listinfo/users
> >> Building and Integrating Virtual Private Networks with Openswan:
> >> 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >>   *
> > *
> > --
> > This message has been scanned for viruses and
> > dangerous content by the *Enhancion* <http://www.enhancion.net/>
> > system scanner,
> > and is believed to be clean. *
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by the *Enhancion* <http://www.enhancion.net/> 
> system scanner,
> and is believed to be clean. 

-- 
This message has been scanned for viruses and
dangerous content by the Enhancion system Scanner
and is believed to be clean.
http://www.enhancion.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060817/a5800297/attachment.html 


More information about the Users mailing list