[Openswan Users] MTU/DF problem with 2.6

Beschorner Daniel Daniel.Beschorner at facton.com
Mon Feb 13 16:11:38 CET 2006


We have an IPSEC scenario with peer MTUs of 1500 and 1492.
Packets with a MTU of 1500 bytes sent from the tunnel router to the 1492
peer won't reach their destination, a destination-unreachable message is
generated und shown in the senders kernel log ("pmtu discovery on SA
ESP...").
But unfortunately this information never reaches the sender inside the
tunnel.

So my question is: KLIPS (2.4) sends the ESP packets always without the DF
flag, so they reach their destination, even though fragmented.

Can I force the 2.6 kernel implementation to also clear the DF flag always?

Thank you
Daniel


More information about the Users mailing list