[Openswan Users] MTU/DF problem with 2.6

Andy fs at globalnetit.com
Mon Feb 13 15:40:30 CET 2006


On Mon, 2006-02-13 at 16:11 +0100, Beschorner Daniel wrote:
> We have an IPSEC scenario with peer MTUs of 1500 and 1492.
> Packets with a MTU of 1500 bytes sent from the tunnel router to the 1492
> peer won't reach their destination, a destination-unreachable message is
> generated und shown in the senders kernel log ("pmtu discovery on SA
> ESP...").
> But unfortunately this information never reaches the sender inside the
> tunnel.
> 
> So my question is: KLIPS (2.4) sends the ESP packets always without the DF
> flag, so they reach their destination, even though fragmented.
> 
> Can I force the 2.6 kernel implementation to also clear the DF flag always?
> 
A brute-force answer:
"echo 1 >/proc/sys/net/ipv4/ip_no_pmtu_disc"
will turn off pmtud for all packets (not just esp), I believe.


> Thank you
> Daniel
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
-- 
Andy <fs at globalnetit.com>



More information about the Users mailing list