[Openswan Users]

Ilia Sotnikov hostcc at gmail.com
Fri Feb 17 22:02:28 CET 2006


On 2/17/06, Beschorner Daniel <Daniel.Beschorner at facton.com> wrote:
> Sender(1500)->SecGw1(1500)-> ... ->ADSL
> Router(1492)->SecGw2(1492/1500)->Receiver(1500)
>
> The ADSL Router on the way sends need-to-frag(mtu 1492) packets, but the
> sending Linux 2.6-SecGw1 doesn't seem to care about, it only sends
> need-to-frag(mtu 1444) to the sender, what means 1500 minus esp.
>
> So pmtud doesn't work for this scenario.

Your SecGw1 didn't get ICMP Fragmentation Needed or didn't handle it
because the related ICMP Frag Needed from you SecGw1 should be 1436
not 1444 (1500 - 1492 = 8).

Please check that
- your SecGw1 has PMTU enabled (net.ipv4.ip_no_pmtu_disc = 0)
- your firewall didn't filtered ICMP 3/4 messages

Recently I also reported PMTU problems to netdev
http://marc.theaimsgroup.com/?l=linux-netdev&m=114012032001584&w=2

--
 Ilia Sotnikov


More information about the Users mailing list