[Openswan Users]
Beschorner Daniel
Daniel.Beschorner at facton.com
Fri Feb 17 22:15:28 CET 2006
> Your SecGw1 didn't get ICMP Fragmentation Needed or didn't handle it
> because the related ICMP Frag Needed from you SecGw1 should be 1436
> not 1444 (1500 - 1492 = 8).
"Outer" PMTUD works fine,.e.g. a scp from SecGw1 to SecGw2 succeeds.
So I assume that Linux isn't capable to transform the (outer) ESP ICMP to an
appropriate in-tunnel ICMP, is it?
That seems to be the problem, so I helped myself with disabling PMTUD for
the ESP packets.
> Please check that
> - your SecGw1 has PMTU enabled (net.ipv4.ip_no_pmtu_disc = 0)
PMTU is enabled
> - your firewall didn't filtered ICMP 3/4 messages
firewall is disabled
More information about the Users
mailing list