[Openswan Users] fragmentation is not working with openswan/l2tpd

Joji Joseph jjoseph at ashleylaurent.com
Wed Jan 11 03:43:55 CET 2006 

Hi All,

 

     I am using openswan-2.4.4 and l2tpd-0.69 in a Redhat 9.0 Linux box
with openswan patched 2.4.20 kernel. My box is actually an L2TP client
and trying get connected to a SOHO gateway L2TP server.

 

The issue is, when I am trying to access the SOHO device web page, the
ppp0 interface is sending http GET request of packet size 550. 

 

But in ipsec0 interface, this packet is converted as a ppp over l2tp
packet of size 548 and the packet is getting fragmented. 

The main thing is the second fragment is sending at the first without
encapsulating as a ppp over l2tp packet and it is using the wan IP
address itself as its source and destination IPs. 

Because of this source/destination IP (I think so); the second fragment
is not encapsulating as an esp packet and not shown in the eth0
interface.

 

Please see the configuration file entries which I am using,

 

ipsec.conf

---------------

config setup

      overridemtu=1500

      nat_traversal=yes

      plutodebug="all"

 

conn L2TP-PSK-GATEWAY

      authby=secret

      pfs=no

      left=%defaultroute

      leftid=10.20.121.3

      leftprotoport=17/1701

      right=10.20.121.1

      rightprotoport=17/1701

      auto=add

      keyingtries=3

      type=transport

      esp=3des-md5-96 

 

l2tpd.conf

--------------

[lac L2TPserver]

lns = 10.20.121.1

require chap = yes

refuse pap = yes

require authentication = yes

; Name should be the same as the username in the PPP authentication

name = l2tp

ppp debug = yes

pppoptfile = /etc/ppp/options.l2tpd.client

;length bit = yes

 

options.l2tpd.client

----------------------------

ipcp-accept-local

ipcp-accept-remote

refuse-eap

noccp

noauth

crtscts

idle 1800

mtu 1500

mru 1500

nodefaultroute

debug

lock

proxyarp

connect-delay 5000

 

Could somebody please give information about something goes wrong in the
configuration?

 

One more thing I noticed is, I couldn't send a ping packet with large
size (say 1200). It is also getting fragmented without ppp/l2tp
encapsulation as explained before and the last fragment is sending at
the first. 

Is this a known bug of fragmentation in the openswan/l2tpd? Is there any
fix available for this?

 

Thanks in advance for any help!

 

Regards

Joji

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060111/d8d58b1c/attachment.htm

More information about the Users mailing list