[Openswan Users] Bad performance on 2.6 kernel (native IPSec)

Paul Wouters paul at xelerance.com
Sat Jan 21 18:16:07 CET 2006

On Sat, 21 Jan 2006, Mark van Proctor wrote:

> I'm using 2.4.0 on RHEL ES 4 (its in a production environment, so no I can't

> MTU/MRU is 1500 for the ethernet card.
> overridemtu is set in ipsec.conf to 1410

If you use netkey (ipsec --version) then overridemtu= does not work. You
will need to ifconfig ethX mtu1410.

> MTU/MRU is set to 1350 for the L2TP daemon (but remember, I have the issue
> for non-l2tp connections also).

Try 1200 there. We did some calculations of possible overheads of all kinds
of tunneling protocols, and that seemed a good experimental figure

> (PS - CPU usage is minimal so I don't think it can be hardware
> performance...)


"Happiness is never grand"

	--- Mustapha Mond, World Controller (Brave New World)

More information about the Users mailing list