[Openswan Users] Bad performance on 2.6 kernel (native IPSec)
Mark van Proctor
m.vanproctor at metech.com.au
Tue Jan 24 01:06:27 CET 2006
Thanks Paul, further questions in line...
> On Sat, 21 Jan 2006, Mark van Proctor wrote:
>
>> I'm using 2.4.0 on RHEL ES 4 (its in a production environment, so no I
>> can't
>
>> MTU/MRU is 1500 for the ethernet card.
>> overridemtu is set in ipsec.conf to 1410
>
> If you use netkey (ipsec --version) then overridemtu= does not work. You
> will need to ifconfig ethX mtu1410.
>
But does this modify the pre-IPSec interface or the post-IPSec interface?
Because it really needs to be 1410 PRIOR to the IPSec conversion but 1500
AFTER otherwise it will get fragmented just as much...
>> MTU/MRU is set to 1350 for the L2TP daemon (but remember, I have the
>> issue
>> for non-l2tp connections also).
>
> Try 1200 there. We did some calculations of possible overheads of all
> kinds
> of tunneling protocols, and that seemed a good experimental figure
I will try 1200 here, but please keep in mind my issue is limited to L2TP
connections
>
>> (PS - CPU usage is minimal so I don't think it can be hardware
>> performance...)
More information about the Users
mailing list