[Openswan Users] Bad performance on 2.6 kernel (native IPSec)

Mark van Proctor m.vanproctor at metech.com.au
Tue Jan 24 01:06:27 CET 2006

Thanks Paul, further questions in line...

> On Sat, 21 Jan 2006, Mark van Proctor wrote:
>> I'm using 2.4.0 on RHEL ES 4 (its in a production environment, so no I
>> can't
>> MTU/MRU is 1500 for the ethernet card.
>> overridemtu is set in ipsec.conf to 1410
> If you use netkey (ipsec --version) then overridemtu= does not work. You
> will need to ifconfig ethX mtu1410.

But does this modify the pre-IPSec interface or the post-IPSec interface?
Because it really needs to be 1410 PRIOR to the IPSec conversion but 1500
AFTER otherwise it will get fragmented just as much...

>> MTU/MRU is set to 1350 for the L2TP daemon (but remember, I have the
>> issue
>> for non-l2tp connections also).
> Try 1200 there. We did some calculations of possible overheads of all
> kinds
> of tunneling protocols, and that seemed a good experimental figure

I will try 1200 here, but please keep in mind my issue is limited to L2TP
>> (PS - CPU usage is minimal so I don't think it can be hardware
>> performance...)

More information about the Users mailing list