paul at xelerance.com
Tue Jul 18 07:04:39 CEST 2006
On Mon, 17 Jul 2006, Matt Reeve wrote:
> I've reset that MTU to 1472 and restarted everything and that has had no
> effect. The W2K install is actually out of the box as is the working XP
> install so I'm not expecting anything untoward there.. ipsec verify shows:
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
That all looks okay.
> Linux Openswan U2.4.6rc2/K2.6.17-1.2145_FC5 (netkey)
You oculd give KLIPS a try over NETKEY. They both handle fragmentation and
mtu issues differently.
> Is it possible there is something wrong with my certificates? I'm still a bit
> unclear about how to set all that up even having spent hours surfing for
> documentation on how to do it properly. It seems odd though that the very same
> certificate works on the XP box and not the 2K box...
The Openswan book has a detailed chapter on how to create certificates.
I don't think you are doing anything wrong. I think it is the openswan=windows
interaction with MTU's that is causing this.
Sorry I cannot be more helpful,
More information about the Users