[Openswan Users]

Paul Wouters paul at xelerance.com
Tue Jul 18 07:04:39 CEST 2006

On Mon, 17 Jul 2006, Matt Reeve wrote:

> I've reset that MTU to 1472 and restarted everything and that has had no
> effect. The W2K install is actually out of the box as is the working XP
> install so I'm not expecting anything untoward there.. ipsec verify shows:

> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                                 [OK]

That all looks okay.

> Linux Openswan U2.4.6rc2/K2.6.17-1.2145_FC5 (netkey)

You oculd give KLIPS a try over NETKEY. They both handle fragmentation and
mtu issues differently.

> Is it possible there is something wrong with my certificates? I'm still a bit
> unclear about how to set all that up even having spent hours surfing for
> documentation on how to do it properly. It seems odd though that the very same
> certificate works on the XP box and not the 2K box...

The Openswan book has a detailed chapter on how to create certificates.
I don't think you are doing anything wrong. I think it is the openswan=windows
interaction with MTU's that is causing this.

Sorry I cannot be more helpful,


More information about the Users mailing list