[Openswan Users] Re: MTU problems
peter at farrows.org
Mon Jun 12 16:19:48 CEST 2006
This only became a problem when I went to Openswan from Freeswan,
previously when using freeswan on RedHat 9 the problem never arose, the
only change was to Centos 4.3 and Openswan.
In fact, I know its now any of the ADSL or SDSL routers in the path
between the sites, because if I do a simple port forward on 3389 to one
of the internal servers (for terminal services) I can connect reliably
and ok across the net - yet if I go through the tunnel without MTU'ing
all machines for terminal services it is unreliable and disconnects
frequently. Going through a RedHat 9 VPN usng freeswan and its ok...
Also one added point : all the Linux machines are running 64bit Centos.
It works fine with 1492 MTUs but its a PITA...
If you hve any other ideas I would be glad to hear them, thanks very
much for responding and helping, I was beginning to feel a bit "out in
I set dozens of freeswan VPNs up using REdHat 9 and Centos 3, but this
is one of the first NetKey ones I have done and the first with Openswan
at both ends.
I am using a 2.6.9-34.0.1.EL kernel
Peter McGill wrote:
>> Its seems the max MTU is 1492, and I have had to set this on all windows
>> and Linux boxes to make the link useable,
> 1492 is the MTU for PPPoE links, which are often used by ISPs,
> with xDSL. Are you using PPPoE to connect to your ISP? If so this is
> why your
> MTU is 1492. The other possibilities are that one of the other routers
> in the
> internet route between your hosts has this MTU either because it is
> using PPPoE
> or is perhaps simply misconfigured... In either case you will likely
> have to live
> with the 1492 MTU, it's not so bad though, just set your MTU's
> If your not using PPPoE, you may be able to determine which router is
> the problem, but it's unlikely that the owner will fix it, assuming
> that it is a
> misconfiguration. You can attempt to locate the router by resetting
> your MTU
> to 1500 and doing some large traceroutes (packet size > 1492), the
> command will vary depending on your local traceroute program, but be
> sure to
> set the don't fragment option and increase the packet size.
> Peter McGill
> Software Developer / Network Administrator
> Gra Ham Energy Limited
More information about the Users