[Openswan Users] Re: MTU problems

Brian Candler B.Candler at pobox.com
Mon Jun 12 16:32:45 CEST 2006


On Mon, Jun 12, 2006 at 03:19:48PM +0100, Peter Farrow wrote:
> In fact, I know its now any of the ADSL or SDSL routers in the path 
> between the sites, because if I do a simple port forward on 3389 to one 
> of the internal servers (for terminal services) I can connect reliably 
> and ok across the net

Yeah, but how big are your TCP segments? (Use tcpdump to look at the packets)

It's possible that path MTU discovery is working for native IP - in which
case you'll see the biggest TCP packets are 1492-byte IP datagrams
(1452-byte TCP segments) - but not for IPSEC.

B.


More information about the Users mailing list