[Openswan Users] NAT-T
Paul Wouters
paul at xelerance.com
Mon Mar 27 17:25:45 CEST 2006
On Mon, 27 Mar 2006, Oliver Tomkins wrote:
> It looks exactly the same as when we get a successful connection from a
> non-NAT client.
>
> > It is most likely an mtu issue. transport mode packets may never get
> > fragmented
> > it the client is behind NAT and udp encapsulation is used.
> >
>
> I've edited options.l2tpd thus:
>
> mtu 1710
> mru 1710
That won't work. That size is higher then an ethernet frame!
Our experience has been that setting the ethX mtu to 1472 or 1452, and setting
the mtu/mru in options.l2tpd of 1200 seems to work okay.
> I still don't see any ESP Traffic going to or from the host. How would I
> prove that UDP encapsulation is actually taking place or is assumed in the
> fact that a connection has been established?
run tcpdump and check for udp 4500 packets.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list