[Openswan Users] openswan vs freeswan
Massimo Mazzoldi
mmazzoldi at direte.it
Mon Mar 27 18:39:44 CEST 2006
Marco and Paul,
thank you both!!!
I solved the problem!!!
yet a PC of mine isn't working... even after upgrade.
Anyway I noticed that on that pc I get a different version:
#ipsec --version
Linux Openswan U2.4.5rc5/K2.4.4 (klips)
instead of:
#ipsec --version
Linux Openswan 2.4.5rc5 (klips)
All openswan PC's are equal... same hardware and same linux distro...
so I don't really understand why.
Is there a way to compile the right version???
Paul Wouters <paul at xelerance.com> writes:
>On Mon, 27 Mar 2006, Massimo Mazzoldi wrote:
>
>> Now I just turned it off with fragicmp=0;
>>
>> from man ipsec.conf
>> ________
>> fragicmp
>> whether a tunnel's need to fragment a packet should be reported back with an
>> ICMP message, in an attempt to make the sender lower his PMTU estimate;
>> acceptable values are yes (the default) and no.
>> _________
>>
>> and now it seems working right.... and actually better... since no
>> fragmentation error is returned...
>>
>> has anyone experience on how to handle my problem?
>
>There was a bug in KLIPS that triggered this, and the fragicmp is a workaround
>for that bug. The bug has been fixed though, so for the 2.4.5rcX it should
>not longer be needed.
>
>Paul
More information about the Users
mailing list