[Openswan Users] openswan vs freeswan

Massimo Mazzoldi mmazzoldi at direte.it
Mon Mar 27 18:39:44 CEST 2006

Marco and Paul,
thank you both!!!

I solved the problem!!!

yet a PC of mine isn't working... even after upgrade.

Anyway I noticed that on that pc I get a different version:

#ipsec --version
Linux Openswan U2.4.5rc5/K2.4.4 (klips)

instead of:

#ipsec --version
Linux Openswan 2.4.5rc5 (klips)

All openswan PC's are equal... same hardware and same linux distro...
so I don't really understand why.
Is there a way to compile the right version???

Paul Wouters <paul at xelerance.com> writes:
>On Mon, 27 Mar 2006, Massimo Mazzoldi wrote:
>> Now I just turned it off with fragicmp=0;
>> from man ipsec.conf
>> ________
>> fragicmp
>> whether a tunnel's need to fragment a packet should be reported back with an
>> ICMP message, in an attempt  to  make  the sender lower his PMTU estimate;
>> acceptable values are yes (the default) and no.
>> _________
>> and now it seems working right.... and actually better... since no
>> fragmentation error is returned...
>> has anyone experience on how to handle my problem?
>There was a bug in KLIPS that triggered this, and the fragicmp is a workaround
>for that bug. The bug has been fixed though, so for the 2.4.5rcX it should
>not longer be needed.

More information about the Users mailing list