[Openswan Users] OpenSWAN NetKey MTU Problem?
Harald Scharf
h.scharf at nestec.at
Tue Feb 27 14:04:41 EST 2007
Hi, List!
We have several VPN tunnels in a ipsec mesh system.
Now, I replaced an old (frees/wan) with an openswan box (current
release) in
one location.
Now, if I want to access a https server over the tunnel,
I get the certificate and then, the connection breaks (timeout).
tcpdump on icmp says : fragmentation needed.
One detail: the destination server does not run the https himself.
It is natted to another vpn (in which runs the https server).
What can I try out?
When I replace the openswan/netkey box with the old one (freeswan 1.99),
the connection works great, and without any troubles.
I tried to install KLIPS (bigger MTU ?), but I can not use this, because
I need padlock AES
patch (which is not supported by KLIPS).
Any ideas?
Kind regards
Harald
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070227/8a701b9f/attachment.html
More information about the Users
mailing list