[Openswan Users] OpenSWAN NetKey MTU Problem?

Juan Pablo jp.espino at gmail.com
Tue Feb 27 14:32:41 EST 2007


Hi,

Have you tried with a bigger MTU?, I had a similar situation and I
fixed it configuring ipsec0 with MTU=16200 bytes (or something like
that).

-Juan Pablo

On 2/27/07, Harald Scharf <h.scharf at nestec.at> wrote:
>
>
>
> Hi, List!
>
>
>
> We have several VPN tunnels in a ipsec mesh system.
>
> Now, I replaced an old (frees/wan) with an openswan box (current release) in
>
> one location.
>
>
>
> Now, if I want to access a https server over the tunnel,
>
> I get the certificate and then, the connection breaks (timeout).
>
>
>
> tcpdump on icmp says : fragmentation needed.
>
>
>
> One detail: the destination server does not run the https himself.
>
> It is natted to another vpn (in which runs the https server).
>
>
>
> What can I try out?
>
> When I replace the openswan/netkey box with the old one (freeswan 1.99),
>
> the connection works great, and without any troubles.
>
>
>
> I tried to install KLIPS (bigger MTU ?), but I can not use this, because I
> need padlock AES
>
> patch (which is not supported by KLIPS).
>
>
>
> Any ideas?
>
>
>
> Kind regards
>
>
>
> Harald
>
>
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>


More information about the Users mailing list