[Openswan Users] Problems when using subnet 0.0.0.0/0

[Ruben Laban]

On Friday 29 June 2007, Милен Панков wrote:
> This somekind worked. SNAT and DNAT is working and the connectivity
> between the offices is working, but it is very slow and gives a lot of
> timeouts. For example if someone in office 1 tries to set a Remote
> Desktop Connection to a PC in office 3 it takes about 5-10 minutes just
> to log in or ends with a connection timeot. Everything works fine if I
> revert to the old configuration.
> So I'm missing something, but I can't figure out what and the Wiki isn't
> saying anything in details. Any help is appriciated.

This sounds like a MTU issue. Depending on the ipsec stack you are using 
(NETKEY or KLIPS), there are various ways to get around this issue. Using 
overridemtu in the config is one (for KLIPS only) or use iptables to alter 
the MSS for those packets (for both KLIPS and NETKEY).

Regards,
-- 
Ruben