[Openswan Users] Problems when using subnet 0.0.0.0/0
Милен Панков
mpankov at vereo.bg
Fri Jun 29 06:20:59 EDT 2007
Ruben Laban написа:
> On Friday 29 June 2007, Милен Панков wrote:
>> This somekind worked. SNAT and DNAT is working and the connectivity
>> between the offices is working, but it is very slow and gives a lot of
>> timeouts. For example if someone in office 1 tries to set a Remote
>> Desktop Connection to a PC in office 3 it takes about 5-10 minutes just
>> to log in or ends with a connection timeot. Everything works fine if I
>> revert to the old configuration.
>> So I'm missing something, but I can't figure out what and the Wiki isn't
>> saying anything in details. Any help is appriciated.
>
> This sounds like a MTU issue. Depending on the ipsec stack you are using
> (NETKEY or KLIPS), there are various ways to get around this issue. Using
> overridemtu in the config is one (for KLIPS only) or use iptables to alter
> the MSS for those packets (for both KLIPS and NETKEY).
>
> Regards,
I'm using NETKEY, so I changed the MTU directly on the public interface
of the gateway in office 3 - I tried values from 1440 to 500, but this
did not help.
--
Milen
More information about the Users
mailing list