[Openswan Users] Problems when using subnet 0.0.0.0/0

Милен Панков mpankov at vereo.bg
Fri Jun 29 06:20:59 EDT 2007


Ruben Laban написа:

> On Friday 29 June 2007, Милен Панков wrote:
>> This somekind worked. SNAT and DNAT is working and the connectivity
>> between the offices is working, but it is very slow and gives a lot of
>> timeouts. For example if someone in office 1 tries to set a Remote
>> Desktop Connection to a PC in office 3 it takes about 5-10 minutes just
>> to log in or ends with a connection timeot. Everything works fine if I
>> revert to the old configuration.
>> So I'm missing something, but I can't figure out what and the Wiki isn't
>> saying anything in details. Any help is appriciated.
> 
> This sounds like a MTU issue. Depending on the ipsec stack you are using 
> (NETKEY or KLIPS), there are various ways to get around this issue. Using 
> overridemtu in the config is one (for KLIPS only) or use iptables to alter 
> the MSS for those packets (for both KLIPS and NETKEY).
> 
> Regards,

I'm using NETKEY, so I changed the MTU directly on the public interface
of the gateway in office 3 - I tried values from 1440 to 500, but this
did not help.

-- 

Milen


More information about the Users mailing list