[Openswan Users] Problems when using subnet 0.0.0.0/0

[Милен Панков]

Ruben Laban написа:
> You could give iptables a try. Something in the order of:
> iptables -A FORWARD -p tcp --syn -j TCPMSS --set-mss 1300
>   
This doesn't work. Tried with values from 1300 to 100 on both hosts.
> If possible you should run a tcpdump on both end of the tunnel to see if its 
> actually a MTU issue (big packets sent from one side not arriving at the 
> other side).
>
> HTH,
>   
I played around with tcpdump. All packets send from one side reach the
other. What I noticed when initiating a Remote Desktop Connection -
after initiating the connection the first few packets go fast but after
that a packet send from one host reaches the other after from about 5 to
20 and even more seconds - at least this is what tcpdump prints. When
doing a ping with packet size 1400 (the length in tcpdump is 1476) it
goes as it should - fast and without lost packets. So it seems as far as
I can tell it's not an MTU issue.