[Openswan Users] MTU again (netkey fragmentation)
Paul Wouters
paul at xelerance.com
Thu Mar 1 11:34:57 EST 2007
On Wed, 28 Feb 2007, Harald Scharf wrote:
> Problem: Servers, with services where fragmentation is not allowed (DF).
> In my case:
> Client sends a query to a server (https) -> Server answers with https (DF).
> Packet arrives openswan box -> Box sends (fragment) -> Server says NO,
> and that is the end of the communication.
>
> Paul: It can not be the solution to lower the MTU, and slow down LAN.
ip route change remotesubnet/24 via yourgw dev eth0 mtu 1300
That ONLY affects the mtu of packets that have to travel through the tunnel
> And this will not work on services, which set DF in their packets.
Did you try disabling PMTU like I suggested yesterday? AFAIK, that causes
Linux to not set the DF flag.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list