[Openswan Users] XL2TPD/Double NAT issue

[Gerald Vogt]

Paul Wouters wrote:
> On Thu, 11 Oct 2007, Gerald Vogt wrote:
> 
>>> It could be. Did you try setting the ethX mtu to  1472?
>> I think I am doomed. This box gives me a lot of headache. When try to
>> change the MTU with
>>
>> ifconfig eth0 mtu 1472
>>
>> I always get an error:
>>
>> localhost kernel: eth0: Ilegal MTU value 1472,  rounding MTU to:
>>   1500
> 
> That's odd. It is perfectly legal. Odd also, is that "ilegal" is speled wrong...
> The only place google finds that misspelling is on the Openwrt site:
> http://wiki.openwrt.org/OpenWrtDocs/Hardware/Netgear/WNR854

It is in the kernel source which comes with the kurobox on which I want 
to use openswan.

linux-2.6.12_lsp.1.10.3/arch/arm/mach-mv88fxx81/LSP/egiga/mv_e_main.c

Does contain a check for the MTU value. It only accepts values from 1498 
to 9676. Seems to be a marvell thing...

>> It does not matter what I set it will only accept 1500.
> 
> That's not a normal kernel/driver then. Contact whoever made that kernel/driver?

Well, before that I would rather try to verify that it is in fact a MTU 
issue and not something else. I'll try to lower the MTU on the routers 
further down to see if it makes any difference. I'll also have to check 
with tcpdump whether the full packet comes through or only a part of it. 
The initial l2tp packet does arrive on ipsec0. But so far I did not 
check the sizes of what is sent out and what is received...

I guess, as I had major issues getting NET_KEY working in that kernel 
that made me give up on that and use KLIPS instead this issue could just 
as well be some other kind of kernel issue.

>> On the server the firewall is not even compiled into the kernel.
>> Everywhere else it is off.
> 
> You compiled the kernel yourself? Perhaps you missed out on something
> that is causing this?

I have compiled the kernel myself. But I am using the default settings 
from the original sources. At this time only KLIPS has been added...

Gerald