[Openswan Users] XL2TPD/Double NAT issue
vogt at spamcop.net
Thu Oct 11 20:50:47 EDT 2007
Paul Wouters wrote:
> On Thu, 11 Oct 2007, Gerald Vogt wrote:
>>> It could be. Did you try setting the ethX mtu to 1472?
>> I think I am doomed. This box gives me a lot of headache. When try to
>> change the MTU with
>> ifconfig eth0 mtu 1472
>> I always get an error:
>> localhost kernel: eth0: Ilegal MTU value 1472, rounding MTU to:
> That's odd. It is perfectly legal. Odd also, is that "ilegal" is speled wrong...
> The only place google finds that misspelling is on the Openwrt site:
It is in the kernel source which comes with the kurobox on which I want
to use openswan.
Does contain a check for the MTU value. It only accepts values from 1498
to 9676. Seems to be a marvell thing...
>> It does not matter what I set it will only accept 1500.
> That's not a normal kernel/driver then. Contact whoever made that kernel/driver?
Well, before that I would rather try to verify that it is in fact a MTU
issue and not something else. I'll try to lower the MTU on the routers
further down to see if it makes any difference. I'll also have to check
with tcpdump whether the full packet comes through or only a part of it.
The initial l2tp packet does arrive on ipsec0. But so far I did not
check the sizes of what is sent out and what is received...
I guess, as I had major issues getting NET_KEY working in that kernel
that made me give up on that and use KLIPS instead this issue could just
as well be some other kind of kernel issue.
>> On the server the firewall is not even compiled into the kernel.
>> Everywhere else it is off.
> You compiled the kernel yourself? Perhaps you missed out on something
> that is causing this?
I have compiled the kernel myself. But I am using the default settings
from the original sources. At this time only KLIPS has been added...
More information about the Users