[Openswan Users] XL2TPD/Double NAT issue

Paul Wouters paul at xelerance.com
Thu Oct 11 21:46:23 EDT 2007

On Fri, 12 Oct 2007, Gerald Vogt wrote:

> > The only place google finds that misspelling is on the Openwrt site:
> > http://wiki.openwrt.org/OpenWrtDocs/Hardware/Netgear/WNR854
> It is in the kernel source which comes with the kurobox on which I want
> to use openswan.
> linux-2.6.12_lsp.1.10.3/arch/arm/mach-mv88fxx81/LSP/egiga/mv_e_main.c
> Does contain a check for the MTU value. It only accepts values from 1498
> to 9676. Seems to be a marvell thing...

Hmm, okay.

> Well, before that I would rather try to verify that it is in fact a MTU
> issue and not something else. I'll try to lower the MTU on the routers
> further down to see if it makes any difference. I'll also have to check

That won't help you, because if path MTU was working properly, you wouldn't
have this issue. You really want the machine itself to generate small
enough packets to begin with.

> with tcpdump whether the full packet comes through or only a part of it.
> The initial l2tp packet does arrive on ipsec0. But so far I did not
> check the sizes of what is sent out and what is received...

Though that's a useful check to do, but remember the fragment might never
reach your machine.

> I guess, as I had major issues getting NET_KEY working in that kernel
> that made me give up on that and use KLIPS instead this issue could just
> as well be some other kind of kernel issue.

Yes, that would be the recommened solution. Though the nat-t patch is
still a pain to apply to the kernel....

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list