[Openswan Users] netkey debugging

Marek Greško gresko at thr.sk
Thu Aug 21 09:33:24 EDT 2008


is there a way to debug netkey stack?

I have an ISP that clears df bit of my IP packet containing ESP packet and 
fragments it. I see two fragment going into the openswan gateway by tcpdump, 
but than the packet is suddenly lost and i don't know why.

I tried to disable firewall with no luck.

Defragmenttion works, since when I send big pings to the machine (not through 
IPsec tunnel) it receives two fragments, and responds to ping.

Any help appreciated.

Thank you.


Marek Greško

More information about the Users mailing list