[Openswan Users] mtu problems
James Muir
muir.james.a at gmail.com
Sun Dec 28 10:46:34 EST 2008
I am using Openswan 2.6.19 with the native 2.6 kernel ipsec stack (aka.
NETKEY) to connect to a Sonicwall vpn appliance. More details about my
config can be found here:
http://lists.openswan.org/pipermail/users/2008-December/015923.html
I am having MTU issues. I can send small packets through the tunnel but
not large ones. For example,
this works: ping -s 1402 172.20.1.1
this does not: ping -s 1403 172.20.1.1
Sending large packets results in "ICMP destination unreachable
(fragmentation needed)" messages and the packets do not make it into the
private network.
There is a discussion titled "problems with packet fragmentation" in the
FreeS/WAN faq:
http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/background.html#MTU.trouble
The conclusion of that discussion seems to be to use the option
overridemtu=
in ipsec.conf. However, this suggestion is specific to the KLIPS ipsec
stack; i.e. overridemtu= no effect with NETKEY.
Is there something analogous to overridemtu= that I can set with NETKEY?
I have tried changing the MTU value on eth0 using ifconfig, but that
did not seem to help.
-James
More information about the Users
mailing list