[Openswan Users] MTU problem Openswan U2.4.6/K2.6.16.18...

Fri Jun 6 06:52:43 EDT 2008

Hello (again)
I'm still on troubles with my vpn and Windows Policy update.
As I stated in my post of 14/05/08 I can't ping with 2048 byte packet size
my remote size (and hence the policy update problem).

I have updated openswan to 2.4.6 but still the problem persist
Moreover I tried to debug the situation: I discovered the following:
When I ping remote site with 2048 byte this is the tcpdump of the WAN
interface (VPN):

ecosportellofw:~# tcpdump -i eth2 -n -p not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
15:41:22.287465 IP 88.A.B.C > 87.D.E.F: ESP(spi=0x60320fe5,seq=0x166b9)
15:41:27.534918 IP 88.A.B.C > 87.D.E.F: ESP(spi=0x60320fe5,seq=0x166ba)
15:41:33.035337 IP 88.A.B.C > 87.D.E.F: ESP(spi=0x60320fe5,seq=0x166bb)
....
...

That means something is arriving(=> the tunnel first end works)... but it
does not come out (from the tunnel)... It's like big packets were discarded
once arrived...

It's strange because with another connection (this time ipsec/l2tp) on the
same router

conn L2TP-PSK
        authby=secret
        pfs=no
        rekey=no
        keyingtries=3
        left=AB.CD.EFG.....
        leftnexthop= AB.CD.EFG....
        leftprotoport=17/1701
        right=%any

I'm able to ping with 2048byte packet size my remote server.
?????

Could you help me?
Thank you in advance.
FV

This is my network

               10.G.H.I(DMZ)
                     |
                  ___|___                           ________
                 |       |88.A.B.C Tunnel  87.D.E.F|        |
10.X.Y.0/24----- |  FW1  |-------------------------|  FW2   |----10.Z.Y.0/24
                 |       |                         |        |
                 |_______|                         |________|