[Openswan Users] MTU problem Openswan U2.4.6/K2.6.16.18...
Federico Viel
fviel at multibel.it
Fri Jun 6 06:52:43 EDT 2008
Hello (again)
I'm still on troubles with my vpn and Windows Policy update.
As I stated in my post of 14/05/08 I can't ping with 2048 byte packet size
my remote size (and hence the policy update problem).
I have updated openswan to 2.4.6 but still the problem persist
Moreover I tried to debug the situation: I discovered the following:
When I ping remote site with 2048 byte this is the tcpdump of the WAN
interface (VPN):
ecosportellofw:~# tcpdump -i eth2 -n -p not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
15:41:22.287465 IP 88.A.B.C > 87.D.E.F: ESP(spi=0x60320fe5,seq=0x166b9)
15:41:27.534918 IP 88.A.B.C > 87.D.E.F: ESP(spi=0x60320fe5,seq=0x166ba)
15:41:33.035337 IP 88.A.B.C > 87.D.E.F: ESP(spi=0x60320fe5,seq=0x166bb)
....
...
That means something is arriving(=> the tunnel first end works)... but it
does not come out (from the tunnel)... It's like big packets were discarded
once arrived...
It's strange because with another connection (this time ipsec/l2tp) on the
same router
conn L2TP-PSK
authby=secret
pfs=no
rekey=no
keyingtries=3
left=AB.CD.EFG.....
leftnexthop= AB.CD.EFG....
leftprotoport=17/1701
right=%any
I'm able to ping with 2048byte packet size my remote server.
?????
Could you help me?
Thank you in advance.
FV
This is my network
10.G.H.I(DMZ)
|
___|___ ________
| |88.A.B.C Tunnel 87.D.E.F| |
10.X.Y.0/24----- | FW1 |-------------------------| FW2 |----10.Z.Y.0/24
| | | |
|_______| |________|
More information about the Users
mailing list