[Openswan Users] mtu problems

James Muir muir.james.a at gmail.com
Sat Jan 3 22:06:07 EST 2009

Paul Wouters wrote:
> On Fri, 2 Jan 2009, James Muir wrote:
>> James Muir wrote:
>>> Is there something analogous to overridemtu= that I can set with NETKEY? 
>>>   I have tried changing the MTU value on eth0 using ifconfig, but that 
>>> did not seem to help.
>> any hints on this one?  If I knew where the mtu was set in the openswan 
>> code, I could try recompiling with a hard coded value...
> Did you set the mtu on both ends?

no.  I am using openswan only on my end; the other end is a sonicwall. 
I am not able to set the mtu on the sonicwall.

Just to recap, after I connect to the sonicwall

this works:  ping -s 1402

this does not:  ping -s 1403

The larger packet size causes an "icmp fragmentation needed" response.

the freeswan faq suggests that I should try using the option 
overridemtu= to fix this, but this option is for KLIPS only.  Is there 
something that can be done with NETKEY??

>> incidentally, the KLIPS module fails to build on my machine (kernel 
>> 2.6.24, openswan 2.6.19):
> try 2.6.20rc1 from testing/

If there is zero possibility of correcting the mtu size with the NETKEY 
stack, then I will give KLIPS a try.  However, my feeling is that it 
should be possible make NETKEY work.


More information about the Users mailing list