[Openswan Users] mtu problems
James Muir
muir.james.a at gmail.com
Sat Jan 3 22:06:07 EST 2009
Paul Wouters wrote:
> On Fri, 2 Jan 2009, James Muir wrote:
>
>> James Muir wrote:
>>> Is there something analogous to overridemtu= that I can set with NETKEY?
>>> I have tried changing the MTU value on eth0 using ifconfig, but that
>>> did not seem to help.
>> any hints on this one? If I knew where the mtu was set in the openswan
>> code, I could try recompiling with a hard coded value...
>
> Did you set the mtu on both ends?
no. I am using openswan only on my end; the other end is a sonicwall.
I am not able to set the mtu on the sonicwall.
Just to recap, after I connect to the sonicwall
this works: ping -s 1402
this does not: ping -s 1403
The larger packet size causes an "icmp fragmentation needed" response.
the freeswan faq suggests that I should try using the option
overridemtu= to fix this, but this option is for KLIPS only. Is there
something that can be done with NETKEY??
>> incidentally, the KLIPS module fails to build on my machine (kernel
>> 2.6.24, openswan 2.6.19):
>
> try 2.6.20rc1 from testing/
If there is zero possibility of correcting the mtu size with the NETKEY
stack, then I will give KLIPS a try. However, my feeling is that it
should be possible make NETKEY work.
-James
More information about the Users
mailing list