[Openswan Users] mtu problems
Paul Wouters
paul at xelerance.com
Sun Jan 4 01:51:37 EST 2009
On Sat, 3 Jan 2009, James Muir wrote:
> no. I am using openswan only on my end; the other end is a sonicwall.
> I am not able to set the mtu on the sonicwall.
>
> Just to recap, after I connect to the sonicwall
>
> this works: ping -s 1402
>
> this does not: ping -s 1403
>
> The larger packet size causes an "icmp fragmentation needed" response.
>
> the freeswan faq suggests that I should try using the option
> overridemtu= to fix this, but this option is for KLIPS only. Is there
> something that can be done with NETKEY??
>
> >> incidentally, the KLIPS module fails to build on my machine (kernel
> >> 2.6.24, openswan 2.6.19):
> >
> > try 2.6.20rc1 from testing/
>
> If there is zero possibility of correcting the mtu size with the NETKEY
> stack, then I will give KLIPS a try. However, my feeling is that it
> should be possible make NETKEY work.
With netkey, you can do something like:
ip route change 1.2.3.0/24 via gwip mtu 1400
in the updown script
Paul
More information about the Users
mailing list