[Openswan Users] mtu problems

Paul Wouters paul at xelerance.com
Sun Jan 4 01:51:37 EST 2009

On Sat, 3 Jan 2009, James Muir wrote:

> no.  I am using openswan only on my end; the other end is a sonicwall. 
> I am not able to set the mtu on the sonicwall.
> Just to recap, after I connect to the sonicwall
> this works:  ping -s 1402
> this does not:  ping -s 1403
> The larger packet size causes an "icmp fragmentation needed" response.
> the freeswan faq suggests that I should try using the option 
> overridemtu= to fix this, but this option is for KLIPS only.  Is there 
> something that can be done with NETKEY??
> >> incidentally, the KLIPS module fails to build on my machine (kernel 
> >> 2.6.24, openswan 2.6.19):
> > 
> > try 2.6.20rc1 from testing/
> If there is zero possibility of correcting the mtu size with the NETKEY 
> stack, then I will give KLIPS a try.  However, my feeling is that it 
> should be possible make NETKEY work.

With netkey, you can do something like:

ip route change via gwip mtu 1400

in the updown script


More information about the Users mailing list