[Openswan Users] mtu problems

James Muir muir.james.a at gmail.com
Sun Jan 4 14:46:01 EST 2009

Paul Wouters wrote:
> With netkey, you can do something like:
> ip route change via gwip mtu 1400
> in the updown script

I think you are suggesting that I change the mtu value on my network
interface.  I've already given that a try:

ifconfig eth0 mtu 1400

However, this doesn't seem to solve my problem.  There is still a 
threshold packet-size beyond which my ip packets do not make it into the 
private network (e.g. "ping -s 1410" works but "ping -s 1411" does not).

 From what I see in wireshark, it looks like an icmp fragmentation 
issue.  I cannot send fragmented packets through the tunnel.

Is there a particular reason (related to the ipsec protocol) why the 
sonicwall appliance might disallow fragmented packets?  Perhaps openswan 
is not fragmenting the way that the sonicwall expects.


More information about the Users mailing list