[Openswan Users] mtu problems
James Muir
muir.james.a at gmail.com
Sun Jan 4 14:46:01 EST 2009
Paul Wouters wrote:
> With netkey, you can do something like:
>
> ip route change 1.2.3.0/24 via gwip mtu 1400
>
> in the updown script
I think you are suggesting that I change the mtu value on my network
interface. I've already given that a try:
ifconfig eth0 mtu 1400
However, this doesn't seem to solve my problem. There is still a
threshold packet-size beyond which my ip packets do not make it into the
private network (e.g. "ping -s 1410" works but "ping -s 1411" does not).
From what I see in wireshark, it looks like an icmp fragmentation
issue. I cannot send fragmented packets through the tunnel.
Is there a particular reason (related to the ipsec protocol) why the
sonicwall appliance might disallow fragmented packets? Perhaps openswan
is not fragmenting the way that the sonicwall expects.
-James
More information about the Users
mailing list