[Openswan Users] mtu problems
muir.james.a at gmail.com
Sun Jan 4 14:46:01 EST 2009
Paul Wouters wrote:
> With netkey, you can do something like:
> ip route change 220.127.116.11/24 via gwip mtu 1400
> in the updown script
I think you are suggesting that I change the mtu value on my network
interface. I've already given that a try:
ifconfig eth0 mtu 1400
However, this doesn't seem to solve my problem. There is still a
threshold packet-size beyond which my ip packets do not make it into the
private network (e.g. "ping -s 1410" works but "ping -s 1411" does not).
From what I see in wireshark, it looks like an icmp fragmentation
issue. I cannot send fragmented packets through the tunnel.
Is there a particular reason (related to the ipsec protocol) why the
sonicwall appliance might disallow fragmented packets? Perhaps openswan
is not fragmenting the way that the sonicwall expects.
More information about the Users