[Openswan Users] Phase 1 hangs
Michael Smith
msmith at cbnco.com
Fri Aug 13 09:45:41 EDT 2010
Erich Titl wrote:
> Looking at the packets on the central host, it is obvious that the
> fragmented packet from one site gets reassembled whereas the one from
> the failing site does not even arrive. It looks like someone in the
> middle drops the second packet.
I've seen ISPs do terrible things with large UDP packets. One of them
even cut the last 8 bytes off the first fragment.
How much control do you have over the client? You could drop the MTU on
the interface, or add an override route:
ip route add <central host> via <client's def gw> mtu 1300 advmss 1260
Mike
More information about the Users
mailing list