[Openswan Users] Phase 1 hangs (resolved)
Erich Titl
erich.titl at think.ch
Fri Aug 20 19:42:41 EDT 2010
For anyone interested, changing the DSL modem on the remote side solved
the problem.
Thanks to all that shared their experience
Erich
on 13.08.2010 15:45, Michael Smith wrote:
> Erich Titl wrote:
>
>> Looking at the packets on the central host, it is obvious that the
>> fragmented packet from one site gets reassembled whereas the one from
>> the failing site does not even arrive. It looks like someone in the
>> middle drops the second packet.
>
> I've seen ISPs do terrible things with large UDP packets. One of them
> even cut the last 8 bytes off the first fragment.
>
> How much control do you have over the client? You could drop the MTU on
> the interface, or add an override route:
>
> ip route add <central host> via <client's def gw> mtu 1300 advmss 1260
>
> Mike
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3409 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20100821/79760b8a/attachment.bin
More information about the Users
mailing list