[Openswan Users] Question about fragmented UDP packets and some DSL boxes

alet at librelogiciel.com alet at librelogiciel.com
Tue Jun 8 00:27:44 EDT 2010


Thanks to the help already received from this mailing list we've got a
working setup which accepts roadwarriors usign GNU/Linux, Windows and
OSX through openswan and xl2tpd.

Now we've got a roadwarrior whose DSL box is rented from his ISP. It's
an all-in-one box which also does TV and phone, and the ISP doesn't
allow end users to configure some of the network settings for this box,
and this box' default configuration doesn't allow our roadwarrior to
connect to our openswan gateway.

To make it work, it seems the ISP had to change the box's configuration
to reject fragmented UDP packets, which are accepted by default by his
box (I don't understand why such a change is needed, but this is another

Unfortunately many of our future VPN users already use such a box from
the same ISP (one of the biggest here), so there will be a lot of
problems involving for each user at least one phone call to the ISP,
delays, etc...

Is there a solution to this problem on the openswan side, which would
"magically" solve the problem for all the users coming from this ISP ?

Thanks in advance

Jerome Alet

