[Openswan Users] L2TP/IPsec fragmentation?
wgillespie+openswan at es2eng.com
Thu Jun 23 14:16:58 EDT 2011
On 06/22/2011 08:29 PM, Tom Robinson wrote:
> When I lower the mtu and mru to 1280 many of the issues went away but I
> still see some fragmentation. The client reflects that change in it's
> VPN MTU also being set to 1280.
> My questions are: What is the recommended setting and can I go any
> lower? Is there any other issue I'm overlooking. Config files provided
> on request.
I use an MTU of 1280 in my options.xl2tpd as well. Seems to work well,
but I don't have a lot of people using it.
Paul Wouters said back in April that many L2TP connections use 1200.
I can't seem to find it, but I remember just recently reading where
someone had figured out the common worst-case scenario involving all the
various overheads and encapsulations that a roadwarrior may run into.
At the end, they suggested an MTU to avoid any problems. I can't seem
to find it though... it was somewhere around the 1280 range though such
that I didn't worry about it.
More information about the Users