[Openswan Users] L2TP/IPsec fragmentation?

Willie Gillespie wgillespie+openswan at es2eng.com
Thu Jun 23 14:16:58 EDT 2011

On 06/22/2011 08:29 PM, Tom Robinson wrote:
> When I lower the mtu and mru to 1280 many of the issues went away but I
> still see some fragmentation. The client reflects that change in it's
> VPN MTU also being set to 1280.
> My questions are: What is the recommended setting and can I go any
> lower? Is there any other issue I'm overlooking. Config files provided
> on request.

I use an MTU of 1280 in my options.xl2tpd as well.  Seems to work well, 
but I don't have a lot of people using it.

Paul Wouters said back in April that many L2TP connections use 1200.

I can't seem to find it, but I remember just recently reading where 
someone had figured out the common worst-case scenario involving all the 
various overheads and encapsulations that a roadwarrior may run into. 
At the end, they suggested an MTU to avoid any problems.  I can't seem 
to find it though... it was somewhere around the 1280 range though such 
that I didn't worry about it.


More information about the Users mailing list