[Openswan Users] L2TP/IPsec fragmentation?

Tom Robinson tom.robinson at motec.com.au
Sun Jun 26 19:24:59 EDT 2011


On 24/06/11 04:16, Willie Gillespie wrote:
> On 06/22/2011 08:29 PM, Tom Robinson wrote:
>> When I lower the mtu and mru to 1280 many of the issues went away but I
>> still see some fragmentation. The client reflects that change in it's
>> VPN MTU also being set to 1280.
>>
>> My questions are: What is the recommended setting and can I go any
>> lower? Is there any other issue I'm overlooking. Config files provided
>> on request.
>
> I use an MTU of 1280 in my options.xl2tpd as well.  Seems to work
> well, but I don't have a lot of people using it.
>
> Paul Wouters said back in April that many L2TP connections use 1200.
>
> I can't seem to find it, but I remember just recently reading where
> someone had figured out the common worst-case scenario involving all
> the various overheads and encapsulations that a roadwarrior may run
> into. At the end, they suggested an MTU to avoid any problems.  I
> can't seem to find it though... it was somewhere around the 1280 range
> though such that I didn't worry about it.
>
Thanks for the sanity check. I'll leave it at 1280 for now knowing that
I have some headroom later on if I need it. FWIW, I think 1280 is the
magic number for IPv6.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 253 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20110627/2259500e/attachment.bin 


More information about the Users mailing list