[Openswan Users] KLIPS MTU problem

Paul Wouters paul at xelerance.com
Tue Jun 28 10:48:13 EDT 2011

On Tue, 28 Jun 2011, Paul Overton wrote:

> I have been using openswan for a number of years and generally have no issues with stability etc.
> However I have one location where NAT-T and fragmentation are an issue. The host network provides a 1:1 NAT with a real world IP address for all clients (This is a
> business centre). The Business centre external firewall blocks and drops all fragmented frames at 1420 bytes.
> In Openswan (KLIPS) I have used the “overridemtu=” setting to produce a tunnel which never allows the UDP encap frames to fragment, however I have found that
>  opensewan 2.6.33 ignores this directive.
> Has this command been removed, negated or replaced ?

Not intentionally. Are you perhaps using the mast stack by accident? Set protostack=klips to ensure
you are using klips and not mast. Also if possible, use openswan 2.6.34.

If you still have the issue, do you see a "fixup mtu" line on startup?


More information about the Users mailing list