[Openswan Users] KLIPS MTU problem
Paul Wouters
paul at xelerance.com
Tue Jun 28 10:48:13 EDT 2011
On Tue, 28 Jun 2011, Paul Overton wrote:
> I have been using openswan for a number of years and generally have no issues with stability etc.
>
> However I have one location where NAT-T and fragmentation are an issue. The host network provides a 1:1 NAT with a real world IP address for all clients (This is a
> business centre). The Business centre external firewall blocks and drops all fragmented frames at 1420 bytes.
>
> In Openswan (KLIPS) I have used the “overridemtu=” setting to produce a tunnel which never allows the UDP encap frames to fragment, however I have found that
> opensewan 2.6.33 ignores this directive.
>
> Has this command been removed, negated or replaced ?
Not intentionally. Are you perhaps using the mast stack by accident? Set protostack=klips to ensure
you are using klips and not mast. Also if possible, use openswan 2.6.34.
If you still have the issue, do you see a "fixup mtu" line on startup?
Paul
More information about the Users
mailing list