[Openswan Users] Where did routes go with Openswan 2.6.31?
Scott T. Cameron
routehero at gmail.com
Mon Mar 14 10:50:29 EDT 2011
http://support.microsoft.com/kb/898060
<http://support.microsoft.com/kb/898060>If you're really having these
problems, then it's something unique to your setup. I've never seen
RDP/Windows have issues like that in large ipsec environments. You may want
to clamp MSS in iptables.
Scott
On Mon, Mar 14, 2011 at 10:45 AM, Greg Scott <GregScott at infrasupport.com>wrote:
> Ø That's a problem with Windows, and most likely the bug around the
> number of routes with
>
> Ø non-default MTU routes incrementing but never decrementing. Over time,
> this caused Windows
>
> Ø machines to become unresponsive over the network.
>
>
>
> No. This behavior was different. I was apparently advertising the
> default MTU size of 1500. So Windows believed me and sent 1500 byte packets
> over the tunnel to the other end of the RDP session. But with the IPSEC
> overhead, the highest I could support was 1440 or something like that.
> Somewhere along the line those 1500 byte packets would get fragmented and
> then never reconnected back together on the other end. So the RDP tunnel
> would crash. This happened to lots of PCs. Not all, but lots. The first
> workaround was to reduce the MTU size in one of the offending PCs. This
> worked, but of course only for that PC. The best workaround we could come
> up with at the time was to just lower the MTU size I advertised. Thus the
> updown script.
>
>
>
> So now, with no traditional looking routes over the tunnel, what am I
> advertising for MTU and will some apps that send large packets break as
> before?
>
>
>
> - Greg
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110314/8a9326bb/attachment.html
More information about the Users
mailing list