[Openswan Users] VPN connection established but ...
Mark Weaver
mark-clist at npsl.co.uk
Mon Nov 12 10:31:41 EST 2012
On 12/11/2012 15:19, TheCajun wrote:
> Perhaps a little more background is necessary. I had a negear at home which
> was providing a successful vpn connection to my office (both ways).
> Due to a project requirement, I need to get software vpn working. I
> took my netgear out of the picture, reconfigured my network and now I
> have openswan working. It works 100% from left to right (openswan at
> home to netgear at office), but from right to left (netgear at office to
> openswan at home) the commands tend to lose packets. A command output will
> start but stop before completion (will not responded to any key press).
> Some times after many minutes it will complete the output. Other times
> it times out or something like that. For instance, a ls command on
> directory with little in it will complete, but ls -l command will not.
>
That definitely sounds like an MTU issue -- small packets get through,
but large ones do not. If you trace the ESP packets on both ends you'll
likely be seeing the larger ones dropped. (ping -s will be helpful in
generating some appropriate size packets).
>> On 11/10/2012 12:22 PM, Durwin wrote:
>>> I can also ssh back to the left, and if I enter a command with
>>> very little output it works.
>>
>> Is the MTU of your connection properly set on both sides? ICMP messages blocked? Perhaps the left side needs to fragment to fit through a small MTU pathway but it doesn't know that. Or there is a black hole router along the path.
>>
>> I also had a dumb ISP once with a proprietary link that had a smaller MTU than Ethernet -- yet they also blocked ICMP type 3 messages so I wasn't getting error messages... packets were just disappearing.
>>
>> Just a thought.
>> _______________________________________________
>> Users at lists.openswan.org
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list