[Openswan Users] VPN connection established but ...

TheCajun thecajun at nmia.com
Mon Nov 12 10:46:55 EST 2012 

> On 12/11/2012 15:19, TheCajun wrote:
> > Perhaps a little more background is necessary.  I had a negear at home which
> > was providing a successful  vpn connection to my office (both ways).
> > Due to a project requirement, I need to get software vpn working.  I
> > took my netgear out of the picture, reconfigured my network and now I
> > have openswan working.  It works 100% from left to right (openswan at
> > home to netgear at office), but from right to left (netgear at office to
> > openswan at home) the commands tend to lose packets.  A command output will
> > start but stop before completion (will not responded to any key press).
> > Some times after many minutes it will complete the output. Other times
> > it times out or something like that.  For instance, a ls command on
> > directory with little in it will complete, but ls -l command will not.
> >
> That definitely sounds like an MTU issue -- small packets get through, but large ones do not.  If you trace the ESP packets on both ends you'll likely be seeing the larger ones dropped.  (ping -s will be helpful in generating some appropriate size packets).

I successfully ping from both directions with ping -s 4096 <ip_address>
> 
> >> On 11/10/2012 12:22 PM, Durwin wrote:
> >>> I can also ssh back to the left, and if I enter a command with
> >>> very little output it works.
> >>
> >> Is the MTU of your connection properly set on both sides?  ICMP messages blocked?  Perhaps the left side needs to fragment to fit through a small MTU pathway but it doesn't know that.  Or there is a black hole router along the path.
> >>
> >> I also had a dumb ISP once with a proprietary link that had a smaller MTU than Ethernet -- yet they also blocked ICMP type 3 messages so I wasn't getting error messages... packets were just disappearing.
> >>
> >> Just a thought.
> >> _______________________________________________
> >> Users at lists.openswan.org
> >> https://lists.openswan.org/mailman/listinfo/users
> >> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> >> Building and Integrating Virtual Private Networks with Openswan:
> >> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >
> > _______________________________________________
> > Users at lists.openswan.org
> > https://lists.openswan.org/mailman/listinfo/users
> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >

-- 
reality.sys corrupted. universe halted. reboot (y/n)?

TheCajun <thecajun at nmia.com>

More information about the Users mailing list