[Openswan Users] Set MTU on netkey
Ozai
ozai.tien at gmail.com
Fri Sep 13 08:23:29 UTC 2013
Hi Sirs,
Only add mtu= in the conn as below.It did not seem to work.
I try to ping peer site ipsec router from our lan site pc.(test environment as below)
ping -l 1200 195.168.11.X
And try to capture wan site packet to check.
I found the packet size always keep on 12XX.It did not seem to fragment the packet.
Do you have any suggestions on this question??Thank's.
And Sorry for my poor English.
config setup
nat_traversal=no
oe=off
protostack=netkey
interfaces=%defaultroute
conn test
left=182.16.23.74
leftsubnet=195.168.12.0/24
rightsubnet=195.168.11.0/24
connaddrfamily=ipv4
right=182.16.23.108
ike=3des-md5;modp1024
ikelifetime=480m
type=tunnel
salifetime=60m
phase2alg=3des-hmac_md5
pfs=no
phase2=esp
mtu=1000
keyexchange=ike
authby=secret
auto=add
peer ipsec------(wan site 182.16.23.X)--------openswan-------(lan site 195.168.12.X)--------pc
Best Regards,
Ozai
----- Original Message -----
From: Leto
To: Nick Howitt
Cc: users at lists.openswan.org
Sent: Friday, September 13, 2013 12:20 AM
Subject: Re: [Openswan Users] Set MTU on netkey
no. overridemtu= is klips only and works on the ipsecX interface. mtu= is passed via _updown to ip route - works on all stacks
sent from a tiny device
On 2013-09-12, at 9:27, Nick Howitt <n1ck.h0w1tt at gmail.com> wrote:
Isn't mtu on the conn in klips only? Not netkey.
On 2013-09-12 14:18, Leto wrote:
mtu= in the conn should do that
sent from a tiny device
On 2013-09-12, at 3:00, "Ozai" <ozai.tien at gmail.com> wrote:
Dear Sirs,
How do I set the mtu for the IPSec tunnel?My test environment is openswan 2.6.38 with embedded linux and protostack is netkey.iptables??Can someone point me in the right direction?Thank's.
Best Regards,
Ozai
_______________________________________________
Users at lists.openswan.org
https://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
_______________________________________________
Users at lists.openswan.org
https://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
_______________________________________________
Users at lists.openswan.org
https://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
------------------------------------------------------------------------------
_______________________________________________
Users at lists.openswan.org
https://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130913/d570362c/attachment-0001.html>
More information about the Users
mailing list