[Openswan Users] Set MTU on netkey
Leto
letoams at gmail.com
Fri Sep 13 13:18:15 UTC 2013
check with: ip route list
when tunnel is up.
ping uses icmp, not the best for checking mtu
sent from a tiny device
On 2013-09-13, at 4:23, "Ozai" <ozai.tien at gmail.com> wrote:
> Hi Sirs,
>
> Only add mtu= in the conn as below.It did not seem to work.
> I try to ping peer site ipsec router from our lan site pc.(test environment as below)
> ping -l 1200 195.168.11.X
> And try to capture wan site packet to check.
> I found the packet size always keep on 12XX.It did not seem to fragment the packet.
>
> Do you have any suggestions on this question??Thank's.
> And Sorry for my poor English.
>
> config setup
> nat_traversal=no
> oe=off
> protostack=netkey
> interfaces=%defaultroute
>
> conn test
> left=182.16.23.74
> leftsubnet=195.168.12.0/24
> rightsubnet=195.168.11.0/24
> connaddrfamily=ipv4
> right=182.16.23.108
> ike=3des-md5;modp1024
> ikelifetime=480m
> type=tunnel
> salifetime=60m
> phase2alg=3des-hmac_md5
> pfs=no
> phase2=esp
> mtu=1000
> keyexchange=ike
> authby=secret
> auto=add
>
> peer ipsec------(wan site 182.16.23.X)--------openswan-------(lan site 195.168.12.X)--------pc
>
> Best Regards,
> Ozai
> ----- Original Message -----
> From: Leto
> To: Nick Howitt
> Cc: users at lists.openswan.org
> Sent: Friday, September 13, 2013 12:20 AM
> Subject: Re: [Openswan Users] Set MTU on netkey
>
> no. overridemtu= is klips only and works on the ipsecX interface. mtu= is passed via _updown to ip route - works on all stacks
>
> sent from a tiny device
>
> On 2013-09-12, at 9:27, Nick Howitt <n1ck.h0w1tt at gmail.com> wrote:
>
>> Isn't mtu on the conn in klips only? Not netkey.
>>
>> On 2013-09-12 14:18, Leto wrote:
>>
>>> mtu= in the conn should do that
>>>
>>> sent from a tiny device
>>>
>>> On 2013-09-12, at 3:00, "Ozai" <ozai.tien at gmail.com> wrote:
>>>
>>>> Dear Sirs,
>>>>
>>>> How do I set the mtu for the IPSec tunnel?My test environment is openswan 2.6.38 with embedded linux and protostack is netkey.iptables??Can someone point me in the right direction?Thank's.
>>>>
>>>> Best Regards,
>>>> Ozai
>>>> _______________________________________________
>>>> Users at lists.openswan.org
>>>> https://lists.openswan.org/mailman/listinfo/users
>>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>
>>> _______________________________________________
>>> Users at lists.openswan.org
>>> https://lists.openswan.org/mailman/listinfo/users
>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>> _______________________________________________
>> Users at lists.openswan.org
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130913/636dfdc3/attachment.html>
More information about the Users
mailing list