[Openswan Users] Tunnel up, some hosts work, others don't.
Richard Whittaker
richard at avits.ca
Thu Feb 26 13:38:40 EST 2015
On 2015-02-26 09:31, Simon Deziel wrote:
> On 02/26/2015 12:22 PM, Richard Whittaker wrote:
>> I can also reproduce this with MySQL. I can establish an initial
>> connection and login to db2 from either 0.2 or 0.9, but as soon as I try
>> "connect mysql" from the client command line, everything just freezes in
>> the client.
> This looks like PMTU issue. I'd give "iptables --clamp-mss-to-pmtu" a try.
Would I set this on my end points, or on the servers I have acting as
gateways?..
I did
iptables -A FORWARD -p tcp -s 192.168.0.0/18 -d 192.168.64.0/18
--tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
on the 192.168.0.1 gateway
and..
iptables -A FORWARD -p tcp -s 192.168.64.0/18 -d 192.168.0.0/18
--tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
on the 192.168.64.1 gateway
...but they had no effect.
>> This got me to thinking the issue might be fragmentation,
>> but large pings work just fine.
> I haven't seen/looked at your config but if your have some compression
> going on, this could explain why large ICMP go through but not large TCP
> payloads.
I checked. I don't have compression enabled on either end of the tunnel.
I think the PMTU thing might be the right direction, and could explain
why a 2.6 kernel based machine works, but a 3.2 based one doesn't.
Is there a setting on the 3.2 machine I might be missing?
Regards,
Richard.
--
Alberni Valley IT Services
-------------- next part --------------
A non-text attachment was scrubbed...
Name: richard.vcf
Type: text/x-vcard
Size: 277 bytes
Desc: not available
URL: <http://lists.openswan.org/pipermail/users/attachments/20150226/f2659b4c/attachment.vcf>
More information about the Users
mailing list