[Openswan Users] Tunnel up, some hosts work, others don't.

Simon Deziel simon at xelerance.com
Thu Feb 26 13:41:22 EST 2015


On 02/26/2015 01:38 PM, Richard Whittaker wrote:
> On 2015-02-26 09:31, Simon Deziel wrote:
>> On 02/26/2015 12:22 PM, Richard Whittaker wrote:
>>> I can also reproduce this with MySQL. I can establish an initial
>>> connection and login to db2 from either 0.2 or 0.9, but as soon as I try
>>> "connect mysql" from the client command line, everything just freezes in
>>> the client.
>> This looks like PMTU issue. I'd give "iptables --clamp-mss-to-pmtu" a
>> try.
> 
> Would I set this on my end points, or on the servers I have acting as
> gateways?..

I'd say both.

> I did
> 
> iptables -A FORWARD -p tcp -s 192.168.0.0/18 -d 192.168.64.0/18
> --tcp-flags SYN,RST SYN -j TCPMSS  --clamp-mss-to-pmtu
> on the 192.168.0.1 gateway
> and..
> iptables -A FORWARD -p tcp -s 192.168.64.0/18 -d 192.168.0.0/18
> --tcp-flags SYN,RST SYN -j TCPMSS  --clamp-mss-to-pmtu
> on the 192.168.64.1 gateway

Mangling the TCP MSS belongs to the "mangle" table ;)

Simon



More information about the Users mailing list