[Openswan Users] Tunnel up, some hosts work, others don't.

[Neal Murphy]

On Friday, February 27, 2015 02:11:14 PM Simon Deziel wrote:
> On 02/26/2015 06:03 PM, Richard Whittaker wrote:
> > On 2015-02-26 10:41, Simon Deziel wrote:
> >> On 02/26/2015 01:38 PM, Richard Whittaker wrote:
> >>> On 2015-02-26 09:31, Simon Deziel wrote:
> >>>> On 02/26/2015 12:22 PM, Richard Whittaker wrote:
> >>>>> I can also reproduce this with MySQL. I can establish an initial
> >>>>> connection and login to db2 from either 0.2 or 0.9, but as soon as
> >>>>> I try
> >>>>> "connect mysql" from the client command line, everything just
> >>>>> freezes in
> >>>>> the client.
> > 
> > Here's another SSH session seen from both ends of the connection. The
> > timeframe is identical, and I eventually Contol-Ced the connection.
> > 
> > The session seen from db2 (192.168.64.9)
> > root at db2:~# tcpdump -i eth0 -nn host 192.168.0.2
> > tcpdump: verbose output suppressed, use -v or -vv for full protocol
> > decode listening on eth0, link-type EN10MB (Ethernet), capture size
> > 65535 bytes 15:00:21.027467 IP 192.168.0.2.36698 > 192.168.64.9.22:
> > Flags [S], seq 3882435085, win 14600, options [mss 1200,sackOK,TS val
> > 425798676 ecr 0,nop,wscale 7], length 0
> 
> Those MSS values are better than they were from a previous capture of
> yours:
> 
> 09:01:38.424093 IP 192.168.64.9.22 > 192.168.0.2.50220: Flags [S.], seq
> 1507369155, ack 3910239941, win 12480, options [mss 470,sackOK,TS val
> 643340463 ecr 420418025,nop,wscale 3], length 0
> 
> 
> A MSS of 470 was probably not even valid; at least the smallest MSS
> allowed for IPv4 is 536.

What is the negotiated MTU on each gateway's internet interface? (If linux and 
eth0, 'ip link show dev eth0'.) Is it possible that one ISP or t'other said to 
use a smaller MTU, but still uses 1500? I know of a couple cable ISPs who say 
to use MTU=576 during DHCP lease renewals, but continue to use MTU=1500; this 
definitely pooches VPNs.