From: Patrick McHardy <kaber@trash.net>
To: Beschorner Daniel <Daniel.Beschorner@facton.com>
Cc: netdev@vger.kernel.org
Subject: Re: IPSec freeze
Date: Sun, 15 Jul 2007 17:00:40 +0200 [thread overview]
Message-ID: <469A3698.5020105@trash.net> (raw)
In-Reply-To: <3C59DB883F7B0B4D8096010D45ACCD13230225@exch.facton.local>
Beschorner Daniel wrote:
> Today a new site joined our Linux IPSec VPN, now all the other routers
> (all 2.6.22) freeze hard reproducible.
Do the other routers all do IPsec or just one of them?
> No oops, no sysreq, only hard reset rewakes them.
>
> The only difference of the new site compared to the others: ADSL, thus a
> MTU of 1492, the others have 1500.
> Disabling IPSec und doing normal operations between the routers is fine,
> PMTU is honored correctly.
> If I set the MTU of the other routers to 1492 I can avoid the IPSec
> crash.
>
> Some kind of strange need-to-frag-ICMP that causes such things?
> Any ideas how to debug this?
If you can't get any information from your boxes, a testcase that can
be used to reproduce this would help.
> Here a log of another death from inside the tunnel (last packet is again
> the time of crash):
> The Tunnel MTU of 1430 is correct for an outer MTU of 1500, but the
> additional -8 doesn't take place?!?
>
> 05:17:18.563448 IP 192.168.200.1.80 > 192.168.203.1.3084: tcp 1460
> 05:17:18.563468 IP 192.168.200.254 > 192.168.200.1: ICMP 192.168.203.1
> unreachable - need to frag (mtu 1430), length 556
Does the router use a MTU of 1492 itself or is there another DSL
router or something like that connected by ethernet?
next prev parent reply other threads:[~2007-07-15 15:01 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-15 6:29 IPSec freeze Beschorner Daniel
2007-07-15 15:00 ` Patrick McHardy [this message]
2007-07-16 8:27 ` Beschorner Daniel
2007-07-16 13:09 ` Beschorner Daniel
2007-07-16 13:17 ` Patrick McHardy
2007-07-16 13:26 ` Beschorner Daniel
2007-07-16 14:07 ` Patrick McHardy
2007-07-16 14:17 ` Beschorner Daniel
2007-07-16 14:58 ` Patrick McHardy
2007-07-16 14:59 ` Patrick McHardy
2007-07-16 15:18 ` Patrick McHardy
2007-07-16 15:36 ` Beschorner Daniel
2007-07-16 18:12 ` Patrick McHardy
2007-07-17 16:10 ` Patrick McHardy
2007-07-17 19:03 ` Beschorner Daniel
2007-07-17 21:45 ` Patrick McHardy
2007-07-18 12:21 ` pmtu discovery on SA Beschorner Daniel
2007-07-18 13:14 ` Patrick McHardy
2007-07-18 16:13 ` Beschorner Daniel
2007-07-18 16:27 ` Patrick McHardy
2007-07-18 16:56 ` Mika Penttilä
2007-07-18 18:27 ` Patrick McHardy
2007-07-18 18:39 ` Mika Penttilä
2007-07-18 18:41 ` Patrick McHardy
2007-07-18 18:47 ` Mika Penttilä
2007-07-19 15:51 ` Beschorner Daniel
2007-07-18 8:58 ` IPSec freeze David Miller
2007-07-18 8:58 ` David Miller
-- strict thread matches above, loose matches on Subject: below --
2007-07-16 16:49 Beschorner Daniel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=469A3698.5020105@trash.net \
--to=kaber@trash.net \
--cc=Daniel.Beschorner@facton.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.