From: Patrick McHardy <kaber@trash.net>
To: Beschorner Daniel <Daniel.Beschorner@facton.com>
Cc: netdev@vger.kernel.org
Subject: Re: IPSec freeze
Date: Mon, 16 Jul 2007 15:17:53 +0200 [thread overview]
Message-ID: <469B7001.3090604@trash.net> (raw)
In-Reply-To: <3C59DB883F7B0B4D8096010D45ACCD1323023A@exch.facton.local>
Beschorner Daniel wrote:
>>>>Today a new site joined our Linux IPSec VPN, now all the
>>>
>>>other routers
>>>
>>>>(all 2.6.22) freeze hard reproducible.
>
>
> The problem is more general und ugly than I thought.
>
> I took 2 arbitrary boxes, one behind an Ethernet (A, Kernel 2.6.21, MTU
> 1500), one behind ADSL (B, 2.4.x, 1492).
> Established a tunnel, copied a file from site A to B through the tunnel
> and router A died in the same moment.
>
> Out of my feeling this worked fine some kernel releases earlier.
>
> As written in this thread before, I see an external need-to-frag-ICMP,
> no tunnel need-to-frag will be thrown, box freezes.
>
> You should be able to reproduce it with any network path with a smaller
> MTU?!?
I'm running IPsec in the same setup as you describe above without
problems. I'm probably not seeing ICMP frag requireds on the wire
though since I believe the entire path is >= 1492.
Could you try to find out whether those are responsible?
next prev parent reply other threads:[~2007-07-16 13:19 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-15 6:29 IPSec freeze Beschorner Daniel
2007-07-15 15:00 ` Patrick McHardy
2007-07-16 8:27 ` Beschorner Daniel
2007-07-16 13:09 ` Beschorner Daniel
2007-07-16 13:17 ` Patrick McHardy [this message]
2007-07-16 13:26 ` Beschorner Daniel
2007-07-16 14:07 ` Patrick McHardy
2007-07-16 14:17 ` Beschorner Daniel
2007-07-16 14:58 ` Patrick McHardy
2007-07-16 14:59 ` Patrick McHardy
2007-07-16 15:18 ` Patrick McHardy
2007-07-16 15:36 ` Beschorner Daniel
2007-07-16 18:12 ` Patrick McHardy
2007-07-17 16:10 ` Patrick McHardy
2007-07-17 19:03 ` Beschorner Daniel
2007-07-17 21:45 ` Patrick McHardy
2007-07-18 12:21 ` pmtu discovery on SA Beschorner Daniel
2007-07-18 13:14 ` Patrick McHardy
2007-07-18 16:13 ` Beschorner Daniel
2007-07-18 16:27 ` Patrick McHardy
2007-07-18 16:56 ` Mika Penttilä
2007-07-18 18:27 ` Patrick McHardy
2007-07-18 18:39 ` Mika Penttilä
2007-07-18 18:41 ` Patrick McHardy
2007-07-18 18:47 ` Mika Penttilä
2007-07-19 15:51 ` Beschorner Daniel
2007-07-18 8:58 ` IPSec freeze David Miller
2007-07-18 8:58 ` David Miller
-- strict thread matches above, loose matches on Subject: below --
2007-07-16 16:49 Beschorner Daniel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=469B7001.3090604@trash.net \
--to=kaber@trash.net \
--cc=Daniel.Beschorner@facton.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.