From: Valentijn Sessink <netdev1080549435@mail.v.sessink.nl>
To: Linux networking <netdev@oss.sgi.com>
Subject: IPsec 2.6 fragmentation issue(s)
Date: Mon, 29 Mar 2004 10:37:38 +0200 [thread overview]
Message-ID: <20040329083738.GA14167@openoffice.nl> (raw)
Hello list,
I'm having various problems with 2.6 native IPsec and fragmentation. Most
notably, the following - between host valentijn (2.6.1) and host21 there's a
Wifi IPsec tunnel:
valentijn:~# ping -s 1435 host21
PING host21.wireless.palmgracht.nl (10.15.67.21): 1435 data bytes
ping: sendto: Message too long
ping: wrote host21.wireless.palmgracht.nl 1443 chars, ret=-1
ping: sendto: Message too long
ping: wrote host21.wireless.palmgracht.nl 1443 chars, ret=-1
Resetting the MTU on the network interface helps:
valentijn:~# ifconfig eth1 mtu 1400
valentijn:~# ping -s 1417 host21
PING host21.wireless.palmgracht.nl (10.15.67.21): 1417 data bytes
1425 bytes from 10.15.67.21: icmp_seq=0 ttl=64 time=93.0 ms
1425 bytes from 10.15.67.21: icmp_seq=1 ttl=64 time=78.2 ms
Then, resetting it to 1500 again does this:
valentijn:~# ifconfig eth1 mtu 1500
valentijn:~# ping -s 1435 host21
PING host21.wireless.palmgracht.nl (10.15.67.21): 1435 data bytes
ping: sendto: Message too long
ping: wrote host21.wireless.palmgracht.nl 1443 chars, ret=-1
1443 bytes from 10.15.67.21: icmp_seq=1 ttl=64 time=89.0 ms
1443 bytes from 10.15.67.21: icmp_seq=2 ttl=64 time=79.9 ms
These MTU difficulties seem to propagate to a whole set of tunneling
difficulties, none of them clear enough to mention here, as my other side is
still a 2.4.24-with-IPsec backport.
Best regards,
Valentijn
--
http://www.openoffice.nl/ Open Office - Linux Office Solutions
Valentijn Sessink valentyn+sessink@nospam.openoffice.nl
reply other threads:[~2004-03-29 8:37 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040329083738.GA14167@openoffice.nl \
--to=netdev1080549435@mail.v.sessink.nl \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).