From: Patrick McHardy <kaber@trash.net>
To: Marco Berizzi <pupilla@hotmail.com>
Cc: netdev@vger.kernel.org
Subject: Re: pmtu discovery on sa esp
Date: Wed, 13 Jun 2007 14:50:34 +0200 [thread overview]
Message-ID: <466FE81A.80907@trash.net> (raw)
In-Reply-To: <BAY103-DAV16399D5C4B8A85492D8738B2180@phx.gbl>
Marco Berizzi wrote:
> Patrick McHardy wrote:
>
>>We have some MTU opimiztations in 2.6.22-rc that might be related.
>>Please check with tcpdump what exactly is happening and whether
>>the 2.6.22-rc box is sending too large packets.
>
>
> I have done a tcpdump capture on the external
> interface but I don't see anything strange.
Try dumping on loopback as well.
> (I can send to you the capture if you want/need)
> I have noticed that the mtu on the aes tunnels
> now is equal to 1450 byte (with 2.6.21 it was
> 1428). Let me explain:
>
> linux 2.6.22-rc4 ->>-AES tunnel ->>- linux 2.6.21 mtu=1450
> linux 2.6.21 ->>-AES tunnel ->>- linux 2.6.22-rc4 mtu=1428
>
> Now as a collateral effects all the windoze boxes
> aren't able to exchange large packets: I must
> upgrade all ipsec gateway to 2.6.22-rc4 (or
> downgrade this box to 2.6.21 again). Hints?
The question is whether 1450 is correct. Could you send me the
output of "ip x s" (obfuscate keys if you want) and "ip x p"?
What is the MTU of the underlying device? Do the encapsulated
packets still fit?
BTW, are you just using pluto or the entire openswan patch?
next prev parent reply other threads:[~2007-06-13 12:53 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-12 12:17 pmtu discovery on sa esp Marco Berizzi
2007-06-12 12:34 ` Patrick McHardy
2007-06-13 12:45 ` Marco Berizzi
2007-06-13 12:50 ` Patrick McHardy [this message]
2007-06-13 13:09 ` Marco Berizzi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=466FE81A.80907@trash.net \
--to=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=pupilla@hotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).