[Users] MTU problem with FreeSWAN tunnels

From: by way of Oleksandr Darchuk (o.darchuk_at_wucb.lviv.net)
Date: Wed Oct 02 2002 - 16:41:29 CEST

• Next message: PRINCE Jean-Francois: "[Users] problem freeswan and win2k"
• Previous message: Martin HЖfling: "[Users] Dynamic IP to Dynamic IP"
• Next in thread: Sam Sgro: "Re: [Users] MTU problem with FreeSWAN tunnels"
• Reply: Sam Sgro: "Re: [Users] MTU problem with FreeSWAN tunnels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello.
I have a VPN builded with FreeSWAN base on the providers network. Yesterday
my provider change MTU on his hosts. It uses FreeBSD and changed MTU for PPP
from 1500 to 296. After that my ipsec connection had dead. In /var/log/secure
I have this error:
ERROR: asynchronous network error report on eth1 for message to 1<my ip> port
500, complainant <provider IP>: Message too long [errno 90, origin ICMP type
3 code 4 (not authenticated)].
Problem was fixed when MTU became 1500.
So, a few questions about it:
1) Is it possible to configure FreeSWAN to avoid this error
2) If there are limited MTU for IPSEC, how much is it?
3) If is it possible -- a few comment about "inside" of this siituation (why
does low MTU work correct with other protocols (include ssh) and does'nt work
with FreeSWAN).
 Thanx a lot. And sorry for pure English.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: PRINCE Jean-Francois: "[Users] problem freeswan and win2k"
• Previous message: Martin HЖfling: "[Users] Dynamic IP to Dynamic IP"
• Next in thread: Sam Sgro: "Re: [Users] MTU problem with FreeSWAN tunnels"
• Reply: Sam Sgro: "Re: [Users] MTU problem with FreeSWAN tunnels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Oct 04 2002 - 05:20:19 CEST