From: Ken Bantoft (ken_at_freeswan.ca)
Date: Fri Dec 13 2002 - 04:03:24 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 13 Dec 2002, steven.TSE wrote:
> Hi,
>
> I got a problem on transferring large file over IPsec VPN, its config as
> subnet-to-subnet with one tunnel (no gate-to-gate nor gate-to-net...). I
> have followed the FAQ about examining encrypted packet (Ref:
> http://www.sandelman.ottawa.on.ca/linux-ipsec/html/2000/12/msg00224.html ),
> it did have about 90% of packet lost on "ping -n -f -s 40000" and about 5%
> lost on "ping -n -f -s 2000".
>
> My network is simple like those examples:
>
> 192.168.100.0
> |
> gate1 (Freeswan 1.99 with kernel 2.4.19)
> ||
> VPN
> ||
> gate2 (Freeswan 1.99 with kernel 2.4.18)
> |
> 192.168.200.0
>
>
> The config file is also as simple as those examples, however, I added
> compression on both side and "overridemtu = 1500" as henry's article (Ref:
> http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/background.html#MTU
> .trouble ).
Try 1440 instead. Or use iptables to clamp the MaxSegSize. See my
posting here:
http://www.sandelman.ottawa.on.ca/linux-ipsec/html/2001/11/msg00436.html
- --
Ken Bantoft The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca http://www.freeswan.ca
PGP Key: finger ken_at_bantoft.org
"We can factor the number 15 with quantum computers. We
can also factor the number 15 with a dog trained to bark
three times." -- Robert Harley, 5/12/01, Sci.crypt
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBPflN/liWUusaxGxpAQFcygQAob15STgaQ9MSlQpJVsdGOPGseSTgL5QS
hSiN2xWd7QHIwfQq+Ga5yAKrMne+VsQ1kyB3OEu5ko3PcoPMm7PJe7i9aQ0DYm0D
mtKfyIhPB56Y4F69uyxkez7Qj5EYd2V/omHVUI8q5lxbY48ch/2OUdzZ1tZp0GTV
E4ehPAS1g1o=
=z1JN
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Dec 13 2002 - 05:21:18 CET