From: Joe Philipps (freeswan4joe_at_philippsfamily.org)
Date: Thu Dec 19 2002 - 03:42:23 CET
On Thu, Dec 19, 2002 at 01:10:26AM +0100, Thomas Otto wrote:
>hello list!
Howdy.
>data on the rw is arriving (tcpdump):
>
>01:07:23.428294 192.168.2.5.500 > 195.243.217.210.500: isakmp: phase 1 I
>ident: [|sa] (DF)
>01:07:23.499648 195.243.217.210.500 > 192.168.2.5.500: isakmp: phase 1 R
>ident: [|sa]
>01:07:23.507296 192.168.2.5.500 > 195.243.217.210.500: isakmp: phase 1 I
>ident: [|ke] (DF)
>01:07:23.714708 195.243.217.210.500 > 192.168.2.5.500: isakmp: phase 1 R
>ident: [|ke]
>01:07:23.770796 192.168.2.5.500 > 195.243.217.210.500: isakmp: phase 1 I
>ident[E]: [|id] (frag 33856:1480_at_0+)
>01:07:23.770812 192.168.2.5 > 195.243.217.210: (frag 33856:68_at_1480)
>01:07:24.265751 195.243.217.210.500 > 192.168.2.5.500: isakmp: phase 1 R
>ident[E]: [|id] (frag 59532:744_at_0+)
Fragmentation is rarely a Good Thing(tm) when it comes to IPSec. The
only thing I can think of is to adjust MTUs. ADSL is not always but
typically PPPoE. This chops down an unfragmented MTU to at most
1492. Sometimes a figure of even less is needed, like 1460.
>can someone tell me whats wrong?
I can't say for sure if that's what's wrong, but that's my best
guess. I hope that's helpful.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Dec 20 2002 - 05:21:09 CET