From: Andrew Longstreet (alongstr_at_bmts.com)
Date: Sun Jan 05 2003 - 21:31:56 CET
I tried reducing the size of the certs, no luck.
Success !! achieved by changing MTU to 1300 on all interfaces as per Ken
Bantoft's suggestion.
Also, anyone know how to make proxy_arp active automatically, instead of
having to enable it through echo 1 >/proc/sys/net/ipv4/conf/eth1/proxy_arp.
Thanks very much
Andrew
----- Original Message -----
From: "Andreas Steffen" <andreas.steffen_at_strongsec.net>
To: "Andrew Longstreet" <alongstr_at_bmts.com>
Cc: <users_at_lists.freeswan.org>
Sent: Saturday, January 04, 2003 2:31 PM
Subject: Re: [Users] discarding duplicate packet -- exhausted
retransmission; already STATE_MAIN_R3
> It could be that the linksys router cannot handle IP fragments.
> As a workarount try to reduce the size of the X.509 certificates
>
> Regards
>
> Andreas
>
> Andrew Longstreet wrote:
> > IPSec passthru is enabled on the linksys router.
> >
> > Also, a dump on eth0 of the FreeSWAN gate reveals messages like
> >
> >
> > 18:16:51.839471 xxx.xxx.xxx.xxx.isakmp > mygate.on.ca.isakmp: isakmp:
> > phase 1 ? ident[E]: [|id] (frag 14113:1376_at_0+)
> > 18:16:51.847372 xxx.xxx.xxx.xxx > mygate.on.ca: (frag 14113:348_at_1376)
> >
> >
> >
> >
> >
>
>
> --
> ======================================================================
> Andreas Steffen e-mail: andreas.steffen_at_strongsec.com
> strongSec GmbH phone: +41 76 340 25 56
> Alter Zürichweg 20 home: http://www.strongsec.com
> CH-8952 Schlieren (Switzerland)
> ==========================================[strong internet security]==
>
>
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Mon Jan 06 2003 - 05:21:12 CET