ipsec vpn mtu problem
Matthew T. Lager
freebsd at trinetworks.com
Sun Nov 28 23:27:32 PST 2004
I had this exact same problem, I downgraded to 5.2.1 and it went away. Not
sure what the deal is... I thought it might be related to the GIANT lock
and MPSAFE being disabled, but I'm not positive...
Any ideas would be great!
Matt Lager
> I have a problem with a freebsd lan to lan IPSEC vpn. Specifically seems
> to be an mtu related problem.
>
> Previously I have set these up and they have run perfectly between
> freebsd firewalls acting as the vpn terminator.
>
> The latest site that I'm trying to connect to has a basic internet
> connection. Although it is a business ethernet connection, it's looking
> similar to a PPPoE link that I have at home!
>
> Anyway, in order to get a reliable internet connection, the MTU on the
> public interface had to be dropped to 1492. Once down, the internet
> worked a treat.
>
> Lan to lan VPN config was done with setkey and racoon, up and running
> very quickly.
>
> However when we try to move data across this link, it gets a bit done
> and then conks out.
>
>> scp rt-3.2.2.tar.gz root at 192.168.40.10:
> root at 192.168.40.10's password:
> rt-3.2.2.tar.gz 11% 144KB 36.7KB/s -
> stalled -
>
> All my other VPNs work perfectly however none of them required the MTU
> change. This is the first one that required an MTU change and the first
> one that doesn't seem to be able to handle anything more than a ping.
>
> One side is running 4.3-RELEASE-p28, the other is running 5.3-STABLE.
>
> The 5.3 box is the one that has the dodge internet link requiring the
> MTU change.
>
> Any thoughts would be much appreciated.
>
> ajt.
>
>
> --
> Andrew Thomson <andrewjt at applecomm.net>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list