I use a linux box as a firewall, with two internet access and classical split-access. Recently i've done some heavy changes (changed one line, upgraded to debian squeeze, revamped some scripts, ...) and then suddenly i've started to hit troubles: connection stalled, ... Some tshark listening lead to me to an MTU/fragmentation trouble, so i've discovered thta one of the connection does not fragment correctly and need a lesser MTU (1476, found using http://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_finding_optimal_mtu). But problem persist. After some fiddling, i've found that the same strange things happen on some openvpn tunnels that sits on the line that need a reduced MTU. After some more work, i've ended with a openvpn configuration like: tun-mtu 1476 fragment 1300 mssfix but still some connection, as IMAP/SSL stalls. I've tried also to comment this parameters and add an 'mtu-test' that lead me to: Apr 5 15:53:04 tank pasian[15897]: NOTE: Empirical MTU test completed [Tried,Actual] local->remote=[1540,1540] remote->local=[1540,1540] so seems to me that there's no pmtu/fragmentation troubles. Apart the kernel change (from lenny, 2.6.26, to squeeze, 2.6.32), the only modification was enabling ecn: net.ipv4.tcp_ecn = 1 net.ipv4.tcp_sack = 1 net.ipv4.tcp_dsack = 1 but i've enabled ecn on other similar firewall without trouble at all. Someone can help me to, at least, debug these troubles? Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/chi_siamo/5xmille.php (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
