On Sun, 18 Feb 2001, Myles Uyema wrote: > CIPE between two Linux systems on the Internet has been established. > Now I want to route all tcp traffic between the two linux systems over > the CIPE tunnel, so I've set up fwmark and iproute2 policies. > > However, the TCPMSS rule only applies to SYN packets. I'm able to > set the TCPMSS to 1400 for client TCP connections, but on the server, > the kernel message "sending pkt_too_big to self" repeatedly gets > logged, and tcp connections constantly get hung. > > CIPE address Internet IP > 192.168.250.33 209.249.19.46 linux-dsl > 192.168.250.34 65.0.152.158 athome > > Commands run on "athome" (relevant sections reversed on "linux-dsl") > echo 201 cipe0.vpn >> /etc/iproute2/rt_tables > > iptables -t mangle -A OUTPUT -p tcp --syn -j TCPMSS --set-mss 1460 > iptables -t mangle -A OUTPUT -p tcp -d 209.249.19.46 -j MARK --set-mark 1 > > ip rule add fwmark 1 table cipe0.vpn > ip route add default via 192.168.250.33 dev cipcb0 table cipe0.vpn ip route add default via 192.168.250.33 dev cipcb0 mtu 1435 \ table cipe0.vpn Back in .5 I found if I used the "mtu" flag in the routes for the cipe interfaces everything was much happier. Especially if you deal with OS'es (SCO especially) that try to insist on mtu 1500. [snip] > Notice how 209.249.19.46 responds with a 1460 TCPMSS. This is too large > when being tunneled through cipcb0, and the fwmark+iproute2 policy > doesn't take this into account. > > Can anyone volunteer some suggestions? http://www.policyrouting.org has links to the docs for iproute2 etc. -------------------------------------------------- Matthew G. Marsh, President Paktronix Systems LLC 1506 North 59th Street Omaha NE 68104 Phone: (402) 932-7250 x101 Email: mgm@paktronix.com WWW: http://www.paktronix.com -------------------------------------------------- - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
