Hi Alexey, Please get time to go through problem described below. Today I concered the problem. What I did is adding a netfilter rule # iptables -t mangle -I POSTROUTING -o gre1 -p tcp --syn -m tcpmss \ --mss 0x059C:0xFFFF -j TCPMSS --set-mss 0x059C Here gre1 is greC in the ASCII below and that is default gw of my Linux2 box. Also I'd like to highlight here greB and greC endpoint are on the same ethernet but their second endpoint are going to other machines. The setup I got finally working have following MTU settings. Also even if I set MSS to 1476 then even it does not work greA 1500, greB 1514, greC 1514, greD 1514, and all ehternet have MTU 1500; theese are one ehternet on Linux1/greA, second is linux2/greB-and-greC and third is Cisco/Ethernet. Is it some issue overlooked? Thanks for your time. --Sumit -----Original Message----- From: linux-net-owner@vger.kernel.org [mailto:linux-net-owner@vger.kernel.org]On Behalf Of Sumit Pandya Hi Again, After looking more closely on the problem I've seen that the packets which has size 0x05dc(1500) and DF bit set are not been passed between 2 gre end-point on the same system. Its really exciting to see output of tcpdump. http://203.88.135.194/public/greB-dump.txt http://203.88.135.194/public/greC-dump.txt Thanks for your suggession for this problem. -- Sumit > -----Original Message----- > From: linux-net-owner@vger.kernel.org > > Hi All, > I've 2 gre tunnels connectivity between 3 system > > Internal > ----linux1(greA)-----(greB)linux2(greC)------(greD)cisco-router --- > -Internet > > In this setup i cannot access few of sites. These sites > seems DF bit set. > Following is dump on gre tunnel(greA) on my linux1 box. Same data can be > seen on greB on linux2. If I replace linux2 with cisco router then > everything works fine. > Is it something to do with MTU or any other setting? > Strange point to me is > I can access that site from linux1(with lynx) only and only if I set greA > MTU to 1476(or lower)and greB MTU to 1500(or lower), but not from > any client > on my Internal network. I randomly tried with many different MTU settings > and its combinations. At GreD MTU is 1514, and its my ISP so i cannot have > anything to do there. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
