Hello list, I'm having various problems with 2.6 IPsec and fragmentation. Most notably, the following - between host valentijn and host21 there's a Wifi IPsec tunnel: valentijn:~# ping -s 1435 host21 PING host21.wireless.palmgracht.nl (10.15.67.21): 1435 data bytes ping: sendto: Message too long ping: wrote host21.wireless.palmgracht.nl 1443 chars, ret=-1 ping: sendto: Message too long ping: wrote host21.wireless.palmgracht.nl 1443 chars, ret=-1 Resetting the MTU on the network interface helps: valentijn:~# ifconfig eth1 mtu 1400 valentijn:~# ping -s 1417 host21 PING host21.wireless.palmgracht.nl (10.15.67.21): 1417 data bytes 1425 bytes from 10.15.67.21: icmp_seq=0 ttl=64 time=93.0 ms 1425 bytes from 10.15.67.21: icmp_seq=1 ttl=64 time=78.2 ms Then, resetting it to 1500 again does this: valentijn:~# ifconfig eth1 mtu 1500 valentijn:~# ping -s 1435 host21 PING host21.wireless.palmgracht.nl (10.15.67.21): 1435 data bytes ping: sendto: Message too long ping: wrote host21.wireless.palmgracht.nl 1443 chars, ret=-1 1443 bytes from 10.15.67.21: icmp_seq=1 ttl=64 time=89.0 ms 1443 bytes from 10.15.67.21: icmp_seq=2 ttl=64 time=79.9 ms These MTU difficulties seem to propagate to a whole set of tunneling difficulties, none of them clear enough to mention here, as my other side is still a 2.4.24-with-IPsec backport. I'll try to set up a 2.6 machine there, too, and report findings. (If there's a better place to discuss 2.6 IPsec, please say so.) Best regards, Valentijn -- http://www.openoffice.nl/ Open Office - Linux Office Solutions Valentijn Sessink valentyn+sessink@nospam.openoffice.nl - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
