[strongSwan] Strongswan IPv6 and MTU\MSS
Eric_C_Johnson at Dell.com
Eric_C_Johnson at Dell.com
Thu Feb 9 14:17:50 CET 2012
Hi.
I've run into an issue where I cannot negotiate jumbo frames consistently for iSCSI connections over an IPv6 based IPSec tunnel. The unusual part is if I logout and login my iSCSI connections repeatedly jumbo frames will eventually get negotiated. If I disable IPSec, the iSCSI connections negotiate jumbo frames 100% of the time. It does not matter if I use IKEv1\IKEv2 or PSK\certs. The problem is consistently reproducible if I use IPv6. Additionally I do not see this problem for iSCSI connections over an IPv4 based IPSec tunnel (using IKEv1\IKEv2 or PSK\certs).
I took a trace of the negotiation problem and after decrypting the ESP packets it appears the Strongswan host is sending an MSS of 1220 bytes when standard frames are negotiated and an MSS of 8940 bytes when jumbo frames are negotiated. I've verified via ifconfig that the MTU of my interface is '9000'. Outside of Strongswan IPSec with IPv6 I do not see this problem.
Is this a known issue? If so, does anybody know if there is a workaround?
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120209/8aaae8db/attachment.html>
More information about the Users
mailing list