[strongSwan] MTU / fragmentation
kgardenia42
kgardenia42 at googlemail.com
Thu Feb 21 15:33:51 CET 2013
Hi,
I have a recurring problem whereby when connected to strongswan 5.0.2
in AWS (same client version) I can't do:
curl http://www.2600.com
It just stalls/blocks on the client side and never returns. I'm not
sure what it is about that site. Generally all other sites work fine.
I have seen the same thing on multiple installs.
When I tcpdump on the server side I can see lots of spinning packets
that look like this:
14:29:03.782376 IP <aws hostname > 207.99.30.226: ICMP <aws hostname>
unreachable - need to frag (mtu 1422), length 556
When I set the MTU on my (Ubuntu) client machine down from 1500 to
1400 this goes away.
It isn't an option to tell users to change MTU on their client
machines. Is there some configuration setting I need to use here to
avoid this? either within or external to strongswan.
Thanks,
More information about the Users
mailing list