[Vpn-help] MTU packet problems on Linux ...

Matthew Grooms mgrooms at shrew.net
Tue Dec 11 15:10:06 CST 2007


Rodrigo Ferroni wrote:
> 
> Matthew:
> 
> I try the vpn-client with the routefix and It works !!!
> Now the route is add correctly.
> The XP is a professional version 2002 with SP2.
> If you want i can send you the ike service log.
> thanks for your help to solve this route issues.
> 

Rodrigo,

Your other problem look like a classic MTU and fragmentation related 
issue. Have you looked into fragment handling on your debian box? I 
assume you are using iptables. It may be that there are extra rules or 
options required to handle this situation. I know its neccessary with pf 
or ipf. Please see the rather shabby blurb at the bottom of this link to 
the client documentation ...

http://www.shrew.net/vpn/help-2.0.3/files/%7BB2C7CFEE-88C6-408E-A080-869E51E5737F%7D.htm

If that doesn't help, Another thing to look into would be enabling MSS 
clamping. You may find this link useful although they is intended for a 
NetBSD audience.

http://www.netbsd.org/docs/network/ipsec/rasvpn.html#ike_frag
http://www.netbsd.org/docs/network/ipsec/rasvpn.html#more_frag

Here is another link that provides a similar work around for linux and 
iptables. The issues they describe are related to PPTP connections but 
the problem resolution should be the same.

http://www.linux.org/docs/ldp/howto/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.html

I will expand this section of the client user documentation before the 
2.1.0 release to make sure this issue is more clear.

Hope this helps,

-Matthew



More information about the vpn-help mailing list