[ previous ] [ next ] [ threads ]
 From:  George Bourozikas <george at bourozikas dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IPsec will not forward fragmented packets / MTU issue
 Date:  Mon, 28 Mar 2005 14:38:00 -0500
Hi all,

I wrote a while back with my IPsec-related problems.  I have narrowed it down 
to this:

1)  my m0n0-to-m0n0 IPsec tunnel comes up when needed (I am running 1.11).  
All firewall rules allow fragmented packets.

2)  short packets (ping's, SSH negotiations) traverse the link fine

3)  Longer packets get dropped.  I have confirmed this with tcpdump.  When I 
change the client MTU to 1400 everything works fine, but I need a more 
systemic solution because I will not have access to all potential clients.

Does anyone have any suggestions?  Vincent Fleuranceau suggested to use 1.2b3 
and I did but the problem persisted so I returned to the stable version.

I have a feeling that I am overlooking something obvious and I would really 
appreciate any pointers for troubleshooting this.

Thank you in advance,

George Bourozikas