From owner-freebsd-questions@FreeBSD.ORG Mon Nov 29 07:27:32 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95C7F16A4CE for ; Mon, 29 Nov 2004 07:27:32 +0000 (GMT) Received: from sxm.trinetworks.com (sxm.trinetworks.com [64.73.235.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A82F43D1F for ; Mon, 29 Nov 2004 07:27:32 +0000 (GMT) (envelope-from freebsd@trinetworks.com) Received: from sxm.trinetworks.com (localhost.trinetworks.com [127.0.0.1]) by sxm.trinetworks.com (8.12.10/8.12.10) with ESMTP id iAT7Y8tb097461; Sun, 28 Nov 2004 23:34:08 -0800 (PST) (envelope-from freebsd@trinetworks.com) Received: (from nobody@localhost) by sxm.trinetworks.com (8.12.10/8.12.10/Submit) id iAT7Y6di097460; Sun, 28 Nov 2004 23:34:06 -0800 (PST) (envelope-from freebsd@trinetworks.com) X-Authentication-Warning: sxm.trinetworks.com: nobody set sender to freebsd@trinetworks.com using -f Received: from 24-25-209-32.san.rr.com ([24.25.209.32]) (SquirrelMail authenticated user freebsd); by mail.trinetworks.com with HTTP; Sun, 28 Nov 2004 23:34:06 -0800 (PST) Message-ID: <1147.24.25.209.32.1101713646.squirrel@24.25.209.32> In-Reply-To: <1101702298.38278.11.camel@itouch-1011.prv.au.itouchnet.net> References: <1101702298.38278.11.camel@itouch-1011.prv.au.itouchnet.net> Date: Sun, 28 Nov 2004 23:34:06 -0800 (PST) From: "Matthew T. Lager" To: "Andrew Thomson" User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal cc: freebsd-questions@freebsd.org Subject: Re: ipsec vpn mtu problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Nov 2004 07:27:32 -0000 I had this exact same problem, I downgraded to 5.2.1 and it went away. Not sure what the deal is... I thought it might be related to the GIANT lock and MPSAFE being disabled, but I'm not positive... Any ideas would be great! Matt Lager > I have a problem with a freebsd lan to lan IPSEC vpn. Specifically seems > to be an mtu related problem. > > Previously I have set these up and they have run perfectly between > freebsd firewalls acting as the vpn terminator. > > The latest site that I'm trying to connect to has a basic internet > connection. Although it is a business ethernet connection, it's looking > similar to a PPPoE link that I have at home! > > Anyway, in order to get a reliable internet connection, the MTU on the > public interface had to be dropped to 1492. Once down, the internet > worked a treat. > > Lan to lan VPN config was done with setkey and racoon, up and running > very quickly. > > However when we try to move data across this link, it gets a bit done > and then conks out. > >> scp rt-3.2.2.tar.gz root@192.168.40.10: > root@192.168.40.10's password: > rt-3.2.2.tar.gz 11% 144KB 36.7KB/s - > stalled - > > All my other VPNs work perfectly however none of them required the MTU > change. This is the first one that required an MTU change and the first > one that doesn't seem to be able to handle anything more than a ping. > > One side is running 4.3-RELEASE-p28, the other is running 5.3-STABLE. > > The 5.3 box is the one that has the dodge internet link requiring the > MTU change. > > Any thoughts would be much appreciated. > > ajt. > > > -- > Andrew Thomson > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >