Date: Sun, 28 Nov 2004 23:34:06 -0800 (PST) From: "Matthew T. Lager" <freebsd@trinetworks.com> To: "Andrew Thomson" <andrewjt@applecomm.net> Cc: freebsd-questions@freebsd.org Subject: Re: ipsec vpn mtu problem Message-ID: <1147.24.25.209.32.1101713646.squirrel@24.25.209.32> In-Reply-To: <1101702298.38278.11.camel@itouch-1011.prv.au.itouchnet.net> References: <1101702298.38278.11.camel@itouch-1011.prv.au.itouchnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I had this exact same problem, I downgraded to 5.2.1 and it went away. Not sure what the deal is... I thought it might be related to the GIANT lock and MPSAFE being disabled, but I'm not positive... Any ideas would be great! Matt Lager > I have a problem with a freebsd lan to lan IPSEC vpn. Specifically seems > to be an mtu related problem. > > Previously I have set these up and they have run perfectly between > freebsd firewalls acting as the vpn terminator. > > The latest site that I'm trying to connect to has a basic internet > connection. Although it is a business ethernet connection, it's looking > similar to a PPPoE link that I have at home! > > Anyway, in order to get a reliable internet connection, the MTU on the > public interface had to be dropped to 1492. Once down, the internet > worked a treat. > > Lan to lan VPN config was done with setkey and racoon, up and running > very quickly. > > However when we try to move data across this link, it gets a bit done > and then conks out. > >> scp rt-3.2.2.tar.gz root@192.168.40.10: > root@192.168.40.10's password: > rt-3.2.2.tar.gz 11% 144KB 36.7KB/s - > stalled - > > All my other VPNs work perfectly however none of them required the MTU > change. This is the first one that required an MTU change and the first > one that doesn't seem to be able to handle anything more than a ping. > > One side is running 4.3-RELEASE-p28, the other is running 5.3-STABLE. > > The 5.3 box is the one that has the dodge internet link requiring the > MTU change. > > Any thoughts would be much appreciated. > > ajt. > > > -- > Andrew Thomson <andrewjt@applecomm.net> > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1147.24.25.209.32.1101713646.squirrel>