I have done a little test to try to understand how ipsec and
mtu play together.
Here is my simple network schema:
net 172.16.0.0--|2.6.16 box|--internet--|2.4-KLIPS|--net 172.25.5.0
+-----------ipsec tunnel----------+
When I run 'ping 172.25.5.30 -M do -s 1472 -c 3' from a
172.16.0.0 host I got this result:
PING 172.25.5.30 (172.25.5.30) 1472(1500) bytes of data.
From 172.16.1.1 icmp_seq=1 Frag needed and DF set (mtu = 1428)
ping: local error: Message too long, mtu=1428
ping: local error: Message too long, mtu=1428
If I run 'ping 172.16.1.52 -M do -s 1472' from a 172.25.5.0
host I got this result:
PING 172.16.1.52 (172.16.1.52) 1472(1500) bytes of data.
1480 bytes from 172.16.1.52: icmp_seq=1 ttl=62 time=74.1 ms
1480 bytes from 172.16.1.52: icmp_seq=2 ttl=62 time=69.5 ms
1480 bytes from 172.16.1.52: icmp_seq=3 ttl=62 time=48.0 ms
Is this a normal behaviour?
"2.6.16 box" ipsec gateway is running linux vanilla 2.6.16
with Openswan 2.4.5rc5 and "2.4-KLIPS" ipsec gateway is
running linux 2.4.30+klips patch with openswan 2.3.1
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
