Marco Berizzi <[EMAIL PROTECTED]> wrote: > > Pleiadi is also running another tunnel with an old linux > 2.4.28/KLIPS FreeS/WAN 2.05 an the MTU is 1444. May anyone > explain me why ipsec tunnels established with linux 2.6.16 > (linux 2.6<->linux2.6) have an MTU equal to 1428? And why > tunnels established with between linux 2.6.16 and other > stack (checkpoint & KLIPS from FreeS/WAN 2.05 for example) > have an MTU equal to 1444?
It's 1428 because you used AES which has a block size of 16. 1444 only works for block size 8. If you sent a 1444-byte packet on a block size of 16, its external size could be as large as 1528. The MTU on KLIPS should not be trusted at all since it is set arbitrarily rather than based on the external MTU. The checkpoint looks correct though since it presumably is using 3DES which has a block size of 8. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
