Re: xfrm: is pmtu broken with ESP tunneling?

On 02/13/2014 01:01 AM, Hannes Frederic Sowa wrote: Could you try either dropwatch or perf script net_dropmonitor and flood the network with the problematic packets. From the traces we could see where the packets get dropped without notification in the kernel. Not much to see, unfortunately.

Re: xfrm: is pmtu broken with ESP tunneling?

On 02/13/2014 01:01 AM, Hannes Frederic Sowa wrote: Could you try either dropwatch or perf script net_dropmonitor and flood the network with the problematic packets. From the traces we could see where the packets get dropped without notification in the kernel. Not much to see, unfortunately.

Re: xfrm: is pmtu broken with ESP tunneling?

On Tue, Feb 11, 2014 at 09:20:40PM +0100, Ortwin Glück wrote: > On 02/11/2014 03:32 AM, Hannes Frederic Sowa wrote: > >>net.ipv4.ip_no_pmtu_disc=1. > > > >This setting will shrink the path mtu to min_pmtu when a frag needed icmp > >is > >received. > > The UDP+ESP encapsulation adds 60 bytes to

Re: xfrm: is pmtu broken with ESP tunneling?

On Tue, Feb 11, 2014 at 09:20:40PM +0100, Ortwin Glück wrote: On 02/11/2014 03:32 AM, Hannes Frederic Sowa wrote: net.ipv4.ip_no_pmtu_disc=1. This setting will shrink the path mtu to min_pmtu when a frag needed icmp is received. The UDP+ESP encapsulation adds 60 bytes to the original

Re: xfrm: is pmtu broken with ESP tunneling?

On 02/11/2014 03:32 AM, Hannes Frederic Sowa wrote: net.ipv4.ip_no_pmtu_disc=1. This setting will shrink the path mtu to min_pmtu when a frag needed icmp is received. The UDP+ESP encapsulation adds 60 bytes to the original packet size. ifconfig wla0 shows an mtu of 1500. The size of the

Re: xfrm: is pmtu broken with ESP tunneling?

On 02/11/2014 03:32 AM, Hannes Frederic Sowa wrote: net.ipv4.ip_no_pmtu_disc=1. This setting will shrink the path mtu to min_pmtu when a frag needed icmp is received. The UDP+ESP encapsulation adds 60 bytes to the original packet size. ifconfig wla0 shows an mtu of 1500. The size of the

Re: xfrm: is pmtu broken with ESP tunneling?

Hi! On Mon, Feb 10, 2014 at 09:41:54AM +0100, Ortwin Glück wrote: > I am using Openswan to configure an IPSec VPN (using the xfrm/netkey > backend). Large HTTP POST requests from the client seem to get stuck, > because the outgoing packets are 1530 bytes (before being wrapped into > ESP

xfrm: is pmtu broken with ESP tunneling?

Hi, I am using Openswan to configure an IPSec VPN (using the xfrm/netkey backend). Large HTTP POST requests from the client seem to get stuck, because the outgoing packets are 1530 bytes (before being wrapped into ESP packets). The problem goes away by setting sysctl

xfrm: is pmtu broken with ESP tunneling?

Hi, I am using Openswan to configure an IPSec VPN (using the xfrm/netkey backend). Large HTTP POST requests from the client seem to get stuck, because the outgoing packets are 1530 bytes (before being wrapped into ESP packets). The problem goes away by setting sysctl

Re: xfrm: is pmtu broken with ESP tunneling?

Hi! On Mon, Feb 10, 2014 at 09:41:54AM +0100, Ortwin Glück wrote: I am using Openswan to configure an IPSec VPN (using the xfrm/netkey backend). Large HTTP POST requests from the client seem to get stuck, because the outgoing packets are 1530 bytes (before being wrapped into ESP packets).