forgot to cc netfilter-devel :( -----Forwarded Message-----
From: Martin Josefsson <[EMAIL PROTECTED]> To: Felix Farkas <[EMAIL PROTECTED]> Subject: Re: IPSec ALG Date: 22 May 2002 15:55:10 +0200 On Wed, 2002-05-22 at 15:40, Felix Farkas wrote: > The problem is that the first data packet coming from the server gets lost > at R1 which sends an ICMP packet back to the TCP server which is > closing the data connection. The ICMP packet is a "Destination > unreachable; Fragmentation needed" packet. > > Since the packet is send form the IPSEC module I quess that the error > might be there. > > I'm still digging. I havn't really followed this thread but to me this seems like a MTU problem with the ipsec tunnel and that the ftpserver sends large tcp packets with the DF bit set (I know glftpd can do this). You can probably find more about MTU problems in the freeswan mailinglists. If everything else fails you can probably use the TCPMSS target with the --clamp-mss-to-pmtu option. -- /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. -- /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience.
