Re: Certain size packets not passing through a L2 over L3 IPsec tunnel
On 2019-10-10, Russell Sutherland wrote: > I've set up a L2overL3 tunnel using the template as found in "man etherip". I > am running OpenBSD 5.9, which I believe is the first version to support the > etherip interface. > > I find the bridge/tunnel does not pass a small range of specific sized > packets. > > E.g. if 1.2.3.4 is at the far end of the tunnel and I am pinging from the > local end: > > ping -s 1388 1.2.3.4 works > ping -s 1396 1.2.3.4 works > > All other sizes, 1389 to 1395 inclusive fail. > > Is there some way to remedy this? If you have different MTUs each side (e.g. common if one end uses pppoe), or if there is a link between the two tunnel endpoints with restricted MTU (which you might not notice for TCP connections because it may rewrite the MSS value), then reduce MTU on the endpoints to the lowest common denominator.
Re: Certain size packets not passing through a L2 over L3 IPsec tunnel
Ok... I've updated both ends of the tunnel to OpenBSD 6.5 and the same problem exists when trying to pass packets of a certain size. Any ideas on how to fix or work around this issue? Thanks in advance. Russell P. Sutherland Email: russell . sutherland @ utoronto dawt ca Network Engineer, I+TS Voice: +1.416.978.0470 4 Bancroft Ave., Rm. 102 Cell: +1.416.803.0080 University of TorontoFax: +1.416.978.6620 Toronto, ON M5S 1C1 From: Russell Sutherland Sent: Thursday, October 10, 2019 16:25 To: misc@openbsd.org Subject: Certain size packets not passing through a L2 over L3 IPsec tunnel I've set up a L2overL3 tunnel using the template as found in "man etherip". I am running OpenBSD 5.9, which I believe is the first version to support the etherip interface. I find the bridge/tunnel does not pass a small range of specific sized packets. E.g. if 1.2.3.4 is at the far end of the tunnel and I am pinging from the local end: ping -s 1388 1.2.3.4 works ping -s 1396 1.2.3.4 works All other sizes, 1389 to 1395 inclusive fail. Is there some way to remedy this? Thanks in advance. Russell P. Sutherland Email: russell . sutherland @ utoronto dawt ca Network Engineer, I+TS Voice: +1.416.978.0470 4 Bancroft Ave., Rm. 102 Cell: +1.416.803.0080 University of TorontoFax: +1.416.978.6620 Toronto, ON M5S 1C1
Re: Certain size packets not passing through a L2 over L3 IPsec tunnel
On 10/10/19 4:25 PM, Russell Sutherland wrote: > I've set up a L2overL3 tunnel using the template as found in "man etherip". I > am running OpenBSD 5.9, which I believe is the first version to support the > etherip interface. > > I find the bridge/tunnel does not pass a small range of specific sized > packets. > > E.g. if 1.2.3.4 is at the far end of the tunnel and I am pinging from the > local end: > > ping -s 1388 1.2.3.4 works > ping -s 1396 1.2.3.4 works > > All other sizes, 1389 to 1395 inclusive fail. > > Is there some way to remedy this? Just a friendly advice here. I am almost sure you will not get an answer on this as 5.9 is pretty old and not supported anymore for a few years now. We are at 6.5 and may be one week or two max to the release at 6.6 I would try 6.6 first and see how it works for you. There have been a truck load of changes from the 5.9 Hope this help you some even if that doesn't answer your question. However the suggestion is very valid. Daniel
Certain size packets not passing through a L2 over L3 IPsec tunnel
I've set up a L2overL3 tunnel using the template as found in "man etherip". I am running OpenBSD 5.9, which I believe is the first version to support the etherip interface. I find the bridge/tunnel does not pass a small range of specific sized packets. E.g. if 1.2.3.4 is at the far end of the tunnel and I am pinging from the local end: ping -s 1388 1.2.3.4 works ping -s 1396 1.2.3.4 works All other sizes, 1389 to 1395 inclusive fail. Is there some way to remedy this? Thanks in advance. Russell P. Sutherland Email: russell . sutherland @ utoronto dawt ca Network Engineer, I+TS Voice: +1.416.978.0470 4 Bancroft Ave., Rm. 102 Cell: +1.416.803.0080 University of TorontoFax: +1.416.978.6620 Toronto, ON M5S 1C1