On 10/15/10 3:35 AM, Jörg Kurlbaum wrote: > > Since we switched to a shorewall setup the performance on the tunnels has > dropped massively.
Switched from what?
> We believe, we have some mistake in the NAT setup.
> ("shorewall dump" output attached, but we replaced the IP-addresses)
>
I'm more inclined to suspect an MSS issue.
> fw:/etc/shorewall# cat zones
> #ZONE TYPE OPTIONS IN OUT
> # OPTIONS OPTIONS
> fw firewall
> net ipv4
> loc ipv4
> vpn ipsec mode=tunnel mss=1400
>
You are only clamping the MSS in one direction. Try moving that setting
to the OPTIONS column.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
