On 10/15/10 4:35 PM, Jörg Kurlbaum wrote: > > No, normal performance from subnet to subnet, when turning of SNAT, which > is not possible on the production tunnels, but only on my test connection. > >>> Any more ideas? Are there other pitfalls with IPSec and Shorewall? >> >> I can recall no case where IPSEC performance issues were not resolved by >> MSS clamping. Anyone else? > > Maybe i'm not getting the full idea of MSS clamping. Can you see > misconfigured MSS, for example with tcpdump? I will re-read the > documentation on mss option in shorewall. > > > Sorry for the misunderstandings, it's a bit difficult for me to explain > this complicated scenario in my non-native language. > > I very much appreciate your help, really, since i'm a bit lost.
Since you have a test configuration, please show us the configuration that works and the one that doesn't (config files and 'shorewall dump'). And please don't alter the dump output. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
