I am looking for a way to modify the MTU on the virtual tunnel interface.
It seemed like there was a depricated setting 'overridemtu' that could be
configured in ipsec.conf. However, when I configure:
conn home
left=192.168.1.30
leftsourceip=%config
eap_identity=xxxxxxx
leftid=xxxxxxx
leftauth=eap
leftfirewall=yes
right=192.168.1.2
rightid=192.168.1.2
rightsubnet=172.16.90.0/24
auto=add
ike=3des-sha1-md5-modp1024
overridemtu=1300
I get the following:
r...@shuttle2:/usr/local/etc# ipsec start
Starting strongSwan 4.3.5 IPsec [starter]...
charon is already running (/var/run/charon.pid exists) -- skipping charon
start
# unsupported keyword 'overridemtu' in conn 'home'
### 1 parsing error (0 fatal) ###
What is the proper way to set tunnel MTU?
I am needing to reduce tunnel MTU sizes, in order to prevent ESP/UDP
fragmentation (due to exceeding the ethernet interface MTU). Re-assymbly of
large amounts of ESP/UDP packets is burdening my gateway network processors.
Help is greatly appreciated.
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
