[Swan] vti01 MTU not honored
Paul Wouters
paul at nohats.ca
Wed Feb 28 03:03:09 UTC 2018
On Tue, 27 Feb 2018, Xinwei Hong wrote:
> I have a route-based vpn setting between racoon and libreswan. The racoon side has MTU=1476, and libreswan has MTU=1332. When I ping
> with DF flag and pktsize larger than 1332 from libreswan side, pkt would be dropped as expected. However, from racoon side, ping with
> DF flag and pktsize=1400 could still reach host on libreswan side. Any idea why the vti01 does not drop the big pkt when DF is set?
I'm not an expert on the kernel VTI implementation, other then knowing
it is being completely rewritten....
The VTI device MTU differs from kernel version to kernel version. I'm
not sure why. libreswan doesn't change the MTU. I assume raccoon does
not either? (Does it even support vti, or are you doing this manually?)
In 3.23 we added support for nopmtudisc=yes|no (default no) which could
maybe be used to change some of this behaviour?
Paul
More information about the Swan
mailing list