Am Mon, 22 Aug 2005 15:24:40 +0200 Ivo Dijkhuis <[EMAIL PROTECTED]> schrieben Sie:
> Andre Ruppert wrote: > > Hello to the list... > > > > The problem: a long time running stable v3.4 OBSD VPN gateway > > running behind a (german) SDSL line was replaced with a gateway > > version 3.7(stable). > > > > Now I got ppp mtu problems and can't see why. > > Most config-files were just copied from v3.4, the ppp.conf file > > didn't change: > > > > ############################################# > > default: > > set log all -sync -physical -tcp/ip -DNS > > set redial 10 0 > > set reconnect 10 2000000000 > > set timeout 0 > > set device "!/usr/sbin/pppoe -vvvv -i xl0" > > set speed sync > > disable acfcomp protocomp ipv6cp > > deny acfcomp > > set ifaddr 10.0.0.1/0 10.0.0.2/0 > > enable mssfixup > > accept lqr > > > > connect: > > set authname "kjfvkjfdkjdfgkj" > > set authkey "jfhkfhfjhfvjkhfk" > > set mtu max 1416 > > set mru max 1416 > > add! default HISADDR > > ############################################## > > > > > > pppoe (v3.7) is still userland. > > Don't ask why mtu is 1416 - all traffic is sent through an l2tp > > tunnel too, so it's a "must". ;-) > > > > Both sides are running OBSD VPN gateways (ipsec/ISAKMPD). > > Remote gateway is always a v3.4 version. > > > > With v3.7 I got ppp log messages: > > tun0: Error: ip_Input: deflink: wrote 1452, got Message too long.... > > I don't use ppp, but I've seen similar MTU problems with IPsec > traffic. Using scrub on the enc in pf.conf did solve this problem. > > Maybe you can try something like : > > scrub in on tun0 all no-df max-mss 1416 > scrub out on tun0 all no-df max-mss 1416 > > > Regards, > > Ivo > Thanks f|r the hint, tried it yesterday - nope! ;-) Still the same error message... I will replace the v3.7-stable with a v3.6-stable and have a look. I'll post the results... Greetings Andre Ruppert