[KLUG Members] IPSEC VPN Problem
Bruce Smith
bruce at armintl.com
Sun Mar 6 13:38:21 EST 2005
> > > > Maybe the next time I feel masochistic, I'll try OpenSWAN... :-O
> > > I think I'd rather create a sendmail.cf by hand!
> > OK, after becoming sufficiently annoyed by the hangs in the VPN, I
> > started looking at the OpenSWAN documentation on how to create a simple
> > net-to-net VPN.
> > And after becoming sufficiently annoyed with the OpenSWAN documentation
> > and one thing that didn't seem to work the way I thought it should, I
> > switched my focus back to fixing OpenVPN. :-)
>
> Oh, bummer, no presentation in IP SEC then?
Not by me. Not in the foreseeable future anyway. :-(
Probably not even if I got it to work, since that would most likely be
nothing but trial & error (and/or luck).
> > To quote the man page: "MTU problems often manifest themselves as
> > connections which hang during periods of active usage. It's best to use
> > the --fragment and/or --mssfix options to deal with MTU sizing issues."
>
> Ah, I've set my fragment and mssfix much lower since a small MTU/MRU
> helps things like telnet & ssh from getting stomped down during a file
> transfer. I like a fragment size of 512 on OpenVPN and 296 on PPTP.
Yeah, I used to do that on dialup, but it doesn't seem to be that much
of a problem any longer with 3M broadband. :-)
> Maybe someone should to a QoS presentation?!
Sounds good, I'll be there for that one!
> I know Linux can do
> various QoS methods but I've only implemented QoS on Cisco (well, I did
> it on Nortel too, but like most things on Nortel routers it didn't
> actually work). Traffic prioritization over VPNs would be nice thing.
I haven't done hardly anything with QoS, other than a couple iptables
lines that I "borrowed" from someone else's config.
- BS
More information about the Members
mailing list