| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 15 Jul 2007 17:00:40 +0200 From: Patrick McHardy <kaber@...sh.net> To: Beschorner Daniel <Daniel.Beschorner@...ton.com> CC: netdev@...r.kernel.org Subject: Re: IPSec freeze Beschorner Daniel wrote: > Today a new site joined our Linux IPSec VPN, now all the other routers > (all 2.6.22) freeze hard reproducible. Do the other routers all do IPsec or just one of them? > No oops, no sysreq, only hard reset rewakes them. > > The only difference of the new site compared to the others: ADSL, thus a > MTU of 1492, the others have 1500. > Disabling IPSec und doing normal operations between the routers is fine, > PMTU is honored correctly. > If I set the MTU of the other routers to 1492 I can avoid the IPSec > crash. > > Some kind of strange need-to-frag-ICMP that causes such things? > Any ideas how to debug this? If you can't get any information from your boxes, a testcase that can be used to reproduce this would help. > Here a log of another death from inside the tunnel (last packet is again > the time of crash): > The Tunnel MTU of 1430 is correct for an outer MTU of 1500, but the > additional -8 doesn't take place?!? > > 05:17:18.563448 IP 192.168.200.1.80 > 192.168.203.1.3084: tcp 1460 > 05:17:18.563468 IP 192.168.200.254 > 192.168.200.1: ICMP 192.168.203.1 > unreachable - need to frag (mtu 1430), length 556 Does the router use a MTU of 1492 itself or is there another DSL router or something like that connected by ethernet? - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists