Beschorner Daniel wrote: >>>>Today a new site joined our Linux IPSec VPN, now all the >>> >>>other routers >>> >>>>(all 2.6.22) freeze hard reproducible. > > > The problem is more general und ugly than I thought. > > I took 2 arbitrary boxes, one behind an Ethernet (A, Kernel 2.6.21, MTU > 1500), one behind ADSL (B, 2.4.x, 1492). > Established a tunnel, copied a file from site A to B through the tunnel > and router A died in the same moment. > > Out of my feeling this worked fine some kernel releases earlier. > > As written in this thread before, I see an external need-to-frag-ICMP, > no tunnel need-to-frag will be thrown, box freezes. > > You should be able to reproduce it with any network path with a smaller > MTU?!?
I'm running IPsec in the same setup as you describe above without problems. I'm probably not seeing ICMP frag requireds on the wire though since I believe the entire path is >= 1492. Could you try to find out whether those are responsible? - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
