> >>>>Today a new site joined our Linux IPSec VPN, now all the > >>> > >>>other routers > >>> > >>>>(all 2.6.22) freeze hard reproducible. > > > > > > The problem is more general und ugly than I thought. > > > > I took 2 arbitrary boxes, one behind an Ethernet (A, Kernel > 2.6.21, MTU > > 1500), one behind ADSL (B, 2.4.x, 1492). > > Established a tunnel, copied a file from site A to B > through the tunnel > > and router A died in the same moment. > > > > Out of my feeling this worked fine some kernel releases earlier. > > > > As written in this thread before, I see an external > need-to-frag-ICMP, > > no tunnel need-to-frag will be thrown, box freezes. > > > > You should be able to reproduce it with any network path > with a smaller > > MTU?!? > > > I'm running IPsec in the same setup as you describe above without > problems. I'm probably not seeing ICMP frag requireds on the wire > though since I believe the entire path is >= 1492. > > Could you try to find out whether those are responsible? >
It's definitely the first large packet or corresponding ICMP that triggers the crash, slow packets don't harm. IPSec on pathes with a PMTU of 1500 works fine. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
