l2tpd sets DF bit
|Reported by:||anonymous||Owned by:||nico|
l2tpd sets the DF bit on all the UDP packets it sends. This prevents interoperation with Cisco IOS when using l2tp over IPSEC, since the Cisco seems to reject packets with the DF bit set. See thread starting at http://lists.openswan.org/pipermail/users/2006-April/008961.html for full details.
However, setting the DF bit on L2TP packets is probably not a good idea in any case; L2TP has no path-MTU discovery mechanism, so any oversized packets would end up getting silently blackholed, instead of being fragmented and reassembled at the destination.
This can be fixed by turning off PMTU discovery at the socket level; patch attached.
Change History (3)
Changed 10 years ago by b.candler@…
comment:1 Changed 10 years ago by nico
- Keywords l2tp IPsec added
- Milestone set to 1.0-rc6
- Owner changed from developers to nico
- Status changed from new to assigned