Modify

Opened 10 years ago

Closed 10 years ago

#471 closed defect (fixed)

l2tpd sets DF bit

Reported by: anonymous Owned by: nico
Priority: normal Milestone: 0.9/rc6
Component: packages Version:
Keywords: l2tp IPsec Cc:

Description

l2tpd sets the DF bit on all the UDP packets it sends. This prevents interoperation with Cisco IOS when using l2tp over IPSEC, since the Cisco seems to reject packets with the DF bit set. See thread starting at http://lists.openswan.org/pipermail/users/2006-April/008961.html for full details.

However, setting the DF bit on L2TP packets is probably not a good idea in any case; L2TP has no path-MTU discovery mechanism, so any oversized packets would end up getting silently blackholed, instead of being fragmented and reassembled at the destination.

This can be fixed by turning off PMTU discovery at the socket level; patch attached.

Attachments (1)

05-df-disable.patch (918 bytes) - added by b.candler@… 10 years ago.

Download all attachments as: .zip

Change History (3)

Changed 10 years ago by b.candler@…

comment:1 Changed 10 years ago by nico

  • Keywords l2tp IPsec added
  • Milestone set to 1.0-rc6
  • Owner changed from developers to nico
  • Status changed from new to assigned

comment:2 Changed 10 years ago by nico

  • Resolution set to fixed
  • Status changed from assigned to closed

The patch was added by changeset:3621 in both WhiteRussian and Kamikaze.

Thanks for your help !

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.