gurutech
12-11-2004, 10:01
ciao,
ho una VPN dove occasionalmente non riesco a trasferire file grossi.
l'altro giorno ho beccato questo con tcpdump
16:39:29.137003 172.25.51.3 > nomehost.nomedominio.it: icmp: nomeserver.nomedominio.it unreachable - need to frag (mtu 1443) [tos 0xc0]
consigli?
----------------------
la VPN č fatta cosė:
con freeswan ho effettuato un collegamento punto-punto (type=transport) tra due macchine linux, e su di questo ci ho messo un tunnel gre per collegare le due reti
queste sono le interfacce di rete
eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx
inet addr:172.25.xx.xx Bcast:172.25.51.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4238458 errors:383 dropped:0 overruns:0 frame:0
TX packets:4898542 errors:2 dropped:0 overruns:0 carrier:4
collisions:198767 txqueuelen:1000
RX bytes:1104488730 (1.0 GiB) TX bytes:3953724537 (3.6 GiB)
Interrupt:16 Base address:0x4000
ipsec0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx
inet addr:82.xx.xx.xx Mask:255.255.255.248
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:7666270 errors:0 dropped:1518 overruns:0 frame:0
TX packets:3869039 errors:0 dropped:5 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:1212778800 (1.1 GiB) TX bytes:1043872462 (995.5 MiB)
netmi Link encap:UNSPEC HWaddr xx-xx-xx-xx-xx-xx-xx-xx
inet addr:10.0.1.1 P-t-P:10.0.2.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MTU:1443 Metric:1
RX packets:7599863 errors:0 dropped:0 overruns:0 frame:0
TX packets:3803675 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1027391807 (979.7 MiB) TX bytes:1042109941 (993.8 MiB)
e il tunnel gre lo stabilisco cosė
ip tunnel add $IFTUN mode gre remote $REMOTEVPN local $LOCALVPN dev ipsec0 pmtudisc
ip link set $IFTUN mtu 1443 up
ip addr add $LOCALTUN dev $IFTUN peer $REMOTETUN
ip route add $NET1 dev $IFTUN src $SRC1
ip route add $NET2 dev $IFTUN src $SRC2
/etc/init.d/zebra start
ho una VPN dove occasionalmente non riesco a trasferire file grossi.
l'altro giorno ho beccato questo con tcpdump
16:39:29.137003 172.25.51.3 > nomehost.nomedominio.it: icmp: nomeserver.nomedominio.it unreachable - need to frag (mtu 1443) [tos 0xc0]
consigli?
----------------------
la VPN č fatta cosė:
con freeswan ho effettuato un collegamento punto-punto (type=transport) tra due macchine linux, e su di questo ci ho messo un tunnel gre per collegare le due reti
queste sono le interfacce di rete
eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx
inet addr:172.25.xx.xx Bcast:172.25.51.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4238458 errors:383 dropped:0 overruns:0 frame:0
TX packets:4898542 errors:2 dropped:0 overruns:0 carrier:4
collisions:198767 txqueuelen:1000
RX bytes:1104488730 (1.0 GiB) TX bytes:3953724537 (3.6 GiB)
Interrupt:16 Base address:0x4000
ipsec0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx
inet addr:82.xx.xx.xx Mask:255.255.255.248
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:7666270 errors:0 dropped:1518 overruns:0 frame:0
TX packets:3869039 errors:0 dropped:5 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:1212778800 (1.1 GiB) TX bytes:1043872462 (995.5 MiB)
netmi Link encap:UNSPEC HWaddr xx-xx-xx-xx-xx-xx-xx-xx
inet addr:10.0.1.1 P-t-P:10.0.2.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MTU:1443 Metric:1
RX packets:7599863 errors:0 dropped:0 overruns:0 frame:0
TX packets:3803675 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1027391807 (979.7 MiB) TX bytes:1042109941 (993.8 MiB)
e il tunnel gre lo stabilisco cosė
ip tunnel add $IFTUN mode gre remote $REMOTEVPN local $LOCALVPN dev ipsec0 pmtudisc
ip link set $IFTUN mtu 1443 up
ip addr add $LOCALTUN dev $IFTUN peer $REMOTETUN
ip route add $NET1 dev $IFTUN src $SRC1
ip route add $NET2 dev $IFTUN src $SRC2
/etc/init.d/zebra start