[OpenAFS] Linux OpenAFS, VPN, NAT (saga, advice, patch)
Derrick J Brashear
shadow@dementia.org
Thu, 20 Jun 2002 02:13:47 -0400 (EDT)
On Wed, 19 Jun 2002, Matt wrote:
> The solutions:
> 1. It turns out the server sync failure (mainly the
> VLServer) results from a well known problem with MTU
> sizes and packet fragmentation over FreeS/WAN (see
> their documentation for more on this). Their
> recommended solution -- reducing the MTU of the IPSec
> interface on the gateway -- appears to fix the
> problem, but actually causes a different one that's
> much harder to diagnose (their documentation hints
> that might happen). The solution I arrived at: reduce
> the MTU on the file server machine's ethernet adapter
> (I set mine to 1400). My reasoning is to long to
> include here -- suffice to say it works.
I "think" Rx fails to discover a path MTU blackhole, or rather, has no
mechanism to discover if the MTU is less than 1500. I don't remember, and
I don't have time to look right now.