OpenBSD Journal

Ask undeadly: setting MTU on GRE tunnels?

Contributed by grey on from the helping out dept.

george asks:

I am trying to move about ~20 GRE tunnels from a cisco to an OpenBSD 3.5 box. The problem is that most of the endpoints (also cisco) run an old version of IOS which requires the MTU to be 1514, while the MTU on the greN interfaces is set by default to 1450. There seems that there is no way to set / change the MTU on OpenBSD greN iterfaces to another value.

Any advice on how to deal with this will be greately appreciated.

A bit of googling turns up some people reporting similar troubles when trying to accomplish a similar task. Do any of our readers have some more concrete answers for george?

(Comments are closed)


Comments
  1. By SH (82.182.103.172) on

    I got the following tip from a post on deadly.org :
    scrub on enc0 all no-df max-mss 1392
    
    This works fine for IPSec that I use on wireless at home, but I don't know if this can be applied to your situation. /SH

    Comments
    1. By Wu (80.28.27.243) wu@e-shell.org on http://www.e-shell.org

      Ok, totally off-topic, but... I'm trying to secure my home WLAN with IPSec too, you know, quite simple, one OpenBSD gw and some boxes running Linux and FreeBSD. I have read the hole man pages for vpn, ipsec, isakpmd, isakmpd.conf... and some docs i have find through some google searchs. I'm in the isakmpd.conf state right now, it is quite difficult to me, so, could you send me some examples or docs or anyhing you have followed to set up your environment? Thnx guy.

      Comments
      1. Comments
        1. By Wu (80.28.27.243) wu@e-shell.org on http://www.e-shell.org

          o god! thnx, this site has enough info to get me busy all weekend!

      2. By SH (82.182.103.172) on

        I posted my IPSec setup at home on freebsdforums.org. This is based on bits and pieces I've found here and there on the Internett, as well as on deadly.org.

        Both gateway and the (single) client is running OpenBSD.

        /SH

  2. By Gimlet (66.138.145.123) on

    From /usr/src/sys/net/if_gre.c:
    #define GREMTU 1450     /* XXX this is below the standard MTU of
                             1500 Bytes, allowing for headers,
                             but we should possibly do path mtu discovery
                             before changing if state to up to find the
                             correct value */
    
    Perhaps you can change this to match your Cisco's settings, and recompile?

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]