|
> With the tunnel in place, can you initiate an outbound SSH connection
> from the realserver to the client machine? Are you absolutely sure that
> the path this will follow the same route as the data from the realserver
> under normal conditions?
>
> I have a sneaking feeling that the realserver is sending packets of 1460
> bytes (ethernet MTU less L2 framing) but the "secondary" director, ie.
> the tunnel endpoint at the realserver's end, is dropping them because
> they don't fit inside the tunnel.
I do a scp both times only from the client to the server:
client:# scp file root@IPVSADM-address:/tmp/
This works. The client sends the first packets with a mtu which doesn´t fit
into the tunnel and recieves ICMP UNREACHABLE Need to fragment.
client:# scp root@IPVSADM-address:/tmp/file .
This doesn´t work. The Realserver tries to send packets which doesn´t fit into
the tunnel but DOES NOT receive any ICMP packet.
I tried setting sysctl nat_icmp_send to 1 but that doesn´t change the behaviour
at all.
There was only one attempt which worked (the realserver got an ICMP UNREACHABLE
NEED TO FRAG) but unfortunately I can´t reproduce it.
So the realserver is never going to realise that it´s packets are too big.
I think, that´s the gist of the matter.
Any ideas?
Thanks in advance.
Have a nice weekend.
cheers
Marco
|
