ipsec tunnels & packet length issues
Lars Eggert
larse at ISI.EDU
Wed Oct 29 13:03:53 PST 2003
Eric Masson wrote:
>
> If i reduce lan interface mtu on "Host" to approximately 1450, the
> tunnel works fine, so it seems that "Tunnel Endpoint" can't process
> correctly packets with a size of 1500 bytes.
>
> If more information regarding this issue is needed, just ask.
> Is this a known issue ?
> Except playing with mtu, is there a fix ?
See the section on PMTU discovery in draft-touch-ipsec-vpn-06. If the
requirements of your setup allow is, IPIP gif tunnels together with
IPsec transport mode (as described in the ID) can address this issue.
Lars
--
Lars Eggert <larse at isi.edu> USC Information Sciences Institute
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3529 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20031029/5116fe00/smime.bin
More information about the freebsd-net
mailing list