ipsec tunnels & packet length issues
Eric Masson
e-masson at kisoft-services.com
Fri Oct 31 06:30:35 PST 2003
>>>>> "Lars" == Lars Eggert <larse at ISI.EDU> writes:
Hello Lars,
Lars> See the section on PMTU discovery in draft-touch-ipsec-vpn-06. If
Lars> the requirements of your setup allow is, IPIP gif tunnels
Lars> together with IPsec transport mode (as described in the ID) can
Lars> address this issue.
The kind of setup described in your draft should adress the issue, but
choice has been to use native ipsec tunnels (maybe this will change in
near future).
The only workaround I've found is to lower mtu on the fw1 dmz interface
to 1436 (thanks to M. Sierchio)
Hope your draft will be adopted.
Thanks a lot
Eric Masson
--
B > Ah ben bravo ! a quand l'html dans les entetes ?
CB> Hein ? tu lis pas l'iso-8859-1 dans le champ approved ??
Elle répond. Comment veux-tu qu'en plus elle ait le temps de lire ?
-+- SJ in <http://www.le-gnu.net> : Les joyeuses commères d'Usenet -+-
More information about the freebsd-net
mailing list