IPSEC documentation

Brian Candler B.Candler at pobox.com
Fri Dec 30 04:11:56 PST 2005


On Thu, Dec 29, 2005 at 01:35:21PM +0100, VANHULLEBUS Yvan wrote:
> > As it happens this FreeBSD box is also acting as a NAT gateway using pf
> > (myhost is on a private IP) and actually its external IP is also private -
> > it sits behind a second NAT firewall. So maybe that's where the problem
> > originates, although I really can't understand where the value of 1380 comes
> > from.
> 
> 1500 - (pppoe encapsulation ?) - ESP header - L2TP encapsulation....

Yeah, but what I don't understand is that this value was chosen by a remote
webserver which is on the other side of the world, and knows nothing about
the L2TP/ESP encapsulation going on locally.

All it knows is that the client offered an MSS of 1360; for some reason it
offered back an MSS of 1380. Weird.


More information about the freebsd-net mailing list