IPSec transport mode, mtu, fragmentation...
Eugene Grosbein
eugen at grosbein.net
Thu Jan 16 14:25:19 UTC 2020
16.01.2020 20:39, Andrey V. Elsukov wrote:
> I prepared the PoC patch that should fix the problem with TCP and
> transport mode IPsec. But I have not free time currently to properly
> test and debug it. It is only compile-tested. But If you want, you can
> try :)
> Currently only IPv4 support is implemented.
>
> https://people.freebsd.org/~ae/ipsec_transport_mode_ctlinput.diff
In fact, I've faced this problem long time ago too and I work around it with different approaches
like "ipfw tcp-setmss" (MSS adjust) or by using IPSec transport mode
with gif(4) interface removing DF bit out of encapsulated packets.
I was going to test your patch with my home router but the patch does not apply to stable/11, at all.
Do you have time to adjust it to stable/11 ?
More information about the freebsd-net
mailing list