IPSec transport mode, mtu, fragmentation...
Andrey V. Elsukov
bu7cher at yandex.ru
Fri Jan 17 11:16:04 UTC 2020
On 16.01.2020 19:36, Andrey V. Elsukov wrote:
> For transport mode inner and outer headers will be the same.
> I guess the problem can be reproduced in the lab using the following config:
>
> [Host A] <--> [Router] <--> [Host B]
>
> IPsec should be configured between hosts A and B. Then you need to
> reduce MTU on the router. This should lead to ICMP NEEDFRAG messages
> from the router, and then host should correctly handle them.
I have tested this scenario, and it doesn't work. So, I will report back
when there will be some working solution.
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20200117/0a1c7433/attachment.sig>
More information about the freebsd-net
mailing list