Path MTU discovery broken in IPSec
Khetan Gajjar
khetan at os.org.za
Mon Oct 30 13:23:51 UTC 2006
Hi George.
Around Today, "gnn at freebsd.org" wrote :
> I'm confused as to why you attribute this to PMTU discovery. Do you
> see ICMP errors indicating that? Have you run traceroutes in both
> directions from each host?
Thanks for your response. I have tried aliased IP's on the machines
which are not IPSec encrypted, which seem to allow the traffic to
flow without stalling. It appears to be only IPSec traffic that
fails. I don't see ICMP errors on either host when using the IPSec
tunnels.
There are no firewall rules that are specific to the IPSec tunnels.
This, combined with the fact that small data transfer sessions
across the IPSec tunnels work but small ones don't lead me to believe
this could be a PMTU issue within the IPSec tunnel.
Khetan Gajjar.
--
khetan at os.org.za
+27 82 885 4047
More information about the freebsd-net
mailing list