IPSec transport mode, mtu, fragmentation...

Victor Sudakov vas at sibptus.ru
Fri Dec 20 18:44:41 UTC 2019

Victor Sudakov wrote:
> I need to figure out why IPsec tunnel mode is always generating ESP
> packets with the DF flag set. Therefore they just don't get through the
> interface and never leave the host.
> I cannot even "scrub out proto 50 no-df" them because they never go
> through any f*cking interface, that's what I think is happening. Don't
> tell me it's by design.

I've created a PR https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
if anyone is interested you are welcome to discuss. Maybe my theory of
what's happening is incorrect.

Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20191221/fe1d1166/attachment.sig>

More information about the freebsd-net mailing list