IPSec transport mode, mtu, fragmentation...
Andrey V. Elsukov
bu7cher at yandex.ru
Mon Dec 23 09:41:26 UTC 2019
On 20.12.2019 19:22, Victor Sudakov wrote:
>> What's the root of the problem? ESP packets cannot get fragmented or
>> what?
>
> Wireshark has shown that the "Don't Fragment" flag is set on all ESP
> (protocol 50) packets. Who does this, why, and how can I switch it off
> globally?
Hi,
I think this DF flag is originally from TCP packet.
ESP xform for transport mode just replaces protocol in IP header and
adds some info to the end of a packet.
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20191223/3e117cfe/attachment.sig>
More information about the freebsd-net
mailing list