[Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Dec 24 15:28:40 UTC 2019


--- Comment #22 from Victor Sudakov <vas at sibptus.ru> ---
(In reply to Eugene Grosbein from comment #8)
> Can you enable some TCP service at FreeBSD side (f.e. inetd/echo or ftpd)
> and check it out if Windows sets DF=1 for initial encrypted TCP SYN 
> when you connect from Windows to FreeBSD over such IPSec transport 
> mode configuration?

I've finally found time to do that. is a Windows 2012 server, is FreeBSD with daytime and ftpd services enabled. As you see from
the packet dump, all ESP packets have the DF flag set.

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-net mailing list