IPSec transport mode, mtu, fragmentation...
Victor Sudakov
vas at sibptus.ru
Fri Jan 17 15:11:02 UTC 2020
Andrey V. Elsukov wrote:
> On 16.01.2020 19:36, Andrey V. Elsukov wrote:
> > For transport mode inner and outer headers will be the same.
> > I guess the problem can be reproduced in the lab using the following config:
> >
> > [Host A] <--> [Router] <--> [Host B]
> >
> > IPsec should be configured between hosts A and B. Then you need to
> > reduce MTU on the router. This should lead to ICMP NEEDFRAG messages
> > from the router, and then host should correctly handle them.
>
> I have tested this scenario, and it doesn't work. So, I will report back
> when there will be some working solution.
By "it doesn't work" you mean everything is suddenly fine and good? :-)
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20200117/54ef965c/attachment.sig>
More information about the freebsd-net
mailing list