Date: Wed, 14 Feb 2007 10:46:44 +0000 From: Tom Judge <tom@tomjudge.com> To: Stephen.Clark@seclark.us Cc: freebsd-net@freebsd.org Subject: Re: pmtud problem Message-ID: <45D2E894.4090404@tomjudge.com> In-Reply-To: <45D1E669.30402@seclark.us> References: <45D1E669.30402@seclark.us>
next in thread | previous in thread | raw e-mail | index | archive | help
Stephen Clark wrote: > Hello List, > > We have a setup that looks like the following. > > pc <-ethernet-> freebsd 4.9 <-pppoe-> internet <-ethernet-> freebsd 6.1 > on the freebsd box we have a gre tunnel with a mtu of 1420 feeding into a > gif vpn tunnel with a mtu of 1280 ( I know this dumb but it the default > value when you create a gif ) > feeding into a tun0 with a mtu of 1492. > > What we see is the packet never makes it to the freebsd 6.1 system. > > if the pc sends a packet of 1460 bytes with the DF bit set shouldn't the > freebsd 4.9 system > send back an icmp dest unreachable - fragmentation needed and DF bit set? > $ sysctl -a | grep mtu > net.inet.tcp.path_mtu_discovery: 1 > > Now if I change the mtu of the gre to 1412 everything works. > > Any insight would be appreciated. > > Thanks, > Steve Are you using IPSEC on your gif interface? If so there is a bug in 6.1 where the IPSEC code that is responsible for populating the ICMP packet fields (Fragmentation needed and the MTU hint) fails to set the MTU hint in the icmp packet. The problem is fixed in 6.2 and it is a very simple patch for 6.1. Please see the link for the discussion on this problem back in november. http://groups.google.ms/group/muc.lists.freebsd.hackers/browse_thread/thread/bff95bd13d700fde/51a27f0d0c42ee92 Regards Tom J
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45D2E894.4090404>