From owner-freebsd-net@FreeBSD.ORG  Fri Oct 31 06:30:35 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6ADC216A4CE
	for <freebsd-net@FreeBSD.org>; Fri, 31 Oct 2003 06:30:35 -0800 (PST)
Received: from math.teaser.net (math.teaser.net [213.91.2.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 53F7243F85
	for <freebsd-net@FreeBSD.org>; Fri, 31 Oct 2003 06:30:34 -0800 (PST)
	(envelope-from e-masson@kisoft-services.com)
Received: from t39bsdems.interne.kisoft-services.com
	(nantes.kisoft-services.com [193.56.60.243])
	by math.teaser.net (Postfix) with ESMTP
	id 0502B6C8A3; Fri, 31 Oct 2003 15:30:33 +0100 (CET)
Received: by t39bsdems.interne.kisoft-services.com (Postfix, from userid 1001)
	id 278CF5B99D; Fri, 31 Oct 2003 15:17:53 +0100 (CET)
To: Lars Eggert <larse@ISI.EDU>
From: Eric Masson <e-masson@kisoft-services.com>
In-Reply-To: <3FA02B30.90805@isi.edu> (Lars Eggert's message of "Wed, 29 Oct
 2003 13:03:44 -0800")
References: <8665iehd1i.fsf@t39bsdems.interne.kisoft-services.com>
	<3FA02B30.90805@isi.edu>
X-Operating-System: FreeBSD 4.9-PRERELEASE i386
Date: Fri, 31 Oct 2003 15:17:53 +0100
Message-ID: <868yn1qyni.fsf@t39bsdems.interne.kisoft-services.com>
User-Agent: Gnus/5.1003 (Gnus v5.10.3) XEmacs/21.4 (Portable Code,
 berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
cc: Mailing List FreeBSD Network <freebsd-net@FreeBSD.org>
Subject: Re: ipsec tunnels & packet length issues
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Oct 2003 14:30:35 -0000

>>>>> "Lars" == Lars Eggert <larse@ISI.EDU> writes:

Hello Lars,

 Lars> See the section on PMTU discovery in draft-touch-ipsec-vpn-06. If
 Lars> the requirements of your setup allow is, IPIP gif tunnels
 Lars> together with IPsec transport mode (as described in the ID) can
 Lars> address this issue.

The kind of setup described in your draft should adress the issue, but
choice has been to use native ipsec tunnels (maybe this will change in
near future).

The only workaround I've found is to lower mtu on the fw1 dmz interface
to 1436 (thanks to M. Sierchio)

Hope your draft will be adopted.

Thanks a lot

Eric Masson

-- 
 B > Ah ben bravo ! a quand l'html dans les entetes ?
 CB> Hein ? tu lis pas l'iso-8859-1 dans le champ approved ??
 Elle répond. Comment veux-tu qu'en plus elle ait le temps de lire ?
 -+- SJ in <http://www.le-gnu.net> : Les joyeuses commères d'Usenet -+-