Date: Tue, 25 Oct 2005 15:58:17 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> Cc: freebsd-net@freebsd.org Subject: Re: IPSec session stalls Message-ID: <20051025135817.GN14063@obiwan.tataz.chchile.org> In-Reply-To: <20051021071039.GA1876@zen.inc> References: <4358082A.4060409@vwsoft.com> <43581E7F.5080305@vwsoft.com> <20051021071039.GA1876@zen.inc>
next in thread | previous in thread | raw e-mail | index | archive | help
> Not sure: what you described in your first mail also looks like a > "basic" fragmentation problem, which can be easily solved by > decreasing MTU on traffic endpoints (you can also play with TCPMSS on > one gate, but this will only solve TCP problems...). > > The pf interaction may only be a side effect of a fragmentation > problem. Hi also have problems with my IPSec tunnel. IIRC from tests that I made, this is a Path MTU Discovery problem. I described a similar problem here, but never succeeded to resolve it, unfortunately. Note that I didn't use pf. It is described here : http://lists.freebsd.org/pipermail/freebsd-net/2005-July/007899.html Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051025135817.GN14063>