From owner-freebsd-current@FreeBSD.ORG  Mon May  2 21:44:27 2005
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1CE2616A4CF; Mon,  2 May 2005 21:44:27 +0000 (GMT)
Received: from mail.sorbs.net (mail.sorbs.net [203.15.51.62])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 5944B43D41; Mon,  2 May 2005 21:44:26 +0000 (GMT)
	(envelope-from matthew@uq.edu.au)
Received: from [10.200.254.98] by nemesis.sorbs.net
 (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep  8 2003))
 with ESMTPSA id <0IFV00B45TPZMZ@nemesis.sorbs.net>; Tue,
 03 May 2005 07:44:24 +1000 (EST)
Date: Tue, 03 May 2005 07:43:10 +1000
From: Matthew Sullivan <matthew@uq.edu.au>
In-reply-to: <42767460.2040102@freebsd.org>
To: Andre Oppermann <andre@freebsd.org>
Message-id: <42769EEE.3030309@uq.edu.au>
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1; format=flowed
Content-transfer-encoding: 7BIT
X-Accept-Language: en
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041231
References: <20050424150211.GA87520@walton.maths.tcd.ie>
 <426BC78A.3E56D99B@freebsd.org> <426C1600.106@uq.edu.au>
 <426D2307.97D15253@freebsd.org> <426D306B.7010000@freebsd.org>
 <426E0F5C.3F157398@freebsd.org> <4272AF49.1090400@uq.edu.au>
 <42763D42.BB3B5416@freebsd.org> <427643E2.4070008@uq.edu.au>
 <42764884.8070704@freebsd.org> <42764EC4.7030403@uq.edu.au>
 <42765153.3090409@freebsd.org> <42765479.4000101@uq.edu.au>
 <42767460.2040102@freebsd.org>
cc: freebsd-current@freebsd.org
Subject: Re: DF (Don't frag) issues
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 May 2005 21:44:27 -0000

Andre Oppermann wrote:

> I'm at loss for an explanation.  I've recreated approximatly the same
> setup with the gif tunnel (but no IPSec) and it works just fine for me.
> Getting correct MTU back and everything.
>
> What is your IPSec setup?  Could it be that you do the IPSec on the IP
> packet first before it goes into the gif tunnel instead of the other
> way around?  That may explain this behaviour.
>
You're quite welcome to take a look - this is the first time up for me 
with FreeBSD, ipf/ipfw/pf and VPNs - to date I have used iptables and 
FreeSWAN on Linux (settled on pf).

Setup scripts for the tunnel are at:

http://scorpion.sorbs.net/ICMP/ipsec-stealth.sh.txt   (this is the VPN 
server)
http://scorpion.sorbs.net/ICMP/ipsec-oblivion.sh.txt  (this is my home 
machine where the mulitple nets are)

Regards,

-- 
Matthew Sullivan
Specialist Systems Programmer
Information Technology Services
The University of Queensland