Date: Mon, 23 Dec 2019 12:39:49 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Victor Sudakov <vas@sibptus.ru>, freebsd-net@freebsd.org Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> In-Reply-To: <20191220162233.GA56815@admin.sibptus.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <f38d1f3c-dc47-0776-29f9-2151b05e09b0@tuxpowered.net> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ITUETDXWxeuTRpi5N7M4pI9RZI0vgaBPc Content-Type: multipart/mixed; boundary="KKEA1ap2Sg9vg36OBH6ZLzw0AfAni5C4u"; protected-headers="v1" From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Victor Sudakov <vas@sibptus.ru>, freebsd-net@freebsd.org Message-ID: <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> Subject: Re: IPSec transport mode, mtu, fragmentation... References: <20191220152314.GA55278@admin.sibptus.ru> <f38d1f3c-dc47-0776-29f9-2151b05e09b0@tuxpowered.net> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> In-Reply-To: <20191220162233.GA56815@admin.sibptus.ru> --KKEA1ap2Sg9vg36OBH6ZLzw0AfAni5C4u Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 20.12.2019 19:22, Victor Sudakov wrote: >> What's the root of the problem? ESP packets cannot get fragmented or >> what?=20 >=20 > Wireshark has shown that the "Don't Fragment" flag is set on all ESP > (protocol 50) packets. Who does this, why, and how can I switch it off > globally? Hi, I think this DF flag is originally from TCP packet. ESP xform for transport mode just replaces protocol in IP header and adds some info to the end of a packet. --=20 WBR, Andrey V. Elsukov --KKEA1ap2Sg9vg36OBH6ZLzw0AfAni5C4u-- --ITUETDXWxeuTRpi5N7M4pI9RZI0vgaBPc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl4Ai2UACgkQAcXqBBDI oXqtPgf/b2NFeZqR3oD2Bxtm1fok4ZOPVgfjHc1qHAcGdxsvCG++vKMKDYO9pl8o 17y4i05qffE/qMqJOIL0TB2ezn/tdIbwBxZSKdOc6hsfjl7Vdw+eVG5UbBoo9/le PjUC1rQKr0BcFlbGof8FSJncodmA+Lw9tstwni056RGwLim0aUPlFZ53BLidP7z4 F2VGqXRHTgPuGBhVeeYTdKK+pwVJLHIfys/dahn/ugBvKQH+JmY0QzFB9s64QI2/ PE4CxpEqjKGg1FYCZVWk3TKL5dUuMDVc+eZqiaszLC4Si3CCkrNnwHEiMUCnscnK TO/jYFY+tbNinkj0vqpYpgoOe0WIUQ== =cxAY -----END PGP SIGNATURE----- --ITUETDXWxeuTRpi5N7M4pI9RZI0vgaBPc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55eeca4c-9633-339a-f521-b0db462cc1d6>