Date: Mon, 30 Oct 2006 15:23:33 +0200 (SAST) From: Khetan Gajjar <khetan@os.org.za> To: gnn@freebsd.org Cc: freebsd-net@freebsd.org Subject: Re: Path MTU discovery broken in IPSec Message-ID: <20061030145256.A2293@gauntlet.os.org.za> In-Reply-To: <m2k62iksd5.wl%gnn@neville-neil.com> References: <20061027203322.X2293@gauntlet.os.org.za> <m2k62iksd5.wl%gnn@neville-neil.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi George. Around Today, "gnn@freebsd.org" wrote : > I'm confused as to why you attribute this to PMTU discovery. Do you > see ICMP errors indicating that? Have you run traceroutes in both > directions from each host? Thanks for your response. I have tried aliased IP's on the machines which are not IPSec encrypted, which seem to allow the traffic to flow without stalling. It appears to be only IPSec traffic that fails. I don't see ICMP errors on either host when using the IPSec tunnels. There are no firewall rules that are specific to the IPSec tunnels. This, combined with the fact that small data transfer sessions across the IPSec tunnels work but small ones don't lead me to believe this could be a PMTU issue within the IPSec tunnel. Khetan Gajjar. -- khetan@os.org.za +27 82 885 4047
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061030145256.A2293>