From owner-freebsd-security Mon Mar 25 11:42: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (oe71.pav1.hotmail.com [64.4.30.206]) by hub.freebsd.org (Postfix) with ESMTP id 4248B37B417 for ; Mon, 25 Mar 2002 11:41:57 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 25 Mar 2002 11:41:57 -0800 X-Originating-IP: [207.112.2.1] From: "jack xiao" To: Cc: Subject: MTU of gif with IPSec tunnel Date: Mon, 25 Mar 2002 14:37:51 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 25 Mar 2002 19:41:57.0073 (UTC) FILETIME=[1F8C5410:01C1D435] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I set IPSec tunnel with isakmpd under FreeBSD on gif interfaces for multiple destinations. But I find it seems I get worse performance than I set it without gif interfaces, especially when doing FTP. I suspect the issues is on gif MTU. After doing some test on gif MTU, I find we can't lower the MTU less than 1280, which is the minimum value we can reach. If I increase MTU over 1480, it will cause lots of fragmentation during FTP. If I set it between 1280 and 1480, there is not much difference on the total bandwidth. I am wondering the proper MTU value for gif interfcae when setting IPSec tunnel on it. Does anybody have any ideas about this? Thanks. Jack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message