Date: Fri, 21 Oct 2005 09:10:39 +0200 From: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> To: freebsd-net@freebsd.org Subject: Re: IPSec session stalls Message-ID: <20051021071039.GA1876@zen.inc> In-Reply-To: <43581E7F.5080305@vwsoft.com> References: <4358082A.4060409@vwsoft.com> <43581E7F.5080305@vwsoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 20, 2005 at 11:47:27PM +0100, Volker wrote: > hmm, I hate replying to myself.... :-) [rules] > I guess as all works fine while pf is disabled this is an pf issue, right? Not sure: what you described in your first mail also looks like a "basic" fragmentation problem, which can be easily solved by decreasing MTU on traffic endpoints (you can also play with TCPMSS on one gate, but this will only solve TCP problems...). The pf interaction may only be a side effect of a fragmentation problem. Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051021071039.GA1876>