Date: Fri, 17 Jan 2020 14:13:40 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Victor Sudakov <vas@sibptus.ru>, Eugene Grosbein <eugen@grosbein.net> Cc: freebsd-net@freebsd.org, Michael Tuexen <tuexen@freebsd.org> Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <6ace842b-69b7-7f0f-43ed-7f7df5c640d5@yandex.ru> In-Reply-To: <97b07801-da80-0665-aaa9-57184a52ce0f@yandex.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <f9b7357e-ced1-4ce5-40d5-8e3dcad42442@yandex.ru> <d263a709-63cf-7da5-1747-8a6791f6503f@grosbein.net> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <97b07801-da80-0665-aaa9-57184a52ce0f@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Epta8CRWP9SqlpgxwvckQbjGarn7x2oyJ Content-Type: multipart/mixed; boundary="gfAA6NTmidSrdgFXsXnl5UPAEJjtN9KaW"; protected-headers="v1" From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Victor Sudakov <vas@sibptus.ru>, Eugene Grosbein <eugen@grosbein.net> Cc: freebsd-net@freebsd.org, Michael Tuexen <tuexen@freebsd.org> Message-ID: <6ace842b-69b7-7f0f-43ed-7f7df5c640d5@yandex.ru> Subject: Re: IPSec transport mode, mtu, fragmentation... References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <f9b7357e-ced1-4ce5-40d5-8e3dcad42442@yandex.ru> <d263a709-63cf-7da5-1747-8a6791f6503f@grosbein.net> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <97b07801-da80-0665-aaa9-57184a52ce0f@yandex.ru> In-Reply-To: <97b07801-da80-0665-aaa9-57184a52ce0f@yandex.ru> --gfAA6NTmidSrdgFXsXnl5UPAEJjtN9KaW Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 16.01.2020 19:36, Andrey V. Elsukov wrote: > For transport mode inner and outer headers will be the same. > I guess the problem can be reproduced in the lab using the following co= nfig: >=20 > [Host A] <--> [Router] <--> [Host B] >=20 > IPsec should be configured between hosts A and B. Then you need to > reduce MTU on the router. This should lead to ICMP NEEDFRAG messages > from the router, and then host should correctly handle them. I have tested this scenario, and it doesn't work. So, I will report back when there will be some working solution. --=20 WBR, Andrey V. Elsukov --gfAA6NTmidSrdgFXsXnl5UPAEJjtN9KaW-- --Epta8CRWP9SqlpgxwvckQbjGarn7x2oyJ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl4hluQACgkQAcXqBBDI oXpb9Af7B8cmY5CXJn8wNxrZdVTBBcKzeb40MhE6yk3X/8lTE9AtqOTr4M8FJ3+9 YcUvaerzY5k8JxinOX4iYeQUZtopkuqk6wNHr1+JTJmOOhlN8MdC+QlkiNk4vWde RsBE2IMD8XJ9wDnbkQrjGqNE8245MUv8tS45IwVd4L2rHPEdyVAK3MQSrfRsw+5a VKCK92CW1+K33K/IPcFCSL9atEwJCo7ZQSlDmcquit7vDkx/WZmdyNojGC5EmNI0 xTN9/0OjkGXpZE765yTpaHQ2AhgwCpaqVdDlQ/hX1V+8iUTnU5zKWIYpQfi6/67o XkLixklNsylPzIu3R8M6RFIXTAjPqA== =mHUv -----END PGP SIGNATURE----- --Epta8CRWP9SqlpgxwvckQbjGarn7x2oyJ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6ace842b-69b7-7f0f-43ed-7f7df5c640d5>