Date: Fri, 24 Oct 2003 09:19:02 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: Mailing List FreeBSD Network <freebsd-net@FreeBSD.org> Subject: Re: ipsec tunnels & packet length issues Message-ID: <3F9950F6.6000208@tenebras.com> In-Reply-To: <8665iehd1i.fsf@t39bsdems.interne.kisoft-services.com> References: <8665iehd1i.fsf@t39bsdems.interne.kisoft-services.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Eric Masson wrote: > If i reduce lan interface mtu on "Host" to approximately 1450, the > tunnel works fine, so it seems that "Tunnel Endpoint" can't process > correctly packets with a size of 1500 bytes. You should allow for an IP header with options and the ESP header, which is smaller than 1450. For SKIP I use 1366 as the advertised MTU, and for IPsec usually 1436, unless I need to accomodate ESP and AH, in which case it's smaller. > If more information regarding this issue is needed, just ask. > > Is this a known issue ? It's a known feature of any sort of IP encapsulation.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F9950F6.6000208>