FreeBSD Mail Archives

Date:      Wed, 29 Oct 2003 13:03:44 -0800
From:      Lars Eggert <larse@ISI.EDU>
To:        Eric Masson <e-masson@kisoft-services.com>
Cc:        Mailing List FreeBSD Network <freebsd-net@FreeBSD.org>
Subject:   Re: ipsec tunnels & packet length issues
Message-ID:  <3FA02B30.90805@isi.edu>
In-Reply-To: <8665iehd1i.fsf@t39bsdems.interne.kisoft-services.com>

index | next in thread | previous in thread | raw e-mail


[-- Attachment #1 --]
Eric Masson wrote:
> 
> If i reduce  lan interface mtu on "Host" to approximately 1450, the
> tunnel works fine, so it seems that "Tunnel Endpoint" can't process
> correctly packets with a size of 1500 bytes.
> 
> If more information regarding this issue is needed, just ask.
> Is this a known issue ?
> Except playing with mtu, is there a fix ?

See the section on PMTU discovery in draft-touch-ipsec-vpn-06. If the 
requirements of your setup allow is, IPIP gif tunnels together with 
IPsec transport mode (as described in the ID) can address this issue.

Lars
-- 
Lars Eggert <larse@isi.edu>           USC Information Sciences Institute

[-- Attachment #2 --]
0�	*�H��
��0�10	+0�	*�H��
��	�0�80���fEr��t��cvE��.�0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��
	personal-freemail@thawte.com0
000830000000Z
040827235959Z0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300��0
	*�H��
��0�����32�c�	%E>�nx'g��ڈ���D)�c5*mp<�ܮ��to0�3��4q��m���O�e�
�K���a����U�5��u�'��r���װ�����|CBPQ��<�9��T������If-	��k�i�N0L0)U"0 �010UPrivateLabel1-2970U�0�0U0
	*�H��
��1�KG]�q��Sl]y�=��&b�"��"��I�'{9����$����
*8�PU�l�
�L����G�l�X�1B	l�i�+�@]j�y��.%݊���
��Z��<�D�&i�H�Υ����bb��0�90���
vo0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300
030801172929Z
040731172929Z0T10
UEggert1
0U*Lars10ULars Eggert10	*�H��
	
larse@isi.edu0�"0
	*�H��
�0�
���>�ן~��H(�Ԣ��GV�׆־��25��B�03�ݰ�����ת^RI�H���=���%J�
�����kA^R)��yH80P���~qrU|��c~�\;����ҋ^哪��!����֍��&��d�@C�d"O��"f�$F�r�Ge�|�r<z"��%����h+�Z`��3<�}̘������}�9��ʮcnb�6��R�����X ٫�e~�X��g��K�����7,�ì�E��YU?�V0T0*+e!000L2uMyffBNUbNJJcdZ2s0U0�
larse@isi.edu0U�00
	*�H��
��5��Kkt��[@��jj�:Fg�	�Xj��(��8��y���Po�!�}����)�5��M[�	ش]w�ŉQ�d!��G�y���F���Ri�K�d!8h���\7γSD�`a�[q��iY��+Gqn���?!�0�90���
vo0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300
030801172929Z
040731172929Z0T10
UEggert1
0U*Lars10ULars Eggert10	*�H��
	
larse@isi.edu0�"0
	*�H��
�0�
���>�ן~��H(�Ԣ��GV�׆־��25��B�03�ݰ�����ת^RI�H���=���%J�
�����kA^R)��yH80P���~qrU|��c~�\;����ҋ^哪��!����֍��&��d�@C�d"O��"f�$F�r�Ge�|�r<z"��%����h+�Z`��3<�}̘������}�9��ʮcnb�6��R�����X ٫�e~�X��g��K�����7,�ì�E��YU?�V0T0*+e!000L2uMyffBNUbNJJcdZ2s0U0�
larse@isi.edu0U�00
	*�H��
��5��Kkt��[@��jj�:Fg�	�Xj��(��8��y���Po�!�}����)�5��M[�	ش]w�ŉQ�d!��G�y���F���Ri�K�d!8h���\7γSD�`a�[q��iY��+Gqn���?!�1��0��0��0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.30
vo0	+��0	*�H��
	1	*�H��
0	*�H��
	1
031029210344Z0#	*�H��
	1�})Ka�Ǩ<�dzv�y�%0R	*�H��
	1E0C0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0��	+�71��0��0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.30
vo0��*�H��
	1�����0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.30
vo0
	*�H��
���н9a��M

0[B�)�C�n�y#�p�q�դ��i��H����Q�'��� �lA��v�MvVÊ���6�r);�G�?�pM�W���Z��P��w�vk�l��OoID�D�|Nޟ�pJ��/��
��:$Q��-_���B-�v�,��2���JC��$R*�)�D~��-%H��2;pE_��	��:�P#	�عP�]ر���_��A�8���3!�t�;�0R���k��>g;?k���;

home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FA02B30.90805>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation