Date: Fri, 31 Oct 2003 15:17:53 +0100 From: Eric Masson <e-masson@kisoft-services.com> To: Lars Eggert <larse@ISI.EDU> Cc: Mailing List FreeBSD Network <freebsd-net@FreeBSD.org> Subject: Re: ipsec tunnels & packet length issues Message-ID: <868yn1qyni.fsf@t39bsdems.interne.kisoft-services.com> In-Reply-To: <3FA02B30.90805@isi.edu> (Lars Eggert's message of "Wed, 29 Oct 2003 13:03:44 -0800") References: <8665iehd1i.fsf@t39bsdems.interne.kisoft-services.com> <3FA02B30.90805@isi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Lars" == Lars Eggert <larse@ISI.EDU> writes: Hello Lars, Lars> See the section on PMTU discovery in draft-touch-ipsec-vpn-06. If Lars> the requirements of your setup allow is, IPIP gif tunnels Lars> together with IPsec transport mode (as described in the ID) can Lars> address this issue. The kind of setup described in your draft should adress the issue, but choice has been to use native ipsec tunnels (maybe this will change in near future). The only workaround I've found is to lower mtu on the fw1 dmz interface to 1436 (thanks to M. Sierchio) Hope your draft will be adopted. Thanks a lot Eric Masson -- B > Ah ben bravo ! a quand l'html dans les entetes ? CB> Hein ? tu lis pas l'iso-8859-1 dans le champ approved ?? Elle répond. Comment veux-tu qu'en plus elle ait le temps de lire ? -+- SJ in <http://www.le-gnu.net>; : Les joyeuses commères d'Usenet -+-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?868yn1qyni.fsf>