Date: Sat, 21 Dec 2019 01:44:39 +0700 From: Victor Sudakov <vas@sibptus.ru> To: freebsd-net@freebsd.org Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20191220184439.GA61856@admin.sibptus.ru> In-Reply-To: <20191220165615.GA57281@admin.sibptus.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <f38d1f3c-dc47-0776-29f9-2151b05e09b0@tuxpowered.net> <20191220160357.GB56081@admin.sibptus.ru> <20191220165615.GA57281@admin.sibptus.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--vkogqOf2sHV7VnPd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Victor Sudakov wrote: >=20 > I need to figure out why IPsec tunnel mode is always generating ESP > packets with the DF flag set. Therefore they just don't get through the > interface and never leave the host. >=20 > I cannot even "scrub out proto 50 no-df" them because they never go > through any f*cking interface, that's what I think is happening. Don't > tell me it's by design. I've created a PR https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 if anyone is interested you are welcome to discuss. Maybe my theory of what's happening is incorrect. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --vkogqOf2sHV7VnPd Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd/RaXAAoJEA2k8lmbXsY0efYH/i0TH6ezWaM8Syzx8sBD6Psf aQmJlzzrEsm981I3lq81uqoQXlN51VLiWqYhsCXQky47i9gL5OCPa/0X0IHErsSy ST9DM477g0wO886fJMNaD6l9bvuCj6v+Ervidw+guYdBpDdK2V4yba3GfkBrF92U YGJvqH8nabfXJdB/lKIWxju8CQc0TqoceKj9gAJxwMtA70y8kbMWwH1hD79NYRdC PEpfDw7V6cnI4hplrzU7Hk0uHRz20kxUdVOo9o1m1BaBrBIeojtWeTHj9ps8cZSW Wy2NCHyJgrxpu2wBb6SS8A5JtBazyj34iqVlsl0WjrCaeabW5JRrCH0Lc0brC5g= =gs51 -----END PGP SIGNATURE----- --vkogqOf2sHV7VnPd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20191220184439.GA61856>