Subject: Re: IPSEC-related fragmentation issue?
To: Thor Lancelot Simon <tls@rek.tjls.com>
From: Arto Selonen <arto@selonen.org>
List: current-users
Date: 03/30/2004 09:17:04
Hi!
On Mon, 29 Mar 2004, Thor Lancelot Simon wrote:
> On Mon, Mar 29, 2004 at 09:11:21PM +0300, Arto Selonen wrote:
> >
> > The transport mode IPSEC-tunnel uses 10/8 addresses internally, so there
>
> Try again. It's either transport mode or tunnel mode, but it's not
> both. And for fragmentation issues, it matters.
My bad. It's transport mode. I just always think of them as tunnels.
For a more complete description of the setup, see:
http://mail-index.netbsd.org/current-users/2002/07/20/0008.html
The problem was somewhat similar: a "large" packet causes problems due to
fragmentation issues, and it turned out to be a bug in header size
calculations:
http://mail-index.netbsd.org/source-changes/2002/09/04/0056.html
Artsi
--
#######======------ http://www.selonen.org/arto/ --------========########
Everstinkuja 5 B 35 Don't mind doing it.
FIN-02600 Espoo arto@selonen.org Don't mind not doing it.
Finland tel +358 50 560 4826 Don't know anything about it.