IPSEC documentation
Brian Candler
B.Candler at pobox.com
Fri Dec 30 04:11:56 PST 2005
On Thu, Dec 29, 2005 at 01:35:21PM +0100, VANHULLEBUS Yvan wrote:
> > As it happens this FreeBSD box is also acting as a NAT gateway using pf
> > (myhost is on a private IP) and actually its external IP is also private -
> > it sits behind a second NAT firewall. So maybe that's where the problem
> > originates, although I really can't understand where the value of 1380 comes
> > from.
>
> 1500 - (pppoe encapsulation ?) - ESP header - L2TP encapsulation....
Yeah, but what I don't understand is that this value was chosen by a remote
webserver which is on the other side of the world, and knows nothing about
the L2TP/ESP encapsulation going on locally.
All it knows is that the client offered an MSS of 1360; for some reason it
offered back an MSS of 1380. Weird.
More information about the freebsd-net
mailing list