IPSec session stalls
VANHULLEBUS Yvan
vanhu_bsd at zeninc.net
Fri Oct 21 00:10:47 PDT 2005
On Thu, Oct 20, 2005 at 11:47:27PM +0100, Volker wrote:
> hmm, I hate replying to myself....
:-)
[rules]
> I guess as all works fine while pf is disabled this is an pf issue, right?
Not sure: what you described in your first mail also looks like a
"basic" fragmentation problem, which can be easily solved by
decreasing MTU on traffic endpoints (you can also play with TCPMSS on
one gate, but this will only solve TCP problems...).
The pf interaction may only be a side effect of a fragmentation
problem.
Yvan.
--
NETASQ - Secure Internet Connectivity
http://www.netasq.com
More information about the freebsd-net
mailing list