pmtud problem
Tom Judge
tom at tomjudge.com
Wed Feb 14 11:07:17 UTC 2007
Stephen Clark wrote:
> Hello List,
>
> We have a setup that looks like the following.
>
> pc <-ethernet-> freebsd 4.9 <-pppoe-> internet <-ethernet-> freebsd 6.1
> on the freebsd box we have a gre tunnel with a mtu of 1420 feeding into a
> gif vpn tunnel with a mtu of 1280 ( I know this dumb but it the default
> value when you create a gif )
> feeding into a tun0 with a mtu of 1492.
>
> What we see is the packet never makes it to the freebsd 6.1 system.
>
> if the pc sends a packet of 1460 bytes with the DF bit set shouldn't the
> freebsd 4.9 system
> send back an icmp dest unreachable - fragmentation needed and DF bit set?
> $ sysctl -a | grep mtu
> net.inet.tcp.path_mtu_discovery: 1
>
> Now if I change the mtu of the gre to 1412 everything works.
>
> Any insight would be appreciated.
>
> Thanks,
> Steve
Are you using IPSEC on your gif interface? If so there is a bug in 6.1
where the IPSEC code that is responsible for populating the ICMP packet
fields (Fragmentation needed and the MTU hint) fails to set the MTU hint
in the icmp packet. The problem is fixed in 6.2 and it is a very simple
patch for 6.1.
Please see the link for the discussion on this problem back in november.
http://groups.google.ms/group/muc.lists.freebsd.hackers/browse_thread/thread/bff95bd13d700fde/51a27f0d0c42ee92
Regards
Tom J
More information about the freebsd-net
mailing list