Peter Eisch <peter@boku.net> wrote:
> 
> I tried using gif but my netbsd 3.0 upstream started dropping all the "big"
> packets for the tunnel and returning:
>  icmp 36: <tun-dest> unreachable - need to frag for IP

It is good. Your <tun-dest> just asking <src> to lower packet size.
This is how path MTU discovery works. But please be sure your
firewalls are opened for those ICMP messages.

> All the MTUs are standard: 1500 for Internet, 1280 on the gif tunnel.  The
> routing was find -- everything worked very well for ssh and everything that
> didn't approach the gif MTU.

So any particular problems here?

> Is there a _right_ way to tunnel ipv4 between two netbsd systems?

Seems like you're already done it.

--
Mishka.