tech-net: Re: Default value of net.inet.ipsec.dfbit breaks PMTU over IPsec tunnels

Subject: Re: Default value of net.inet.ipsec.dfbit breaks PMTU over IPsec tunnels
To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
From: Jason Thorpe <thorpej@wasabisystems.com>
List: tech-net
Date: 05/27/2004 17:35:49

--Apple-Mail-26-23167519
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed


On May 21, 2004, at 10:32 AM, Michael Richardson wrote:

>   No, that's not the problem.
>   ICMP need frag's go missing. The result is that traffic stops.

So, just what are you supposed to do to be able to use PMTU over an 
IPsec tunnel?

What does IPv6 do?  (PMTU is mandatory in IPv6.)

         -- Jason R. Thorpe <thorpej@wasabisystems.com>


--Apple-Mail-26-23167519
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFAtollOpVKkaBm8XkRAksMAKDNOwTjghWbfHEorQXew80xdCHcAACgyhx5
zg7V7+xxKKqp8nsc/H013ls=
=BaGP
-----END PGP SIGNATURE-----

--Apple-Mail-26-23167519--