Hello, I'm facing a problem with the following setup :
+-----------------+ DMZ +----+ LAN +------+ Internet ---------+ Tunnel Endpoint +-----+ Fw +-----+ Host | +-----------------+ +----+ +------+ "Tunnel Endpoint" : FreeBSD 4.8-RELEASE with fastipsec on a NET4801 "Fw" : Firewall 1 "Host" : Any host (tested with FreeBSD 5.1-CURRENT, Linux RH9) When I'm connecting to "Host" in "Lan" from a box connected to the other end of a tunnel managed by "Tunnel Endpoint", the following happens : - back traffic is composed of small sized packets, everything works fine - back traffic is composed of packets Lan mtu sized, connexion freezes. >From a tcpdump on the dmz interface of "Tunnel Endpoint", traffic from "Host" comes fine. Traffic on "Internet" interface differs depending on the size of packets coming from "Host" : - small sized packets : ESP tunnel packets with correct SPI flows out - Lan mtu sized packets : ESP tunnel packets frags If i reduce lan interface mtu on "Host" to approximately 1450, the tunnel works fine, so it seems that "Tunnel Endpoint" can't process correctly packets with a size of 1500 bytes. If more information regarding this issue is needed, just ask. Is this a known issue ? Except playing with mtu, is there a fix ? TIA Regards Eric Masson -- Attention tous message a l'encontre d'un usager de mediabarre sera signalé aux autoriter compétente -+- Crétin in <http://www.le-gnu.net> : Con pas pétant signalé. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"