https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
Eugene Grosbein <eu...@freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|New |Open
CC| |eu...@freebsd.org
--- Comment #4 from Eugene Grosbein <eu...@freebsd.org> ---
There are multiple ways to solve this problem that work just fine for FreeBSD
11 at least.
First, one can use IPSec transport mode combined with gif tunnel and mtu=1500
for the gif. Oversized IPv4 gif packets have DF bit set to 0, as per gif(4)
manual page, so they get fragmented while being transmitted over path with
lowest intermediate mtu 1500 or less and no packet drops occur.
Second, one can try sysctl net.inet.ipsec.dfbit=0 that is documented in
ipsec(4) manual page for IPSec tunnel mode but maybe it works for transport
mode, too. Check it out. Maybe, you can switch your IPSec to tunnel mode.
Third, you can adjust TCP MSS by means of packet filters. For example, ipfw
currently has additional kernel module ipfw_pmod.ko and command ipfw
tcp-setmss.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
