On 20.12.2019 19:22, Victor Sudakov wrote: >> What's the root of the problem? ESP packets cannot get fragmented or >> what? > > Wireshark has shown that the "Don't Fragment" flag is set on all ESP > (protocol 50) packets. Who does this, why, and how can I switch it off > globally?
Hi, I think this DF flag is originally from TCP packet. ESP xform for transport mode just replaces protocol in IP header and adds some info to the end of a packet. -- WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
