On Fri, Mar 09, 2007 at 10:28:59AM +0000, Stuart Henderson wrote:
> On 2007/03/09 01:26, Claude Brassel wrote:
> > I have try some new linux distro (opensuse 10.2, mandriva 2007) so if I try
> > to join a host through the vpn it's working only for "small packets" in ex:
> > the telnet login session work's great, but if I try some "ls" or everithing
> > else that produce a big amount of lines the connection will timed out, I
> > have no idea why.
> use "flags s/sa keep state" on all tcp PF rules.
I have found that some Linux-distributions experience problems when their
connectivity is routed through an OpenBSD box which has "reassemble tcp"
enabled. I never investigated further though, I just stopped using
"reassemble tcp".
--
Jurjen Oskam
Savage's Law of Expediency:
You want it bad, you'll get it bad.
