Must is there, granted. For IPSec tunnels encapsulating IPv6 inside IPv4, there are tricky problems that were looked at during n2k9 but not solved that prevent the proper icmp6 too big message from being sent with the proper source address to match the VPN config so it might make it back to the proper system. Without this, MTU is not reduced, and fail is the result if using tunnel mode with IPSec encapsulating IPv6, only if this is traffic from a client behind a VPN gateway. For the gateways themselves, they generate the properly sized packets.
Penned by Joakim Aronius on 20091211 16:19.47, we have: | * Stuart Henderson (s...@spacehopper.org) wrote: | > On 2009/12/11 14:14, Joakim Aronius wrote: | > > Could someone please hit me with a clue stick if I am wrong here... | > > If there is tunnel reducing the MTU then the tunnel endpoint should | > > send an ICMPv6 packet too big to the sender. | > | > You can't rely on "should". | | Ok, granted, I was a bit sloppy with words there, the RFC says must for the ICMP message. But reading up a bit on how the source host shall handle the situation it turns out that you can do pretty much as you like... | | RFC 2460: | > In order to send a packet larger than a path's MTU, a node may use | > the IPv6 Fragment header to fragment the packet at the source and | > have it reassembled at the destination(s). However, the use of such | > fragmentation is discouraged in any application that is able to | > adjust its packets to fit the measured path MTU (i.e., down to 1280 | > octets). | | Cheers, | /Joakim -- Todd Fries .. t...@fries.net _____________________________________________ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | 2525 NW Expy #525, Oklahoma City, OK 73112 \ sip:freedae...@ekiga.net | "..in support of free software solutions." \ sip:4052279...@ekiga.net \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt
