Hello! > >1. Probably, will not accept fragmented frames, because IPsec cannot > > handle them ... > I'm clearly failing to understand where, exactly, the problems lie. I > would appreciate any pointers and/or clue transfusion...
I said "probably". Look into old rfc2401, search for word "fragment". Then search for the same word in new rfc4301. All those 100K of new text deal with various design bugs in IPsec, mostly with pathologies encountered in the case of security gateways. (Some section there are real fun: f.e. look at section 7.2) With this amount of thin places, there are no chances it will interoperate, unless you use the most conservative approach. My opinion? Scared. :-) Alexey - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
