Hi,
On 13/06/17 14:09, Mathias Jeschke wrote:
Hi Greetz Pippin,
Pippin1st wrote:
So, my first question is, how close am I?
Actually, that's a very nice update to my original picture!
At least the order of encryption/decryption and
compression/decompression makes no sense.
it's actually even weirder when you read the sources:
1) compress
2) fragment
3) encrypt
and then in reverse on the receiving end, of course.
Compression should be always done before encryption!
Regarding ICMP: Yes, PMTUD relies on ICMP, thus blocking ICMP is
generally a bad idea - why do you have this in place?
uhm, as Pippin stated, his firewall/router does this for him, whether he likes it or not; however, OpenVPN itself does not need
PMTUD if you tweak it manually and *with* openvpn you can use ICMP again over the tunnel itself!
HTH,
JJK
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
