Hi, On Fri, Jun 08, 2018 at 05:56:23PM +0200, Erik van Linstee via Openvpn-users wrote: > On 08-06-18 17:41, David Sommerseth wrote: > > > Agreed ... but that's probably with smaller ICMP packets (56 bytes or > > so) ... > > does that change if going higher than 1300 (the --fragment, in the config) > > or > > 1500? .... both outside and inside the tunnel. > > One thing you should be aware of is that no matter how you set > --fragment, or whatever OpenVPN deduces automatically, any fragmentation > that OpenVPN may perform will be undone by each and every stateful > firewall in between client and server.
No :-)
--fragment is something that happens inside openvpn, and no firewall
in the world can see that. (Which also means that for all the world
outside, no fragmentation is happening anyway)
> Because a stateful firewall will
> reassemble fragmented packets before inspection in order to track
> connections and related traffic.
Right, but not relevant for --fragment (would be relevant if you have
outside UDP packets that get fragmented)
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
