Hi,
nobody an idea? I have the same problem. Currently I set the MTU of the
internal networks to 1200. It's a workaround but actually it wastes a lot of
bandwith. But without this the MTU of the VPN traffic falls down to something
around 550 and that's really bad :-(
Thanks
Matthias Vey
Am 11.05.2012 um 23:06 schrieb Carlos Flor :
> I have an openbsd 5.1-release box configured with an ipsec vpn to another
> identical openbsd machine. I am trying to test PMTU discovery by sending
> packets, both TCP and UDP, with the DF bit set. I get an ICMP Unreachable
> - Fragmentation needed packet as expected, however the "Next-Hop MTU:"
> field is set to 0. The RFC says this should never be below 68. I am
> wondering if the issue is related to the fact that you can no longer set an
> MTU on enc0 (the ipsec tunnel interface). My first question is why am I
> getting 0 as the next-hop mtu? Secondly, why can I no longer set an MTU
> for my enc0 interface (when I try with ifconfig, I get : SIOCSIFMTU:
> Inappropriate ioctl for device)?
>
> Thanks.
