https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242784
Mark Linimon changed:
What|Removed |Added
Assignee|b...@freebsd.org|n...@freebsd.org
--
You are receiv
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
--- Comment #16 from Eugene Grosbein ---
Created attachment 210122
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=210122&action=edit
net.inet.ipsec.trans.cleardf
For testing: new sysctl net.inet.ipsec.trans.cleardf is zero by de
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
--- Comment #15 from Eugene Grosbein ---
(In reply to Victor Sudakov from comment #14)
Routing lookup can be performed within shell script, too:
gw=$(route -n get "$REMOTE_ADDR" | awk '/gateway: / {print $2}')
As for ipfw. First, ipfw ne
Hi all,
kp@ and bz@ stepped in to help, now that we finally have a non-productive test
system that is capable of reproducing the problem.
Seems like it is related or identical to this bug:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227100
Just to keep everyone informed and justify the no
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
--- Comment #14 from Victor Sudakov ---
(In reply to Eugene Grosbein from comment #11)
> you can use phase1 up-script to create specific routes
A clever idea. A host route to $REMOTE_ADDR via... via what? Maybe sourcing
rc.conf for $defaul
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
--- Comment #13 from Eugene Grosbein ---
(In reply to Victor Sudakov from comment #5)
> Or I'll try if you provide an example of matching such a packet.
This works for me:
ipfw add tcp-setmss 1418 tcp from any to 'table(1)' tcpflags syn
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
--- Comment #12 from Eugene Grosbein ---
(In reply to Victor Sudakov from comment #10)
Windows 7 should be fine. I don't think newer versions of Windows have a
regression dealing with DF bit.
--
You are receiving this mail because:
You a
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
--- Comment #11 from Eugene Grosbein ---
(In reply to Victor Sudakov from comment #9)
It does scale: with racoon, you can use phase1 up-script to create specific
routes with -mtu 1400 automatically.
--
You are receiving this mail because
Hi all,
Now my two most problematic systems stall about once a day.
And I can reliably stall my test system after I increased the number
of VNET jails to 100.
So now I have an unused test system that is in the wedged state.
What now? I could provide SSH access if needed.
Kind regards,
Patrick
--
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
--- Comment #10 from Victor Sudakov ---
(In reply to Eugene Grosbein from comment #8)
> check it out if Windows sets DF=1 for initial encrypted TCP SYN
My FreeBSD - Windows7 IPSec configuration is gone with my Windows7 workstation.
If it h
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
--- Comment #9 from Victor Sudakov ---
(In reply to Eugene Grosbein from comment #7)
> It's possible to perform routing lookup for any reachable destination IP
> address to discover transmit MTU and deduce right MSS.
Yes, this (or simila
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
--- Comment #8 from Eugene Grosbein ---
(In reply to Victor Sudakov from comment #5)
>In a FreeBSD - Windows 7 combination, this kind of transport mode works
> transparently out of the box. I think Windows knows to adjust MSS, or
> somet
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
--- Comment #7 from Eugene Grosbein ---
(In reply to Victor Sudakov from comment #5)
> I don't think I can if the packet in question is not received or transmitted
> via any interface (like locally generated ssh-client traffic intercepted
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
--- Comment #6 from Eugene Grosbein ---
OTOH, RFC 2401 Appendix B https://tools.ietf.org/html/rfc2401#page-1-48 states
that packets generated by IPSec transport mode must be allowed to fragment over
the path and this is incompatible with cu
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
--- Comment #5 from Victor Sudakov ---
(In reply to Eugene Grosbein from comment #4)
> First, one can use IPSec transport mode combined with gif tunnel and mtu=1500
> for the gif.
The solution with gif or if_ipsec tunnels is not scalabl
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744
Eugene Grosbein changed:
What|Removed |Added
Status|New |Open
CC|
16 matches
Mail list logo
