May be some misunderstandings happens. I have gif and ipsec. IPSEC mode is
> transport, that means, traffic encrypted only between gif's
> outer addresses. As result, traffic in gif encrypted by encrypting ipip
> container. But I can view traffic on gif by tcpdump as o
, traffic encrypted only between gif's
outer addresses. As result, traffic in gif encrypted by encrypting ipip
container. But I can view traffic on gif by tcpdump as on
regular interfaces. E.g. gif's inner traffic not processed by ipsec at all
Tom Judge wrote:
>
> > Question: Why FW2 does not send ICMP need-fragment-but-DF-set
> > message to HostB ?
>
> If you take a look at icmp_error() in sys/netinet/ip_icmp.c you will
> see that icmp errors are not sent for packets that have been
> previously been decrypted by IPSec. I have a fee
On 09/16/2010 09:00 AM, Vladimir Grigorov wrote:
> Greetings all.
>
>
> I have strange problems related to passage icmp need-frag packets, and, as
> result, all packets with packets length greater than output gif MTU.
>
> Network diagram:
>
> [HostA] -- (mtu 1500) --- [FW1] --- ipsec gif mtu 1280
Greetings all.
I have strange problems related to passage icmp need-frag packets, and, as
result, all packets with packets length greater than output gif MTU.
Network diagram:
[HostA] -- (mtu 1500) --- [FW1] --- ipsec gif mtu 1280 <-gif1 -- [FW2] - gif0
-> ipsec gif mtu 6100 - [FW3] -(mtu 150
Tom Skeren wrote:
Been pulling my hair out. Anybody know of a resource for a fairly
complex tunneling scheme. My needs are such that a central hub "Star"
style tunneling scheme simply will not be efficient.
At some point, complex VPN configurations become more work to setup and
maintain than s
Been pulling my hair out. Anybody know of a resource for a fairly
complex tunneling scheme. My needs are such that a central hub "Star"
style tunneling scheme simply will not be efficient.
Any info would be appreciated.
TMS III
___
freebsd-net@freebs
