Chris Audley <[EMAIL PROTECTED]> wrote:
>
> Large packet (eg. 1600 byte ping) received by VPN server A.
> Packet encrypted and fragmented then sent from Server A to Server B.
> Packet received by network subsytem on B and frag_list created
> ah_input() strips the AH header -- frag sizes are not ch
I've been using the 2.6 kernel ipsec system for some time and have always
had to work around issues with large packets not traversing the VPN by
setting the LAN interface MTU size to something like 1400.
Because I always thought this was a hack and not a proper fix, I've spent
a few days trying t
