Re: Strangness on fragmentation...

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Il 05/04/2012 18:16, Niccolò Belli ha scritto:
With ipsec tunnels I do solve with a simple:
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -m policy --dir in
--pol ipsec --mode tunnel -j TCPMSS --set-mss 1300

Unfortunately I do not use openvpn, ipsec is much better in my opinion.

Also please do not drop icmp traffic, it does solve exactly this kind of problems. Unfortunately if the other peer does drop icmp you will still be in troubles.

Niccolò
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux