[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

isakmpd and icmp dependencies

To: "'misc@openbsd.org'" <misc@openbsd.org>
Subject: isakmpd and icmp dependencies
From: Todd Boyer <TBoyer@smcteam.com>
Date: Mon, 8 Sep 2003 08:42:47 -0400

How dependant is isakmpd on being able to echo icmp responses from peers?
My ISP just locked down all icmp types.  No echo's, no responses from any
subscriber in their loop (in the process they opened up port 80, real smart)
Isakmpd still negotiates and nails up routes, expect nothing.  No response
back from peers after the link is established. My thought is if packets need
to be fragmented, without the proper icmp response, the peer waits
indefinitely for instructions on how top handle the request.  Is my thought
process correct? Any way around this problem? Maybe setting the max MTU to a
lower value?  Thanks

Follow-Ups:
- Re: isakmpd and icmp dependencies
  - From: Cedric Berger <cedric@berger.to>
- Re: isakmpd and icmp dependencies
  - From: Hakan Olsson <ho@rfc.se>

Prev by Date: Re: starting a script from rc.local
Next by Date: Re: Erase Files / faq diff
Prev by thread: Re: obsd 3.3 & radeon 9000
Next by thread: Re: isakmpd and icmp dependencies
Index(es):
- Date
- Thread