[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: isakmpd and icmp dependencies

To: Todd Boyer <TBoyer@smcteam.com>
Subject: Re: isakmpd and icmp dependencies
From: Cedric Berger <cedric@berger.to>
Date: Mon, 08 Sep 2003 15:05:26 +0200
Cc: "'misc@openbsd.org'" <misc@openbsd.org>
References: <57285DEF22B5634F8DDED46E1D9B74C982B346@gudis-dc.linthicum.md.smcteam.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030827

Todd Boyer wrote:

>My thought is if packets need
>to be fragmented, without the proper icmp response, the peer waits
>indefinitely for instructions on how top handle the request.  Is my thought
>process correct?
>
That's possible, if you've PMTU-discovery enabled.
But the first question is "do they block ESP packets"!

> Any way around this problem?
>
Disable PMTU-discovery or reduce MMTU

> Maybe setting the max MTU to a
>lower value?
>
It's always a good idea.
Cedric

References:
- isakmpd and icmp dependencies
  - From: Todd Boyer <TBoyer@smcteam.com>

Prev by Date: Re: Erase Files / faq diff
Next by Date: usb-serial stops working
Prev by thread: isakmpd and icmp dependencies
Next by thread: Re: isakmpd and icmp dependencies
Index(es):
- Date
- Thread