16.01.2020 20:39, Andrey V. Elsukov wrote: > I prepared the PoC patch that should fix the problem with TCP and > transport mode IPsec. But I have not free time currently to properly > test and debug it. It is only compile-tested. But If you want, you can > try :) > Currently only IPv4 support is implemented. > > https://people.freebsd.org/~ae/ipsec_transport_mode_ctlinput.diff
In fact, I've faced this problem long time ago too and I work around it with different approaches like "ipfw tcp-setmss" (MSS adjust) or by using IPSec transport mode with gif(4) interface removing DF bit out of encapsulated packets. I was going to test your patch with my home router but the patch does not apply to stable/11, at all. Do you have time to adjust it to stable/11 ? _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
