> On May 9, 2015, at 10:25 AM, Lyndon Nerenberg <lyn...@orthanc.ca> wrote: > > >> On May 9, 2015, at 7:43 AM, erik quanstrom <quans...@quanstro.net> wrote: >> >> easy enough until one encounters devices that don't send icmp >> responses because it's not implemented, or somehow considered >> "secure" that way. > > Oddly enough, I don't see this 'problem' in the real world. And FreeBSD is > far from being alone in the always-set-DF bit. > > The only place this bites is when you run into tiny shops with homegrown > firewalls configured by people who don't understand networking or security. > Me, I consider it a feature that these sites self-select themselves off the > network. I'm certainly no worse off for not being able to talk to them.
Network admins not understanding ICMP was far more common 20 years ago. Now the game has changed. At any rate no harm in trying PMTU discovery as an option (other than a SMOP).