I presently don't have any ipsec based tunnels running (having reverted to the much easier to setup openvpn), and we'd discussed what the rfcs said about ecn a while back:
http://permalink.gmane.org/gmane.comp.embedded.cerowrt.devel/470 And I'd noted that encapsulation seemed to be working even further back: https://lists.bufferbloat.net/pipermail/bloat/2011-June/000554.html http://huchra.bufferbloat.net/~d/veryhappynetwork.png but I haven't ever got around to checking what products, if any, actually decapsulated ECT(1) correctly back into the original IP header. Does anyone know if linux + strongswan/libreswan and/or other forms of vpn encapsulation (tinq, openvpn, commercial products), are doing the right thing presently? I would figure openvpn can't (due to doing compression)... I see ecn negotiation is in the ikev2 standard... -- Dave Täht NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article _______________________________________________ Bloat mailing list [email protected] https://lists.bufferbloat.net/listinfo/bloat
