I'm having a problem with aFreeBSD workstation that tried to connect to a remote VPN via an IPSec tunnel. Here's my setup:
A FreeBSD workstation: W An OpenBSD router: LR And another OpenBSD router: RR A remote FreeBSD server: S LR and RR are connected via an IPSec tunnel. W shares the local ethernet with LR and LR is W's default gateway. S shares the remote ethernet with RR and RR is S's default gateway. The problem comes when I use scp. If I try to send a file bigger than 1400 bytes or so from W to S or vice versa the connection stalls and I seem to be left waiting for Godot. If I tcpdump the connection I see that when sending a file from W to S, LR sends W an ICMP message which states that the last tcp packet was too large and it should change it's MTU. But the connection stalls right there. I noticed that OpenBSD has a flag on scrub rules called no-df which strips the Don't Fragment flag from the packet. Turning this bit on fixes the problem. I'm wondering why FreeBSD doesn't send anything after it gets the ICMP message which states that it needs to change it's mtu for that connection? -- Chris -- Chris Hilton chris-at-vindaloo-dot-com ------------------------------------------------------------------------ "All I was doing was trying to get home from work!" -- Rosa Parks _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"