I have an openbsd 5.1-release box configured with an ipsec vpn to another identical openbsd machine. I am trying to test PMTU discovery by sending packets, both TCP and UDP, with the DF bit set. I get an ICMP Unreachable - Fragmentation needed packet as expected, however the "Next-Hop MTU:" field is set to 0. The RFC says this should never be below 68. I am wondering if the issue is related to the fact that you can no longer set an MTU on enc0 (the ipsec tunnel interface). My first question is why am I getting 0 as the next-hop mtu? Secondly, why can I no longer set an MTU for my enc0 interface (when I try with ifconfig, I get : SIOCSIFMTU: Inappropriate ioctl for device)?
Thanks.
