On Sun, 07 Jul 2002, James Yonan wrote: > (1) Static, pre-shared key mode is stateless and handshake-free, so there > isn't really an existing context in which PMTU discovery could be > implemented.
Must the MTU be known to the protocol after all? It might be assymmetric when asymmetric routing (satellite downlink with ISDN uplink) is in place. Is not it sufficient if your own secure PMTU discovery is done independently for either side? Sorry, I'm still not acquainted with the OpenVPN protocol for lack of time. > (2) Path MTU discovery could work in TLS mode, however every time the the > MTU changes, the tun or tap device would need to be re-ifconfiged -- this > might also involve closing and reopening the tun device which would fail if > root privileges have been dropped. If you do it in the application, yes. If you leave it to the kernel, then it's not necessary. > So at this point a static default is certainly the simpler way to go, but > any changes to the static default should be carefully considered since they > would introduce backward incompatibility issues. -- Matthias Andree
pgp9Q_xTZB8nZ.pgp
Description: PGP signature
