On 08-06-18 19:45, Gert Doering wrote:
One thing you should be aware of is that no matter how you set
--fragment, or whatever OpenVPN deduces automatically, any fragmentation
that OpenVPN may perform will be undone by each and every stateful
firewall in between client and server.
No :-)
--fragment is something that happens inside openvpn, and no firewall
in the world can see that. (Which also means that for all the world
outside, no fragmentation is happening anyway)
Because a stateful firewall will
reassemble fragmented packets before inspection in order to track
connections and related traffic.
Right, but not relevant for --fragment (would be relevant if you have
outside UDP packets that get fragmented)
I should have looked up the details and not rely on memory alone :-)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
