On Thu, 2004-09-30 at 04:55, Martin Lexa wrote: > # Normalization: reassemble fragments and resolve or reduce traffic > ambiguities.# scrub in all > scrub in on $ext_if all no-df > scrub out on $ext_if all no-df random-id max-mss 1440 > scrub in on enc0 all no-df > scrub out on enc0 all no-df > scrub in on $int_if all no-df > scrub out on $int_if all no-df random-id
have you tried lower max-mss values than 1440? you're cutting it pretty close there (1500 - 20 - 40). i know it makes mathematical sense in theory; but in reality, i've always had to ratchet my WiFi over IPSec traffic down to an MTU of 1350-1370 (MSS of 1310-1330) to eliminate "stalls." just a thought. -j =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ These days the necessities of life cost you about three times what they used to, and half the time they aren't even fit to drink. =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
