On Thu, Dec 30, 2004 at 04:52:27PM -0500, Elijah Savage wrote: > All, > > I want to clear this up a bit. I am not looking for some one to provide > me with config files or say here is what you need to do I can do that on > my own. What I am looking for is real world experience
i have used vpnc from ports to do vpn back to work against the cisco whatever-the-hell-it-is they have there. so far i noticed i need to sysctl -w net.inet.ip.esp=0 or traffic coming back down the encrypted tunnel never actually gets decrypted out of the tun(4) iface. this might be specific to my workplace's cisco's config. 2 - i've noticed that i have issues with the MTU of various things i hit up over the VPN. some sites will want 1432, some want 1500, some want stuff in the middle... if the MTU of my tun0 iface is less than the MTU of the remote host, traffic just croaks relatively quickly. if my MTU is greater-than the remote host's ( maybe i should say specifically the thing i am comparing against is the MSS in the initial tcp headers i am seeing with tcpdump ) then i begin to see fragments come in, and traffic still works, but i had to dicker with my pf rules to allow for the fragments. that's about as much as i can contribute so far. jared -- [ openbsd 3.6 GENERIC ( dec 11 ) // i386 ]
