On 2022-05-29, n18fu...@tutanota.com wrote:
> I saw the recent change in pf.conf.5. Thank you. But I would argue that a
> person who just wants to set up a VPN can easily overlook the max-mss option.
> That's why I suggest adding it to examples like this:
Would prefer to have a *short*
hello Stuart,
sorry for the delay in replying
I think the issue in my ISP corner case case was that clients were natted
to Public address pool X
while link ips within the ISP network (the ips that might send the ICMP
destination
unreachable fragmentation needed
messages would be natted to a
On 2022-05-15, Tom Smyth wrote:
> Hi Stuart,
> I have huge regard for you and all you contribute to OpenBSD and the community
> Im going to clarify what I meant and what my experience with PMTU and
> constrained MTUs behind
> NAT,
> My humble experience is that if we have a constrained MTU
Hi Stuart,
I have huge regard for you and all you contribute to OpenBSD and the community
Im going to clarify what I meant and what my experience with PMTU and
constrained MTUs behind
NAT,
My humble experience is that if we have a constrained MTU behind a NAT
Path MTU discovery from the server to
On 2022-05-15, Tom Smyth wrote:
> IP fragments on internet are avoided generally through PMTU discovery (mtu
> path
> discovery) but
> PMTU does not work beyond a Nat (if a smaller MTU interface exists
> behind a NAT then the smaller
> MTU will not be discovered.
That's not right, NAT doesn't
On 2022-05-15, Theo de Raadt wrote:
> .Bd -literal -offset indent
> -inet 0.0.0.0 255.255.255.255 NONE \e
> +inet 0.0.0.0 255.255.255.255 0.0.0.1 \e
> pppoedev em0 authproto pap \e
> authname 'testcaller' authkey 'donttell' up
> -dest 0.0.0.1
> inet6 eui64
>
> I don't think this
On Sun, May 15, 2022 at 10:40:59AM -0600, Theo de Raadt wrote:
> .Bd -literal -offset indent
> -inet 0.0.0.0 255.255.255.255 NONE \e
> +inet 0.0.0.0 255.255.255.255 0.0.0.1 \e
> pppoedev em0 authproto pap \e
> authname 'testcaller' authkey 'donttell' up
> -dest 0.0.0.1
> inet6
.Bd -literal -offset indent
-inet 0.0.0.0 255.255.255.255 NONE \e
+inet 0.0.0.0 255.255.255.255 0.0.0.1 \e
pppoedev em0 authproto pap \e
authname 'testcaller' authkey 'donttell' up
-dest 0.0.0.1
inet6 eui64
I don't think this is the right way to go. Yes, on p2p links the
On Sun, May 15, 2022 at 01:44:39PM -, Stuart Henderson wrote:
> >
> > - mixing mtu to 1500 and scrub: well, both concern issues with mtu. why
> > wouldn;t they be together in there?
>
> They're related but one is for avoiding the problem in the first place
> (which may or may not work,
Hello all,
one issue we have encountered with encapsulated packets is the IP
fragment packets that are created
when the would be encapsulated packet would exceed the MTU of an
underlay interface.
on non natted networks with firewalls that behave them selves the
tunnels may work.
however across
On 2022-05-15, Jason McIntyre wrote:
> On Sat, May 14, 2022 at 09:14:36PM -, Stuart Henderson wrote:
>> On 2022-05-14, Georg Pfuetzenreuter wrote:
>> > pppoe(4) already has a section on this, possibly this could be used as a
>> > start.
>>
>> It's not a great start really. Mixes up
On Sat, May 14, 2022 at 09:14:36PM -, Stuart Henderson wrote:
> On 2022-05-14, Georg Pfuetzenreuter wrote:
> > pppoe(4) already has a section on this, possibly this could be used as a
> > start.
>
> It's not a great start really. Mixes up information about a method to
> set the pppoe MTU to
On 2022-05-14, Georg Pfuetzenreuter wrote:
> pppoe(4) already has a section on this, possibly this could be used as a
> start.
It's not a great start really. Mixes up information about a method to
set the pppoe MTU to 1500 (RFC4638) and using scrub, doesn't describe
the problem (says "causing
On 2022-05-14, n18fu...@tutanota.com wrote:
>> I recommend "max-mss" instead of no-df, you don't really want fragments
>> if you can help it. The number to cap at is 40 below the lowest actual
>> MTU across the tunnel, so 1380 should do for WireGuard, IPsec varies
>> depending on the options
On 2022-05-14, William Ahern wrote:
> On Fri, May 13, 2022 at 11:10:41PM +0200, n18fu...@tutanota.com wrote:
>> Hi,
>>
>> I've set up an OpenBSD server on the Cloud, set up a Wireguard tunnel, and
>> configured default route through that server. I've noticed that I can't
>> access some websites:
On Fri, May 13, 2022 at 11:10:41PM +0200, n18fu...@tutanota.com wrote:
> Hi,
>
> I've set up an OpenBSD server on the Cloud, set up a Wireguard tunnel, and
> configured default route through that server. I've noticed that I can't
> access some websites: my browser was not able to complete TLS
16 matches
Mail list logo