[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fagments and VPN



Hi,
Johan Hedin wrote,

> Hi all
> 
> I have a few VPN tunnels through OpenBSD 3.2 and 3.1 boxes. All work
> perfectly as long as the machines behind the different firewalls doesn't
> try to frag. I have read the manual pages, but not found(understod) how
> to fix this. If I try to access a Solaris 8 box on Subnet 192.168.1.0/24
> behind an OpenBSD 3.1 from a Linux box at home which is behind OpenBSD
> 3.2 and the mtu of the Linux box is higher than the MTU of the Solaris
> box, I get an ICMP needs to frag from my firewall 192.168.28.1 but the
> Linux box says
> 
> IPVS: incoming ICMP: failed checksum from 192.168.28.1!
> 
> I have tried both with and without the scrub directive in pf.conf.

What exact rules?

> What am I doing wrong/missing here?

Shot in the dark, try:
scrub in all no-df
scrub out all no-df

On all OpenBSD firewalls.

bye
  Waldemar

-- 
8485 D0CE 2743 656E 867C  5C93 0317 AFD8 BE21 BD90