[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fagments and VPN
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Fagments and VPN
- From: Waldemar Brodkorb <wbx_(_at_)_luusa_(_dot_)_org>
- Date: Tue, 7 Jan 2003 01:31:46 +0100
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
- Reply-to: Waldemar Brodkorb <wbx_(_at_)_luusa_(_dot_)_org>
Johan Hedin wrote,
> Hi all
> I have a few VPN tunnels through OpenBSD 3.2 and 3.1 boxes. All work
> perfectly as long as the machines behind the different firewalls doesn't
> try to frag. I have read the manual pages, but not found(understod) how
> to fix this. If I try to access a Solaris 8 box on Subnet 192.168.1.0/24
> behind an OpenBSD 3.1 from a Linux box at home which is behind OpenBSD
> 3.2 and the mtu of the Linux box is higher than the MTU of the Solaris
> box, I get an ICMP needs to frag from my firewall 192.168.28.1 but the
> Linux box says
> IPVS: incoming ICMP: failed checksum from 192.168.28.1!
> I have tried both with and without the scrub directive in pf.conf.
What exact rules?
> What am I doing wrong/missing here?
Shot in the dark, try:
scrub in all no-df
scrub out all no-df
On all OpenBSD firewalls.
8485 D0CE 2743 656E 867C 5C93 0317 AFD8 BE21 BD90