[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fagments and VPN

Johan Hedin wrote,

> Hi all
> I have a few VPN tunnels through OpenBSD 3.2 and 3.1 boxes. All work
> perfectly as long as the machines behind the different firewalls doesn't
> try to frag. I have read the manual pages, but not found(understod) how
> to fix this. If I try to access a Solaris 8 box on Subnet
> behind an OpenBSD 3.1 from a Linux box at home which is behind OpenBSD
> 3.2 and the mtu of the Linux box is higher than the MTU of the Solaris
> box, I get an ICMP needs to frag from my firewall but the
> Linux box says
> IPVS: incoming ICMP: failed checksum from!
> I have tried both with and without the scrub directive in pf.conf.

What exact rules?

> What am I doing wrong/missing here?

Shot in the dark, try:
scrub in all no-df
scrub out all no-df

On all OpenBSD firewalls.


8485 D0CE 2743 656E 867C  5C93 0317 AFD8 BE21 BD90