[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fagments and VPN

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: Fagments and VPN
From: Waldemar Brodkorb <wbx_(_at_)_luusa_(_dot_)_org>
Date: Tue, 7 Jan 2003 01:31:46 +0100
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
Reply-to: Waldemar Brodkorb <wbx_(_at_)_luusa_(_dot_)_org>

Hi,
Johan Hedin wrote,

> Hi all
> 
> I have a few VPN tunnels through OpenBSD 3.2 and 3.1 boxes. All work
> perfectly as long as the machines behind the different firewalls doesn't
> try to frag. I have read the manual pages, but not found(understod) how
> to fix this. If I try to access a Solaris 8 box on Subnet 192.168.1.0/24
> behind an OpenBSD 3.1 from a Linux box at home which is behind OpenBSD
> 3.2 and the mtu of the Linux box is higher than the MTU of the Solaris
> box, I get an ICMP needs to frag from my firewall 192.168.28.1 but the
> Linux box says
> 
> IPVS: incoming ICMP: failed checksum from 192.168.28.1!
> 
> I have tried both with and without the scrub directive in pf.conf.

What exact rules?

> What am I doing wrong/missing here?

Shot in the dark, try:
scrub in all no-df
scrub out all no-df

On all OpenBSD firewalls.

bye
  Waldemar

-- 
8485 D0CE 2743 656E 867C  5C93 0317 AFD8 BE21 BD90

References:
- Fagments and VPN
  - From: Johan Hedin

Prev by Date: Screen colors after leaving X
Next by Date: Re: To NAT or not to NAT
Previous by thread: Fagments and VPN
Next by thread: Re: Fagments and VPN
Index(es):
- Date
- Thread

Visit your host, monkey.org