[Vpn-help] SSH connection hang with beta 2
Matthew Grooms
mgrooms at shrew.net
Sat May 5 10:04:39 CDT 2007
Tai-hwa Liang wrote:
>
> FreeBSD 6.2-STABLE + pf.
>
Hello again,
I have seen pf drop packet fragments on an interface unless you specify
the following in your configuration file ...
scrub all fragment reassemble
ESP traffic is especially susceptible to this due to the encapsulation
overhead. If that doesn't work for you, specify a rule like ...
scrub all fragment reassemble max-mss 1440
... which is similar to what NetBSD folks suggest when building a VPN
Gateway using ipf.
http://www.netbsd.org/Documentation/network/ipsec/rasvpn.html#more_frag
Thanks,
-Matthew
More information about the vpn-help
mailing list