[Openswan Users] DF flag on ESP packets
Marc H. Thoben
chojin at gmx.net
Mon Oct 11 09:35:45 CEST 2004
On 11th of October 2004 at 14:11:43, Herbert Xu wrote:
> On Mon, Oct 11, 2004 at 02:10:57PM +1000, herbert wrote:
> > On Mon, Oct 11, 2004 at 03:28:03AM +0200, Marc H. Thoben wrote:
> > >
> > > Do you know of a way to prevent the ESP packets to inherit that flag ?
> >
> > Currently there isn't any. However that is something that should
> > be implemented.
>
> Actually you should be able to clear the DF bit using iptables.
Well, so far I have found ipt_DF from http://mordor.strace.net/iptables/,
which seems to do the job. The DF flag is indeed stripped and no
more ssh-sessions crash :)
But I was wondering, do you have the functionality of a specific
officially included iptables module in mind ? It's quite a pain to
compile libipt_DF.so on every machine..
--
Best regards,
Marc
More information about the Users
mailing list