I may make some of you laugh, but just in case...
I've noticed fragmentation problems between Windows clients (2000 and
XP) and servers (NT 4.0) through a m0n0wall <-> m0n0wall IPsec tunnel.
To fix this, I've allowed fragmented packets in the default filter rule
(thanks Justin for the tip), but I also had to change the WAN interface
MTU to 1472. This value was found after experiments, of course.
1 - Shouldn't the MTU be automatically adjusted when IPsec is in use, to
take the IPsec headers and encapsulation overload into account?
2 - Shouldn't fragmentation be allowed by default, except for extra
Thanks in advance,