[ previous ] [ next ] [ threads ]
 From:  Michael Sierchio <kudzu at tenebras dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPsec will not forward fragmented packets / MTU issue
 Date:  Mon, 28 Mar 2005 11:43:08 -0800
George Bourozikas wrote:

 >> 2)  short packets (ping's, SSH negotiations) traverse the link fine
 >> 3)  Longer packets get dropped.  I have confirmed this with tcpdump.  When I
 >> change the client MTU to 1400 everything works fine, but I need a more
 >> systemic solution because I will not have access to all potential clients.

If the problem is fixed by MTU size munging (thereby avoiding fragmented
packets) it seems reasonable to suspect that fragmented packets
are being dropped -- by a firewall rule?