[ previous ] [ next ] [ threads ]
 
 From:  George Bourozikas <george at bourozikas dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPsec will not forward fragmented packets / MTU issue
 Date:  Mon, 28 Mar 2005 15:01:19 -0500 
On Monday 28 March 2005 14:43, Michael Sierchio wrote:
> George Bourozikas wrote:
>  >> 2)  short packets (ping's, SSH negotiations) traverse the link fine
>  >>
>  >> 3)  Longer packets get dropped.  I have confirmed this with tcpdump. 
>  >> When I change the client MTU to 1400 everything works fine, but I need
>  >> a more systemic solution because I will not have access to all
>  >> potential clients.
>
> If the problem is fixed by MTU size munging (thereby avoiding fragmented
> packets) it seems reasonable to suspect that fragmented packets
> are being dropped -- by a firewall rule?

All my rules "allow fragmented packets."  Which makes it even more 
frustrating.

--George