netdev
[Top] [All Lists]

Re: IPsec and Path MTU

To: "David S. Miller" <davem@xxxxxxxxxx>
Subject: Re: IPsec and Path MTU
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 18 Jun 2004 09:18:51 +1000
Cc: kuznet@xxxxxxxxxxxxx, jmorris@xxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20040617161403.2d0ee598.davem@xxxxxxxxxx>
References: <20040615124334.GA25164@xxxxxxxxxxxxxxxxxxx> <20040616195653.GC29781@xxxxxxxxxxxxx> <20040616231317.GA5742@xxxxxxxxxxxxxxxxxxx> <20040617190158.GA10925@xxxxxxxxxxxxx> <20040617213832.GC14089@xxxxxxxxxxxxxxxxxxx> <20040617152921.730892c7.davem@xxxxxxxxxx> <20040617231241.GB14739@xxxxxxxxxxxxxxxxxxx> <20040617161403.2d0ee598.davem@xxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.5.1+cvs20040105i
On Thu, Jun 17, 2004 at 04:14:03PM -0700, David S. Miller wrote:
> On Fri, 18 Jun 2004 09:12:41 +1000
> Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
> 
> > In my case, the ICMP message is not coming from the remote IPsec gateway
> > or a router in front of it.  It's coming from a host behind it.  So
> > the original IP header is in the ICMP message, in the clear.
> 
> Remote gateway is supposed to encapsulate the ICMP message and send it
> back to the other gateway isn't it?

We are the other gateway :) Yes, I'm talking about what happens to
that ICMP message once we decapsulate it.
-- 
Visit Openswan at http://www.openswan.org/
Email:  Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

<Prev in Thread] Current Thread [Next in Thread>