Re: IPSEC documentation

On Thu, Dec 29, 2005 at 01:35:21PM +0100, VANHULLEBUS Yvan wrote:
> > As it happens this FreeBSD box is also acting as a NAT gateway using pf
> > (myhost is on a private IP) and actually its external IP is also private -
> > it sits behind a second NAT firewall. So maybe that's where the problem
> > originates, although I really can't understand where the value of 1380 comes
> > from.
>
> 1500 - (pppoe encapsulation ?) - ESP header - L2TP encapsulation....

Yeah, but what I don't understand is that this value was chosen by a remote
webserver which is on the other side of the world, and knows nothing about
the L2TP/ESP encapsulation going on locally.

All it knows is that the client offered an MSS of 1360; for some reason it
offered back an MSS of 1380. Weird.
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"