Victor Sudakov wrote: > > I need to figure out why IPsec tunnel mode is always generating ESP > packets with the DF flag set. Therefore they just don't get through the > interface and never leave the host. > > I cannot even "scrub out proto 50 no-df" them because they never go > through any f*cking interface, that's what I think is happening. Don't > tell me it's by design.
I've created a PR https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744 if anyone is interested you are welcome to discuss. Maybe my theory of what's happening is incorrect. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
