> I set up VPN over IPSEC on a national academic network with 40mbit backbone > and 10/100 mbit site linkspeeds. the best end-to-end performance I could get > was 2mbit rising to 3-4 burst, and I was flooded by fragmented IP.
You should try (again?) a more modern implementation. > Stuff like pMTU end-to-end is absolutely vital to make non-aware clients > and servers cope with encapsulated protocols. Agreed. Many of us _do_ understand these issues. Dan