On 2008/01/06 03:10, Max Hayden Chiz wrote:
> But, loading very complex websites (yahoo, YouTube) takes so long that
> the HTTP connection will reset before the browser is done. I can't
> figure out why this is happening and didn't find anything similar when
> I searched the archives.
Sounds like it could be MTU problems. With IPsec you don't have the
usual 1500-byte MTU from a normal ethernet interface, it's smaller
because of the additional headers.
> set skip on {lo enc0}
> scrub in
I would remove enc0 from 'set skip' (you'll need a pass rule in its
place) and then try something like 'scrub on enc0 max-mss 1310 no-df'
(iirc, this comes after the other scrub rule). 1310 is smaller than
you're actually likely to need but should work.
