I was reading about OpenVPN in order to make a possible test bed when I came across the following statement:
* If run through a firewall using OpenBSDs packet filter PF and the filter rules include a "scrub" directive, you may get problems talking to Linux hosts over the tunnel, since the scrubbing will kill packets sent from Linux hosts if they are fragmented. This is usually seen as tunnels where small packets and pings get through but large packets and "regular traffic" don't.
Is this a valid comment? I'm not sure I understand what they mean...
Are they referring to Linux sending fragmented packets with the "don't fragment" bit set?
http://kerneltrap.org/node/view/579
.joel