Il 05/04/2012 18:16, Niccolò Belli ha scritto:
With ipsec tunnels I do solve with a simple: iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -m policy --dir in --pol ipsec --mode tunnel -j TCPMSS --set-mss 1300 Unfortunately I do not use openvpn, ipsec is much better in my opinion.
Also please do not drop icmp traffic, it does solve exactly this kind of problems. Unfortunately if the other peer does drop icmp you will still be in troubles.
Niccolò -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
