Hi Ken, Have you tried to clamp to pmtu? iptables -A OUTPUT -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu I believce this can help with encrypted protocols. > Hi, > > I'm having problems with packages that are larger than 80 some bytes. > > The packages come from a IPSec tunnel on the ipsec0 interface > and are routed to a host in the DMZ. The problem is that the > package is "truncated" at the end. When using ulogd and > adding a rule in the FORWARD chain to send the package to > netlink I can see the complete pacakge, nothing missing. But > when running tcpdump at both the host in the DMZ and > eth1(DMZ) on the "router" the package is 40 bytes short. > > Any suggestions on what might be happening? > > With regards, > Ken A. Redergård > Cheers, Lewis Shobbrook
