Hello,
I'm not sure whether this is the correct list to aks for this:
I have an IPSec-tunnel
172.20.0.0/16---<my gateway>===<other gateway>---10.72.50.0/24
One problem is, that between <other gateway> and the target network, there
is an MTU bottleneck that requires reducing the MTU from 1500 bytes to
some lower value.
Via iproute, I did specify this reduced MTU for the corresponding route on
my gateway, and my gateway does generate corresponding ICMP messages (host
unreachable: fragmentation needed), BUT
my gateway does send these messages with Src-Address: <my public
ip> to Dst-Address: <10.72.50.x>,
so that they, of course, do not cross the tunnel.
As I did find out, this kind of packets does not seem to enter the
POSTROUTING chain, so I cannot SNAT them.
What can I do?
Best Regards and many thanks in advance for your input,
Frank Mayer
UNIX Systemadministration
----------------------------------------------------
KNAPP Systemintegration GmbH
Waltenbachstrasse 9
8700 Leoben, Austria
----------------------------------------------------
Phone: +43 3842 805-921
Fax: +43 3842 82930-921
frank.mayer@xxxxxxxxxxxxxxxxx
www.knapp.com
