holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Correct mss specification when using ipcomp

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2019-10-16 11:41:21 -07:00
parent 54c7e1a607
commit 6da498510c
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/IPSEC-2.6.xml
View File

@ -364,6 +364,12 @@ ACCEPT vpn:134.28.54.2 $FW</programlisting>
<programlisting>#ZONE TYPE OPTIONS IN_OPTIONS OUT_OPTIONS
vpn ipsec mode=tunnel <emphasis role="bold">mss=1400</emphasis></programlisting>
<para>Note that if you are using ipcomp, you should omit the mode
specification:</para>
<programlisting>#ZONE TYPE OPTIONS IN_OPTIONS OUT_OPTIONS
vpn ipsec - <emphasis role="bold">mss=1400</emphasis></programlisting>
<para>You should also set FASTACCEPT=No in shorewall.conf to ensure that
both the SYN and SYN,ACK packets have their MSS field adjusted.</para>