Hi!
>>>>> "KYT" == King Yung Tong <tong_at_cs.dal.ca> writes:
KYT> Hello all, 1. I would like to ask if I use 3des-md5-96 for the
KYT> authentication and encryption, how much extra info will be add to
KYT> the original packet?
Seems that you answered your question yourself:
KYT> 2. My tunnel mtu is 1420 and I got fragementation if I send 1400
KYT> bytes UDP packets, the size of each packet is 1472 and 80. I
KYT> can't do the math. Use 3des-md5-96 again. Can somebody explain
KYT> why?
So the IPsec code added 72 bytes to your packets. I don't know what
you mean with these 80 byte packets though.
If you are using tunnel mode (the default) IPsec encapsulation adds an
ESP header and an additional IP header for the tunneling.
KYT> 3. How come fragmentation occur since mtu is 1420 and 1400 is
KYT> sended?
See above, the original packet size is below your MTU, the
encapsulated is bigger and thus needs to be fragmented.
Hth
Cord
-- Cord Kielhorn, OpenIT GmbH, Jahnstraße 18, 40215 Düsseldorf, Germany Tel +49 211 239 577-0, Fax +49 211 239 577-10, http://www.OpenIT.de OpenPGP key: 1024D/319B3E52 2000-05-15 Cord Kielhorn <kielhorn_at_OpenIT.de> fingerprint: 0F56 C938 5CAF AC5D 126B 7B20 643C 671E 319B 3E52 _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST