R: [fw-wiz] Transparent proxies and PMTUD on the (WWW) server side

From: edp (edp.lists_at_acerbis.it)
Date: 08/26/03

Next message: Mikael Olsson: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"

Previous message: George J. Jahchan, Eng.: "[fw-wiz] Strange outbound connections."
In reply to: Patrick M. Hausen: "[fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"
Next in thread: Mikael Olsson: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Tue, 26 Aug 2003 13:43:06 +0200

>> So, what do you think?

One trade-off - in order to avoid fragmentation - I've adopted in the
past was to patch in transit (this of course require some processor
time, checksum must be re-computed) client TCP MSS related to their VPN
MTU when crossing the VPN device (of course it is required that the
appliance providing the vpn tunnel has this feature), actually lowering
them to 1380 bytes; I think that a good transparent proxy appliance of
any type *must* honor that client MSS when responding to it.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Mikael Olsson: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"

Previous message: George J. Jahchan, Eng.: "[fw-wiz] Strange outbound connections."
In reply to: Patrick M. Hausen: "[fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"
Next in thread: Mikael Olsson: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]