IPsec transport mode and MTU

networking linux linux-networking ipsec mtu

This is a bug in the Linux kernel IPsec. It fails to account for the size of the transport-mode ESP encapsulation when deciding whether to fragment the outgoing packet; it's then dropped on output as it exceeds the interface MTU. I don't know whether this has been fixed in newer kernels.

Related

Mapping FQDN to IP and Port number in HAProxy
Why does nsupdate fail with "operation canceled"?
all required agent virtual machines are not currently deployed on host 'hostname'
Adobe Reader DC automated install using PowerShell
Why is variable not being populated with data from Get-AzADServicePrinciple?
Get user home directories recursively in PowerShell
ADSync to Office365 doesn't update Exchange properties
Deploy an Azure VM of image Windows 10 Pro (with license)
Attaching iso file to Azure VM
How to change permission of my CentOS if I don't have the root password?
Amazon EC2 Instance fails continuously, 1/2 status check
X:\ is not accessible. Insufficient system resources exist to complete the requested service. Help