Fred, ...
The UDP port concerned has to be open in the firewall, since the echo process is playing the role of a server. That's probably less awkward than getting ICCMP through, but it still means convincing the corporate or campus security people to allow the port. I'm sure they'd like to know how the DoS threat is mitigated...But, it would be the same UDP port opened for the tunnel itself, i.e., the probing is in-band with ordinary tunneled data. Or, maybe I'm still missing the point...
Slightly, maybe, because I'm interested in the *general* problem of viable e2e PMTUD, regardless of tunnels. If we can solve the general case, tunnels just become like any other link as far as PMTUD is concerned. Brian -- to unsubscribe send a message to rrg-request@psg.com with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg