From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 4A26521F24A for ; Mon, 30 Jun 2014 22:24:24 -0700 (PDT) Received: by mail-ob0-f177.google.com with SMTP id uy5so9652752obc.36 for ; Mon, 30 Jun 2014 22:24:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=Q+VUiPGYJeeRkbhYzjVve1hfsovvQU8wn5biSCvjfYg=; b=V/oqO2JCV6340Sy+RDFvRpaKc3GLO4greT6n9AY0iB7rwjCt12AoQt7Ic6bp4qtQMa yuzbq/EBT52+Eu5731+TyFpVWAXv1pa0kTqrqhyT5/D5ePs8LCpC2kngnDo2CmGs7OCB ZU2fNHG4+Wd5SjfnjAZXKF6dTXCiNwJ18Tu35et1ij1lzQfv4OGeFNLnIniOXDcSSoan qvl0pj23lOQbYNU0+FkwgQj/eCBO9XOWMeU1YgM+G2H9IexNKSsDb6D2v5aAb86CKrcH yVSI1Q7gzEOTsLRWp4BlzGiGU68/nEN+peuW5XrYydMOsvaT/ah/YOUezjHNuHtGVvLi v6vw== MIME-Version: 1.0 X-Received: by 10.182.80.168 with SMTP id s8mr46825707obx.45.1404192263208; Mon, 30 Jun 2014 22:24:23 -0700 (PDT) Received: by 10.202.129.70 with HTTP; Mon, 30 Jun 2014 22:24:23 -0700 (PDT) Date: Mon, 30 Jun 2014 22:24:23 -0700 Message-ID: From: Dave Taht To: bloat Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Bloat] ECN on vpns? X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jul 2014 05:24:24 -0000 I presently don't have any ipsec based tunnels running (having reverted to the much easier to setup openvpn), and we'd discussed what the rfcs said about ecn a while back: http://permalink.gmane.org/gmane.comp.embedded.cerowrt.devel/470 And I'd noted that encapsulation seemed to be working even further back: https://lists.bufferbloat.net/pipermail/bloat/2011-June/000554.html http://huchra.bufferbloat.net/~d/veryhappynetwork.png but I haven't ever got around to checking what products, if any, actually decapsulated ECT(1) correctly back into the original IP header. Does anyone know if linux + strongswan/libreswan and/or other forms of vpn encapsulation (tinq, openvpn, commercial products), are doing the right thing presently? I would figure openvpn can't (due to doing compression)... I see ecn negotiation is in the ikev2 standard... --=20 Dave T=C3=A4ht NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_= indecent.article