From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dave.taht@gmail.com>
Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com
	[IPv6:2607:f8b0:4003:c01::231])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority G2" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 4A26521F24A
	for <bloat@lists.bufferbloat.net>; Mon, 30 Jun 2014 22:24:24 -0700 (PDT)
Received: by mail-ob0-f177.google.com with SMTP id uy5so9652752obc.36
	for <bloat@lists.bufferbloat.net>; Mon, 30 Jun 2014 22:24:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:date:message-id:subject:from:to:content-type
	:content-transfer-encoding;
	bh=Q+VUiPGYJeeRkbhYzjVve1hfsovvQU8wn5biSCvjfYg=;
	b=V/oqO2JCV6340Sy+RDFvRpaKc3GLO4greT6n9AY0iB7rwjCt12AoQt7Ic6bp4qtQMa
	yuzbq/EBT52+Eu5731+TyFpVWAXv1pa0kTqrqhyT5/D5ePs8LCpC2kngnDo2CmGs7OCB
	ZU2fNHG4+Wd5SjfnjAZXKF6dTXCiNwJ18Tu35et1ij1lzQfv4OGeFNLnIniOXDcSSoan
	qvl0pj23lOQbYNU0+FkwgQj/eCBO9XOWMeU1YgM+G2H9IexNKSsDb6D2v5aAb86CKrcH
	yVSI1Q7gzEOTsLRWp4BlzGiGU68/nEN+peuW5XrYydMOsvaT/ah/YOUezjHNuHtGVvLi
	v6vw==
MIME-Version: 1.0
X-Received: by 10.182.80.168 with SMTP id s8mr46825707obx.45.1404192263208;
	Mon, 30 Jun 2014 22:24:23 -0700 (PDT)
Received: by 10.202.129.70 with HTTP; Mon, 30 Jun 2014 22:24:23 -0700 (PDT)
Date: Mon, 30 Jun 2014 22:24:23 -0700
Message-ID: <CAA93jw7VL+tS258oeAP9sL4xJWeTFABgccQ_jjCp0r2RUi=39Q@mail.gmail.com>
From: Dave Taht <dave.taht@gmail.com>
To: bloat <bloat@lists.bufferbloat.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: [Bloat] ECN on vpns?
X-BeenThere: bloat@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: General list for discussing Bufferbloat <bloat.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/bloat>,
	<mailto:bloat-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/bloat>
List-Post: <mailto:bloat@lists.bufferbloat.net>
List-Help: <mailto:bloat-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/bloat>,
	<mailto:bloat-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Tue, 01 Jul 2014 05:24:24 -0000

I presently don't have any ipsec based tunnels running (having
reverted to the much easier to setup openvpn), and we'd discussed what
the rfcs said about ecn a while back:

http://permalink.gmane.org/gmane.comp.embedded.cerowrt.devel/470

And I'd noted that encapsulation seemed to be working even further back:

https://lists.bufferbloat.net/pipermail/bloat/2011-June/000554.html

http://huchra.bufferbloat.net/~d/veryhappynetwork.png

but I haven't ever got around to checking what products, if any,
actually decapsulated ECT(1) correctly back into the original IP
header.

Does anyone know if linux + strongswan/libreswan and/or other forms of
vpn encapsulation (tinq, openvpn, commercial products), are doing the
right thing presently? I would figure openvpn can't (due to doing
compression)...

I see ecn negotiation is in the ikev2 standard...



--=20
Dave T=C3=A4ht

NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_=
indecent.article