On Wed, 29 Oct 2003, Kuhtz, Christian wrote:
Seems several commercial clients (such as Cisco's VPN client) offer workaround for that (tunneling IPSEC in a TCP session). Works great.
I'm sure I could also setup a PPPoEmail shim that would bypass most of these problems.. Who needs routers with PBR when you have sendmail with m4 configuration! The fact that something can be worked around with enough footwork really doesn't make okay. Consider the congestion related behavior of TCP inside TCP. Consider the additional perpacket overhead of TCP encap, and the effect of the additional fragmentation that will happen since few networks will pass datagrams over 1500 bytes. If networks operators had demanded IPv6 in the past far more products today would be enabled and the 'upgrades are expensive' argument would be moot. Simply passing the buck to the customer is not a globally wise solution.