Dear #SysAdmin and #NetAdmin community, I have a conundrum. We have IPsec (transport mode) set-up between all our servers; we are also starting to use Rancher. Rancher sets up its own IPsec-protected network (tunnel mode).
So we end up with IPsec in IPsec, which sucks. Specifically, can't seem to get MTU right, there is *always* a window of packet sizes that simply will *not* get through.
Anybody knows of a way to tell the back-end IPsec "so, if it's a Rancher's IPsec packet, don't touch it"?