You also need an OS that does not set the DF-bit on every packet it sends out. IIRC, out-of-the-box Solaris 8 is excellent at doing that. No matter how many icmp messages it gets, it happily ignores them by insisting on sending out frames of 1500 bytes with the DF-bit set. Makes trouble-shooting IPSec connections, uhm… interesting.
Cheers,
Arjan H