We finally got the ISP for one end of the VPN to admit that they've
had problems with IPSec and the router they provided. They traded the
buggy router for a different brand unit and the problem has completely
On Fri, 17 Dec 2004 16:15:09 -0500, Tiresias <tiresias at gmail dot com> wrote:
> I have established my IPSec VPN between two m0n0walls (both v1.11) and
> I have a machine on the LAN on each end. I can ping between the
> machines but when I attempted to transfer data (ftp/http/etc) it
> failed. I have been using ftp for testing to narrow down the problem,
> and the ftp client seems to hang while waiting to receive the data.
> Sometimes I can get the first part of a file right away (~1KB), then
> no more; other times I got nothing at all. I end up having to abort
> the ftp transaction. I have been able to narrow this down to a
> specific file size. I can ftp a file of 2179 bytes over the VPN and
> the transfer completes instantly, but 2180 bytes fails every time.
> I also tried pinging the box on the other end and established that I
> can ping with up to 1410 bytes; any more than that gets no reply.
> After this test I tried changing the MTU settings of the WAN
> interface on both m0n0walls. I tried setting them both to
> 1410,1400,1200 and 900. Each time I changed the MTU of the WAN
> interface, I retried my ftp transfer as above. Changing the MTU of
> the WAN interface seemed to have NO effect on the size of the file
> that I could transfer. 2179b or less works; 2180b or more fails to
> Is there any other MTU setting that can/should be changed? Any other
> config option that I need to look at? Would it help to look at my
> configs? Any help/advice I can get would be most appreciated.
Eye sea dead peephole.