[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Strangest Problem with VPN
 Date:  Sun, 27 Feb 2005 18:28:35 -0500 
On Sun, 27 Feb 2005 08:31:18 -0500, Elijah Savage
<esavage at digitalrage dot org> wrote:
> All,
> 
> I need some help before I began pulling my hair out, here is the
> situation.
> 
> M0n0wall-----Internet-----Cisco831
> 
> I have the tunnel up between these 2 devices and I know everything is
> setup properly, as I can ping from one LAN subnet to the other. I can
> also ssh from behind the LAN subnet of the monowall to the Lan subnet of
> the 831. Now everyone is saying ok so what's wrong. Well when I try to
> RDP or send what seems to be any heavy traffic like RDP, file copy, etc
> it opens up the resources but never completes. Let me try to explain
> better, like on a file copy I attach to the share it ask for username
> and password I put it in and see the file share when I go to copy it
> hangs up and locks up that session. If I RDP to a box from the monowall
> subnet to the other subnet it brings up the screen I put in the username
> and password and it seems as if it is going to log me in but just locks
> up the session.
> 
> Now from the 831 LAN subnet they can do anything they want to, it looks
> as if they are sitting on my local subnet behind the monowall they have
> no issues at all every service works great file sharing, RDP, they can
> even print to my subnet. It seemed like a MTU issue at first so I tried
> changing it on both sides and that did not make any difference. I have
> taken all other access-list on the 831 off to make sure it was not being
> caught by something else though I was sure it wasn't and that did not
> make any difference. I did have a Cisco pix in place of the monowall and
> it all worked great but since you can't do any traffic shaping on a pix
> I decided to try monowall. The traffic shaping works great and I love it
> but now I am in a pickle because if I can't get the vpn to work I will
> have to go back to the pix and give up traffic shaping.
> 
> Any ideas or thoughts surely would be appreciated.

Sounds like a problem with fragmented packets/MTU.  Solution?  I'm not
sure.  :)  It's one of many things I have on my list to figure out and
document troubleshooting and remediation procedures.

Searching the archives for MTU might be helpful.  
http://www.google.com/search?q=mtu+site%3Am0n0.ch&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official

-Chris