Help with IPsec

From:	George Bourozikas <george at bourozikas dot net>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Help with IPsec
Date:	Fri, 4 Mar 2005 13:29:55 -0500

I posted a few days ago with an IPsec problem and didn't get any 
suggestions; here is the current status.  I would really appreciate any 
guidance.

I have two soekris 4801's running m0n0 1.11 and I am trying to establish an 
IPsec tunnel between them, primarily so a couple of WinXP boxes behind one 
of them (SF) can join the Samba-based domain behind the other (NYC).

- The IPsec tunnel establishes itself as needed.

- Small-size ping traffic goes through nicely.

- Any packet with an MTU > 1400 or so just disappears.  This includes TCP 
traffic and loaded ping packets.  Resetting the MTU is not really an 
option, since it will degrade other network performance and most of the 
boxes involved are windows boxes.  [On one occasion I could only pass 
packets smaller than 400, so it's unpredictable as well.]

- I set up a rule to allow fragmented ESP packets on both ends but it did 
not help.

I have posted both config files at:

http://www.speakeasy.org/~gbourozikas/m0n0/

I am sure that I am missing something *really* obvious, but I am stuck 
nevertheless.

Thanks in advance,
--George Bourozikas