[ previous ] [ next ] [ threads ]
 
 From:  Mat Murdock <mmurdock underscore lists at kimballequipment dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Ping Size Windows GPO
 Date:  Fri, 01 Jul 2005 10:00:03 -0600
I was wondering if there was a way to increase the allowed ping size 
over a m0n0 to m0n0 ipsec vpn. The reason is as follows:

    When running a M$ based network with a central location and numerous
    satellite locations, you may encounter a rather nasty problem. 
    Windows 2000's method for locating a domain controller is not
    exactly flawless. When a workstation checks connectivity with the DC
    it first uses a normal icmp ping.  If the normal ping succeeds it
    then tests the connection speed with an oversized ping. 
    Specifically the size is 2048k* which puts the total packet size
    over 2k due to headers.  This isn't a problem when you are on a
    local network with nothing between you and the DC but a switch. 
    However, if you are at a satellite location and you must traverse a
    VPN to speak to the DC there may be trouble.  This functionality is
    designed to prevent ye-old ping flood among other things.  Because
    of this behavior workstations at satellite sites succeed with the
    first normal ping but fail on the oversized one.

Any help would be appreciated.

Thanks,

Mat Murdock