try to allow fragmented icmp echo-request and echo reply packets. i'm not sure
On 7/2/05, Mat Murdock <mmurdock underscore lists at kimballequipment dot com> wrote:
> I was wondering if there was a way to increase the allowed ping size
> over a m0n0 to m0n0 ipsec vpn. The reason is as follows:
> When running a M$ based network with a central location and numerous
> satellite locations, you may encounter a rather nasty problem.
> Windows 2000's method for locating a domain controller is not
> exactly flawless. When a workstation checks connectivity with the DC
> it first uses a normal icmp ping. If the normal ping succeeds it
> then tests the connection speed with an oversized ping.
> Specifically the size is 2048k* which puts the total packet size
> over 2k due to headers. This isn't a problem when you are on a
> local network with nothing between you and the DC but a switch.
> However, if you are at a satellite location and you must traverse a
> VPN to speak to the DC there may be trouble. This functionality is
> designed to prevent ye-old ping flood among other things. Because
> of this behavior workstations at satellite sites succeed with the
> first normal ping but fail on the oversized one.
> Any help would be appreciated.
> Mat Murdock