|
||||||||
On Friday 01 July 2005 12:29, edward mzj wrote: > try to allow fragmented icmp echo-request and echo reply packets. i'm not > sure > > On 7/2/05, Mat Murdock <mmurdock underscore lists at kimballequipment dot com> wrote: > > I was wondering if there was a way to increase the allowed ping size > > over a m0n0 to m0n0 ipsec vpn. The reason is as follows: > > > > When running a M$ based network with a central location and numerous > > satellite locations, you may encounter a rather nasty problem. No this does not work. The only way I have found to get IPsec VPN's to work with m0n0 is by decreasing the MTU until there are no fragmented packets, at least in the next hop (in my case ADSL). --george |