Re: [m0n0wall] Ping Size Windows GPO

From:	Mat Murdock <mmurdock underscore lists at kimballequipment dot com>
To:	George Bourozikas <george at bourozikas dot net>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Ping Size Windows GPO
Date:	Fri, 01 Jul 2005 11:34:01 -0600

George Bourozikas wrote:

>On Friday 01 July 2005 12:29, edward mzj wrote:
>  
>
>>try to allow fragmented icmp echo-request and echo reply packets. i'm not
>>sure
>>
>>On 7/2/05, Mat Murdock <mmurdock underscore lists at kimballequipment dot com> wrote:
>>    
>>
>>>I was wondering if there was a way to increase the allowed ping size
>>>over a m0n0 to m0n0 ipsec vpn. The reason is as follows:
>>>
>>>   When running a M$ based network with a central location and numerous
>>>   satellite locations, you may encounter a rather nasty problem.
>>>      
>>>
>
>No this does not work.  The only way I have found to get IPsec VPN's to work 
>with m0n0 is by decreasing the MTU until there are no fragmented packets, at 
>least in the next hop (in my case ADSL).
>
>--george
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>  
>

I think this is a IPsec setting that allows large ping packets.

Mat