I updated one of my remote m0n0walls with the 'keep-frags' image today using
the built-in GUI updater and it went OK. You will get a warning saying the
image isn't signed but it will still install.
The 'keep-frags' version doesn't make any changes to your config so there
should be no issue with downgrading or future upgrades. It would still make
a backup just in case though (as with any change of firmware).
----- Original Message -----
From: "Jeff Buehler" <jeff at buehlertech dot com>
To: "Kristian Shaw" <monowall at wealdclose dot co dot uk>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Thursday, February 09, 2006 6:30 PM
Subject: Re: [m0n0wall] outlook -> exchange problem
> Hi Kris -
> OK - now I can see the problem. I can't ping successfully at 2048 - the
> packets time out. Setting Allow Fragmented Packets over AH (or I assume
> ESP) does not help.
> So, the only solution is to use your modified image? If so, can I install
> that remotely using the Firmware->Upload mechanism?
> Kristian Shaw wrote:
>> Just to answer another part of your email:
>>> I ran ping tests from the client system to the Exchange system (ping
>>> the.server.com -f -l 1472) the result of these was no fragmentation up
>>> to 1472. I also ran Network Monitor on the Exchange Server, which was
>>> inconclusive, but admitting my ignorance: is there a way to detect
>>> fragmented packets using Network Monitor? There was nothing obvious in
>>> the traces that I ran.
>> You should also be able to ping larger packets than 1472/1500 too,
>> because although they are larger than the ethernet MTU Exchange and
>> Outlook will still send them (RPC).
>> ping -l 2048 host_name should work too (and not get silently