[ previous ] [ next ] [ threads ]
 
 From:  "Kristian Shaw" <monowall at wealdclose dot co dot uk>
 To:  "Jeff Buehler" <jeff at buehlertech dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] outlook -> exchange problem
 Date:  Thu, 9 Feb 2006 19:13:59 -0000
Hello,

I updated one of my remote m0n0walls with the 'keep-frags' image today using 
the built-in GUI updater and it went OK. You will get a warning saying the 
image isn't signed but it will still install.

The 'keep-frags' version doesn't make any changes to your config so there 
should be no issue with downgrading or future upgrades. It would still make 
a backup just in case though (as with any change of firmware).

Regards,

Kris.

----- Original Message ----- 
From: "Jeff Buehler" <jeff at buehlertech dot com>
To: "Kristian Shaw" <monowall at wealdclose dot co dot uk>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Thursday, February 09, 2006 6:30 PM
Subject: Re: [m0n0wall] outlook -> exchange problem


> Hi Kris -
>
> OK - now I can see the problem.  I can't ping successfully at 2048 - the 
> packets time out.  Setting Allow Fragmented Packets over AH (or I assume 
> ESP) does not help.
>
> So, the only solution is to use your modified image?  If so, can I install 
> that remotely using the Firmware->Upload mechanism?
>
> Thanks,
> Jeff
>
>
> Kristian Shaw wrote:
>
>> Hello,
>>
>> Just to answer another part of your email:
>>
>>> I ran ping tests from the client system to the Exchange system (ping 
>>> the.server.com -f -l 1472) the result of these was no fragmentation up 
>>> to 1472.  I also ran Network Monitor on the Exchange Server, which was 
>>> inconclusive, but admitting my ignorance: is there a way to detect 
>>> fragmented packets using Network Monitor?  There was nothing obvious in 
>>> the traces that I ran.
>>
>>
>> You should also be able to ping larger packets than 1472/1500 too, 
>> because although they are larger than the ethernet MTU Exchange and 
>> Outlook will still send them (RPC).
>>
>> ping -l 2048 host_name     should work too (and not get silently 
>> dropped).
>>
>> Regards,
>>
>> Kris.
>>
>>
>
>