[ previous ] [ next ] [ threads ]
 
 From:  Jeff Buehler <jeff at buehlertech dot com>
 To:  Kristian Shaw <monowall at wealdclose dot co dot uk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] outlook -> exchange problem
 Date:  Thu, 09 Feb 2006 18:31:45 -0800
Hi Kris -

OK, two of the three ipsec VPNs can now successfully "ping dest-vpn -l 
2048" to any of the other two m0n0wall devices.  The last m0n0wall 
device is pingable this way, but it cannot ping the other two 
successfully.  So the new .img was mostly successful - I must be missing 
something obvious, but I'm not certain what it might be...

Jeff

Kristian Shaw wrote:

> Hello,
>
> I updated one of my remote m0n0walls with the 'keep-frags' image today 
> using the built-in GUI updater and it went OK. You will get a warning 
> saying the image isn't signed but it will still install.
>
> The 'keep-frags' version doesn't make any changes to your config so 
> there should be no issue with downgrading or future upgrades. It would 
> still make a backup just in case though (as with any change of firmware).
>
> Regards,
>
> Kris.
>
> ----- Original Message ----- From: "Jeff Buehler" <jeff at buehlertech dot com>
> To: "Kristian Shaw" <monowall at wealdclose dot co dot uk>
> Cc: <m0n0wall at lists dot m0n0 dot ch>
> Sent: Thursday, February 09, 2006 6:30 PM
> Subject: Re: [m0n0wall] outlook -> exchange problem
>
>
>> Hi Kris -
>>
>> OK - now I can see the problem.  I can't ping successfully at 2048 - 
>> the packets time out.  Setting Allow Fragmented Packets over AH (or I 
>> assume ESP) does not help.
>>
>> So, the only solution is to use your modified image?  If so, can I 
>> install that remotely using the Firmware->Upload mechanism?
>>
>> Thanks,
>> Jeff
>>
>>
>> Kristian Shaw wrote:
>>
>>> Hello,
>>>
>>> Just to answer another part of your email:
>>>
>>>> I ran ping tests from the client system to the Exchange system 
>>>> (ping the.server.com -f -l 1472) the result of these was no 
>>>> fragmentation up to 1472.  I also ran Network Monitor on the 
>>>> Exchange Server, which was inconclusive, but admitting my 
>>>> ignorance: is there a way to detect fragmented packets using 
>>>> Network Monitor?  There was nothing obvious in the traces that I ran.
>>>
>>>
>>>
>>> You should also be able to ping larger packets than 1472/1500 too, 
>>> because although they are larger than the ethernet MTU Exchange and 
>>> Outlook will still send them (RPC).
>>>
>>> ping -l 2048 host_name     should work too (and not get silently 
>>> dropped).
>>>
>>> Regards,
>>>
>>> Kris.
>>>
>>>
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>