[ previous ] [ next ] [ threads ]
 From:  Jeff Buehler <jeff at buehlertech dot com>
 To:  Kris Shaw <monowall at wealdclose dot co dot uk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] outlook -> exchange problem
 Date:  Fri, 10 Feb 2006 09:37:56 -0800
Hi -

Aha!  I had a feeling something like that might be the case (everything 
basically worked without the WAN rules, which was confusing me until 
now).  Thanks for the clarification...

That did the trick - I had set the two routers that were able to ping 
out successfully to allow frags on the LAN, but the router that I had 
trouble with had that off.

Thanks again, Kris!

So, in recap for posterity (anyone unlucky enough to have to deal with 
this issue in the future, that is), to manage a Microsoft IPSEC VPN that 
needs log in capability across the VPN, and Outlook -> Exchange 
capability, it is necessary to:

1. Have a version of M0n0wall that allows fragmented packets across 
IPSEC ( presently http://www.klshaw.co.uk/m0n0wall/)
2. No WAN rules are required for IPSEC at all
3. For the LAN rule that applies to the IPSEC connection, Allow 
Fragmented Packets must be set

This is due to the fact that Microsoft puts packets of 2048 bytes in its 
RPC protocol for reasons that I can only imagine... but that I try not 
to because I have enough to irritate me!