At 08:36 AM 2/20/2006, Jeff Buehler wrote:
>OK - three recommendations (at least) so I'll try and reduce the MTU on 
>the servers (and each of the problem client platforms?  What a hassle!) 
>but I have a couple of questions you may be able to help me with:
>
>1. do I need to modify the MTU setting on the m0n0wall devices that are 
>establishing the IPSEC VPN as well?
>2. Will I have any problems with Drtcp on 2003 server?  I have used it on 
>XP before with no problem, but I don't want to munge my servers.
>3. If I modify the server MTUs, do I need to modify EVERY client platform 
>9or just the four with the problem)? Will the others that are working fine 
>start having problems if I reduce the server MTU and not their MTU also?

I cannot tell you with certainty any of the above. My experience is based 
on situations where I was experimenting with jumbo packets and finding the 
supported limits of client, server and the switches in between. Some 
protocols would work, some would not, and only by aligning all the devices 
from end to end on the correct MTU did all protocols work. In many other 
cases on this list, VPNs work fine with many services (SSH, telnet, http), 
and yet some MS applications such as file shares, RDP, or SQLServer fail or 
are intermittant until a smaller MTU is used.

Typically you can set the MTU at the server, and communications between it 
and all hosts would drop down to that MTU, but I don't have direct 
experience with m0n0wall and this situation so I'll defer to others.

I've used the native MTU settings in my NIC drivers to mess with MTUs on 
servers, and only used DrTCP on my XP workstation.

--
Bill Plein
w dot plein at gmail dot com