From: "Jeff Buehler" <jeff at buehlertech dot com>
> Well, it appears that the MTU on the server(s) and client platforms being
> lowered does solve the problem I was having (annoyingly). It also appears
> that Blowfish (in phase 2) requires a different MTU setting (slightly
> lower) than AES appears to as well, just for an interesting tidbit of
> information, although this observed but not carefully verified. I'm not
> certain why allowing fragmented packets doesn't solve the problem, but it
> appears that certain packets are still dropped by certain platforms on a
> ping unless the MTU is lowered.
> I don't know if the problem is m0n0wall (Racoon) specific.
This is a common Windows problem. I usually find it when a few Windows
systems can not get to some websites, the most common being Microsoft and
windowsupdate. It appears that Windows MTU detection is broken, and does
not work on all systems. Search on "Windows MTU 1492" and you will see a
lot. The thing is you have DSL overhead, and VPN overhead. Of course it
would be nice if Windows MTU detection actually worked. :-)