[ previous ] [ next ] [ threads ]
 From:  Alex Neuman van der Hans <alex at nkpanama dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] RE: RE : [m0n0wall] outlook -> exchange problem
 Date:  Sun, 26 Feb 2006 13:09:52 -0500
It's definitely a Windows MTU detection problem - undocumented, unfixed, 
and undetected until someone started futzing with it. I've told all the 
sysadmins I do consulting work for to lower their MTU to 1430-1490 as 
soon as they take the machine out of the box, right before windows updates.

Lee Sharp wrote:
> From: "Jeff Buehler" <jeff at buehlertech dot com>
>> Well, it appears that the MTU on the server(s) and client platforms 
>> being lowered does solve the problem I was having (annoyingly).  It 
>> also appears that Blowfish (in phase 2) requires a different MTU 
>> setting (slightly lower) than AES appears to as well, just for an 
>> interesting tidbit of information, although this observed but not 
>> carefully verified.  I'm not certain why allowing fragmented packets 
>> doesn't solve the problem, but it appears that certain packets are 
>> still dropped by certain platforms on a ping unless the MTU is lowered.
>> I don't know if the problem is m0n0wall (Racoon) specific.
> This is a common Windows problem.  I usually find it when a few 
> Windows systems can not get to some websites, the most common being 
> Microsoft and windowsupdate.  It appears that Windows MTU detection is 
> broken, and does not work on all systems.  Search on "Windows MTU 
> 1492" and you will see a lot.  The thing is you have DSL overhead, and 
> VPN overhead.  Of course it would be nice if Windows MTU detection 
> actually worked. :-)
>                        Lee
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


Alex Neuman van der Hans
N&K Technology Consultants
Tel. +507 214-9002 - http://nkpanama.com/