|
||||||||
It's definitely a Windows MTU detection problem - undocumented, unfixed, and undetected until someone started futzing with it. I've told all the sysadmins I do consulting work for to lower their MTU to 1430-1490 as soon as they take the machine out of the box, right before windows updates. Lee Sharp wrote: > From: "Jeff Buehler" <jeff at buehlertech dot com> > >> Well, it appears that the MTU on the server(s) and client platforms >> being lowered does solve the problem I was having (annoyingly). It >> also appears that Blowfish (in phase 2) requires a different MTU >> setting (slightly lower) than AES appears to as well, just for an >> interesting tidbit of information, although this observed but not >> carefully verified. I'm not certain why allowing fragmented packets >> doesn't solve the problem, but it appears that certain packets are >> still dropped by certain platforms on a ping unless the MTU is lowered. > >> I don't know if the problem is m0n0wall (Racoon) specific. > > This is a common Windows problem. I usually find it when a few > Windows systems can not get to some websites, the most common being > Microsoft and windowsupdate. It appears that Windows MTU detection is > broken, and does not work on all systems. Search on "Windows MTU > 1492" and you will see a lot. The thing is you have DSL overhead, and > VPN overhead. Of course it would be nice if Windows MTU detection > actually worked. :-) > > Lee > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ |