Yup, the PPTP is in the same range as LAN - its 192.168.1.16/28.
PPTP from WAN -> LAN is no problem. Seems it compensates for the MTU here.
The problem is DEFINITELY MTU-related! (as the log shows)
I don't get why MTU on PPTP-interface is 1396 - is this not a mistake?
See the log where a "icmp unreach/needfrag" is returned for a 1400 bytes
12:17:10.297090 ed0 @-1:-1 p 80.196.xxx.xxx -> 129.142.xxx.xxx PR icmp len
20 56 icmp unreach/needfrag for 129.142.xxx.xxx,80 - 80.196.xxx.xxx,5264 PR
tcp len 20 1400 K-S K-F OUT
12:17:10.296974 ng1 @0:23 p 129.142.xxx.xxx,80 -> 192.168.xxx.xxx,3484 PR
tcp len 20 1400 -A K-S K-F OUT
From: Falcor [mailto:falcor at netassassin dot com]
Sent: 22. januar 2004 14:12
To: Martin Holst
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: PPTP MTU problem!
Just to make sure: Is your PPTP IP range (the range it issues PPTP
clients) part of the same range you use for your LAN network(s)?
E.g. LAN = 192.168.1.0/24
PPTP = 192.168.1.192/28
Can your PPTP from the WAN access LAN computers/servers?
(sounds likt this probably isn't your problem, but just making sure.)
If this is an MTU issue.. then ewww, i dunno how to change it. ;)
Can you test your PPTP from a digital connection to check?
Martin Holst wrote:
>Probably a simple question, but I haven't been able to find anything in the
>PPTP-guide or on the lists.
>m0n0wall has two inside NICs: LAN for server/wired clients and DMZ for
>For security reasons access from DMZ to LAN is restricted to PPTP - this is
>WAN access through the PPTP is a another issue however :o(
>The routing is fine - the problem is MTU related.
>WAN is routed Ethernet with MTU 1500 - but PPTP is PPP with MTU 1396.
>I have set m0n0wall to log anything coming through PPTP-interface, and I
>see that 1400byte-packets are coming in on the PPTP-interface from the web
>servers I try to access.
>m0n0wall sends an "icmp unreach/needfrag" back - to no avail.
>Does anyone know a way around this?
>...IPSec is probably better, but PPTP was SO easy to setup on win2003 ;o)