[ previous ] [ next ] [ threads ]
 
 From:  "Martin Holst" <mail at martinh dot dk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Bug: PPTP MTU 1396
 Date:  Sat, 24 Jan 2004 14:41:26 +0100 
Sorry for reposting, but since no one has come up with an answer for this, I
will assume it is a bug:
http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=26&actionargs[]=27

Brief:
PPTP is used to secure wireless access from DMZ to LAN.
 - PPTP access from DMZ to LAN is OK
 - PPTP access from WAN to LAN is OK
 - PPTP access from DMZ to WAN fails due to MTU-related problem.

WAN (ed0) is routed Ethernet with MTU 1500 - PPTP interface (ng1) has an MTU
of 1396.

m0n0wall logs all through PPTP-interface and log shows 1400byte-packets
incoming on PPTP-interface when trying to access e.g. web servers.
m0n0wall sends an "icmp unreach/needfrag" back - to no avail.

Is this a bug?
(Sorry if not)

Log example:
12:17:10.297090 ed0 @-1:-1 p 80.196.xxx.xxx -> 129.142.xxx.xxx PR icmp len
20 56 icmp unreach/needfrag for 129.142.xxx.xxx,80 - 80.196.xxx.xxx,5264 PR
tcp len 20 1400 K-S K-F OUT 

12:17:10.296974 ng1 @0:23 p 129.142.xxx.xxx,80 -> 192.168.xxx.xxx,3484 PR
tcp len 20 1400 -A K-S K-F OUT


Log explanation:
129.142.xxx.xxx - web server
80.196.xxx.xxx - my WAN
192.168.xxx.xxx - my PPTP client

/Martin