[ previous ] [ next ] [ threads ]
 From:  Michael Stecher <Michael dot Stecher at cib dot de>
 To:  'Michael Brown' <knightmb at knightmb dot dyndns dot org>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  AW: AW: [m0n0wall] Problem with IPSec VPN Tunnel - MTU-Size?
 Date:  Wed, 13 Feb 2008 17:57:04 +0100
Hello Michael,

thanks for your response. That sounds not really nice, but its a passable way. :(

Best regards,


-----Ursprüngliche Nachricht-----
Von: Michael Brown [mailto:knightmb at knightmb dot dyndns dot org]
Gesendet: Mittwoch, 13. Februar 2008 17:49
An: m0n0wall at lists dot m0n0 dot ch
Betreff: Re: AW: [m0n0wall] Problem with IPSec VPN Tunnel - MTU-Size?

I've run into this issue as well. The only solution was to change it on the server being accessed or
whatever client PCs that were "acting" like a server that other machines would connect to (whether
for file sharing or whatever). The problem that I had though was not the IPSec Tunnel, but the
actually ISP was having problems with the MTU setting between two different ISP (in that case, it
was Comcast to AT&T). The m0n0wall machines I setup, one machine was behaving like a hub for more
others across the Internet. One site, which never had any problems nor modifications for the MTU,
had it's ISP changed out to Comcast and that's when all the trouble started. I tried everything on
both ends (MTU settings, fragmented packets, etc) and nothing worked. The ISP changed prevented the
client computers from connecting to a server back at home base. Finally, I changed the MTU of the
server to 1400 and everything worked. Why it was this specific ISP to ISP connection that didn't
work with a standard MTU of 1500 I have no idea.


Michael Stecher wrote:
> Hello,
> have many thanks for your quick response.
> 1. We've tried this out yesterday, but without any success.
> 2. We've also tried this, but lowering the WAN MTU cause that most internet sites aren't
> Are there any other options?
> Best regards,
> Michael

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch