Re: [m0n0wall] Re: AW: Problem with IPSec VPN Tunnel

From:	Lee Sharp <leesharp at hal dash pc dot org>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Re: AW: Problem with IPSec VPN Tunnel - MTU-Size?
Date:	Wed, 13 Feb 2008 14:27:40 -0600

Marek Läll wrote:
> "Michael Brown" <knightmb at knightmb dot dyndns dot org> wrote in message 
> news:47B31F76 dot 1060105 at knightmb dot dyndns dot org...
>> or whatever). The problem that I had though was not the IPSec Tunnel, but 
>> the actually ISP was having problems with the MTU setting between two 
>> different ISP (in that case, it was Comcast to AT&T). The m0n0wall 
>> machines I setup, one machine was behaving like a hub for more others 
>> across the Internet. One site, which never had any problems nor
> 
> 
> I disagree that the root cause is related with ISP configuration.
> My statement is that is bug (or undocumented feature) of m0n0wall of 
> FreeBSD.

Actually blame Windows...  What is happening is that NAT takes a little 
of the packet, and VPN takes a little of the packet.  (PPPoE will as 
well)  A TCP/IP stack is "supposed" to look for this, but Windows 
doesn't.  I set Windows servers to a MTU of 1400 just to avoid this.

			Lee