[ previous ] [ next ] [ threads ]
 From:  Michael Brown <knightmb at knightmb dot dyndns dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: AW: Problem with IPSec VPN Tunnel - MTU-Size?
 Date:  Wed, 13 Feb 2008 14:43:20 -0600
I usually do, hehe.  But in this case, I could replicate the problem 
across a few other OS and m0n0wall had never given me any issues like 
this before, so I blamed it on Comcast and some weird network setup they 
have causing strange things to happen. When I couldn't even get my two 
linux machines on each to talk to each other via TCP/IP (using a port 
tool for some simple message sending back and forth in client/server 
mode) I knew something was up then. I just setup a bunch of pings back 
and forth until I hit a magic number (1400 in that case) in which 
everyone (all the different servers and computers) could do a successful 
non-fragmented ping back and forth. The other tunnels connected to them 
(from other ISP and some the same as AT&T) worked just fine. The low 
1400 was for the windows machines, the others would work at 1472 (and 
that would make it look like a PPPoE issue, but it was a straight pipe 
to the gateway with a static IP)

So, this was just my experience and I've never seen it at any other 
site, so maybe it was just a single m0n0wall machine at that location 
doing strange things, but I haven't heard back from the customer since 
last year so it must still be working properly. :-)

Lee Sharp wrote:
> Actually blame Windows...  What is happening is that NAT takes a 
> little of the packet, and VPN takes a little of the packet.  (PPPoE 
> will as well)  A TCP/IP stack is "supposed" to look for this, but 
> Windows doesn't.  I set Windows servers to a MTU of 1400 just to avoid 
> this.
>             Lee
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch