[ previous ] [ next ] [ threads ]
 
 From:  "Mark Rinaudo" <mark at preferreddatasolutions dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] SMB over IPSEC...
 Date:  Wed, 23 Jul 2008 10:01:16 -0500
Tim,

I adjusted the MTU size in the registry on the Winblows 2003 server.  Not 
sure about adjusting the MTU size of the IPSEC tunnel.

Mark

----- Original Message ----- 
From: "Tim Nelson" <tnelson at rockbochs dot com>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Wednesday, July 23, 2008 9:52 AM
Subject: Re: [m0n0wall] SMB over IPSEC...


> Did you adjust the MTU for a particular interface on the firewall or on 
> the clients directly? Or, is it possible to change the MTU of the IPSEC 
> tunnel itself?
>
> I'm seeing some improved performance by enabling "Clear DF bit instead of 
> dropping" on the pfsense side as well as "Allow IPsec fragmented packets" 
> on the monowall side. It appears that fragmentation/MTU is the likely 
> culprit...
>
> Tim Nelson
> Systems/Network Support
> Rockbochs Inc.
> (218)727-4332 x105
>
> ----- Original Message -----
> From: "Mark Rinaudo" <mark at preferreddatasolutions dot com>
> To: m0n0wall at lists dot m0n0 dot ch
> Sent: Wednesday, July 23, 2008 9:45:45 AM GMT -06:00 US/Canada Central
> Subject: Re: [m0n0wall] SMB over IPSEC...
>
> Tim,
>
> I had a similar issue a couple of years ago with an ipsec tunnel between 
> my
> m0n0wall and a netgear router.  The tunnel would come and I could browse a
> windows 2003 server's folders but dealing at the file level was slow and
> writing files was impossible.  Finally tracked it down to the MTU size of
> packets being sent from the windows machines.  Try adjusting the MTU size 
> of
> your packets and see if that helps.
>
> Mark
> Preferred Data Solutions
> 318-550-3381
>
> ----- Original Message ----- 
> From: "Tim Nelson" <tnelson at rockbochs dot com>
> To: <m0n0wall at lists dot m0n0 dot ch>
> Sent: Wednesday, July 23, 2008 9:07 AM
> Subject: [m0n0wall] SMB over IPSEC...
>
>
> Hello fellow monowallers... I know the issue of SMB/Samba/Netbios over 
> IPSEC
> has come up many times. However, the issue always seems to be related to 
> the
> fact that broadcasts are not being passed over the IPSEC tunnel. I'm
> currently trying to use Samba over IPSEC(one site has monowall 1.3b11 and
> the other has pfSense 1.2-RELEASE) but instead of relying on broadcasting
> and using 'Network Neighborhood' to find the Samba boxes, we're accessing
> them directly via IP address by entering "\\192.168.1.100" in the address
> bar of the clients which are primarily WinXP machines. They are able to 
> find
> the server and access it's shares but opening a file... even small ones 
> like
> 20k... takes FOREVER. I'm wondering if there isn't a different issue such 
> as
> fragmentation happening. Both sides of the tunnel have completely open
> "Allow any to any from any" rules so firewalling should not be the issue.
> Has anyone seen this type of behavior before? I can make my logs available
> but after looking through them, I'm not seeing anything of consequence. 
> All
> help is welcome and appreciated. Thank you!
>
> Tim Nelson
> Systems/Network Support
> Rockbochs Inc.
> (218)727-4332 x105
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>