[ previous ] [ next ] [ threads ]
 From:  "Martin Holst" <mail at martinh dot dk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Cc:  <steven at honson dot org>
 Subject:  Re: Beta version 1.1b1 available
 Date:  Sun, 28 Mar 2004 15:27:16 +0200
Hi Steven!

I have tried to bring up the problem a couple of times - with little success

I believe that the problems browsing through a PPTP-tunnel are MTU-related.
I would still like to know if this IS a bug or not? (Manuel?)

Have a look at one of my earlier posts on the subject:

PPTP is used to secure wireless access from DMZ to LAN.
 - PPTP access from DMZ to LAN is OK
 - PPTP access from WAN to LAN is OK
 - PPTP access from DMZ to WAN fails due to MTU-related problem.

WAN (ed0) is routed Ethernet with MTU 1500 - PPTP interface (ng1) has an MTU
of 1396.

m0n0wall logs all through PPTP-interface and log shows 1400byte-packets
incoming on PPTP-interface when trying to access e.g. web servers.
m0n0wall sends an "icmp unreach/needfrag" back - to no avail.

Log example:
12:17:10.297090 ed0 @-1:-1 p 80.196.xxx.xxx -> 129.142.xxx.xxx PR icmp len
20 56 icmp unreach/needfrag for 129.142.xxx.xxx,80 - 80.196.xxx.xxx,5264 PR
tcp len 20 1400 K-S K-F OUT 

12:17:10.296974 ng1 @0:23 p 129.142.xxx.xxx,80 -> 192.168.xxx.xxx,3484 PR
tcp len 20 1400 -A K-S K-F OUT

Log explanation:
129.142.xxx.xxx - web server
80.196.xxx.xxx - my WAN
192.168.xxx.xxx - my PPTP client