[ previous ] [ next ] [ threads ]
 
 From:  Steven Honson <steven at honson dot org>
 To:  Martin Holst <mail at martinh dot dk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Beta version 1.1b1 available
 Date:  Mon, 29 Mar 2004 00:30:38 +1000
Martin Holst wrote:

> Hi Steven!
> 
> I have tried to bring up the problem a couple of times - with little success
> ;o)
> http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=26&actionargs[]=63
> http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=27&actionargs[]=32
> 
> I believe that the problems browsing through a PPTP-tunnel are MTU-related.
> I would still like to know if this IS a bug or not? (Manuel?)
> 
> Have a look at one of my earlier posts on the subject:
> 
> *****************************************
> Brief:
> PPTP is used to secure wireless access from DMZ to LAN.
>  - PPTP access from DMZ to LAN is OK
>  - PPTP access from WAN to LAN is OK
>  - PPTP access from DMZ to WAN fails due to MTU-related problem.
> 
> WAN (ed0) is routed Ethernet with MTU 1500 - PPTP interface (ng1) has an MTU
> of 1396.
> 
> m0n0wall logs all through PPTP-interface and log shows 1400byte-packets
> incoming on PPTP-interface when trying to access e.g. web servers.
> m0n0wall sends an "icmp unreach/needfrag" back - to no avail.
> 
> Log example:
> 12:17:10.297090 ed0 @-1:-1 p 80.196.xxx.xxx -> 129.142.xxx.xxx PR icmp len
> 20 56 icmp unreach/needfrag for 129.142.xxx.xxx,80 - 80.196.xxx.xxx,5264 PR
> tcp len 20 1400 K-S K-F OUT 
> 
> 12:17:10.296974 ng1 @0:23 p 129.142.xxx.xxx,80 -> 192.168.xxx.xxx,3484 PR
> tcp len 20 1400 -A K-S K-F OUT
> 
> Log explanation:
> 129.142.xxx.xxx - web server
> 80.196.xxx.xxx - my WAN
> 192.168.xxx.xxx - my PPTP client
> *****************************************
> 
> /Martin
> 
> 
> 

Hi Martin,

Yep, sounds exactly the same as the problem I'm having.

 From what Manuel has been saying, it seems its a bug in MPD rather than 
something m0n0wall related.

I'm going to send a message to the mpd mailing list first thing tomorrow 
morning, and see if anyone is aware of the bug there.

Cheers,
Steven