[ previous ] [ next ] [ threads ]
 From:  "Barry Mather" <barry dot mather at dorecentres dot com dot au>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  MTU
 Date:  Fri, 8 Oct 2004 09:00:06 +1000
Just thought I would add some of my experience to the group ...

I have a sonicwall pro 230 at hq, with multiple vpn tunnels going off to
uk, us, nz, and throughout au ... some of the end points are m0n0, some
openbsd, some sonicwalls ...

I am in the process of rolling out new sites with m0n0walls, and very
happy I am too with them ... however, I have been coming across the MTU
issure more and more recently ...

One Scenario :

Lan - sonicwall - cisco shdsl - Internet(+vpn) - d-link adsl - m0n0wall
- lan

Internet traffic is fine, all normal speed, nothing unusual....
Establish a vpn tunnel to any remote site from the m0n0, and internet
traffic is still normal, however, the vpn performance is VERY bad, VERY
slow, and trying to copy files ends up with semaphore timeouts, remote
network is no longer available, this kind of message .. couldn't even
join a workstation to an AD domain !
Anyway, I knew this had to be an mtu issue but the usual setting it to
1492 just didn't work  ... after some trial and error, I ended up on an
MTU of 1404, this seems perfect for internet and vpn traffic !

I found it a bit of a pain to find this info, so I hope this helps
someone here !

Dore Achievement Centres (Pty) Ltd - Hotline: 1300 55 77 11


This e-mail message may contain confidential or privileged information 
and is intended solely for the individual to whom it is addressed. If you 
are not the named addressee you should not disseminate, distribute or 
copy this e-mail. If you have received it in error please notify us 
immediately by telephoning 1300 55 77 11 and destroy this e-mail and 
any attachments. E-mail transmission cannot be guaranteed to be 
secure or error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or contain viruses. The sender 
therefore does not accept liability for any errors or omissions in the 
contents of this message, which arise as a result of e-mail transmission. 
The content of this email is not necessarily that of the Dore Acievement 
Centres unless otherwise specified.  This email was scanned for possible 
viruses and was sent on 8/10/2004 by barry dot mather at dorecentres dot com dot au to m0n0wall at lists dot m0n0 dot ch