I'm pretty sure I'm having fragmentation issues for packets sent over
the IPSEC tunnel. Regular internet traffic passes fine, downloads are
Ok, etc. Over the VPN, connections hand for anything except the
smallest changes.
For example:
- I can make an ftp connection, get directory lists, download tiny files
(a couple chars in a text file), but it hangs if I try to download a 2k
file.
- I can authenticate to a database using a query tool, but requesting a
table list hangs
- I can map a M$ share, but doing a "dir" hangs it.
At 1st I thought it might be strange hardware/memory issue, but I get
the exact same results using entirely different hardware.
Based on some reading I tried "testing" the mtu settings from my desktop
PC as follows:
ping -f -n 1 -l 1410 ip.add.re.ss
Using increasing values. To a non-ipsec tunneled address my max mtu
1464 and thru the vpn was 1410. If I understood the reading, I could
then add 28 to each value to get my max mtu (1492 and 1438 respectively)
With this new found "knowledge" I've been playing with the pppoe options
in /etc/ppp/peers/dsl-provider
pty "pppoe -I eth0 -T 80 -m 1400"
and near the bottom
mtu 1400
But to no avail. It sounds like I want to set the non-tunneled traffic
to 1492 and the tunneled to 1438, but so far I can't get anything going
over the VPN.
I also tried flipping the shorewall.conf CLAMPMSS=Yes, back to No, but
still no luck.
My PPPoE connection looks as follows:
Jan 30 21:48:13 atlfirewall pppd[14617]: Plugin /usr/lib/pppd/pppoe.so
loaded.
Jan 30 21:48:13 atlfirewall pppd[14617]: PPPoE Plugin Initialized
Jan 30 21:48:13 atlfirewall pppd[28827]: pppd 2.4.1 started by root, uid
0
Jan 30 21:48:13 atlfirewall pppd[28827]: Sending PADI
Jan 30 21:48:13 atlfirewall pppd[28827]: HOST_UNIQ successful match
Jan 30 21:48:14 atlfirewall pppd[28827]: HOST_UNIQ successful match
Jan 30 21:48:14 atlfirewall pppd[28827]: Got connection: 28a
Jan 30 21:48:14 atlfirewall pppd[28827]: Connecting PPPoE socket:
00:03:42:cb:20:85 8a02 eth0 0x807c280
Jan 30 21:48:14 atlfirewall pppd[28827]: using channel 2
Jan 30 21:48:14 atlfirewall pppd[28827]: Using interface ppp0
Jan 30 21:48:14 atlfirewall pppd[28827]: Connect: ppp0 <--> eth0
Jan 30 21:48:14 atlfirewall pppd[28827]: Couldn't increase MTU to 1500.
Jan 30 21:48:14 atlfirewall pppd[28827]: Couldn't increase MRU to 1500
Jan 30 21:48:14 atlfirewall pppd[28827]: Couldn't increase MTU to 1500.
Jan 30 21:48:14 atlfirewall pppd[28827]: Couldn't increase MRU to 1500
Jan 30 21:48:15 atlfirewall pppd[28827]: Remote message: CHAP
authentication success, unit 3296
Jan 30 21:48:15 atlfirewall pppd[28827]: Cannot determine ethernet
address for proxy ARP
Jan 30 21:48:15 atlfirewall pppd[28827]: local IP address 67.33.178.239
Jan 30 21:48:15 atlfirewall pppd[28827]: remote IP address 67.33.178.1
I thought somewhere along the way I read that I didn't need to worry
about the "Couldn't increase MTU to 1500" warnings. Since it works fine
for non-vpn traffic I didn't worry about it (until now).
Any help would be greatly appreciated, I've setup several machines on
our vpn with no issues, this one has been a nightmare every step of the
way...
Thanks,
Todd
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
