Todd; don't know if you have seen this one: http://www.freeswan.ca/docs/freeswan-1.99/doc/faq.html#pmtu.broken
kp Am Freitag, 31. Januar 2003 03:55 schrieb Todd Pearsall: > I'm pretty sure I'm having fragmentation issues for packets sent over > the IPSEC tunnel. Regular internet traffic passes fine, downloads are > Ok, etc. Over the VPN, connections hand for anything except the > smallest changes. > > For example: > - I can make an ftp connection, get directory lists, download tiny files > (a couple chars in a text file), but it hangs if I try to download a 2k > file. > - I can authenticate to a database using a query tool, but requesting a > table list hangs > - I can map a M$ share, but doing a "dir" hangs it. > > At 1st I thought it might be strange hardware/memory issue, but I get > the exact same results using entirely different hardware. > > Based on some reading I tried "testing" the mtu settings from my desktop > PC as follows: > ping -f -n 1 -l 1410 ip.add.re.ss > Using increasing values. To a non-ipsec tunneled address my max mtu > 1464 and thru the vpn was 1410. If I understood the reading, I could > then add 28 to each value to get my max mtu (1492 and 1438 respectively) > > With this new found "knowledge" I've been playing with the pppoe options > in /etc/ppp/peers/dsl-provider > > pty "pppoe -I eth0 -T 80 -m 1400" > and near the bottom > mtu 1400 > > But to no avail. It sounds like I want to set the non-tunneled traffic > to 1492 and the tunneled to 1438, but so far I can't get anything going > over the VPN. > > I also tried flipping the shorewall.conf CLAMPMSS=Yes, back to No, but > still no luck. > > My PPPoE connection looks as follows: > > Jan 30 21:48:13 atlfirewall pppd[14617]: Plugin /usr/lib/pppd/pppoe.so > loaded. > Jan 30 21:48:13 atlfirewall pppd[14617]: PPPoE Plugin Initialized > Jan 30 21:48:13 atlfirewall pppd[28827]: pppd 2.4.1 started by root, uid > 0 > Jan 30 21:48:13 atlfirewall pppd[28827]: Sending PADI > Jan 30 21:48:13 atlfirewall pppd[28827]: HOST_UNIQ successful match > Jan 30 21:48:14 atlfirewall pppd[28827]: HOST_UNIQ successful match > Jan 30 21:48:14 atlfirewall pppd[28827]: Got connection: 28a > Jan 30 21:48:14 atlfirewall pppd[28827]: Connecting PPPoE socket: > 00:03:42:cb:20:85 8a02 eth0 0x807c280 > Jan 30 21:48:14 atlfirewall pppd[28827]: using channel 2 > Jan 30 21:48:14 atlfirewall pppd[28827]: Using interface ppp0 > Jan 30 21:48:14 atlfirewall pppd[28827]: Connect: ppp0 <--> eth0 > Jan 30 21:48:14 atlfirewall pppd[28827]: Couldn't increase MTU to 1500. > Jan 30 21:48:14 atlfirewall pppd[28827]: Couldn't increase MRU to 1500 > Jan 30 21:48:14 atlfirewall pppd[28827]: Couldn't increase MTU to 1500. > Jan 30 21:48:14 atlfirewall pppd[28827]: Couldn't increase MRU to 1500 > Jan 30 21:48:15 atlfirewall pppd[28827]: Remote message: CHAP > authentication success, unit 3296 > Jan 30 21:48:15 atlfirewall pppd[28827]: Cannot determine ethernet > address for proxy ARP > Jan 30 21:48:15 atlfirewall pppd[28827]: local IP address 67.33.178.239 > Jan 30 21:48:15 atlfirewall pppd[28827]: remote IP address 67.33.178.1 > > I thought somewhere along the way I read that I didn't need to worry > about the "Couldn't increase MTU to 1500" warnings. Since it works fine > for non-vpn traffic I didn't worry about it (until now). > > Any help would be greatly appreciated, I've setup several machines on > our vpn with no issues, this one has been a nightmare every step of the > way... > > > Thanks, > Todd > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > http://www.vasoftware.com > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
