The saga continues... I tried a couple things based on help from Charles S. (some day I want my 1st name and last initial to be all I need to be recognized ;)) and some of the folks on the FreeSWAN list.
Here's what I tried individually with reboots in between to be sure: In Shorewall Config tried CLAMPMSS=Yes In Shorewall Config tried CLAMPMSS=1300 In Ipsec.conf overridemtu=1200 (I was sure that was going to do it) In all three cases he regular traffic flows fine, but no large packets through the VPN from the local side out. I found it interesting that the remote vpn side and connect and transfer data no problem. I also tried in pppoe.conf CLAMPMSS=1412 But in that case no traffic could pass the router vpn or not. I feel that I'm on the brink of getting it, but at this point am mostly playing with these paramters with trial and error. Any more ideas would be greatly appreciated. Thanks, Todd > Todd Pearsall wrote: > > I'm pretty sure I'm having fragmentation issues for packets > sent over > > the IPSEC tunnel. Regular internet traffic passes fine, > downloads are > > Ok, etc. Over the VPN, connections hand for anything except the > > smallest changes. > > > > For example: > > - I can make an ftp connection, get directory lists, > download tiny files > > (a couple chars in a text file), but it hangs if I try to > download a 2k > > file. > > - I can authenticate to a database using a query tool, but > requesting a > > table list hangs > > - I can map a M$ share, but doing a "dir" hangs it. > > > > At 1st I thought it might be strange hardware/memory issue, > but I get > > the exact same results using entirely different hardware. > > > > Based on some reading I tried "testing" the mtu settings > from my desktop > > PC as follows: > > ping -f -n 1 -l 1410 ip.add.re.ss > > Using increasing values. To a non-ipsec tunneled address my max mtu > > 1464 and thru the vpn was 1410. If I understood the > reading, I could > > then add 28 to each value to get my max mtu (1492 and 1438 > respectively) > > > > With this new found "knowledge" I've been playing with the > pppoe options > > in /etc/ppp/peers/dsl-provider > > > > pty "pppoe -I eth0 -T 80 -m 1400" > > and near the bottom > > mtu 1400 > > > > But to no avail. It sounds like I want to set the > non-tunneled traffic > > to 1492 and the tunneled to 1438, but so far I can't get > anything going > > over the VPN. > > > > I also tried flipping the shorewall.conf CLAMPMSS=Yes, back > to No, but > > still no luck. ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html