The saga continues...
I tried a couple things based on help from Charles S. (some day I want
my 1st name and last initial to be all I need to be recognized ;)) and
some of the folks on the FreeSWAN list.
Here's what I tried individually with reboots in between to be sure:
In Shorewall Config tried
CLAMPMSS=Yes
In Shorewall Config tried
CLAMPMSS=1300
In Ipsec.conf
overridemtu=1200 (I was sure that was going to do it)
In all three cases he regular traffic flows fine, but no large packets
through the VPN from the local side out. I found it interesting that
the remote vpn side and connect and transfer data no problem.
I also tried in pppoe.conf
CLAMPMSS=1412
But in that case no traffic could pass the router vpn or not.
I feel that I'm on the brink of getting it, but at this point am mostly
playing with these paramters with trial and error. Any more ideas would
be greatly appreciated.
Thanks,
Todd
> Todd Pearsall wrote:
> > I'm pretty sure I'm having fragmentation issues for packets
> sent over
> > the IPSEC tunnel. Regular internet traffic passes fine,
> downloads are
> > Ok, etc. Over the VPN, connections hand for anything except the
> > smallest changes.
> >
> > For example:
> > - I can make an ftp connection, get directory lists,
> download tiny files
> > (a couple chars in a text file), but it hangs if I try to
> download a 2k
> > file.
> > - I can authenticate to a database using a query tool, but
> requesting a
> > table list hangs
> > - I can map a M$ share, but doing a "dir" hangs it.
> >
> > At 1st I thought it might be strange hardware/memory issue,
> but I get
> > the exact same results using entirely different hardware.
> >
> > Based on some reading I tried "testing" the mtu settings
> from my desktop
> > PC as follows:
> > ping -f -n 1 -l 1410 ip.add.re.ss
> > Using increasing values. To a non-ipsec tunneled address my max mtu
> > 1464 and thru the vpn was 1410. If I understood the
> reading, I could
> > then add 28 to each value to get my max mtu (1492 and 1438
> respectively)
> >
> > With this new found "knowledge" I've been playing with the
> pppoe options
> > in /etc/ppp/peers/dsl-provider
> >
> > pty "pppoe -I eth0 -T 80 -m 1400"
> > and near the bottom
> > mtu 1400
> >
> > But to no avail. It sounds like I want to set the
> non-tunneled traffic
> > to 1492 and the tunneled to 1438, but so far I can't get
> anything going
> > over the VPN.
> >
> > I also tried flipping the shorewall.conf CLAMPMSS=Yes, back
> to No, but
> > still no luck.
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
