> Have you tried changing the MTU on your internal machines, and/or > sniffing the traffic to see what it looks like? I haven't tired changing the MTU of the internal machines. The office is one of our consulting offices so our folks from other offices are frequently roaming through with laptops. At any one moment only about half the people on the network are actually consistently in that office, so changing the MTU of everyone who comes in will be a pain and then will leave them "less than optimal" when they go somewhere else, unless they change it back. That being said, if it's valuable from a troubleshooting standpoint I definitely can change the MTU of a machine for testing.
> > The problem you describe (packets unable to traverse in one > direction, > regardless of router settings) could easily be caused by > large packets > sent with the "don't fragment" option set in the IP header. > This will > prevent the router from being able to process the packet (it can't be > fragmented, and it can't fit through the MTU of the VPN, so it gets > dropped). Typically an ICMP message is sent to the > originating machine, > indicating the packet was dropped. > > The CLAMPMSS and overridemtu settings are "band-aids" that try to > compensate for this problem, but don't address the fundamental issue, > which is caused by the originating IP stack or application > not dealing > with a small MTU in the middle of a route. > > I suspect you'll make more headway by sniffing your > problematic traffic > at this point...once you figure out what's wrong, an appropriate fix > will likely present itself. I will grab tcpdump and run it on the router to look around. Any hints on what I'm looking for? I've only every used tcpdump to verify that traffic was being encrypted so I may be in over my head on using it to troubleshoot. Thanks as always for the help!!! - Todd ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
