Charles S. wrote: > I understand your logic, but what are you doing that kills the > connection? You should be able to play with IPSec tunnels > all day long > w/o messing up the main external uplink... Some of the changes I tried were tweaking the CLAMPMSS in shorewall and CLAMPMSS and mtu setting in PPPoE. Those are the settings that either required the reboot (since I'm doing this remote) or sometimes locked my remote connection out. The headache was when I then needed someone local to undo my last change and reboot to alow me back in, which meant I had to do it when someone was in the office as opposed to late an night (when I do my best work anyway ;) ) I can play with the tunnels all day, but he only parameter I've played with there is overridemtu.
> I'd sniff your traffic first. If your problem is caused by large > packets getting sent with the "don't fragment" option set, > *NOTHING* is > going to help you get that traffic across your VPN, unless you change > something fundamental (ie change the traffic itself by fixing the > machine(s) generating the large packets, or switch to a type of > tunneling that can hide the fragmentation). I missed an earlier question about what kind of traffic am as having trouble with. After the VPN was established and I thought everything was good I tried the following (since at 1st I didn't know if it was Windoze secrurity, name resolution, routing, et.) - I successfully mapped a Windoze share (champagne corks flew), but it would hang when I tried to get a directory listing - I tired to view a web site on the distant end and the browser resolved it and loaded part of the page, but then hung - I successfully opened an tp connection to a server at the remote end, got a diectory listing, transferred a tiny file (txt doc with about 5 characters in it), tried to transfer a larger file (maybe 5kb) and the transfer hung. - And as I mentioned before, vpn traffic from the remote side to local servers works like a charm. > > If you don't know *WHY* this one site is causing you fits, you won't > know if a hardware box will fix it. I was just hoping there was a good chance of resolving the problem by just throwing money at it (or at least through Netopia's tech support at it, which I have been pleasantly surpised by in their knowledge) > > Also, as mentioned before, once you sniff the traffic and > actually *SEE* > what's going on (rather than speculating), I'm pretty sure a solution > will present itself. I'm on it, thanks for pushing me forward as I fell into a semi-rank. - Todd ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
