A couple more details....On the local end I've used 3 different machines (my XP laptop that works over the VPN from any of the other locations, local XP laptop that belongs to one of the folks at the local site, local end W2K server) so I don't *think* it's a local machine issue.
The totally uneducated vision I've had is something between the LEAF box using PPPoE to the bridged DSL router works, but somewhere the extra layer of tunnelling ipsec through PPPoE is dropping fragmented packets. Thanks, Todd > OK, well something is probably unique to this site. Maybe it's XP. > Maybe it's some registry cruft on a particular XP box. Who knows... > > It sounds like your VPN is alive and kicking, so pull out tcpdump on > both ends and watch the traffic fly by. Maybe the problem is > some wierd > Microsoft DNS thing, but that doesn't really explain why > small packets > work but big ones don't. > > I strongly suspect something related to packet size and/or > TCP options > is causing your problems. There are actually lots of > controls to diddle > on this in the 'doze registry, although I try to stay as far > away from > this as possible. As previously mentioned, however, I *DO* > run with a > registry hack to reduce MTU so FreeS/WAN doesn't have to fragment my > packets to get them through the VPN tunnel. In my case, this is not > required, but does enhance performance. It wouldn't suprise > me at all > to find you have multiple XP machines that work OK, but one > that doesn't > based on installed patches, software, registry-hacks, network > multi-player game, or whatever. > > Your problem seems wierd from several perspectives. While > I'm sure no > one has repealed the laws of physics in your corner of the world, I > think we're all grasping at straws until we get some raw > packet data to > look at, especially since you seem to have tried all the "standard" > quick fixes (except reducing the MTU on your internal systems, IIRC). > Once we get an idea of what's going on, the place to look for the > culprit (and solution) will hopefully become more apparent. > > DON'T GIVE UP!!! :) > > -- > Charles Steinkuehler > [EMAIL PROTECTED] > > ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
