I have some Igel thin clients that are at remote sites. I use a pfsense router at these sites and there is a vpn from that router to my main pfsense router. I recently switched from Ipsec to OpenVPN for these sites so I could access multiple subnets.
Once I did this ,I started to get frequent disconnects, they seemed to be somewhat random, but consistantly interupted the connection with a half hour or so. The terminal would have an ICA session and just drop the connection, if I ran a ping from the terminal, it never faltered. The solution seems to be to change the MTU on the terminal to 1400, this allows for the MTU overhead of 40 for citrix and 60 for the VPN (as far as I understand). I am posting this in the hope someone else will find it useful, and if anyone has input or suggestions. This problem doesn't seem to affect the PC's or Wyse terminals, which is good since I can't change the MTU on the wyse terminals. Paul Borowicz BehaviorCorp Network Administrator (317) 587-0521
