[Openswan Users] FW: VPN works, but you can't eBay ;-)

[Tomasz Grzelak]

Miguel Dilaj wrote:
> Hi all,
> 
> I've a very strange problem here.
> We're using latest 2.3.0-2 Debian package for Openswan, together with 
> Debian kernel 2.6.11.
> Only roadwarriors, all using X.509 certificates.
> The clients are WinXP (most of them SP2) boxes with SafeNet 8.0.2.
> Everyone can connect, the authentication is properly done using the 
> certificates by the Openswan box, the ids are setup using the DN, and 
> life should have been a wonderful thing to live… BUT…
> 
> Some users can't browse some sites. Example: several of them can't 
> browse to eBay (a few more sites affected ;-)
> I can't spot any obvious differences in the client setup at the machine 
> level (but of course the machines are not 100% clones of each other), 
> and for sure their configuration files for SafeNet are the same, except 
> for the certificate.
> 
> MTU set to 1300-1400 in all machines (also verified with Ethereal that 
> the overhead is less than 30 bytes), DNS working properly.
> 

it looks like an mtu issue, but to be sure, try to download some files 
via ftp or smb protocol, or use some rdesktop connections via the vpn. 
If the transfers freeze you will make sure you have mtu problems.

Tomasz Grzelak

-- 
Open Your Mind - Use Open Source...
Firefox, Thunderbird, GIMP, Blender,
and many many more... In Linux...