[Openswan Users] Problems with RDP over IpSec
jriley at dsbscience.com
Wed Apr 5 21:40:53 CEST 2006
>My guess is MTU.
Originally, there was a Linksys router on the remote end, and I set it
up. I recall having to set the MTU on it to around 1300 to get things
to work properly. However, that was replaced (months before the set-up
quit working) by the D-Link, and I had nothing to do with that (I'm
kinda a subcontractor to the IT guys helping this client). I mentioned
to them that the MTU had to be set properly, and I am under the
impression they set it and things still did not work. I'll double check.
>Try pining with a 10k packet to another node on the otherside (not the
>firewall itself) - (ping -l 10000 10.0.32.6). It'll probably drop as
>well. I'll take a guess that one of your lines is some type of DSL.
Both ends are DSL, and one of them is very low-grade. I did have them
check larger ping packets a couple of weeks ago, and they were getting
consistent drops at about 3000 bytes.
>We have a couple nodes that are on very slow links and found that the
>VPN was unreliable at best. We had already tweaked down the MTU to
>compensate to find out that one of the particular ISP's also had another
>device which chewed up another 64 bytes, requiring us to drop it down to
>like 1400 in order to make the tunnel work properly.
>Hope that helps.
Thanks, I'll have them revisit the MTU. Would it be normal for a
working system to stop? (One theory is that the ISP might have added or
changed a device in the chain about the time the failures began).
More information about the Users