[Openswan Users] Problems with RDP over IpSec

[John Riley]

>My guess is MTU.
>  
>

Originally, there was a Linksys router on the remote end, and I set it 
up.  I recall having to set the MTU on it to around 1300 to get things 
to work properly.  However, that was replaced (months before the set-up 
quit working) by the D-Link, and I had nothing to do with that (I'm 
kinda a subcontractor to the IT guys helping this client).  I mentioned 
to them that the MTU had to be set properly, and I am under the 
impression they set it and things still did not work.  I'll double check.

>Try pining with a 10k packet to another node on the otherside (not the
>firewall itself) - (ping -l 10000 10.0.32.6).  It'll probably drop as
>well.  I'll take a guess that one of your lines is some type of DSL.
>  
>

Both ends are DSL, and one of them is very low-grade.  I did have them 
check larger ping packets a couple of weeks ago, and they were getting 
consistent drops at about 3000 bytes.

>We have a couple nodes that are on very slow links and found that the
>VPN was unreliable at best.  We had already tweaked down the MTU to
>compensate to find out that one of the particular ISP's also had another
>device which chewed up another 64 bytes, requiring us to drop it down to
>like 1400 in order to make the tunnel work properly.
>
>Hope that helps.
>
>  
>

Thanks, I'll have them revisit the MTU.  Would it be normal for a 
working system to stop?  (One theory is that the ISP might have added or 
changed a device in the chain about the time the failures began).

-- 
John