[Openswan Users] Problems with RDP over IpSec

Andy fs at globalnetit.com
Wed Apr 5 22:19:28 CEST 2006

On Wed, 2006-04-05 at 20:40 -0400, John Riley wrote:
> >My guess is MTU.

That's my guess too.

> Thanks, I'll have them revisit the MTU.  Would it be normal for a 
> working system to stop?  (One theory is that the ISP might have added or 
> changed a device in the chain about the time the failures began).

Of course it's not normal. Somebody changed something. They're just not
telling you. Or you changed something, and you're not telling us... :)

You can often work around MTU issues (for TCP only, but that's fine for
RDP) using the TCPMSS target in iptables. I had to use it for 3 of my
remote sites - I have entries like this in my VPN gateway:
  iptables -A FORWARD -s <IP1> -d <IP2> -p tcp \
       -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1360

More information about the Users mailing list