[Openswan Users] Re: MTU problems
Peter Farrow
peter at farrows.org
Mon Jun 12 17:49:15 CEST 2006
Brian Candler wrote:
> On Mon, Jun 12, 2006 at 03:19:48PM +0100, Peter Farrow wrote:
>
>> In fact, I know its now any of the ADSL or SDSL routers in the path
>> between the sites, because if I do a simple port forward on 3389 to one
>> of the internal servers (for terminal services) I can connect reliably
>> and ok across the net
>>
>
> Yeah, but how big are your TCP segments? (Use tcpdump to look at the packets)
>
> It's possible that path MTU discovery is working for native IP - in which
> case you'll see the biggest TCP packets are 1492-byte IP datagrams
> (1452-byte TCP segments) - but not for IPSEC.
>
> B.
>
>
Actually I think this has answered the question, all my other VPNs have
been on Network-i infrastructure (UK co) and the problematic site is the
first one on "Your Communictions" (another UK co) infrastructure.
I think its a Your Comms issue, they can't get my reverse ip enabled
either, so I think I'll recommend a change of provider...
Furthermore I can't even traceroute completely across Your Comms
networks which rings alarm bells....
P.
More information about the Users
mailing list