[Openswan Users] RDP from internal NET to VPN client fails, and some other strangness..

dashnu dashnu at gmail.com
Thu Nov 16 14:09:27 EST 2006

Hello again. After reading a few more links on Jacco's site, I am  
wonder some things.

I block ICMP and enable path MTU which I now see is absolutely  
pointless and not wise..

If I allow icmp & enable pmtu would this solve my issue? If so icmp  
type 3 all i need to allow in?

Any major risks involved with doing this?

Another thing is I really have no control over the other end... If  
they have icmp filtered at the router level or in windows I will  
again run into this problem I would assume.

Thanks as always.

On Nov 16, 2006, at 8:32 AM, dashnu wrote:

> Yea, these messages must have crossed.
> I tried the clamp this did not work.
> I am having some troubles with the ping option you gave me, ping by  
> default is now disabled in XP by default. Large packets did not  
> terminate the conn in this case. I will have him turn off his  
> firewall and try it again.
> Any ideas on my strange DNS issue I talked about earlier? This same  
> machine works fine on other networks. I am wondering if his router  
> is somehow forcing DNS....
> Thanks
> On Nov 14, 2006, at 7:39 PM, Paul Wouters wrote:
>> On Tue, 14 Nov 2006, Brett Curtis wrote:
>>> After looking around a bit more I am thinking this is a MTU issue :(
>> that's why I suggested tcp clamping of the mtu.
>> Paul

More information about the Users mailing list