Well, I just changed the MTU on the linux box that was having problems scp'ing through the VPN and now I can copy files through. However I had to change it to *500*! Anything larger would not work! Not being a networking guy... this is a real pain.
Also, I tried some of the pf stuff the other day and that did not fix anything. crub, no-df, etc.... Can someone clue me in as to what could make the Caltech location fail, but all other locations work? Number of switches? routers? switch/router configuration? The same file, etc. would work anywhere else, but not Caltech. Thanks, Shannon Scott Harney wrote: >"Shannon B. Roddy" <[EMAIL PROTECTED]> writes: > >I'm thinking MTU or don't fragment settings on your internet facing >connection. IPSEC adds some overhead to your packet headers that >can cause large frames. You may also have to unset don't-fragment >scrub options in your pf firewall (ie scrub no-df). > >Search for "openbsd ipsec mtu" on google and let us know what the >outcome was. > > > >>This is the problem that I was describing last night at the Perks meeting. >> >>Shannon >> >>-------- Original Message -------- >>Subject: [OIC] Weird problem --> OpenBSD 3.1 & IPsec >>Date: Tue, 26 Aug 2003 18:51:12 -0500 >>From: Shannon Roddy <[EMAIL PROTECTED]> >>To: [EMAIL PROTECTED] >> >> >> >>Hello, >> >>I have an odd problem that I am not sure if it is or is not related to >>my OpenBSD vpn. I have four remote sites that are connected via a set >>of manually keyed OpenBSD 3.1 machines. Below is what the topology >>looks like: >> >> >> |I >>10.11/16 -----VPN Box A-------------|N >> |T >> |E >>10.12/16 -----VPN Box B-------------|R >> |N >> |E >>10.13/16 -----VPN box C-------------|T >> | >> | >>10.14/16 -\ /-------| >>10.15/16 -->- VPN box D---<---------| >>10.16/16 -/ \-------| >> >> >>The vpn box with three internal networks has also three external >>internet addresses. There are only two physical network interfaces, >>the addresses are done through aliases. The problem is that all >>communication works fine for all networks except outbound large file >>transfers from the 10.14, 15, and 16 networks. I can copy a 40 MB >>file from any vpn to any vpn. I can also copy from any network _TO_ >>10.14, 15, and 16. I cannot copy from 10.14, 15, 16 to any vpn or any >>internal machine on 10.11, 12, or 13. I CAN however copy _SMALL_ >>(approximately 8k was tested) files from 10.14, 15, 16. >> >>So, anytime I try to copy a large file from 10.14.0.11 to 10.11.0.10 >>for instance, it stalls at 36864 bytes. It stalls at the same number >>of bytes EVERY time. Note also, that on a Solaris box it stalls at >>49152 bytes and on a Linux box it stalls at 36864. I know that the >>tunnels are functional bcause I can interactively ssh to and from the >>network and machines in question. Also ping, traceroute, etc. etc. >> >>I am at a loss here... Any suggestions would be much appreciated. >> >>Thanks in advance, >>Shannon Roddy >> >>_______________________________________________ >>OpenBSD-IPsec-Clients mailing list >>[EMAIL PROTECTED] >>http://www.allard.nu/mailman/listinfo/openbsd-ipsec-clients >> >> >> >>_______________________________________________ >>General mailing list >>[email protected] >>http://brlug.net/mailman/listinfo/general_brlug.net >> >> >> > > >
