Todd Pearsall wrote:
Now there's a baited question. I'll keep my response civil, and point out that that's what your traffic sniffer is for. :)Once I get any traffic moving I'm better prepared to fight the MS stuff. That's why I'm using ftp as my "test" (how bad can M$ mess that up?)
BTW: Do any of your other locations use PPPoE, or just the "broken" one?
>
OK, well something is probably unique to this site. Maybe it's XP. Maybe it's some registry cruft on a particular XP box. Who knows...Yup, I have 1 DSL PPPoE, 3 on cable modems, 1 off ethernet connected to a T1. These have gateway FreeSWAN VPNs between them plus IPSEC VPNs to a Cisco concentrator and a Netopia R7200.That's what's making me so nuts. I told this office I'd come down a knock it out one day while I was there for other stuff. I even configured one in my local office, mail it and it was plug-and-plug on the net AND the VPN!! I thought I was pretty good at this and this damn connection has humbled me.
It sounds like your VPN is alive and kicking, so pull out tcpdump on both ends and watch the traffic fly by. Maybe the problem is some wierd Microsoft DNS thing, but that doesn't really explain why small packets work but big ones don't.
I strongly suspect something related to packet size and/or TCP options is causing your problems. There are actually lots of controls to diddle on this in the 'doze registry, although I try to stay as far away from this as possible. As previously mentioned, however, I *DO* run with a registry hack to reduce MTU so FreeS/WAN doesn't have to fragment my packets to get them through the VPN tunnel. In my case, this is not required, but does enhance performance. It wouldn't suprise me at all to find you have multiple XP machines that work OK, but one that doesn't based on installed patches, software, registry-hacks, network multi-player game, or whatever.
Your problem seems wierd from several perspectives. While I'm sure no one has repealed the laws of physics in your corner of the world, I think we're all grasping at straws until we get some raw packet data to look at, especially since you seem to have tried all the "standard" quick fixes (except reducing the MTU on your internal systems, IIRC). Once we get an idea of what's going on, the place to look for the culprit (and solution) will hopefully become more apparent.
DON'T GIVE UP!!! :)
--
Charles Steinkuehler
[EMAIL PROTECTED]
-------------------------------------------------------
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
