Thanks Chris ill check it out. Wade Blackwell Solutions Architect (D) 805.457.8825 X998 (C) 805.400.8485
On Dec 3, 2012, at 6:03 PM, Chris Buechler <[email protected]> wrote: > On Mon, Dec 3, 2012 at 5:57 PM, Wade Blackwell <[email protected]> wrote: >> Good afternoon all, >> So I have 3 sites in a full mesh IPsec VPN. 2 of those sites are PF >> 2.1-BETA0 (nov 1) and the other is m0n0wall 1.33. Tunnel that is currently >> affected traverses one PF and the m0n0. I have disabled hardware checksum >> offload, hardware TCP segmentation offload and hardware large receive >> offload. I'm seeing a high number of the 0x0000 checksums (50+ percent) and >> I believe this is causing an AD domain join to fail over the VPN. No traffic >> filtering over the tunnels or on the interfaces where these hosts live, wide >> open between one another. Packet capture attached, any insight would be >> fabulous. Thanks all. > > The direction that has null checksums is normal for hardware checksum > offloading being enabled, from that capture it's not actually > disabled. I suspect that's not a problem at all. It's far more likely > you're having issues because of large packets not getting through. > Enabling MSS clamping on the VPN traffic (System>Advanced in pfSense, > impossible to do in m0n0wall but as long as it's only one endpoint > that may be ok) will work around such scenarios. If that's not it, my > next guess is Windows firewall, or an AD DNS problem. > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
