Scott Ullrich wrote:
I access SQL, RDP and many other items through my ipsec tunnel and I
never change the MTU on the client. Thats a bad idea.The
solution is to find out why the packets are getting frag'd. Active
directory traffic does not work across my IPSEC tunnell but RDP and
friend
I access SQL, RDP and many other items through my ipsec tunnel and I
never change the MTU on the client. Thats a bad idea.The
solution is to find out why the packets are getting frag'd. Active
directory traffic does not work across my IPSEC tunnell but RDP and
friends surely do. I would s
Well, here's an interesting side effect.
I can no longer access the m0n0wall through the LAN address through the tunnel.
At home, I'm at 10.53.64.110
The m0n0wall at work is at 192.168.1.1
Before changing the MTU to 1400 on my client machine, I could simply
go to 192.168.1.1 in my browser, and t
No, I'm just doing site-to-site with IPSec between a m0n0wall and
pfsense. I made no configuration changes at all on client machines
until the 1400 MTU suggestion. That did the trick.
On 10/10/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> Running PPPoE as the client on Wan?
>
>
> On 10/10/05,
Running PPPoE as the client on Wan?On 10/10/05, Jason Landry <[EMAIL PROTECTED]> wrote:
I tried setting the MTU on the WAN interface in pfsense to 1400 butthat didn't work.I set the MTU on my desktop machine to 1400...and everything works now- sql & remote desktop.Thanks for the help!
JasonOn 10/10
I tried setting the MTU on the WAN interface in pfsense to 1400 but
that didn't work.
I set the MTU on my desktop machine to 1400...and everything works now
- sql & remote desktop.
Thanks for the help!
Jason
On 10/10/05, Chris Buechler <[EMAIL PROTECTED]> wrote:
> Fleming, John (ZeroChaos) wrot
I'll try the suggestions when I get home tonight.
Thanks for the help.
Jason
On 10/10/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
> I don't have a box in front of me right now, but from memory, try setting
> the MTU in the WAN screen - if I remember right, that'll force PF to do MSS
> fixups.
I don't have a box in front of me right now, but from memory, try setting the MTU in the WAN screen - if I remember right, that'll force PF to do MSS fixups.--BillOn 10/10/05,
Chris Buechler <[EMAIL PROTECTED]> wrote:
Fleming, John (ZeroChaos) wrote:>I'm guessing we might need to do some mss fixup
Fleming, John (ZeroChaos) wrote:
I'm guessing we might need to do some mss fixup for ipsec tunnels.
and you'd be right. I'm not sure where it breaks down, but PMTUD is
b0rk over IPsec tunnels. Has always been an issue in m0n0wall. I've
looked at it some, but wasn't able to determine an
Hmm do you have any telnet servers you could try to connect to thought
the tunnel? I'm wondering if you're running into a MSS/no fragmentation
issue.
It might be nice to see a
tcpdump -ni $lan-if -w output.pcap 'host $your_client_ip'
from the firewall. Let it capture for 5 mins while you try the r
10 matches
Mail list logo
