Yes, it does support discovery. http://groups.google.com/groups?q=enablepmtubhdetect&hl=en&lr=&ie=UTF-8&selm =8e7f01c2794c%241f58bda0%242ae2c90a%40phx.gbl&rnum=8
Dave Kleiman [EMAIL PROTECTED] www.netmedic.net -----Original Message----- From: Mark Reardon [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 10:48 To: Paul Gaskin; '[EMAIL PROTECTED]' Subject: Re: RE: VPN & PPPoE I don't know if Windows supports MTU discovery but I recommend looking at Microsoft.com (I tried but my workstation keeps locking up when I do). MTU discovery sends out the first packet of a connection using the maximum size and the DF (don't fragment) bit set. If a network device needs to forward the packet through a link with a too small MTU, it should send back an ICMP packet stating that fragmenetation is required but the DF bit is set. It should also include the MTU value it will accept. The originator then retries with a smaller packet (using the provided MTU). This continues until the packet is acknowledged. For the rest of this connections life, the MTU is maintained so fragmentation doesn't occur. The draw backs are that your perimeter needs to allow inbound ICMP packets of this type, your initial data is slow, and some network devices don't send the proper MTU to get through (they have a bug or are old). Once you have the MTU to get to a major location, you can me confident it is the MTU allowed to get over your end. Most major locations can accept very large packets (at least 1500). Set that to your MTU and turn off discovery. I hope this helps, Mark -------Original Message------- From: Paul Gaskin <[EMAIL PROTECTED]> Sent: 01/21/03 10:26 AM To: "'Keith T. Morgan'" <[EMAIL PROTECTED]> Subject: RE: VPN & PPPoE > > Is there a sure fire way to come up with a good MTU speed? We used one in the Microsoft Knowledge Base. and came up with an MTU of 1366 and this didn't seem to do the trick. Also, We had a concern with setting the MTU really low. How is this going to effect the way other files get transferred? Will setting the MTU lower effect the speed of the DSL (surfing the web, downloading files)? Thanks Paul -----Original Message----- From: Keith T. Morgan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 21, 2003 9:15 AM To: Paul Gaskin; [EMAIL PROTECTED] Subject: RE: VPN & PPPoE We had to deal with this very issue using IPSEC via Free S/Wan on linux. The solution was to kick the interface (pppoe facing) MTU down to the 1280 range. This was after some experimentation. Play around with the MTU and you should be able to get it to work. If you have a sniffer handy on the client machine, watch to see how much fragmentation is occuring on the interface. Lots of fragmentation seemed to break IPSEC for us. -----Original Message----- From: Paul Gaskin [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 4:29 PM To: '[EMAIL PROTECTED]' Subject: VPN & PPPoE I am new to the list and I'm not sure if this even falls into this category but I'm getting desperate! We have set up a VPN and it seems to work fine everyone can log on and move around the network and send and receive email. One person though... on a DSL using PPPoE can not send e-mail. we have tried everything... has anyone run into this problem? the user is on a Windows XP laptop connected to a Linksys wireless router (Using PPPoE). and Outlook for E-mail. Any help would be greatly appreciated Thanks in advance Paul > ---- Mark Reardon Reardon Information Security Corporation 156 Blue Sky Drive Marietta, GA 30068 (770) 565-0544 (404) 444-0041 cell
