On 10/10/05, Jason Landry <[EMAIL PROTECTED]> wrote:
I tried setting the MTU on the WAN interface in pfsense to 1400 but
that didn't work.
I set the MTU on my desktop machine to 1400...and everything works now
- sql & remote desktop.
Thanks for the help!
Jason
On 10/10/05, Chris Buechler <[EMAIL PROTECTED]> wrote:
> Fleming, John (ZeroChaos) wrote:
>
> >I'm guessing we might need to do some mss fixup for ipsec tunnels.
> >
> >
>
> and you'd be right. I'm not sure where it breaks down, but PMTUD is
> b0rk over IPsec tunnels. Has always been an issue in m0n0wall. I've
> looked at it some, but wasn't able to determine anything affirmatively
> other than "it's broken". The MSS clamping in IPF in m0n0wall doesn't
> differentiate betweeen internet traffic and VPN traffic, and hence
> doesn't take into account the overhead of IPsec and doesn't solve the
> problem.
>
> The typical "solution" is to drop the MTU on LAN hosts until it works,
> people usually set it at 1400 (as a number that works, should be able to
> squeeze more than that). Depending on the characteristics of your
> network traffic, this can have a measurable negative impact on network
> performance, especially on the LAN with large data transfers.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
