Reducing the MTU to 1400 on both sides seems to have cleared it up for the most part, until we can update the satellite to 1.2.1. When upgrading should we use the latest release version (e.g. 20081031-1346) or an older RC1 version?
Thanks for the hint, Chris. On Thu, Oct 30, 2008 at 4:27 PM, Chris Buechler <[EMAIL PROTECTED]> wrote: > On Thu, Oct 30, 2008 at 7:09 PM, Erik Benton <[EMAIL PROTECTED]> wrote: >> We just installed pfsense across our network, both at our central site >> and at a couple of satellites. The satellites are on a Qwest DSL connection >> and our CO is on a T1 with another provider. We have successfully >> configured the IPSec tunnels and they connect with a certain degree of >> success (i.e. if we make any changes to one side of the tunnel that >> causes racoon to restart the other side won't recognize the tunnel has >> closed and will continue to hold a "green" connection, until we >> restart the other side too). >> >> The main problem we have is that any network service (SSH, Samba, VNC >> for example) that we try to perform across the tunnel almost always >> hangs or times out. For the most part we get a consistent 73ms ping >> response time from both sides. Has anyone seen this behavior or at >> least have an idea on how to diagnose this issue? > > Try 1.2.1, sounds like PMTU black hole, which happens with the version > of FreeBSD used by 1.2. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Erik Benton Elite Care Technologies http://www.elitecaretech.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
