Dear list, today I had some strange mobile client VPN behavior while using a public coffee shop wifi connection with my Windows 7 + Shrewsoft VPN laptop.
- My private home network is 192.168.9.0/24, pfsense acts as default gateway on 192.168.9.254. The coffee shop handed my laptop the 192.168.0.65 / 24 address, default gateway of 192.168.0.1. - After successfully establishing my mobile VPN session using Shrewsoft VPN, I could navigate throughout my private network, connect to my private XMPP server with Pidgin, and generally operate normally, EXCEPT: - Using IE or Firefox on my laptop, I could not open any webpages on my private web server, 192.168.9.1. In Firefox the laptop attempted to pull the page and hung at "waiting for 192.168.9.1..." on the status bar. Other webservers on my private network, including pfsense, worked fine. - I could SSH into 192.168.9.1, and the session would last 5-10 seconds before freezing (^C, ^Z did nothing). - I could do a "telnet 192.168.9.1 80" then "GET /" and it would return a 500ish byte HTTP 301 message (normal per my web server config). - When I got home, I looked at access.log on 192.168.9.1, and I saw all the requests I made from the coffeeshop. My interpretation of these log entries is that 192.168.9.1 sent HTTP data and logged that it sent it successfully. The log entries looked like this: 192.168.0.65 - - [09/Jun/2010:13:44:42 -0400] "GET /home.php HTTP/1.1" 200 2253 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3" 192.168.0.65 - - [09/Jun/2010:13:44:46 -0400] "GET /home.php HTTP/1.1" 200 2253 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3" 192.168.0.65 - - [09/Jun/2010:13:58:57 -0400] "GET /home.php HTTP/1.1" 200 2260 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3" etc.. etc... etc.. Conclusion: Am I correct in assuming there is a routing issue where max-MTU packets are not able to route from 192.168.9.1 to my mobile VPN machine? Do you have any advice for me? Sorry for the length, thanks, John --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
