Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] Re: Sentinel 1.3 issue

From: John A. Sullivan III (John.Sullivan_at_nexusmgmt.com)
Date: Thu Apr 25 2002 - 23:27:30 CEST

Next message: Mark Orenstein: "[Users] RH7.2 RPM?"
Previous message: Simone Bonifazi: "[Users] remove me please"
In reply to: Nate Carlson: "Re: [Users] Re: Sentinel 1.3 issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Some clients do an MTU discovery and alter the MTU on the workstation to
accommodate the additional headers from encryption and encapsulation.
Sentinel does this - in fact it's on the same tab as making the VPN
connections start automatically - I think it is the Advanced tab on the
properties page. I didn't see such a facility in Free S/WAN. Does it
exist in Free S/WAN? If not, is anyone working on it? - John

On Thu, 2002-04-25 at 12:08, Nate Carlson wrote:
> On Thu, 25 Apr 2002, Joop Marijne wrote:
> > One problem I am still having is that when a user connec's to the
> > offce net, they can browse share's, use vnc with no problems, but when
> > they start Windows Terminal server Client they only get a black screen. After
> > some searching with google it appears this is caused by a "black hole
> > router" which
> > drops packets which are to large for its MTU withoud notifying the sender
> > about this.
> > After some testing I found the max ping size with (DF, Don't Fragment set)
> > to be 1472 which looks fine to me. If someone knows this problem or can
> > shed some light on this issue I be very thankfull.
>
> There's an IPTables option that you can use to make sure it never sends a
> packet larger than N.. check out:
>
> http://www.hgfelger.de/mss/mss-clamp
>
> ----------------------------------------------------------------------
> | nate carlson | natecars_at_natecarlson.com |
> | brainbench mvp for linux admin -- http://www.brainbench.com |
> | Depriving some poor village of it's idiot since 1981 |
> ----------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

-- John A. Sullivan III Group Technology Director Nexus Management +1 207-985-7880 John.Sullivan_at_nexusmgmt.com

_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users

Next message: Mark Orenstein: "[Users] RH7.2 RPM?"
Previous message: Simone Bonifazi: "[Users] remove me please"
In reply to: Nate Carlson: "Re: [Users] Re: Sentinel 1.3 issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:56 CEST