[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Answering my own questions again! I blindly adjusted the MTU on the eth0 of 192.168.0.2 to 1200 from 1500 and this seems _fingers crossed_ to have done the trick :-). My limited understanding of IP would suggest that dropping the MTU on the eth0 limits the packet size so when the packets are wrapped in ESP and ESPINUDP (NAT_T) the overall packet still fits in 1500 and the nasty fragmentation stops. Strange but i never saw this before (when i had a USB ADSL modem and the firewall/router/VPN were all one system) but i am sure there is a logical reason, its somthing to do with that extra bit of ethernet in this setup. Nothing like posting a question to make you see the answer your self!, Anyway now its on a public list in case anybody else runs in to this. Regards Robin On Wednesday 20 October 2004 20:34, Robin Cornelius wrote:
Hi everyone, I am having some serious trouble with my network at the moment, specifically IPSEC VPN. I have a new netgear adsl router modem and I have set it to pass all UDP 500 and UDP 4500 packets to 192.168.0.2 inside my network. I can establish an IPSEC connection to 192.168.0.2 and it seems to work. I then added ip forwarding ability to 192.168.0.2 but i still could not see the internal network so i added masqurading as well. Now i can see the internal network and can ping (around the internal network) etc but anything serious such as accessing an internal web page from 192.168.0.3 dosn't work, the connection seems to stall. Its not firewall as i see a partial web page the first 600 or so bytes so i assume its a really nasty fragmentation probelm on 192.168.0.2. That system only has one network card is this the problem, surly one ADSL 512k connection can't overload a 100Mbps network? even if I am generating 4 x the traffic of the ADSL internaly? Anybody got _any_ ideas ? Many thanks Robin
-- Robin Cornelius --------------------------------------------------- robin@xxxxxxxxxxxxxxxxxxxxx GPG Key ID: 0x729A79A23B7EE764 http://www.biglumber.com/x/web?qs=0x729A79A23B7EE764
Attachment:
pgp00048.pgp
Description: PGP signature