|
|
Gavin Hamill wrote:
> On Thu, 2007-11-01 at 08:39 -0700, Jeff - wrote:
>>> Are there routers/firewalls between the openvpn servers and the end
>>> points? Or host-based firewalls on the end point hosts?
>>>
>
> Interesting reading.
>
> I've gone and set EnablePMTUDiscovery to zero in the registry of our AD
> server, as well as set MTU of 1300 on each of the interfaces...
>
> Will have to wait until tonight before I can reboot it, though.
>
> In all honestly I'm not expecting a solution from this because there are
> no routers / firewalls in between..
>
> Internet
> |
> Router
> |
> |---------
> | |
> AD OpenVPN server
It could be a windows or 3rd party software firewall on the host that
keeps mtu discovery from working. One way to diagnose would to use
wireshark (ethereal) on the openvpn server to see if it keeps getting
1500 byte packets from the sender with the DF flag set. It should get
one, respond with an ICMP, then the sender should try some other sizes
and settle on something that works.
--
Les Mikesell
lesmikesell@xxxxxxxxx
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|