VPN

Hello,

i'm new here - so please bear with me.

I've got a running IPSec Connection betwenn two locations (Certs, 3DES, CryptoCard). I can ping any hosts at the remote site, but i can't access only some hosts. Same problem from the remote net to me.

The hosts i can't access seems to loose the packets except the first. I'm thinking this is a MTU problem. Turning on "Allow fragmented Packets" on "Advanced Settings" and Outbount Rules (LAN und IPSec Rules) won't make a change.

I'm using m0n0wall 1.3b9 on a PCEngines ALiX 2C3 Borad with Soekris Hardware Crypto Card.

Our network-configuration:
Remote-Site:
Modem - m0n0wall

This-Site:
Modem - CISCO 1720 - m0n0wall

Forwarded/Allowed Ports on CISCO: UDP 500+4500, TCP 50+51, ESP


Have many thanks for your help!

Best wishes,

Michael

Hello again,

now i've tried this:
I've changed the mtu of my PC(!) to 1400 - now (on my pc) anything works fine! So the Problem is really the MTU-size.

Question: How could i change the MTU of the Tunnel? I'd like to change ONLY the tunnel - not the wan interface! Is it possible?

Have many thanks!


P.S.: The tool if used for changing the MTU is called Dr.TCP

Me again....

New m0n0wall beta version 1.3b10 fixes some MTU Problems, but out tunnel still won't work correct.

Now i can download packets from Side A to B, but from Side B to A only small packets work. Maximum transfers size is about 500kb.

I've also watched some blocked packets on Side A in filter log where source is public ip side B and destination ist public ip A, UDP, no Port.

I think this are my lost packets but it seems that this packets won't go through the tunnel.

Any idea?