I use a Linux Client (ubuntu 8.10) to connect via PPTP to a monowall firewall (running firmware 1.3b15). I have the following issue with pptp:
When pptp tunnel is build up an "ifconfig" on the linux client shows :
ppp0 Link encap:Punkt-zu-Punkt-Verbindung
inet Adresse:192.168.1.16 P-z-P:192.168.1.16 Maske:255.255.255.255
UP PUNKTZUPUNKT RUNNING NOARP MULTICAST MTU:1496 Metrik:1
At the same time monowalls status.php page shows :
ng1: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1456
inet6 fe80::20e:cff:fed8:1812%ng1 prefixlen 64 scopeid 0x6
inet 192.168.1.2 --> 192.168.1.16 netmask 0xffffffff
This results in an very unstable connection. I could not manage to get a simple ICMP ping with size greater than 1414 bytes through this tunnel. Sending 1416 bytes immidiately crashes the tunnel. Syslog then shows:
Dec 1 18:07:03 client pptp[25144]: nm-pptp-service-25128 log[logecho:pptp_ctrl.c:677]: Echo Reply received.
Dec 1 18:07:05 client pptp[25137]: nm-pptp-service-25128 warn[decaps_gre:pptp_gre.c:331]: short read (-1): Message too long
Dec 1 18:07:05 client pptp[25144]: nm-pptp-service-25128 log[callmgr_main:pptp_callmgr.c:234]: Closing connection (unhandled)
Usind the same client and tunnel parameters, but a Windows2003-Server as gateway I get the following from "ifconfig" at the client:
ppp0 Link encap:Punkt-zu-Punkt-Verbindung
inet Adresse:10.4.10.88 P-z-P:10.4.10.88 Maske:255.255.255.255
UP PUNKTZUPUNKT RUNNING NOARP MULTICAST MTU:1396 Metrik:1
and now the tunnel is absolutely stable. So my idea is that Monowall is not able to negotiate or propose the right MTU size to the client. Can someone help?
|
Topic: PPTP wront MTU Size negotiated