News: This forum is now permanently frozen.
Pages: [1]
Topic: IPSec Tunnel works, but some Servers not reachable! MTU-Problem?  (Read 3494 times)
« on: February 12, 2008, 15:40:52 »
acid-mic *
Posts: 11


i'm new here - so please bear with me.

I've got a running IPSec Connection betwenn two locations (Certs, 3DES, CryptoCard). I can ping any hosts at the remote site, but i can't access only some hosts. Same problem from the remote net to me.

The hosts i can't access seems to loose the packets except the first. I'm thinking this is a MTU problem. Turning on "Allow fragmented Packets" on "Advanced Settings" and Outbount Rules (LAN und IPSec Rules) won't make a change.

I'm using m0n0wall 1.3b9 on a PCEngines ALiX 2C3 Borad with Soekris Hardware Crypto Card.

Our network-configuration:
Modem - m0n0wall

Modem - CISCO 1720 - m0n0wall

Forwarded/Allowed Ports on CISCO: UDP 500+4500, TCP 50+51, ESP

Have many thanks for your help!

Best wishes,

« Reply #1 on: February 12, 2008, 17:06:23 »
acid-mic *
Posts: 11

Hello again,

now i've tried this:
I've changed the mtu of my PC(!) to 1400 - now (on my pc) anything works fine! So the Problem is really the MTU-size.

Question: How could i change the MTU of the Tunnel? I'd like to change ONLY the tunnel - not the wan interface! Is it possible?

Have many thanks!

P.S.: The tool if used for changing the MTU is called Dr.TCP
« Reply #2 on: March 13, 2008, 12:30:53 »
acid-mic *
Posts: 11

Me again....

New m0n0wall beta version 1.3b10 fixes some MTU Problems, but out tunnel still won't work correct.

Now i can download packets from Side A to B, but from Side B to A only small packets work. Maximum transfers size is about 500kb.

I've also watched some blocked packets on Side A in filter log where source is public ip side B and destination ist public ip A, UDP, no Port.

I think this are my lost packets but it seems that this packets won't go through the tunnel.

Any idea?
Pages: [1]
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines