Does anybody have experience dealing with MTU size or packet fragmentation issues with FreeS/WAN? Specifically information and/or a howto on using the overridemtu=x statement in ipsec.conf. - The pros, cons, when to use it, etc.
My situation is as follows:
I have a central office connected by VPN to two branch offices using SME 5.5 with updates, and FreeS/WAN. All three LAN’s use Win2k Pro clients and we run a Pervasive SQL client/server application. The central office has a 2-megabits-per-second symmetric connection to the Internet and the branch offices each have fractional T-1 lines (768Kbps) from a tier-1 (well positioned) ISP. In addition to getting lockups and dropped connections the SQL client program ran so slow it was unusable and we have since implemented a Win2k Terminal Server at the central office. This works “okay”, but I consider it to be a very “clunky” solution and we still get lots of dropped sessions.
I believe this is because of ICMP blocking along the way???
The fact that bugs me is:
When I do “tracert” from a Windows box in the DMZ at the central office I get only a few hops past our gateway before I hit stars (request timed out.). Also, when I do the reverse trace route, that is, from a windows box at the ‘branch’ office back to the central office, I get the other half of the route and it stops at the same spot. However, when I do a traceroute from a Linux box in the DMZ at the central office – Bam! – a zippy 13 hop route comes up every time!
Is there an issue with the Windows trace route packets and the offending router? Is this a clue as to why the Windows applications have problems?
Thanks in advance for any help on this.
Sorry this is a multipart question and a long-winded post, but this is how we learn...
1 Replies
3529 Views