Security Basics mailing list archives
RE: RE: VPN & PPPoE
From: "dave" <dave () netmedic net>
Date: Mon, 27 Jan 2003 18:28:12 -0500
Yes, it does support discovery. http://groups.google.com/groups?q=enablepmtubhdetect&hl=en&lr=&ie=UTF-8&selm =8e7f01c2794c%241f58bda0%242ae2c90a%40phx.gbl&rnum=8 Dave Kleiman dave () netmedic net www.netmedic.net -----Original Message----- From: Mark Reardon [mailto:riscorp () mindspring com] Sent: Friday, January 24, 2003 10:48 To: Paul Gaskin; 'security-basics () securityfocus com' Subject: Re: RE: VPN & PPPoE I don't know if Windows supports MTU discovery but I recommend looking at Microsoft.com (I tried but my workstation keeps locking up when I do). MTU discovery sends out the first packet of a connection using the maximum size and the DF (don't fragment) bit set. If a network device needs to forward the packet through a link with a too small MTU, it should send back an ICMP packet stating that fragmenetation is required but the DF bit is set. It should also include the MTU value it will accept. The originator then retries with a smaller packet (using the provided MTU). This continues until the packet is acknowledged. For the rest of this connections life, the MTU is maintained so fragmentation doesn't occur. The draw backs are that your perimeter needs to allow inbound ICMP packets of this type, your initial data is slow, and some network devices don't send the proper MTU to get through (they have a bug or are old). Once you have the MTU to get to a major location, you can me confident it is the MTU allowed to get over your end. Most major locations can accept very large packets (at least 1500). Set that to your MTU and turn off discovery. I hope this helps, Mark -------Original Message------- From: Paul Gaskin <paul () midwesttechnologies com> Sent: 01/21/03 10:26 AM To: "'Keith T. Morgan'" <keith.morgan () terradon com> Subject: RE: VPN & PPPoE
Is there a sure fire way to come up with a good MTU speed?
We used one in the Microsoft Knowledge Base. and came up with an MTU of 1366 and this didn't seem to do the trick. Also, We had a concern with setting the MTU really low. How is this going to effect the way other files get transferred? Will setting the MTU lower effect the speed of the DSL (surfing the web, downloading files)? Thanks Paul -----Original Message----- From: Keith T. Morgan [mailto:keith.morgan () terradon com] Sent: Tuesday, January 21, 2003 9:15 AM To: Paul Gaskin; security-basics () securityfocus com Subject: RE: VPN & PPPoE We had to deal with this very issue using IPSEC via Free S/Wan on linux. The solution was to kick the interface (pppoe facing) MTU down to the 1280 range. This was after some experimentation. Play around with the MTU and you should be able to get it to work. If you have a sniffer handy on the client machine, watch to see how much fragmentation is occuring on the interface. Lots of fragmentation seemed to break IPSEC for us. -----Original Message----- From: Paul Gaskin [mailto:paul () midwesttechnologies com] Sent: Friday, January 17, 2003 4:29 PM To: 'security-basics () securityfocus com' Subject: VPN & PPPoE I am new to the list and I'm not sure if this even falls into this category but I'm getting desperate! We have set up a VPN and it seems to work fine everyone can log on and move around the network and send and receive email. One person though... on a DSL using PPPoE can not send e-mail. we have tried everything... has anyone run into this problem? the user is on a Windows XP laptop connected to a Linksys wireless router (Using PPPoE). and Outlook for E-mail. Any help would be greatly appreciated Thanks in advance Paul
---- Mark Reardon Reardon Information Security Corporation 156 Blue Sky Drive Marietta, GA 30068 (770) 565-0544 (404) 444-0041 cell
Current thread:
- Re: VPN & PPPoE, (continued)
- Re: VPN & PPPoE simsjs (Jan 23)
- Re: VPN & PPPoE Rob Davis (Jan 23)
- Re: VPN & PPPoE Jack Napier (Jan 23)
- Re: VPN & PPPoE Glen Mehn (Jan 23)
- Re: VPN & PPPoE Chris Berry (Jan 23)
- RE: VPN & PPPoE Paul Gaskin (Jan 23)
- RE: VPN & PPPoE John Tolmachoff (Jan 24)
- RE: VPN & PPPoE MacFerrin, Ken (Jan 24)
- RE: VPN & PPPoE MacFerrin, Ken (Jan 24)
- RE: VPN & PPPoE Price, Mark G Contr ANG/C4 (Jan 24)
- RE: RE: VPN & PPPoE dave (Jan 28)