VPN connection fails.

Bennett Todd bet at RAHUL.NET
Thu Aug 10 22:47:21 EDT 2000


2000-08-10-13:12:34 Tina Bird:
> For now, we're just manually disabling PATH_MTU_DISCOVERY
> on the systems on both ends of the VPN.  Ugly, but effective.

If disabling Path MTU Discovery (PMTU-D) on each end fixes the
problem, then another fix would be even better: back the configured
MTUs of the interfaces down by at least the overhead of the tunnel;
I like to back off by like 100 or so, which gives enough headroom
for a couple of layers of tunneling. And I doubt the performance
difference between a 1500 MTU and a 1400 MTU is very important. I'd
expect it to be less than the performance hit of having to fragment
to squeeze through the tunnel.

-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/vpn/attachments/20000810/2132e9b7/attachment.pgp 


More information about the VPN mailing list