[ale] Stumped by Slashdot and network problems

James P. Kinney III jkinney at localnetsolutions.com
Sun Oct 24 14:17:59 EDT 2004


John,

Many thanks for the follow up. This also explains an IPSEC issue I had a
while back with a Linux VPN server and a WinXP vpn client. 

On Sun, 2004-10-24 at 14:04, John Wells wrote:
> Guys,
> 
> I asked my question on the Netfilter list, and got a quick answer that
> fixed my problem.  FYI, the solution follows:
> ----
> what you need to do is lower the MSS that is being advertised by the
> Windows XP machine.  on the VPN Server/Router:
> 
>         iptables -A FORWARD -p tcp --syn -s $WINXP_BOX \
>           -j TCPMSS --set-mss 1400
> 
> if the problem continues--lower that 1400 until the problem disappears. i
> have had to ratchet it down as low as 1330 on IPSec + WiFi setups. with
> your addition of the ppp0 (pptp) MTU of 896--you may need to use
> "--set-mss 850" before the Windows XP box will work properly.  another
> option that may or may not work, would be to allow the VPN Server/Router
> to figure this automatically (which depends on proper PMTU discovery,
> which is certainly not a given these days):
> 
>         iptables -A FORWARD -p tcp --syn -s $WINXP_BOX \
>           -j TCPMSS --clamp-mss-to-pmtu
> ----
> Setting it to 850 on the router works.
> 
> Thanks,
> John
> 
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 
> !DSPAM:417beddb39491550715342!
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list