[vpn-help] Fragmentation issues with FreeBSD

lkv at defx.org lkv at defx.org
Wed Aug 30 17:56:23 CDT 2006


> lkv at defx.org wrote:
[..]
> No worries. I'm glad it all worked out for you. Sometimes it just takes 
> going through the motions of explaining a problem to someone else before 
> the solution come to you. It happens to me all the time :)

I was totally convinced that the mtu on the modem was >= 1500, 
so didn't bother to check, it never hurts to be more careful.

> Also, thanks for the positive feedback. A lot of time and effort has 
> been invested to provide the best product possible. It still has a ways 
> to go but its getting there. If the opportunity presents itself, please 
> help by telling others of your positive experience.

I already told few people about it. It has features the Cisco client
doesnt, all the strong ciphers and I find that very very handy!

Anyway just to overview what happened. The problem was not in the 
VPN client but in the network setup.

For the DSL on our network we use Speedtouch modem which provides
a PPPoA to PPTP tunnel. On the FreeBSD side I use pptpclient 
which will then call FreeBSD stock PPP to handle the rest. So 
the flow is:

-> PPPoA:[modem]:PPTP <-> tun0:PPTPclient[FreeBSD]:xl0 <-> LAN

The problem was at the tun0 device, where the MTU was way above
1500 - in fact it was 2048. From what I noticed in the FreeBSD ppp manual, the
max mtu ppp will set is 2048. Adding this 'set mtu max 1500' to 
the /etc/ppp/ppp.conf on the FreeBSD side solved the problem. 
(Though just doing 'set mtu 1500' wont do the job, the max keyword
is required).

After I did the above, everything worked just fine!

On a side note, is there a way to minimize the VPN connection 
in the tray?

Thanks,
Lou




More information about the vpn-help mailing list