[vpn-help] Fragmented traffic with 2.2.0-rc-2
Zweerde, Marcel van de
mvandezweerde at Alescon.nl
Thu Feb 21 08:49:14 CST 2013
Hello,
I'm having some problems with fragmented traffic (and disconnects)
Config:
Firewall:
Netscreen 320M 6.3.0r9.0
Block Fragment Traffic Enabled in screen settings for the Untrust
interface
Client:
Win7 client (etc.)
Client 2.2.0-rc-2
Problem:
The setup is working correctly (except for some random?!? disconnects)
if i disable "Block Fragment Traffic" but it seems slow.
When "Block Fragment Traffic" is Enabled on the Netscreen the tunnel
connects but i get fragmented UDP traffic alarms on the Netscreen and
there is no traffic through the tunnel.
To remedy the situation i tried to lower the MTU setting to 800 as a
test in the client but that doesn't seem to work.
The MTU value for the virtual adapter changes in the registry but the
log says otherwise?!?
Interesting log entry's:
Apapter ROOT\VNET\0000 MTU is 1500
Send NAT-T:IKE packet XXXX:4500 -> XXXXX:4500 ( 1548 bytes )
Fragmented packet to 1514 bytes ( MTU 1500 bytes )
Fragmented packet to 82 bytes ( MTU 1500 bytes )
How can i resolve this? (hopefully without changing anything to the pc
config itself)
(Maby the disconnects are related to the fragmenting?, the client says
the Netscreen ended the connection but the Netscreen doesn't log
anything.)
Thanks for the great software!
Max
p.s. The Howto_Juniper_SSG / Create_a_Phase1_ID doesn't really mention
the "Number of Multiple Logins with Same ID" setting, that was the
reason i could only login with 1 user at a time, maby an update of the
Howto is in place?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20130221/654de52f/attachment.html>
More information about the vpn-help
mailing list