[vpn-help] Fragmented traffic with 2.2.0-rc-2

Alexis La Goutte alexis.lagoutte at gmail.com
Fri Feb 22 07:49:11 CST 2013 

Hi Marcel,

With 2.2-rc2, there is new hash algo supported... (See
https://lists.shrew.net/pipermail/vpn-help/2012-December/014061.html )

Regards,

On Thu, Feb 21, 2013 at 3:49 PM, Zweerde, Marcel van de <
mvandezweerde at alescon.nl> wrote:

> Hello,****
>
> ** **
>
> I’m having some problems with fragmented traffic (and disconnects)****
>
> ** **
>
> Config:****
>
> Firewall:****
>
> Netscreen 320M 6.3.0r9.0****
>
> Block Fragment Traffic Enabled in screen settings for the Untrust interface
> ****
>
> ** **
>
>          Client:****
>
>          Win7 client (etc.)****
>
>          Client 2.2.0-rc-2****
>
> ** **
>
> Problem:****
>
> The setup is working correctly (except for some random?!? disconnects) if
> i disable “Block Fragment Traffic” but it seems slow. ****
>
> When “Block Fragment Traffic” is Enabled on the Netscreen the tunnel
> connects but i get fragmented UDP traffic alarms on the Netscreen and there
> is no traffic through the tunnel.****
>
> ** **
>
> To remedy the situation i tried to lower the MTU setting to 800 as a test
> in the client but that doesn’t seem to work.****
>
> The MTU value for the virtual adapter changes in the registry but the log
> says otherwise?!?****
>
> ** **
>
> Interesting log entry’s:****
>
> A*p*apter ROOT\VNET\0000 MTU is 1500****
>
> ** **
>
> Send NAT-T:IKE packet XXXX:4500 -> XXXXX:4500 ( 1548 bytes )****
>
> Fragmented packet to 1514 bytes ( MTU 1500 bytes )****
>
> Fragmented packet to 82 bytes ( MTU 1500 bytes )****
>
> ** **
>
> How can i resolve this? (hopefully without changing anything to the pc
> config itself)****
>
> ** **
>
> ** **
>
> (Maby the disconnects are related to the fragmenting?, the client says the
> Netscreen ended the connection but the Netscreen doesn’t log anything.)***
> *
>
> ** **
>
> ** **
>
> ** **
>
> Thanks for the great software!****
>
> ** **
>
> Max****
>
>
> p.s. The Howto_Juniper_SSG / Create_a_Phase1_ID doesn’t really mention the
> “Number of Multiple Logins with Same ID” setting, that was the reason i
> could only login with 1 user at a time, maby an update of the Howto is in
> place?****
>
> ** **
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> https://lists.shrew.net/mailman/listinfo/vpn-help
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20130222/25248fa5/attachment.html>

More information about the vpn-help mailing list