Re: [Openvpn-users] Windows client, mysterious routes and MTU issues

["John A. Sullivan III" <jsullivan@xxxxxxxxxxxxxxxxxxx>]

On Sun, 2006-02-05 at 22:21 +0100, Erich Titl wrote:
> John
> 
> John A. Sullivan III wrote:
> > Hello, all.  We are seeing some bizarre behavior with our Windows
> > OpenVPN clients.  We are not seeing the same behavior in the Linux
> > clients.  Our setup is an OpenVPN gateway running openswan connecting to
> > other offices via openswan.  I am just now beginning to peruse the more
> > obscure configuration settings and do some extensive testing but, if
> > anyone knows the answer off the top of their head, it will save me many
> > hours.
> > 
> > Whenever the windows client accesses a station in one of the offices,
> > i.e., across the openswan VPN, an entry for that station is added to the
> > Windows routing table.  Although that is surprising, it would not be too
> > bad except that the MTU on the route is set to 576! 
> 
> Did you disable PMTU discovery on Windoze? The reduced MTU size could be 
> one of the indications. The surprising thing is, how else would the 
> windows client know that his OpenVPN connection is futher tunneled 
> through an OpenSwan connection?
Ah, I should clarify.  The OpenVPN gateway terminates the user traffic.
The decrypted traffic is then sent to the branch office via IPSec with
openswan.  The user's encapsulated OpenVPN traffic is NOT sent down the
IPSec tunnel.  Sorry 'bout that - John
> 
> The result is
> > massive packet fragmentation.
> 
> :-) No surprise
> 
> cheers
> 
> Erich
> 
> 
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@xxxxxxxxxxxxxxxxxxx

Financially sustainable open source development
http://www.opensourcedevel.com


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users