Re: [Openvpn-users] Windows client, mysterious routes and MTU issues

[Erich Titl <erich.titl@xxxxxxxx>]

John A. Sullivan III wrote:
> On Sun, 2006-02-05 at 22:21 +0100, Erich Titl wrote:
> 
>>John
>>
>>John A. Sullivan III wrote:
>>
>>>Hello, all.  We are seeing some bizarre behavior with our Windows
>>>OpenVPN clients.  We are not seeing the same behavior in the Linux
>>>clients.  Our setup is an OpenVPN gateway running openswan connecting to
>>>other offices via openswan.  I am just now beginning to peruse the more
>>>obscure configuration settings and do some extensive testing but, if
>>>anyone knows the answer off the top of their head, it will save me many
>>>hours.
>>>
>>>Whenever the windows client accesses a station in one of the offices,
>>>i.e., across the openswan VPN, an entry for that station is added to the
>>>Windows routing table.  Although that is surprising, it would not be too
>>>bad except that the MTU on the route is set to 576! 
>>
>>Did you disable PMTU discovery on Windoze? The reduced MTU size could be 
>>one of the indications. The surprising thing is, how else would the 
>>windows client know that his OpenVPN connection is futher tunneled 
>>through an OpenSwan connection?
> 
> Ah, I should clarify.  The OpenVPN gateway terminates the user traffic.
> The decrypted traffic is then sent to the branch office via IPSec with
> openswan.  The user's encapsulated OpenVPN traffic is NOT sent down the
> IPSec tunnel.  Sorry 'bout that - John

:-)

Ok then basically we should _not_ see different behaviour with or
without IPSec, which would allow us to observe the same problem without
the additional IPSec complexity, right. What happens if you just route
the traffic to the branch office without tunneling it furthermore?

cheers

Erich


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users