[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Active Directory stuttering

  • Subject: Re: [Openvpn-users] Active Directory stuttering
  • From: Les Mikesell <lesmikesell@xxxxxxxxx>
  • Date: Thu, 01 Nov 2007 11:27:37 -0500

Gavin Hamill wrote:
> On Thu, 2007-11-01 at 08:39 -0700, Jeff - wrote:
>>> Are there routers/firewalls between the openvpn servers and the end 
>>> points?  Or host-based firewalls on the end point hosts?
> Interesting reading.
> I've gone and set EnablePMTUDiscovery to zero in the registry of our AD
> server, as well as set MTU of 1300 on each of the interfaces...
> Will have to wait until tonight before I can reboot it, though.
> In all honestly I'm not expecting a solution from this because there are
> no routers / firewalls in between..
> Internet
> |
> Router
> |
> |---------
> |        |
> AD      OpenVPN server

It could be a windows or 3rd party software firewall on the host that 
keeps mtu discovery from working.  One way to diagnose would to use 
wireshark (ethereal) on the openvpn server to see if it keeps getting 
1500 byte packets from the sender with the DF flag set.  It should get 
one, respond with an ICMP, then the sender should try some other sizes 
and settle on something that works.

   Les Mikesell

Openvpn-users mailing list