[ale] Stumped by Slashdot and network problems
John Wells
lists at sourceillustrated.com
Sun Oct 24 14:00:46 EDT 2004
Guys,
I asked my question on the Netfilter list, and got a quick answer that
fixed my problem. FYI, the solution follows:
----
what you need to do is lower the MSS that is being advertised by the
Windows XP machine. on the VPN Server/Router:
iptables -A FORWARD -p tcp --syn -s $WINXP_BOX \
-j TCPMSS --set-mss 1400
if the problem continues--lower that 1400 until the problem disappears. i
have had to ratchet it down as low as 1330 on IPSec + WiFi setups. with
your addition of the ppp0 (pptp) MTU of 896--you may need to use
"--set-mss 850" before the Windows XP box will work properly. another
option that may or may not work, would be to allow the VPN Server/Router
to figure this automatically (which depends on proper PMTU discovery,
which is certainly not a given these days):
iptables -A FORWARD -p tcp --syn -s $WINXP_BOX \
-j TCPMSS --clamp-mss-to-pmtu
----
Setting it to 850 on the router works.
Thanks,
John
More information about the Ale
mailing list