On Mon, 25 Dec 2006 09:54:12 +0100
Gilles Gravier <Gilles@Gravier.org> wrote:

> That MTU is too short, methinks...
> 
> But try something closer to reality... say MTU=1480 ... play a bit
> with values between 1460 and 1500.
> 
It's almost certainly an MTU problem, but how to fix it is less clear.  
Are there host-specific routes that need to be deleted?  Is there
something blocking ICMP messages?  On what box was the MTU changed?
> 
> Brian Grayson wrote:
> >   I recently tried out vpnc to see if I could use NetBSD instead of
> > Windows or Linux to connect to work.  It all connects properly, but
> > once I try to do anything serious (start vim in text mode, do a
> > bunch of 'ls's, fire up vncviewer), the clients hang.  I can still
> > fire up new clients, so it's not like the tunnel is busted, just
> > that those particular streams are hosed.
> >
> >   As a check, I tried doing pings to work of various sizes.
> > A ping of up to 500 bytes gets to work and back just fine, but a
> > ping of 501 bytes or larger will not make it through.  Ordinarily, I
> > can ping with packets larger than 1K to random spots throughout the
> > world, so vpnc appears to be introducing something problematic....
> >
> >   My setup:  NetBSD desktop connected via Ethernet to NetBSD
> > router box, connected to cable modem.
> >
> >   I'm clueless about mtu's etc., but on a whim I did:
> >
> > route change default 10.214.72.11 -mtu 400
> >
> >   And now route show <workmachine> shows:
> >  mtu
> >  400
> >
> >   But things still don't work.  Can someone send me a clue or two?
> > > TIA
> >
> >   Brian
> >   


		--Steve Bellovin, http://www.cs.columbia.edu/~smb