<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: MTU
From: "Michael Clarke" <mclarke,AT,timetra,DOT,com>
Date: Mon, 31 Mar 2003 17:23:34 +0200
In-reply-to: <1049122063.20068.8.camel@pc24.sr.bham.ac.uk>

Hi Damion et al,

I've been looking at the MTU problem myself over the past few days. The
way I fixed it was to modify the CIPE tap driver to advertise a lower
transmit MTU. Currently the driver advertises a transmit MTU of 1486, 14
bytes less than the 1500 bytes advertised by a normal Ethernet driver.
I've lowered it to 1459 (see derivation below) and now any fragmentation
is performed before the CIPE service sees the packets. This might be
superior to changing the TCP MTU using the registry fixes as it covers
UDP frames too - ping -l 2000 frames are now fragmented before being
encrypted.

In cipdrvr/cipdrvr.c(590):
        case OID_GEN_MAXIMUM_FRAME_SIZE:
        case OID_GEN_TRANSMIT_BLOCK_SIZE:
        case OID_GEN_TRANSMIT_BUFFER_SPACE:
           l_Query.m_Long = DEFAULT_PACKET_LOOKAHEAD - // 1500
                            20 - // IP header
                            8 -  // UDP header
                            8 -  // IV
                            1 -  // 'P' byte
                            4;   // CIPE CRC

Hope this helps,

Michael.

-----Original Message-----
From: owner-cipe-l,AT,inka,DOT,de [mailto:owner-cipe-l,AT,inka,DOT,de On 
Behalf Of
Mark Cooke
Sent: 31 March 2003 15:48
To: Damion Wilson
Cc: cipe-l,AT,inka,DOT,de
Subject: Re: MTU

Hi Damion,

In this particular case, it would have saved me a few minutes digging
around trying to work out how to set an MTU, so having it as an option
in the control panel/next generation setup program would get my vote.

Thanks for the efforts you make with cipe on windows. It has been
exceedingly helpful here - avoiding the need to try to force windows and
freeswan to co-exist.

Mark

On Mon, 2003-03-31 at 15:26, Damion Wilson wrote:
> Would it help if there was a per adapter MTU option in the settings ?
> 
> DKW
> 
> On Monday 31 March 2003 08:19 am, Phil wrote:
> > On Mon, 2003-03-31 at 13:06, Mark Cooke wrote:
> > > Hi Phil,
> > >
> > > I had an issue with MTU, and I manually changed the CIPE-Win32 MTU
to
> > > 1442 by changing the registry, on the windows end of a linux-win32
cipe
> > > link.[*]
> > >
> > > This cured a problem I was having where small packets, like imap
checks
> > > for new mail, would make it over the encrypted link, but bulk
transfers
> > > such as actually grabbing the new messages, would fail.
> > >
> > > This was on XP.
> > >
> > > Note, I also set the service to manual, because even with the
latest
> > > dependancy registry mods, on (my install of) XP, the machine still
> > > pauses for ~ 2 minutes during startup, logging DWK failed to
start, and
> > > then a terminated unexpectedly, before finally starting up.  I
just
> > > added a key to the 'Run' part of the registry, so the service is
started
> > > on login.[#]  It means I have to login before the CIPE link comes
up,
> > > but that isn't too big a deal in my situation.
> > >
> > > With both the above, CIPE runs very well over my 802.11b link, so
I was
> > > able to switch off WEP (which isn't secure anyway).  I should just
note
> > > I've had a couple of blue screens since installing CIPE.
> > >
> > > YMMV,
> > >
> > > Mark
> > >
> > > [*]  I added an MTU dword key to the right interface in
> > >
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{}
> > >
> > > [#] HKLM\Software\Microsoft\Windows\CurrentVersion\Run, added a
string,
> > > "C:\windows\system32\cipsrvr.exe" -start
> > >
> > > On Mon, 2003-03-31 at 09:55, Phil wrote:
> > > > hi,
> > > >
> > > > I'd like to konwo if it is ok that my cipcb0's MTU is 1442 ? if
I use a
> > > > windows 2000 client and a cipe linux server, can I have a
problem with
> > > > MTU?
> > > >
> > > > Best regards,
> > > >
> > > > Phil
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > > > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in
body
> > > > Other commands available with "help" in body to the same
address.
> > > > CIPE info and list archive:
> > > > <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> > >
> > > --
> > > Mark Cooke <mpc,AT,star,DOT,sr,DOT,bham,DOT,ac,DOT,uk>
> > >
> > >
> > > --
> > > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> > > Other commands available with "help" in body to the same address.
> > > CIPE info and list archive:
> > > <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> >
> > thx for your answer Mark. My VPN is ok with 2 Linux (yeaaahhhh!
Linux's
> > POWER) but It doesn't work with Linux <-> windows 200 Cipe-Win32.
I'll
> > try to modify Windows's MTU.
> > thx for your help.
> 
> 
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
<URL:http://sites.inka.de/~bigred/devel/cipe.html>
-- 
Mark Cooke <mpc,AT,star,DOT,sr,DOT,bham,DOT,ac,DOT,uk>
University Of Birmingham

--
Message sent by the cipe-l,AT,inka,DOT,de mailing list.
Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
Other commands available with "help" in body to the same address.
CIPE info and list archive:
<URL:http://sites.inka.de/~bigred/devel/cipe.html>





<< | Thread Index | >> ]    [ << | Date Index | >> ]