<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: MTU
From: Damion Wilson <dwilson,AT,ibl,DOT,bm>
Date: Mon, 31 Mar 2003 17:59:49 +0200
In-reply-to: <002501c2f798$2de46e30$1f0016ac@eng.timetra.com>

Yes, that helps a lot !

DKW

On Monday 31 March 2003 11:14 am, you wrote:
> Hi Damion et al,
>
> I've been looking at the MTU problem myself over the past few days. The
> way I fixed it was to modify the CIPE tap driver to advertise a lower
> transmit MTU. Currently the driver advertises a transmit MTU of 1486, 14
> bytes less than the 1500 bytes advertised by a normal Ethernet driver.
> I've lowered it to 1459 (see derivation below) and now any fragmentation
> is performed before the CIPE service sees the packets. This might be
> superior to changing the TCP MTU using the registry fixes as it covers
> UDP frames too - ping -l 2000 frames are now fragmented before being
> encrypted.
>
> In cipdrvr/cipdrvr.c(590):
>         case OID_GEN_MAXIMUM_FRAME_SIZE:
>         case OID_GEN_TRANSMIT_BLOCK_SIZE:
>         case OID_GEN_TRANSMIT_BUFFER_SPACE:
>            l_Query.m_Long = DEFAULT_PACKET_LOOKAHEAD - // 1500
>                             20 - // IP header
>                             8 -  // UDP header
>                             8 -  // IV
>                             1 -  // 'P' byte
>                             4;   // CIPE CRC
>
> Hope this helps,
>
> Michael.
>
> -----Original Message-----
> From: owner-cipe-l,AT,inka,DOT,de [mailto:owner-cipe-l,AT,inka,DOT,de On 
> Behalf Of
> Mark Cooke
> Sent: 31 March 2003 15:48
> To: Damion Wilson
> Cc: cipe-l,AT,inka,DOT,de
> Subject: Re: MTU
>
> Hi Damion,
>
> In this particular case, it would have saved me a few minutes digging
> around trying to work out how to set an MTU, so having it as an option
> in the control panel/next generation setup program would get my vote.
>
> Thanks for the efforts you make with cipe on windows. It has been
> exceedingly helpful here - avoiding the need to try to force windows and
> freeswan to co-exist.
>
> Mark
>
> On Mon, 2003-03-31 at 15:26, Damion Wilson wrote:
> > Would it help if there was a per adapter MTU option in the settings ?
> >
> > DKW
> >
> > On Monday 31 March 2003 08:19 am, Phil wrote:
> > > On Mon, 2003-03-31 at 13:06, Mark Cooke wrote:
> > > > Hi Phil,
> > > >
> > > > I had an issue with MTU, and I manually changed the CIPE-Win32 MTU
>
> to
>
> > > > 1442 by changing the registry, on the windows end of a linux-win32
>
> cipe
>
> > > > link.[*]
> > > >
> > > > This cured a problem I was having where small packets, like imap
>
> checks
>
> > > > for new mail, would make it over the encrypted link, but bulk
>
> transfers
>
> > > > such as actually grabbing the new messages, would fail.
> > > >
> > > > This was on XP.
> > > >
> > > > Note, I also set the service to manual, because even with the
>
> latest
>
> > > > dependancy registry mods, on (my install of) XP, the machine still
> > > > pauses for ~ 2 minutes during startup, logging DWK failed to
>
> start, and
>
> > > > then a terminated unexpectedly, before finally starting up.  I
>
> just
>
> > > > added a key to the 'Run' part of the registry, so the service is
>
> started
>
> > > > on login.[#]  It means I have to login before the CIPE link comes
>
> up,
>
> > > > but that isn't too big a deal in my situation.
> > > >
> > > > With both the above, CIPE runs very well over my 802.11b link, so
>
> I was
>
> > > > able to switch off WEP (which isn't secure anyway).  I should just
>
> note
>
> > > > I've had a couple of blue screens since installing CIPE.
> > > >
> > > > YMMV,
> > > >
> > > > Mark
> > > >
> > > > [*]  I added an MTU dword key to the right interface in
>
> HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{}
>
> > > > [#] HKLM\Software\Microsoft\Windows\CurrentVersion\Run, added a
>
> string,
>
> > > > "C:\windows\system32\cipsrvr.exe" -start
> > > >
> > > > On Mon, 2003-03-31 at 09:55, Phil wrote:
> > > > > hi,
> > > > >
> > > > > I'd like to konwo if it is ok that my cipcb0's MTU is 1442 ? if
>
> I use a
>
> > > > > windows 2000 client and a cipe linux server, can I have a
>
> problem with
>
> > > > > MTU?
> > > > >
> > > > > Best regards,
> > > > >
> > > > > Phil
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > > > > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in
>
> body
>
> > > > > Other commands available with "help" in body to the same
>
> address.
>
> > > > > CIPE info and list archive:
> > > > > <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> > > >
> > > > --
> > > > Mark Cooke <mpc,AT,star,DOT,sr,DOT,bham,DOT,ac,DOT,uk>
> > > >
> > > >
> > > > --
> > > > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > > > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in 
> > > > body
> > > > Other commands available with "help" in body to the same address.
> > > > CIPE info and list archive:
> > > > <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> > >
> > > thx for your answer Mark. My VPN is ok with 2 Linux (yeaaahhhh!
>
> Linux's
>
> > > POWER) but It doesn't work with Linux <-> windows 200 Cipe-Win32.
>
> I'll
>
> > > try to modify Windows's MTU.
> > > thx for your help.
> >
> > --
> > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> > Other commands available with "help" in body to the same address.
> > CIPE info and list archive:
>
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>





<< | Thread Index | >> ]    [ << | Date Index | >> ]