[clug] Wierd problem connecting to www.mozilla.org andwww.microsoft.com

Kim Holburn kim.holburn at anu.edu.au
Wed Dec 15 08:29:22 GMT 2004


Ahh:

If you have a Windows XP box using ppp or pptp VPN and it can  
mysteriously not
see some web sites (mostly overseas) but mostly networking is fine then
the following should fix it.  Currently I find that out-of-the-box XP
machines using our VPN server can see http://www.apple.com.au/ fine but
http://www.apple.com/ doesn't work.  Save the following text-only to a
`.reg' file like `VPNTunnelMTU.reg'.

---------- Cut Here ----------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisWan\Parameters 
]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisWan\Parameters 
\Protocols]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisWan\Parameters 
\Protocols\0]
"PPPProtocolType"=dword:00000021
"TunnelMTU"=dword:000003e8
"ProtocolType"=dword:00000800

---------- Cut Here ----------

Double clicking the file (with administrative privileges) should offer
to install the registry settings.  Bravely agree to this and then
reboot.  Works for me and it's alot least brain numbing than following
the Microsoft instructions below.  The WinXP default VPN MTU value is
1400 and the 0x3e8=800 value I've used above seems to work.

On 2004 Dec 15, , at 6:47 PM, Dale Shaw wrote:

> Without having a really good look at the packet trace, I'd be inclined
> to think it probably has something to do with Path MTU Discovery/ICMP
> blocking/PPP over Ethernet.
>
> Do you access the Internet over a PPPoE session? Maybe you could give
> us an overview of your connection arrangements. Look at lowering the
> MTU on the 'hometheatre' box or using TCP Maximum Segment Size (MSS)
> clamping.
>
> There are also some weird ICMP redirect shenanigans going on. Is the
> default gateway on 'hometheatre' set correctly? I can't see what the
> redirections are, just that there are a few.
>
> Anyway, the 3-way TCP handshake with www.microsoft.com is working, it
> just barfs when it tries to HTTP GET the front page. My money's on
> PPPoE/MTU and something in the path between you and the server dumping
> ICMP "Fragment Needed but DF bit set" packets.
>
> cheers,
> Dale
>
>
> On Wed, 15 Dec 2004 08:45:44 +1100, Donovan J. Edye  
> <donovan at edyeweb.com> wrote:
>> B,
>>
>> Here is a dump of the conversation with www.microsoft.com. A few SMB  
>> packets
>> that should not have been included. However it appears that the  
>> problems
>> start around frame 10. Any pointers appreciated:
>
> [...]
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>
-- 
Kim Holburn
IT Manager, Canberra Research Laboratory
National Information and Communication Technology Australia
Ph: +61 2 61258620 M: +61 417820641
Email: kim.holburn at anu.edu.au  - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/index.php?id=16 ->  
http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.

Use ISO 8601 dates [YYYY-MM-DD]  
http://www.saqqara.demon.co.uk/datefmt.htm
Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961



More information about the linux mailing list