Log in

No account? Create an account

Previous Entry | Next Entry

Was SSHing to my home box and listed a directory-- connection froze. Closed that, went back and just did a "mount" to remind myself which disk that was on-- that froze too. Usually after printing a line or two of the output.

Finally remembered having had this before, and dropped the MTU of the ethernet card to 1000, and it worked fine. A bit of trial and error suggests the MTU needs to be somewhere around 1460, not 1500. Something to reconfigure on the router when I get home (its telnet interface seems to be borked) but a fun one to sort out; odd that I'd never encountered that one when using the machine from home though. I guess I haven't been uploading large blocks of data. Maybe Windows sets a lower MTU by default? Although I do most of my web access through a Squid cache on the Linux box anyway... A bit annoying, too, that the router's filtering blocks PMTU-discovery packets. Or something on the way does. Maybe it's just accessing it from here?



( 2 comments — Leave a comment )
Mar. 23rd, 2005 04:08 pm (UTC)
I've had MTU issues when using Cisco VPN to login from home. Seems that the VPN connection doesn't allow fragmented packets, so if the Window MTU is set too high then I get the login box, but no life after that...

Traced it down to an old (high) MTU setting which I'd set to optimise general dial-up usage. Setting it to the normal Windows maximum still didn't work because the VPN protocol adds a few extra bytes of its own, tipping the total packet size over the edge - and apparently wireless protocols will do the same, so you can achieve different maximum MTUs if connecting via wireless or wired connections. I ended up using ping (as described here) to determine the max which my system could support. But I'm sure you knew all that anyway... :-)
Mar. 23rd, 2005 04:43 pm (UTC)
It could be either fragments being dropped, or ICMP Must-Fragment being dropped. VPNs are common culprits because they pass on packets with 40 or so bytes added, and are often deployed along with a firewall. And some people think blocking all ICMP is a sensible thing to do at a firewall, bah.
( 2 comments — Leave a comment )


Steve Haslam

Latest Month

March 2009

Page Summary

Powered by LiveJournal.com
Designed by Tiffany Chow