Jason Opperisano said: > huh? OSX has the BSD IPSec stack in its kernel. Really? Had no idea. I'm not an OS X guy, but my wife recently bought an eMac. When we purchased it, I googled for IPSec clients...couldn't find any non-commercial ones. PPTP was the natural choice since it was supported by default. However, guess I *should* have searched on IPSec *support*. Thanks for the heads up...I should now be able to drop poptop and go back to freeswan... > what you need to do is lower the MSS that is being advertised by the > Windows XP machine. on the VPN Server/Router: > > iptables -A FORWARD -p tcp --syn -s $WINXP_BOX \ > -j TCPMSS --set-mss 1400 > > if the problem continues--lower that 1400 until the problem disappears. > i have had to ratchet it down as low as 1330 on IPSec + WiFi setups. > with your addition of the ppp0 (pptp) MTU of 896--you may need to use > "--set-mss 850" before the Windows XP box will work properly. Bingo! Setting to 850 works...setting to 880 doesn't, curiously. I wish I could trouble you to describe in depth what was going on here, but I'd bet it'd involve me realizing quickly I need to pull the old networking textbooks of the shelf and dust up on the details. So, one final question: Wouldn't it be better to raise the PPTP MTU value from 896 to something a bit higher up, like 1400, and then set this with the command you gave? Seems like that would be less overhead on the network, but I'm probably wrong. Thanks tremedously for your reply. It was a very frustrating experience! John
