Not that simple. The routers are Netopia routers which have only three options for VPNs:
PPTP: No encryption
ATMP: Has encryption
IPsec: Good encryption but I have clients that need to access other corporate VPNs using proprietary Windows clients. As far as I know you can't have IPsec VPNs on the router as well as behind the router, or at least it never worked for me.
As far as the MTU many things break due to the packet size being too large. The magic number for the MTU is 1452 which is the highest packet size where everything works.
Remember that I mentioned that the routers are connection via DSL using PPPoE so there is additional packet overhead there too.
Paul Hamm wrote:
Hacks are only ugly if they don't work, or break somthing. My recommendation is spend some quality time with those buggered VPN connections and make them work properly. True story. I had a person in a remote office tell me I had to reset my email server clock because his windows machine did not do daylight savings time for his time zone. Israel votes on it or something. So since his stuff did not work he wanted me to break mine. This would have caused problems all over. The solution was to use a different country in the same time zone as Israel so the DST box was available. Sounds to me like you have the same kind of problem. If you spend the time now to fix the issue it will most likely save you time and problems in the future when the entreched system will be imposible to remove.
-- Greg Gulik http://www.gulik.org/greg/ greg @ gulik.org http://www.drivingevents.com/ -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
