1. Home
  2. Digital Subscriber Line
  3. VPN over L2TP between ADSL end points failing on some applictions and not others - MTU Problem ?

VPN over L2TP between ADSL end points failing on some applictions and not others - MTU Problem ?

We set up a L2 Tunnel bertween us and our ADSL Provider to resell to our ADSL users.

We hand our IP using our radius etc and all works fine.

Traffic between ADSL users and some internet sites failed at first and nothing worked until we discovered the overhead of the L2 Tunnel (40 bytes) and adjusted MTU's to compensate and all seemed good.

Then we added a VPN between these 2 users and things started to break again.

i.e PIng works down the VPN and varoious other things but terminal services and Outlook trying to collect mail from the other end point does not.

It seems that the VPN again plays havoc with the MTU or packet fragmentation.

Config below fixed the initial issues.

username NET-TEST-L2TP password 7 08 username NET-TEST2-L2TP password 7 04

vpdn enable vpdn multihop vpdn search-order domain vpdn domain-delimiter @ suffix ! vpdn-group NET-TEST-L2TP accept-dialin protocol l2tp virtual-template 1 terminate-from hostname NET-TEST-L2TP source-ip x.x.x.x local name NET-TEST-L2TP lcp renegotiation always l2tp tunnel password 7 151

#Added these 2 lines to fix initial issues. ip pmtu ip mtu adjust ! vpdn-group NET-TEST2-L2TP accept-dialin protocol l2tp virtual-template 2 terminate-from hostname NET-TEST2-L2TP source-ip x.x.x.x local name NET-TEST2-L2TP lcp renegotiation always l2tp tunnel password 7 01

#Added these 2 lines to fix initial issues. ip pmtu ip mtu adjust

interface Virtual-Template1 ip unnumbered Loopback0 no ip redirects no ip proxy-arp

#Added this line as part fo the fix ip tcp adjust-mss 1400 ip policy route-map clear-df no logging event link-status peer default ip address pool SPPOOL keepalive 60 ppp authentication chap ppp multilink ppp multilink fragment disable ! interface Virtual-Template2 ip unnumbered Loopback0 no ip redirects no ip proxy-arp

#Added this line as part fo the fix ip tcp adjust-mss 1400 ip policy route-map clear-df no logging event link-status peer default ip address pool SPPOOL keepalive 60 ppp authentication chap ppp multilink ppp multilink fragment disable

#Added this line as part of the fix access-list 111 permit tcp any any ! route-map clear-df permit 10 match ip address 111 set ip df 0

VPN's have the same types off issues as normal traffic prior to the added lines above.

How do I get the VPN to compensate or am I way off???

Help please. Gary

Reply to
news
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.