MTU problems resulting in VPN trouble…

I have spent the day trying to troubleshoot a problem with a customers VPN connection. Here is a little ino on what i found:

Background:

The customer is using Microsoft PPTP VPN client to connect to a Cisco Pix 515. All of a sudden when they connect to VPN it seems to be working, they can ping but they cannot connect to any resources. This results among other things in Terminal Services not being able to connect and you will only get a black screen.

Resolution:

It seems that the problem is that the VPN tunnel is not allowing MTU larger than 1256.

I found this out by using a tool I found on the internet called mturoute.exe (There is a lot of other fun stuff on this site)

mturoute.zip (25,57 KB)

This tool examins the MTU of a link. When I found this out I tried to edit the MTU size tor the VPN connection in Windows according to this article.

To do this edit this value in the registry:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNdisWanParametersProtocols
 
Change the value of TunnelMTU to decimal 1256.
 
I created a reg file (below) and imported it:
 
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNdisWanParametersProtocols]
“PPPProtocolType”=dword:00000021
“ProtocolType”=dword:00000800
“ProtocolMTU”=dword:00000514
“TunnelMTU”=dword:000004e8
 
I still do not know why this suddenly is a problem but I will update here as soon as I find out.

Comments

Leave a Reply

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)