MTU problems resulting in VPN trouble…

I have spent the day trying to troubleshoot a problem with a customers VPN connection. Here is a little ino on what i found:

Background:

The customer is using Microsoft PPTP VPN client to connect to a Cisco Pix 515. All of a sudden when they connect to VPN it seems to be working, they can ping but they cannot connect to any resources. This results among other things in Terminal Services not being able to connect and you will only get a black screen.

Resolution:

It seems that the problem is that the VPN tunnel is not allowing MTU larger than 1256.

I found this out by using a tool I found on the internet called mturoute.exe (There is a lot of other fun stuff on this site)

mturoute.zip (25,57 KB)

This tool examins the MTU of a link. When I found this out I tried to edit the MTU size tor the VPN connection in Windows according to this article.

To do this edit this value in the registry:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNdisWanParametersProtocols
 
Change the value of TunnelMTU to decimal 1256.
 
I created a reg file (below) and imported it:
 
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNdisWanParametersProtocols]
“PPPProtocolType”=dword:00000021
“ProtocolType”=dword:00000800
“ProtocolMTU”=dword:00000514
“TunnelMTU”=dword:000004e8
 
I still do not know why this suddenly is a problem but I will update here as soon as I find out.

Leave a Reply