Hello Everyone,
Please see the attached PDF for a the topology of this little network.
We have two sites, connected together using PPTP VPN and Mikrotik Routers. Everything seems to route fine, as i am able to access remote desktop and other services at Office A from Office B.
However i am not able to access the Netgear Readynas.
I can ping the device, When i enter the IP into the browser it even prompts me for a username and password, but the page never loads and i am unable to access the shares on the device.
Any thoughts please!
Network Storage over PPTP VPN
You do not have the required permissions to view the files attached to this post.
Re: Network Storage over PPTP VPN
My guess is your MTU set not set correctly for the tunnel. On the PPTP server make sure Change TCP MSS is enabled in the PPTP profile.
When the MTU is mismatched, smaller packets like RDP work fine, but large data packets (like SMB) can be dropped.
When the MTU is mismatched, smaller packets like RDP work fine, but large data packets (like SMB) can be dropped.
Re: Network Storage over PPTP VPN
I reconfigured the VPN, i am now using ipSec which is more secure.
Since i have done this, i can now access the web interface of the NAS, but still cannot access the shares. I guess the MTU could still be at fault, even with the different type of tunnel?
Thanks
Since i have done this, i can now access the web interface of the NAS, but still cannot access the shares. I guess the MTU could still be at fault, even with the different type of tunnel?
Thanks
Re: Network Storage over PPTP VPN
Any time you tunnel, the MTU changes.I reconfigured the VPN, i am now using ipSec which is more secure.
Since i have done this, i can now access the web interface of the NAS, but still cannot access the shares. I guess the MTU could still be at fault, even with the different type of tunnel?
Thanks
For example, the standard Ethernet MTU is 1500 bytes. PPTP tunnel has a maximum of 40 byte overhead associated with it, meaning the largest packet you can send through the tunnel is 1460.
PPPoE has an 8 byte overhead, which is why the MTU for most DSL connections is 1492 instead of 1500.
IPSec alone has a 48 byte header. Add 8-bytes if AES is used (16 byte IVs). If NAT-T is enabled, that adds another 8 bytes (UDP header). There is also a bit of padding in there to make it an even block size, leaving your maximum MTU at 1424 bytes for AES IPsec with NAT-T.
If you add L2TP, that eats up yet another 16 bytes. (down to 1410)
So at worst, L2TP over AES IPSec, with NAT-T, using a PPPoE DSL modem, the MTU is 1402.
IPv6 fixes this by making Automatic path discovery automatic and mandatory. Unfortunately for IPv4, it is only an optional thing that doesn't always work, which is why it is important to set your MTU properly on your links.
If you want to play with this yourself, you can do so with PING.
For windows, using Ping with -f (don't fragment) and -l <size> (payload size). The payload will be 28 bytes smaller than your MTU (20 byte IP header + 8 byte ICMP).
Code: Select all
C:\>ping -f -l 1472 4.2.2.1
Pinging 4.2.2.1 with 1472 bytes of data:
Reply from 4.2.2.1: bytes=1472 time=16ms TTL=53
Reply from 4.2.2.1: bytes=1472 time=15ms TTL=53
Reply from 4.2.2.1: bytes=1472 time=16ms TTL=53
Reply from 4.2.2.1: bytes=1472 time=15ms TTL=53
Ping statistics for 4.2.2.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 16ms, Average = 15ms
C:\>ping -f -l 1473 4.2.2.1
Pinging 4.2.2.1 with 1473 bytes of data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Ping statistics for 4.2.2.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),Who is online
Users browsing this forum: No registered users and 82 guests