Tuesday, March 23, 2010

Data Transmission Issue over VPN

Some time back, I helped a friend fix a VPN data transmission issue on Windows Mobile. I’d like to write it down for reference.

SYMPTOMS

An application on Windows Mobile 6.0 could transfer data to the server via TCP/IP, but failed to do so when connected via Vodafone’s VPN.

CAUSE

By default in Windows, Path Maximum Transmission Unit (PMTU) Discovery is enabled. When connect to network via VPN. The TCP maximum segment size (MSS) value returned by PMTU doesn’t count the the additional header added by VPN, so the size of the IP datagram exceed the maximum size allowed by the network routing path. And also when TCP segments are destined to a non-local network, the "do not fragment" bit is set in the IP header, as the result, the IP datagram cannot be fragmented then transferred.

RESOLUTION

MORE INFOMATION

There is a very good article on CISCO’s website about this: Resolve IP Fragmentation, MTU, MSS, and PMTUD Issues with GRE and IPSEC.

No comments:

Post a Comment