Some time back, I helped a friend fix a VPN data transmission issue on Windows Mobile. I’d like to write it down for reference.
SYMPTOMS
An application on Windows Mobile 6.0 could transfer data to the server via TCP/IP, but failed to do so when connected via Vodafone’s VPN.
CAUSE
By default in Windows, Path Maximum Transmission Unit (PMTU) Discovery is enabled. When connect to network via VPN. The TCP maximum segment size (MSS) value returned by PMTU doesn’t count the the additional header added by VPN, so the size of the IP datagram exceed the maximum size allowed by the network routing path. And also when TCP segments are destined to a non-local network, the "do not fragment" bit is set in the IP header, as the result, the IP datagram cannot be fragmented then transferred.
RESOLUTION
- Change the MTU to 1460 recommended by Vodafone – MTU is configured in MTU registry value under HKEY_LOCAL_MACHINE\Comm\<Adapter Name>\Parms\Tcpip. See more details: TCP/IPv4 Configurable Registry Settings.
- Disable PMTU Discovery by setting registry value EnablePMTUDiscovery to 0 under HKEY_LOCAL_MACHINE\Comm\Tcpip\Parms. See more details: TCP/IPv4 and TCP/IPv6 Common Registry Settings.
MORE INFOMATION
There is a very good article on CISCO’s website about this: Resolve IP Fragmentation, MTU, MSS, and PMTUD Issues with GRE and IPSEC.
No comments:
Post a Comment