星期四 2008年07月10日 升级导致vpnclient问题以及解决方案
最近升级了系统,vpnclient就不工作了。总是停在Authenticating user.Negotiating security policies.
花了点时间终于找到了原因,原来是MTU太小了。不知道什么原因我的无线路由的dhcp服务总是返回一个很小的mtu 576。我可以手工将网卡的mtu设成以太网卡缺省的1500。改之后vpnclient就好了。可以用这个命令来改:
ifconfig eth0 mtu 1500
如下步骤可以使每次系统启动时都自动使用1500作为mtu。
1. 网卡启动前设置mtu为155
在/etc/network/interfaces 中 iface eth0 inet dhcp的后面加入这行:
pre-up /sbin/ifconfig $IFACE mtu 1500
如果你使用的固定ip就更简单了。你可以直接在iface eth0 inet dhcp下面加入mtu 1500。你也可以跳过下面的步骤。
2. 避免dhcp设置mtu
在/etc/dhcp3/dhclient.conf中找到request列表,删除其中的interface-mtu.
改之前:
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
netbios-name-servers, netbios-scope, interface-mtu;
改之后:
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
netbios-name-servers, netbios-scope;
重启。OK了。
Technorati Tags: vpn, cisco, vpnclient, mtu, dhcp [Read More]
My Tags: cisco
( 2008年07月10日, 09:32:05 下午 CST ) [Listen] Permalink 评论 [0]
vpnclient issues caused by small mtu
I upgraded my system to the last version. Then the vpnclient stop work. It will failed at Authenticating user.Negotiating security policies. I spent some time fighting on it. I found out if caused by the small MTU of my interface.
For some reason my wireless router's dhcp server return a very small mtu 576. I can make vpnclient work my manual increase the mtu value to the general ethernet interface mtu 1500 by:
ifconfig eth0 mtu 1500
And I changed the following settings to set the interface mtu to 1500 at system boot.
1. set mtu to 1500 before interface up
add the following to /etc/network/interfaces after iface eth0 inet dhcp:
pre-up /sbin/ifconfig $IFACE mtu 1500
If you are using static ip instead of dhcp you can direct put mtu 1500 bellow your iface line. And you can skip next step.
2. Avoid dhcp client set the interface mtu
Find the following line in /etc/dhcp3/dhclient.conf and remove interface-mtu.
Before modify:
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
netbios-name-servers, netbios-scope, interface-mtu;
After modify:
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
netbios-name-servers, netbios-scope;
That's all. Try it if you have this issue too. And please kindly let me know whether it works for you.
Thanks
Technorati Tags: vpn, cisco, vpnclient, mtu, dhcp
My Tags: cisco
( 2008年07月10日, 09:30:13 下午 CST ) [Listen] Permalink 评论 [0]