I’ve been having trouble with a Windows 7 client connecting to a PPTP VPN endpoint on Mac OS X 10.6 (Snow Leopard) Server. The client authenticates just fine, and can access resources on the LAN, but connections time out when connecting to remote servers.
The simple solution was to configure the VPN client to only tunnel LAN traffic through the VPN, but that undermined one or our reasons for having a VPN: Securing connections from public WiFi hotspots.
For a long time, I assumed the problem had something to do with the routing, but after an hour or two with a packet sniffer hooked to the server, I discovered that TCP sockets to the problematic servers were being established, and, often, significant amounts of traffic were being passed back and forth. I also noticed that the conversations were interspersed with packet fragmentation errors.
Ah Hah! Something must be screwy with negotiation of the MTU. With a little digging, I found some instructions for adjusting the MTU, which I’ll summarize here:
- Click the start menu, search for “cmd.exe,” right-click the search result, and choose to run as administrator. Answer yes to the security warning prompt.
- Connect to the VPN in question.
- Run “netsh interface ipv4 show subinterfaces“
- Make note of the name of the listed connection name (it should be the same name as the VPN connection entry you used to connect to the network)
- Run “netsh interface ipv4 set subinterface “[CONNECTION NAME]” mtu=1100” Substituting the name of your connection for [CONNECTION NAME], you can try different values for the MTU, in my case, it defaulted to 1200.
- Check that the change was made “netsh interface ipv4 show subinterfaces“
- Restart your computer.
I’ve been trying to get my wife’s Vista machine to connect to my MacMini server for 3 weeks, it’s been connecting to the VPN OK, but then unable to access the internet after that. After reading this post, I checked the MTU on Mac for the VPN connection and it was set at 1280. Changing the Vista machine to use MTU of 1200 seems to have done the trick! Thanks!
I’m glad it was helpful, Ken.
THANKS for the tips! I had this problem for months. MTU of 1200 worked for me too! However, is there a way to change the MTU on the OSX server? so i dont have to do this for every windows client.