2048 byte ICMP packets dropped

  • I have several small networks that are located remotely that connect via IPSec tunnels to our main network.

    My problem is that Windows XP uses a 2048 byte ICMP packet to determine link speed before applying Group Policy. If the packet is dropped, Group Policy does not apply. PfSense either blocks or drops these packets. I believe that it doesn't allow fragmented ICMP packets. Normal sized ping packets go through just fine.

    I do have a work around on the client side by applying a registry setting (PingBufferSize) on the clients, however, I would like to make the change on the pfSense box instead.

    Does anyone know how to allow this?

    I am using the 1.2.3 version.


Log in to reply