Increase max ICMP ping size

seank

I did a search for "increase max ping/ICMP size" but didn't come up with any answers.

I use to have an Astaro to strongSWAN IPSec tunnel. Now have an Astaro to pfsense  IPSec tunnel and the following problem came up.

I need to be able to do "large" pings(2048) over my VPN due to the way some Microsoft junk works.

thanks in advance

C:\Program Files\Support Tools>ping 192.168.5.1  -l 1024

Pinging 192.168.5.1 with 1024 bytes of data:

Reply from 192.168.5.1: bytes=1024 time=89ms TTL=63
Reply from 192.168.5.1: bytes=1024 time=90ms TTL=63
Reply from 192.168.5.1: bytes=1024 time=90ms TTL=63
Reply from 192.168.5.1: bytes=1024 time=90ms TTL=63

Ping statistics for 192.168.5.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 89ms, Maximum = 90ms, Average = 89ms
C:\Program Files\Support Tools>ping 192.168.5.1  -l 2048

Pinging 192.168.5.1 with 2048 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.5.1:
   Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

and strongSWAN

C:\Program Files\Support Tools>ping 192.168.20.1  -l 2048

Pinging 192.168.20.1 with 2048 bytes of data:

Reply from 192.168.20.1: bytes=2048 time=20ms TTL=63
Reply from 192.168.20.1: bytes=2048 time=37ms TTL=63
Reply from 192.168.20.1: bytes=2048 time=22ms TTL=63
Reply from 192.168.20.1: bytes=2048 time=35ms TTL=63

Ping statistics for 192.168.20.1:
   Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
   Minimum = 20ms, Maximum = 37ms, Average = 28ms

seank

$10 paid (paypal) to who ever can give me a definite answer.

eazydor

keep your money and buy ice for the kids..

If you experience packet loss only when using specific protocols (SMB, RDP, etc), you may need to reduce your WAN MTU. IPsec does not handle fragmented packets very well, and a reduced MTU will ensure that the packets traversing the tunnel are all of a size which can be transmitted whole. A good starting point would be 1300, and if that works, slowly increase the MTU until you find the breaking point, then back off a little from there.
from doc.pfsense.org

http://doc.pfsense.org/index.php/IPsec_Troubleshooting#Packet_Loss_with_Certain_Protocols

seank

Well how is it that I can ping well over ethernet's 1500 MTU with a strongSWAN–strongSWAN IPSec tunnel?

seank@mob-sean:/work/workspaceCDT/FreeEMS/freeems-vanilla$ ping -s 8000 192.168.20.1
PING 192.168.20.1 (192.168.20.1) 8000(8028) bytes of data.
8008 bytes from 192.168.20.1: icmp_seq=1 ttl=63 time=58.1 ms
8008 bytes from 192.168.20.1: icmp_seq=2 ttl=63 time=44.3 ms
8008 bytes from 192.168.20.1: icmp_seq=3 ttl=63 time=30.9 ms
8008 bytes from 192.168.20.1: icmp_seq=4 ttl=63 time=31.1 ms
8008 bytes from 192.168.20.1: icmp_seq=5 ttl=63 time=28.6 ms
^C
--- 192.168.20.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 28.623/38.642/58.148/11.205 ms
seank@mob-sean:/work/workspaceCDT/FreeEMS/freeems-vanilla$ ping -s 8000 192.168.5.1
PING 192.168.5.1 (192.168.5.1) 8000(8028) bytes of data.
^C
--- 192.168.5.1 ping statistics ---
19 packets transmitted, 0 received, 100% packet loss, time 18142ms
?
Thx!
Sean