Hey everyone, I'm primarily a network guy but I've been dealing with some issues related to GRE tunnels and their impact on our Windows domain. I've set up these tunnels to connect buildings that need to advertise their subnets via OSPF. In particular, I've noticed that in two specific sites, we need to keep the MTU around 1376, which means the maximum segment size (MSS) can't exceed 1336. However, when I set the MSS on the computers to this size, they tend to fall off the domain and can't reconnect. When I redirect their traffic back to the physical links (where the MSS is higher at 1410), everything works fine, and they can join the domain without issues. I'm wondering what the acceptable MSS sizes are for Windows domains, as the problem persists even when I try increasing the MTU and MSS sizes; it seems that packets still fragment.
2 Answers
This might not directly answer your question, but it sounds like you could be running into issues with the ICMP "Fragmentation required" message being blocked. This could definitely lead to your connectivity problems.
Are you modifying the MTU or MSS on the Windows clients themselves? You might want to set it just on the tunnel or router side instead. Windows is pretty good at automatically adjusting the MSS for protocols like SMB, so this could help maintain your domain connections. By the way, when you mention clients "falling off the domain", can you clarify what that means?
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures