ndiswan,pppoe,mtu(转)

If your ISP requires a maximum PPPoE MTU size of less than the default
1,480 bytes, you can add some registry entries to change it.

NOTE: DO NOT set the MTU size lower than 1,400.

NOTE: Changing the MTU size using the Value Names in this tip will
affect all RAS connections except PPTP (Point-to-Point Tunneling
Protocol) and L2TP (Layer 2 Tunneling Protocol).

To set the PPPoE MTU size:

1. Use the Registry Editor to navigate to:

HKEY LOCAL MACHINE\\System\\CurrentControlSet\\Services\\Ndiswan\\Parameters.


2. Add the following REG-DWORD data types:

      ProtocolType Set to 0x0800 using the Hexadecimal Radix.
      PPPProtocolType     Set to 0x21 using the Hexadecimal Radix.
      ProtocolMTU Type the PPPoE MTU size, using the Decimal Radix.


3. Exit the Registry Editor.


--
Jose Manuel Tella Llop ?
MS MVP - DTS
jmtella@mvps.org

不过偶想来想去,还是决定mtu+分段.

In NT registry, go to:
 HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NdisWan(n)\\
  Paramters\\TCPIP

and add MTU value as a REG_DWORD number.  Values range from 68 and up.

Note that NT will autodiscover this value, so the value you enter may
not be used if some router along your path sets a smaller value.

可能意思是最少也得有68(是十六进制还是10时制,hoho)

所有留言及回应
Message 1 in thread
寄件者：Necro (necro@hell.net)
主旨：Win98 DSL service MTU size
新闻群组：comp.os.ms-windows.networking.misc, microsoft.public.win98.networking
View this article only
日期：2000-09-26 19:24:03 PST
 

Hi,
I have recently subscribed with DSL in Canada and first problems poped up.
First of all, I use my DSL mainly for d/l and gaming. I cant play any games
lately because my latency is so high I get kicked out of all places (such as
MSG zone, etc). I tried technical help at DSL, but they had no answer. I
dont use a firewall when I try to play and all the settings are the same as
they were when I succesfully played over dial up just a few days ago. From
all the people I asked I got 1 reason why things are not right: pocket size.
Tech support at DSL said Bell Canada\'s network cant handle 1496 MTU so it
might lag me. They told me to d/l a proggie EasyMTU and run it to find
correct value for my connection (they also told me they use a proxy server -
that was the reason why I could not browse). EasyMTU says 1454 is the best
bet, but when I ping in windows prompt with \'ping -f -l 1454 www.dsl.ca\' it
comes back with \'Packet needs to be fragmented but DF set\'. I found it
EasyMTU pings netscape site and gets the value and I\'m ping my provider and
I get an error.... what\'s the deal here? I mean the provider gets the
request first, so how come I get these values?

Another question is: how does a packet size affect my connection? Will
setting it to, say 548 MTU, and letting it go mean my connection is slower
than 1496 MTU? Where is the point of \"diminishing returns\" for DSL
connection and pocket size?

Please help I have no other place to direct my questions to anymore :(

P.S. if You want to reply through email, use Bprem_c@hotmail.com after
removing\"B\".
Message 2 in thread
寄件者：Maurice Valmont (MauriceV@bellsouth.net)
主旨：Re: Win98 DSL service MTU size
新闻群组：comp.os.ms-windows.networking.misc, microsoft.public.win98.networking
View this article only
日期：2000-10-02 11:47:25 PST
 

On Wed, 27 Sep 2000 02:24:00 GMT, \"Necro\" <necro@hell.net> wrote:

>I have recently subscribed with DSL in Canada and first problems poped up.
>First of all, I use my DSL mainly for d/l and gaming. I cant play any games
>lately because my latency is so high I get kicked out of all places (such as
>MSG zone, etc). I tried technical help at DSL, but they had no answer. I
>dont use a firewall when I try to play and all the settings are the same as
>they were when I succesfully played over dial up just a few days ago. From
>all the people I asked I got 1 reason why things are not right: pocket size.
>Tech support at DSL said Bell Canada\'s network cant handle 1496 MTU so it
>might lag me. They told me to d/l a proggie EasyMTU and run it to find
>correct value for my connection (they also told me they use a proxy server -
>that was the reason why I could not browse). EasyMTU says 1454 is the best
>bet, but when I ping in windows prompt with \'ping -f -l 1454 www.dsl.ca\' it
>comes back with \'Packet needs to be fragmented but DF set\'. I found it
>EasyMTU pings netscape site and gets the value and I\'m ping my provider and
>I get an error.... what\'s the deal here? I mean the provider gets the
>request first, so how come I get these values?
>
>Another question is: how does a packet size affect my connection? Will
>setting it to, say 548 MTU, and letting it go mean my connection is slower
>than 1496 MTU? Where is the point of \"diminishing returns\" for DSL
>connection and pocket size?
>
>Please help I have no other place to direct my questions to anymore :(
>
>P.S. if You want to reply through email, use Bprem_c@hotmail.com after
>removing\"B\".

Hmmmm... Where I\'m from we have saying, \"you can hear the bell ring
but you don\'t know where it is\" - which in this context basically
means you know just enough about DSL and related matters to get
REALLY, REALLY confused. (I\'m not trying to insult you; I\'m annoyed
with ISPs who don\'t bother to explain anything to their customers.)

For one thing, you seem to confuse MTU and RWIN size. RWIN is the
important one.

MTU is the size of the Maximum Transmission Unit, which for DSL should
be between 1400 and 1500. (EasyMTU is most probably giving you bad
advice, but more about that in a moment.)

The RWIN (Receive Window) size essentially determines how many packets
are sent before the sender requires an acknowledgement. In Windows
9x/NT, the default RWIN is 8K; in Win2K it is 16K (bytes, not
packets), which is fine for dial-up modems and high-speed networks
with low latency (your average LAN, for instance). Over the Internet
these values are just not high enough.

I have a 1.5 mbps (million bits per second) DSL connection. Say I
begin to download a file off of a server on the Internet, and
conditions between the server and my machine are such that the file
can be transferred at 1.0 mbps. If my machine uses an RWIN of only 8K,
the server will transmit roughly 8K (actual size depending on my MTU)
in about 65 milliseconds, which is much less than the average latency
involved in file transfer over the Internet. This means that by the
time the server finishes transmitting the last byte of the 8K block,
the first byte hasn\'t yet made it to my machine. This in turn means
that there will be extended periods where nothing happens, with either
the server or my machine (or both) doing nothing, simply waiting for
data (or acknowledgements) to arrive.

If we choose an RWIN size of 32K or 64K, the server and my machine
will both be kept busy. While the server is still in the process of
transmitting enough packets to make up 32 or 64 K, my machine will
already be receiving and acknowledging data, and so the process
continues largely uninterrupted. With a too-small RWIN size, on the
other hand, you\'re at the mercy of Internet latency. The greater the
latency between your machine and a games server, the more pauses there
will be. (You can measure latency by pinging the relevant server, by
the way, or by using traceroute).

So, how do we change RWIN? Use REGEDIT to open the system registry.

For Windoze 95/98, open the key

HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\VxD\\MSTCP

and see whether there is a value for \'DefaultRcvWindow\' (your machine
probably doesn\'t have one). If there isn\'t, right click in the pane on
the right and select New | String Value. Enter \'DefaultRcvWindow\'
(without the quotes) as the name. Now right-click on the new value and
select Modify. Enter 32767 for Win95 or 65535 for Win98.

For WinNT/Win2K open the key

HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Tcpip\\Parameters

and look for (or create) a DWORD value named TcpWindowSize. Modify
this value to be 65535.

Reboot to make the changes take effect.

Before you make the changes, go to http://speedtest.mybc.com and
select the 1 MB test. Run the test three times and record your results
(we\'re only interested in the measured speed). Now make the changes,
then go run the speedtest again (three times, to be sure you\'re not
just unlucky). You should see a substantial improvement.

About MaxMTU: Computer users should follow the advice of their ISP on
whether to modify the size of the Maximum Transmission Unit on their
computer. Since such advice is usually not forthcoming, I can tell you
how to determine the appropriate MTU for your ISP. Choosing the right
MTU size for ones ISP is important, because: (1) Too small an MTU size
will slow transfers down, because each packet carries \"overhead\"
(information about what the packet contains), and the more packets,
the more overhead - and therefore the less room for actual data. (2)
Too large an MTU results in fragmentation, any router that cannot
handle a packet of that size will cause the packet to be broken up
into several smaller packets, many of which will be \"padded\" with
nonsense data (to fill them up to the required size), again wasting
bandwidth (information transfer capability).

To avoid unnecessary overhead, thereby optimizing data throughput, use
ping to determine the appropriate MTU for your ISP. (Since all data
has to pass through your ISP\'s computers on their way to other
servers, the maximum MTU handled by your ISP\'s routers affects
everything else. You can send 1500 octet (byte) packets to various
servers all day long - if your ISP\'s routers only handle 1000 octet
packets, the Internet servers will only receive 1000 octet packets.
(The ISP\'s routers will break every 1500 octet packet down into two
1000 octet packets, the second of which will be padded. Terrible waste
of bandwidth.)

Open a DOS Prompt window, then enter:

ping -f -l [packetsize] [www.yourisp.com]

without the square brackets, of course, and replacing the word
packetsize with an actual value. Start with 1500, then work your way
down. The largest packet size that does not result in the error
message

\"Packet needs to be fragmented, but DF set\"

is either your ISP\'s MTU, or their MTU-28 (excluding the header),
depending on how the server is set.

Use the following table to interpret the number you received and
determine your ISPs MTU:

LNFV=largest non-fragmented value

MTU=your ISP\'s MTU (what you should use), LNFV+28


LNFV MTU DESCRIPTION
1472 1500 Often used for Ethernet
1468 1496 Ethernet standard is 1496, 1500 used for simplicity
1464 1492 Largest possible MTU on PPPoE connections
548 576 widely used for dial-up modems

If you get some other number, either use 1500 or the number you got,
or number+28. You might want to check your Registry, your own MaxMTU
setting could be the limiting factor if it is set too low.

To set MaxMTU, open the system registry and navigate to

HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Class\\NetTrans

where you will find a bunch of numbered entries, some (or at least
one) of which are for TCP/IP (for these, the DriverDesc value will be
\"TCP/IP\".

If you add the MaxMTU value to all \"000n\" folders with \"TCP/IP\" to the
DriverDesc setting, chances are you will slow down your dial-up modem
connection a bit ( since its optimal MaxMTU is still 576, rather than
1500 ).  

In order to determine which is the right one for entering the MaxMTU
value, you can use anyone of the following methods:

1. Open the registry and navigate to
HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Class\\NetTrans\\000n\\Ndi

You can modify the \"HelpText\" value to be any text value you wish. If
you give each 000n folder a unique \"HelpText\" value, you can then
distinguish between them all when you go to Network Properties and
check the Description field for each TCP/IP binding.

2. Right-click on \"Network Neighborhood\" and choose \"Properties\". Find
TCP/IP that\'s bound to the DSL (or cable) modem. If it has a static IP
address, you can look for that under

HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Class\\NetTrans\\000n

When you look in the right \"000n\" folder you will find a string value
called \"IPAddress\" with the same IP assigned to it. At this point, you
can add MaxMTU only to that folder.

If you have multiple NICs bound to TCP/IP, you might want to add
MaxMTU to them as well, that way your LAN will benefit from the
tweaks, too.

Note: If you are experiencing problems such as your browser stopping
in the middle of a page, an MTU value of 576 might fix the problem.

Good luck.
 


?2002 Google

If your ISP requires a maximum PPPoE MTU size of less than the default
1,480 bytes, you can add some registry entries to change it.

NOTE: DO NOT set the MTU size lower than 1,400.

NOTE: Changing the MTU size using the Value Names in this tip will
affect all RAS connections except PPTP (Point-to-Point Tunneling
Protocol) and L2TP (Layer 2 Tunneling Protocol).

To set the PPPoE MTU size:

1. Use the Registry Editor to navigate to:

HKEY LOCAL MACHINE\\System\\CurrentControlSet\\Services\\Ndiswan\\Parameters.


2. Add the following REG-DWORD data types:

      ProtocolType Set to 0x0800 using the Hexadecimal Radix.
      PPPProtocolType     Set to 0x21 using the Hexadecimal Radix.
      ProtocolMTU Type the PPPoE MTU size, using the Decimal Radix.


3. Exit the Registry Editor.


--
Jose Manuel Tella Llop ?
MS MVP - DTS
jmtella@mvps.org

 

另我奇怪的是，一般pppoe driver都作了修改mtu的工作，
因为pppoe是工作在以太网卡上的，所以这并不困难。

不过这个方法似乎方法不同，直接修改了ndiswan的这个参数，
我这里想给出另外一个方法：

HKLM\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\<interface-name>

Data type Range Default value
REG_DWORD  0x44 - Dynamically determined MTU (in bytes) | 0xFFFFFFFF  0xFFFFFFFF  

如果是0xffffffff，那么tcp使用从miniport adapter 返回的
值，如果设置，那么就用设置的参数覆盖。0x44=68，
这个数据和sirroom给出的一样。


我最后想问问sirroom的是，你用过这个方法测试过吗？
通过猫拨号，然后浏览一个大网页，例如包括一个jpg的
网页，抓包看看mtu真的被修改了吗？

我很关注此事，因为这里面提到的3个参数，我查遍了我
手头上的所有资料都没有找到。

还有，这篇文章的出处是否能够给出？我和想看看完整的
这篇文章。

[quote]If your ISP requires a maximum PPPoE MTU size of less than the default
1,480 bytes, you can add some registry entries to change it.

NOTE: DO NOT set the MTU size lower than 1,400.

NOTE: Changing the MTU size using the Value Names in this tip will
affect all RAS connections except PPTP (Point-to-Point Tunneling
Protocol) and L2TP (Layer 2 Tunneling Protocol).

To set the PPPoE MTU size:

1. Use the Registry Editor to navigate to:

HKEY LOCAL MACHINE\\System\\CurrentControlSet\\Services\\Ndiswan\\Parameters.


2. Add the following REG-DWORD data types:

      ProtocolType Set to 0x0800 using the Hexadecimal Radix.
      PPPProtocolType     Set to 0x21 using the Hexadecimal Radix.
      ProtocolMTU Type the PPPoE MTU size, using the Decimal Radix.


3. Exit the Registry Editor.


--
Jose Manuel Tella Llop ?
MS MVP - DTS
jmtella@mvps.org

 

另我奇怪的是，一般pppoe driver都作了修改mtu的工作，
因为pppoe是工作在以太网卡上的，所以这并不困难。

不过这个方法似乎方法不同，直接修改了ndiswan的这个参数，
我这里想给出另外一个方法：

HKLM\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\<interface-name>

Data type Range Default value
REG_DWORD  0x44 - Dynamically determined MTU (in bytes) | 0xFFFFFFFF  0xFFFFFFFF  

如果是0xffffffff，那么tcp使用从miniport adapter 返回的
值，如果设置，那么就用设置的参数覆盖。0x44=68，
这个数据和sirroom给出的一样。


我最后想问问sirroom的是，你用过这个方法测试过吗？
通过猫拨号，然后浏览一个大网页，例如包括一个jpg的
网页，抓包看看mtu真的被修改了吗？

我很关注此事，因为这里面提到的3个参数，我查遍了我
手头上的所有资料都没有找到。

还有，这篇文章的出处是否能够给出？我和想看看完整的
这篇文章。



 [/quote]

 我考，等我发完这个贴子返回之后，我就看到了sirrom的
新贴子，完整的文章已经贴出，我变成了一个...

偶看到几个相关贴子本来想一次贴出的,后来为了灌水于是......
不过我是没有测过.还可以来个更完整的.hoho

所有留言及回应
Message 1 in thread
寄件者：pcguys@cyberdude.com (pcguys@cyberdude.com)
主旨：VPN Clients Can Ping, Can\'t Browse . . .
新闻群组：comp.dcom.vpn
View this article only
日期：2000/07/26
 

Hi!

My VPN Clients Can Ping by name & ip, but can\'t Browse, or access
\\\\computername  :-<

In fact, from a win98 client dos box, a net view reports \"Error 6118:
The computer(s) sharing resources in this workgroup cannot be located.\"

My NT4 PDC & DHCP servers are on private 192.x.x.x addresses.
My DNS/WINs server is on a public 208.x.x.x address.
My new W2K VPN server is on a public address 208.x.x.x
The only multi-homed machine is my NT4 MS Proxy Server 2.0 (two NICs
208 & 192)

I setup my W2K VPN RRAS server to hand out public 208 addresses.

When I tried handing out 192 addresses, the clients could ping each
other (if two were on at the same time), but not any routers or other
servers. I guess this is because the VPN server is on a 208 address and
can\'t hand out 192 addresses.

My win98 clients, across the internet do get the 208 addresses, as
evidenced by I winipcfg. Winipcfg does show the wins & dns servers in
the client config (I hard coded the dns & wins in the win98 client
config, and had the clients get their IP from the server)

With the 208 addresses, the VPN clients can ping by name & number, but
can\'t \\\\computername or browse network neighborhood.

I considered moving the VPN server to a private IP address, behind our
NT4 Microsoft Proxy Server 2.0, but could not find any specifics on how
to setup the proxy client wspcfg.ini file (it needs the exe name, path,
and port).

I\'ve added my WINs ip in the vpn dun properties, and also in tcp/ip
properties for the vpn adapter.


In Microsoft Networking, I made sure my domain was the entered, and
checked \"logon network\"
Please help! (This is driving me nutz!)

Also, if I ever get this working,
Is it bad to have our VPN clients use Public IP addresses?

My Config:
------------

My W2K VPN server is configured as follows:
VPN local properties | general tab | Router is checked. \"Local area
network LAN routing only\" is selected. Remote is checked.

IP tab | \"enable ip routing\" is checked. \"allow ip based remote access
and demand dial\" is checked.

Netbeui tab | \"allow netbeui based remote access to entire network\" is
checked.

Under IP Routing, General tab | \"enable ip router manager\" is checked.
\"enable router discovery advertisements\" is checked.

No static routes are defined.

Under IGMP, general tab, \"enable IGMP\" is checked.

I\'ve enabled IP forwarding and routing on the VPN server.

Any and All thoughts would be very much appreciated!

Thanks!
Mike
pcguys@cyberdude.com


Sent via Deja.com http://www.deja.com/
Before you buy.
Message 2 in thread
寄件者：James Lerch (Jlerch1@tampabay.rr.nospam.com)
主旨：Re: VPN Clients Can Ping, Can\'t Browse . . .
新闻群组：comp.dcom.vpn
View this article only
日期：2000/07/27
 

Hey Mike,  

Finally got mine to work :)  

Lets see if anything I did, can help you.

Since Ping by name works, Routing and WINS are ok.  However there could be a
problem with Packet size, which I found was my problem.  To test do the
following pings from Host to client and Vice-versa. (were using -f to force no
fragmenting, and -l to indicate packet payload size. also note that -l is \"Minus
EL\")

client@ c:\\>ping -f -l 1500 \"server ip\" (should reply needs fragmenting)
client@ c:\\>ping -f -l 1472 \"server ip\" (should reply needs fragmenting)
client@ c:\\>ping -f -l 1400 \"server ip\" (should reply needs fragmenting)
client@ c:\\>ping -f -l 1372 \"server ip\" (should get reply)

Then do same thing where server pings client. You should get Either \"needs
fragmenting or a reply\"!  If you get CONSITENT timeouts you have an Ip MTU
problem.  In my case the pings from client to server worked but from server to
client the pings fo 1472 and 1400 just timed out.

I imagine you will have same results, if so GOTO
http://support.microsoft.com/support/kb/articles/Q183/2/29.ASP
and add the registry setting per instructions, using MTU size of 1400, Reboot,
reconect, and see if it works.  IF IT DOES, please let us know, as it did not
work for me.

If adding the registry entried pes the above page, and pings from server to
client still fail for payloads of 1472 & 1400 then try my workaround:

In each NdisWan adapter in:
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NdisWan\'XX\']

And under [\\Parameters\\Tcpip] add Dword MTU = 1400 Decimal

This finally got Netbios mappings and file transfers to work me ;)

For network neighborhood browsing, check the registry for:
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RemoteAccess\\Parameters]
\"NetBiosGatewayEnabled\"=dword:00000000  <- change to 00000001 if \"0\"

And give it some time (took >15mins before things started showing up...

Good Luck, and let us know of your progress, or lack there of ;)
James



On Wed, 26 Jul 2000 18:05:57 GMT, pcguys@cyberdude.com wrote:

>Hi!
>
>My VPN Clients Can Ping by name & ip, but can\'t Browse, or access
>\\\\computername  :-<
>
>In fact, from a win98 client dos box, a net view reports \"Error 6118:
>The computer(s) sharing resources in this workgroup cannot be located.\"
>
>My NT4 PDC & DHCP servers are on private 192.x.x.x addresses.
>My DNS/WINs server is on a public 208.x.x.x address.
>My new W2K VPN server is on a public address 208.x.x.x
>The only multi-homed machine is my NT4 MS Proxy Server 2.0 (two NICs
>208 & 192)
>
>I setup my W2K VPN RRAS server to hand out public 208 addresses.
>
>When I tried handing out 192 addresses, the clients could ping each
>other (if two were on at the same time), but not any routers or other
>servers. I guess this is because the VPN server is on a 208 address and
>can\'t hand out 192 addresses.
>
>My win98 clients, across the internet do get the 208 addresses, as
>evidenced by I winipcfg. Winipcfg does show the wins & dns servers in
>the client config (I hard coded the dns & wins in the win98 client
>config, and had the clients get their IP from the server)
>
>With the 208 addresses, the VPN clients can ping by name & number, but
>can\'t \\\\computername or browse network neighborhood.
>
>I considered moving the VPN server to a private IP address, behind our
>NT4 Microsoft Proxy Server 2.0, but could not find any specifics on how
>to setup the proxy client wspcfg.ini file (it needs the exe name, path,
>and port).
>
>I\'ve added my WINs ip in the vpn dun properties, and also in tcp/ip
>properties for the vpn adapter.
>
>
>In Microsoft Networking, I made sure my domain was the entered, and
>checked \"logon network\"
>Please help! (This is driving me nutz!)
>
>Also, if I ever get this working,
>Is it bad to have our VPN clients use Public IP addresses?
>
>My Config:
>------------
>
>My W2K VPN server is configured as follows:
>VPN local properties | general tab | Router is checked. \"Local area
>network LAN routing only\" is selected. Remote is checked.
>
>IP tab | \"enable ip routing\" is checked. \"allow ip based remote access
>and demand dial\" is checked.
>
>Netbeui tab | \"allow netbeui based remote access to entire network\" is
>checked.
>
>Under IP Routing, General tab | \"enable ip router manager\" is checked.
>\"enable router discovery advertisements\" is checked.
>
>No static routes are defined.
>
>Under IGMP, general tab, \"enable IGMP\" is checked.
>
>I\'ve enabled IP forwarding and routing on the VPN server.
>
>Any and All thoughts would be very much appreciated!
>
>Thanks!
>Mike
>pcguys@cyberdude.com
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
Message 3 in thread
寄件者：pcguys@cyberdude.com (pcguys@cyberdude.com)
主旨：Re: VPN Clients Can Ping, Can\'t Browse . . .
新闻群组：comp.dcom.vpn
View this article only
日期：2000/07/27
 

Hi!

I\'m getting much closer.  I decided to add a 2nd NIC to my VPN server
(one public, one private). I am now dispensing private (backbone) IP
addresses.

I enabled all kinds of \'discover routes\' and other options with which
I\'m not familiar.  Having made so many changes to the vpn server and
laptop, I discovered a major oversight:

Somehow, I didn\'t add back the NETBEUI after I deleted all network
adapters on my win98 laptop. So, even though I checked off NETBEUI in
the DUN properties, it wasn\'t bound to the vpn adapter.  Boy, do I feel
stupid :-<

As for Network Neighborhood,  my laptop sometimes sees 11 of the 17 NT
servers, sometimes none. I\'m not sure what the 11 servers have in
common. All our NT servers are on our token ring backbone.  I\'m
dispensing backbone IP addresses to my clients.

Once this becomes more stable, I want to remove the private NIC from
the VPN server, dispense public IP addresses to the clients, and see if
it still works.

Browsing our netware tree works great; I really like the \"Service for
Netware Directory Services\" - very reliable!

Thanks for all your tips and packet info, I\'ve saved this thread for
future reference!

-Mike




Sent via Deja.com http://www.deja.com/
Before you buy.
 


?2002 Google

这个意思基本上是一样的.hehe

对了,偶主要是在这里看的这些东东
comp.dcom.vpn

再来一个
  
新闻群组    
 高级群组搜寻      
  
  
Groups search result 8 for ndiswan mtu size

Search Result 8
寄件者：Sky ADSL Administrator (Darren.Millett@SkyTechnologies.com.au)
主旨：Re: Win XP and dial-up MTU - Solved
新闻群组：bigpond.broadband.tech.lans
View: (This is the only article in this thread) | Original Format
日期：2001-12-15 22:14:16 PST
 

And the magical answer is... contained in Microsoft Note Q283165.  Don\'t be
fooled by the heading.  It applies to ALL dialup protocols except the
tunneling protocols, and is not just for PPPoE.  See the instructions which
I\'ve copied below, or refer to the microsoft site.

There are other misleading notes around, which don\'t appear to have an
effect in NT for dial-up links.  Namely, setting the MTU registry keyword
for a dial-up adapter appears to have no effect.  Also, switching off PMTU
discovery is hinted to force a default MTU of 576.  This also has no effect.

When I applied the following, there was no \\Protocols\\0 keys in the
registry, presumably since I haven\'t installed PPPoE.  Just create the
required keys.

Note:  You will only need this if you are dialing into a network from an XP
machine, where that network then uses a smaller MTU to connect to the
internet.  Win 98 etc. aqll use a lower fixed MTU for dial-up connections.
----------------------------------------------------------------------------
--
To modify the MTU size:

1. Start Registry Editor (Regedt32.exe).

2. Locate and click the following key in the registry:

   HKEY_LOCAL_MACHINE\\System\\Ccs\\Services\\Ndiswan\\Parameters\\Protocols\\0

3. On the Edit menu, click Add Value, and then add the following registry
  values:

    - Value name: ProtocolType
     Data Type: REG_DWORD
     Value Data: 0x0800

    - Value name: PPPProtocolType
     Data Type: REG_DWORD
     Value Data: 0x0021

    - Value name: ProtocolMTU
     Data Type: REG_DWORD
     Value Data: Enter the appropriate MTU size (decimal value)

4. Quit Registry Editor.

NOTE: When you change these parameters, you change the MTU size of all
Remote
Access Service connections, except for Point-to-Point Tunneling Protocol
(PPTP)
and Layer Two Tunneling Protocol (L2TP) connections.


Darren

\"Sky ADSL Administrator\" <Darren.Millett@SkyTechnologies.com.au> wrote in
message news:3c18283d@skynet1.intranet.skytechnologies.com.au...
> Agreed.  And I\'m just a tad peeved that M$ appear to have changed that in
> XP, with no way to override the new default!
>


--------------------------------------------------------------------------------
  

?2002 Google

学习