General discussion

Locked

Correct MTU setting for VPN

By Eminent87 ·
What is the correct MTU for MS VPN server running on Windows 2000 server? I have configured MS VPN for Windows 2000 server with a single NIC and it didn't work too well at first (connection was dropping after 5-10 minutes, Outlook wouldn't work and terminal server doesn't work) but then I changed the MTU setting on the VPN server itself to 1300 and things got a lot more stable. Connection doesn't drop anymore, I can access all network resources and Outlook appears to be working now but Terminal Server refuse to work. When I try to connect to terminal server, a login window would come up but then I can't see anything. It remains black for about a minute then it gives me an error saying cannot connect due to network error.

I tried setting the MTU 1400, 1200, 1100 and 1000 but 1300 seems to be the best so far because Outlook doesn't time out. Can someone offer me some suggestions as to what I can do or change to improve the performance of my VPN? Would software compression on the RRAS have anything to do with this?

This is not a firewall issue since I have opened all VPN ports (1723, 47 and 3389).

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Pocono In reply to Correct MTU setting for V ...

Although tedious, manually adjusting the MTU by trial and error testing is the best method. You will change the MTU and test the VPN for connectivity then adjust the MTU to the largest size possible that works.

The MTU size of a network adapter can be changed in one of two ways:

1) Locate the Windows registry key associated with the adapter and manually change the key.
2) Use a third party application (such as DrTCP) with a GUI interface.

Finding the Correct MTU for a VPN using DrTCP

Step 1
Dowload DrTCP and open the application. Select the proper VPN network adapter from the pull down menu and change the MTU to 1400 bytes. Important Note: There may be more than one network adapter showing in the pull down menu for your PC. You must make sure you change the MTU on the correct network adapter associated with your VPN client. If there is any doubt as to which adapter is the correct one change the MTU on all adapters. Restart your PC. The changes will not be set unless your completely restarted your PC.

After the PC has restarted, open a VPN session and test your connectivity to the server as well as any applications.

If your VPN works correctly at 1400 bytes
Repeat Steps 1 and 2 but increase your MTU to 1420 bytes. Continue to repeat Steps 1 and 2 (increasing your MTU by 20 bytes each time) until your VPN does not function correctly and back the MTU down to the last known fully functional MTU size. Remember you must restart the PC after every MTU change.

If your VPN does not work correctly at 1400 bytes
Repeat Steps 1 and 2 but decrease your MTU to 1380 bytes. Continue to repeat Steps 1 and 2 (dropping your MTU by 20 bytes each time) until your VPN functions correctly. Remember you must restart the PC after every MTU change.

Important Notes
If you have a network with more than one computer, all NICs, adpaters, and router(s) should have the same MTU setting.

Collapse -

by Eminent87 In reply to

Poster rated this answer.

Collapse -

by Eminent87 In reply to Correct MTU setting for V ...

This question was closed by the author

Back to Networks Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums