MashaCPA
asked on
Net Terminals are having connection problems with SCO after lowering MTU on the host
We use Net Terminals 200 to connect to a SCO OpenServer Release 5 host. For purposes of one application, I had to lower the MTU on the host to below 1400. After that, sometimes Net Terminals have problem logging in (they freeze); sometimes they can log in, but some functionality in the software is limited; and sometimes only black-and-white connection is available.
I set up one Windows PC to connect via telnet to the SCO server, and that connection is working fine. I am remote from that business location and not familiar with net terminals very much. What is wrong with them, and can it be corrected?
I set up one Windows PC to connect via telnet to the SCO server, and that connection is working fine. I am remote from that business location and not familiar with net terminals very much. What is wrong with them, and can it be corrected?
ASKER
How do I change the MTU on net terminals? Do I telnet to them in the same way I telnet to the host?
Yes, the application works over a VPN, and large packets would not go through.
Yes, the application works over a VPN, and large packets would not go through.
I'm not sure. You may need to set the default MTU back to 1500 or 1492 which ever you were using.
What you may want to try it set a route specific MTU for the other side of the VPN. I am assuming Unix can do this and it would be something like
route add -net x.x.x.x/yy gw a.a.a.a MTU 1400
Where x.x.x.x/yy is the ip subnet and mask that is the target and a.a.a.a is the router. I know you can do this in Linux and so I am assuming you can do this in Unix.
What you may want to try it set a route specific MTU for the other side of the VPN. I am assuming Unix can do this and it would be something like
route add -net x.x.x.x/yy gw a.a.a.a MTU 1400
Where x.x.x.x/yy is the ip subnet and mask that is the target and a.a.a.a is the router. I know you can do this in Linux and so I am assuming you can do this in Unix.
ASKER
I do not manage the other side of VPN - it is at the software company site. I was advised to change MTU on the originating side.
This would be a change on your side. You need to lower the MTU you use when sending data to them. Or they need to lower the MSS they advertise to you.
ASKER
You mean to add the route on the SCO host?
Yes. You may need to verify that SCO supports this. Athough Linux is Unix like, its not Unix. Although Unix is Unix, not all Unix's are the same.
So SCO may or may not support setting route based MTU sizes.
Even doing that will not change the MTU that the remote side uses. They may need to do the same thing.
Typically it is a bad id to change a hosts MTU to support VPN setups because it normally causes local problems, as you have found.
What are you using for the VPN connectivity? You might be able to configure it to handle the MTU issue.
So SCO may or may not support setting route based MTU sizes.
Even doing that will not change the MTU that the remote side uses. They may need to do the same thing.
Typically it is a bad id to change a hosts MTU to support VPN setups because it normally causes local problems, as you have found.
What are you using for the VPN connectivity? You might be able to configure it to handle the MTU issue.
ASKER
Our VPN is managed by the ISP, so we have no access to configuration. Between the ISP and the software company, they came up with the solution to change the MTU on the server. I'll try adding the route instead, thanks!
1280 looks more like VPN MTU
Behind the scenes:
Your net admins use BROKE VPN system which disregards DF packets, to get over it you have to completley disable PMTU-related features.
Behind the scenes:
Your net admins use BROKE VPN system which disregards DF packets, to get over it you have to completley disable PMTU-related features.
Do you know what VPN solution they are using?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, as long as you have the proper authority. Typically you have to be root.
ASKER
When I log in as root and type cat /etc/hosts, I can see the content of the file. How do I remove an unnecessary line or change one? If I type edit /etc/hosts, I cannot use my arrow keys or move anywhere inside the file.
So you may need to change the MTU to 1400 for all of your net terminals.
However, what was wrong with the one application? Typically applications should not have an issue with MTU. Now, network paths may, say you were going across a VPN tunnel.