WinXP/FreeBSD - IPSec Tunnel Over Wireless (MTU Problems?)

[James Snow]

At this point, my problem is more with XP than with FreeBSD,
so this isn't really the proper forum for this question. But
I figure I can't be the first person who's tried to do this,
so maybe someone here can point me in the right direction.

I have a 4.9-S box with a Netgear MA311 wireless card and
a laptop running XP with a Netgear MA521. The 4.9-S box is
connected to the Internet via DSL, and acting as a NAT'ing
router for the other devices in my apartment, including the
wireless interface.

My goal was to encrypt all traffic passing between the
laptop and the FreeBSD box, whether the traffic was destined
for the router or for a host on the Internet. Since WEP has
been shown to be of little value, I decided to do this via
an IPSec tunnel. Through some amalgamation of guides found
through Google, I actually got IPSec up and running between
the laptop and the FreeBSD box. I'm still having a few small
problems (the SA needs some prodding from both ends to come
up) but those I'm sure I can figure out. tcpdump even
confirms that all traffic is going over the tunnel; it sees
only ISAKMP and ESP traffic.

My principle problem is this: Loading web pages such as
news.google.com hangs just about all network I/O. My
SSH sessions hang, web pages will no longer load but,
inexplicably, I can still ping anything local or remote.
Eventually things will come back, but interactive sessions
such as SSH are usually toast by then.

Since web pages reliably manifest the problem, I figure it
has to be an MTU issue. However, if it's an MTU issue, then
large pings should also fail. But I can send pings with that
even exceed the Ethernet MTU without issue. I've tried a
couple different registry key settings for lowering the MTU,
but no luck so far. 

Has anyone else set something like this up? Did you run into
any problems like this? Did you find a solution?


-Snow