After upgrading to a Windows 8 on my office workstation, I’ve had trouble connecting from home over the VPN. The problems have included “Licensing Timed Out” errors and black screens. After some digging around, I found that this problem can be caused by packet fragmentation.
Using a VPN takes up a few bytes in each packet, and so if the original packet size is close to the maximum size for a packet (Max MTU) then fragmentation will occur. RDP forbids packet fragmentation, so will fail if one of the intermediate hops supports fewer bytes per packet than the client.
The solution I found is to reduce the maximum packet size for my network adapter so that the original packets fit within the VPN packets produced by my router. This affects all network traffic, but the packet size only needs to be reduced by a few bytes, so this isn’t much of an issue.
(This forum post was the source of some of the following details).
To find the largest packet size that is suitable for your VPN, run a ping against a computer at the other end of the connection. Use the “-l” option to change the size of the packet that is sent, and the “-f” option set the do-not-fragment bit.
ping –l 1500 –f <hostname>
If the ping produces a fragmentation error, then reduce the size of the packet until the ping is successful. This is likely to be 1472 bytes if the VPN overhead is the source of your problems.
I’m using Windows 8 on my home workstation, so the MTU setting can be changed using a PowerShell command:
PS> get-netipconfiguration
This will list all the network interfaces on your computer, including a column named “NlMtu” which is the maximum packet size. In my case, the main network interface was named “Ethernet” and had an NlMtu value of 1500.
PS> set-netipconfiguration –interfacealias Ethernet –nlmtu 1472
Of course, you might need to replace the interface name and MTU values in the previous command with values that are appropriate for your settings.
