Why doesn't VPN work over DSL when it works over dialup?

It sounds like the problem we were having with VPN over DSL. Using a sniffer I could tell that there were a lot of packets being dropped. Finally I discovered from researching on the Internet that our problem was the MTU (maximum transmission unit).

In a nutshell, here's what I found. The standard MTU for an ethernet network is 1500. However, because of PPPoE, the MTU over DSL is 1492 (if I remember correctly). On top of the that, the extra overhead caused by the VPN can lower the MTU even further.

Here's how to find the right MTU. While connected to the VPN, ping a server on your network using the following command:
ping -f -l X a.b.c.d

To be clear the "-l" is a lowercase "L", not a number one. Replace the "a.b.c.d" with the IP address of your server. The "X" will be a number you will use to determine the MTU. For example, ping -f -l 1500 192.168.0.10. Start with 1500. If you get "Request timed out" or "Packet needs to be fragmented but DF set", try 1490. Keep decreasing the number by 10 until you get "Reply from a.b.c.d". Once you get replies, increase the number by 1 until you get a "timed out" or "fragement but DF set" error.

Take the highest number that got replies (in our case it was 1418) and add 28 to that to get the MTU (ours was 1446). Download DR. TCP from www.dslreports.com and set the "Path MTU Discovery" setting to "No" and set the MTU for your network card to the MTU you came up with. Reboot and try your VPN again.