Hi guys,
It took me days to figure this out but I'm also curious if someone of you has an hypophosis or even can explain this to me. I usually like very much to understand why something is happening :)
First my - I admit - a little exotic network configuration:
- Switch-GBit-Eth-Port (tagged VLAN 1 + 99) <=> Win10 with Realtek NIC
- With Realtek Diagnostic Tool I have installed 2 separate VLAN NICs in Win10. One for VLAN1, one for VLAN99. So everything that uses one of the two NICs gets the corresponding VLAN-ID
- OPNsense runs in a VM (VMWare) with two virtual NICs. VIRT1 is bridged to NIC-VLAN1. VIRT2 to NIC-VLAN99
- In OPNsense VIRT1/VLAN1 is LAN. VIRT2/VLAN99 is WAN.
So far so good and everything worked perfectly... at the first glance at least.
From a LAN PC I was able to:
- Resolve DNS names
- Ping (ICMP) into the internet via IP or dns name
But no internet page (browser) was working. Even the one I was able to ping successfully.
Once I've changed in
Interfaces->WAN MTU=1500 and MSS=1456 everything worked perfectly.
So I somehow have to manually accommodate the 4 bytes of VLAN tagging. Just changing the MTU to a smaller number (even 1000) didn't help.
Now for someone who knows really much about this things I'm happy to learn and also have the following questions:
- Why do I have to do this only on the WAN interface and not on LAN?
- Why am I still able to browse to the OPNsense website from a LAN PC if the issue seems to be somewhere between the OPNsense and the switch port?
- Or in other words: Why does this issue only occur on internet TCP traffic and not local TCP traffic?
Thanks in advance
Soko