OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: patrickceg on February 02, 2019, 04:53:29 am
-
Hello all,
This is just a note about my upgrade to OPNsense 19.1, that needed manual intervention.
The upgrade appeared to work with everything back up, but I had spotty Internet access (slow, DNS didn't resolve most of the time, etc), which I traced back to the MTU on my WAN interface being forced to 576. With that small MTU, IPv4 worked, but IPv6 did not work. I had to manually set the WAN interface MTU to 1280 (the minimum required for IPv6 to work) to get full connectivity again.
I'm only guessing from my network security training, but if this happened to your LAN instead of WAN it's possible your switches attached to your router would go crazy, or stuff won't appear to connect at all because there aren't that many "LAN" devices that would expect an MTU of 576. You should still however get "packet too big" warning packets from a packet capture including Wireshark.
I didn't have issues on my LAN side, which is an Intel 82579LM on my machine.
Debugging
Wireshark + IPv6 test web site clued me in to that: I kept getting ICMPv6 "Packet Too Big" in my Wireshark, where the MTU number in the packet was 576.
I have an oddball network card (an ExpressCard adapter Intellinet 524056):
re0@pci0:4:0:0: class=0x020000 card=0x816810ec chip=0x816810ec rev=0x02 hdr=0x00
vendor = 'Realtek Semiconductor Co., Ltd.'
device = 'RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller'
class = network
subclass = ethernet
Here's a step-by-step in case someone else upgraded and is in the same mess as I was in (and probably reading from an unpleasant situation like mobile device).
1. Launch a web browser to the web console of the firewall. Force IPv4 because as mentioned, 576 MTU is too small for IPv6. For me, I forced IPv4 by using my 192.168.1.1 address of the firewall rather than the DNS entry I normally use.
2. Log in to the web console of the firewall.
3. On the side bar (or menu from the box with 3 lines if you're unlucky enough to be on a mobile), select Interfaces -> [the interface that is a Realtek 8168]. For me it was [WAN], but of course you could have it on the [LAN] or even [OPTn] if you enabled that.
4. Find the MTU field, which is current blank, and set it to 1280, 1496, 1500, or whatever you may know your MTU to be. If your Realtek NIC is directly connected to a modem, 1280 will get your IPv6 to work. If the interface is the LAN or connected to another router, you're probably going to want MTU of 1496 or 1500, which are common for Ethernet cards. (If the MTU field is not blank and you know the number already there is correct, my post isn't for your issue and you should stop and try to debug further.)
5. Scroll all the way to the bottom, and click "Save".
6. Scroll all the way to the top, and click "Apply Changes".
7. Wait about a minute. It's possible (like what happened to me) that changing the MTU also disconnected everything, so if everything doesn't come back, you can wait another minute and reboot your firewall.
8. Retry the steps 1-3, and see that the MTU was set properly.
To summarize, after upgrading, it the default MTU on my Realtek LAN card was set to 576 which meant that IPv4 worked and IPv6 didn't work, so I raised it to 1280.
-
Just as a note, about an hour since the previous post, my LAN side started acting up. I forced the MTU on that side as well (2000 because that's what the switch supports)
-
Thanks for this, it could explain the crazy phenomenons from others (also using RE driver)
-
This is your problem :(
https://github.com/opnsense/core/issues/3173
-
I got the same issue on a pcengines APU but even if I tried to change manualy the MTU in the GUI it doesn’t reflect in the ifconfig command on cli.
The MTU directly switch to 576 again ...
I tried with reboot and stil the same :(
All other LAN and DMZ interfaces are Running at 1500 MTU without having to configure them.
Do you know how can I solve this issue ?
Thank you
-
Switch to static If possible.
-
That's what I do and now the MTU stays at 1500 and I have again a working connection to internet.
Please find a way to disable the auto MTU coming from DHCP side.
Can we configure something in OpnSense to disable the MTU to be set by the DHCP server on the WAN ?
Thanks
-
In Interface Config under DHCP, Client Config, Advanced, set:
supersede interface-mtu 0
in Option Modifiers ...
Then try again ..
-
This is your problem :(
https://github.com/opnsense/core/issues/3173
For now I'll place my follow-ups on the Github, where I have the same userid, because I assume some change has to be made either in code or a default config. If my case isn't isolated, I can't image the OPNsense install guide saying you have to do a dance with MTU settings before IPv6 or other stuff that relies on frame sizes like UDP streams from some cameras, VPN, etc work properly :)
-
This is your problem :(
https://github.com/opnsense/core/issues/3173
For now I'll place my follow-ups on the Github, where I have the same userid, because I assume some change has to be made either in code or a default config. If my case isn't isolated, I can't image the OPNsense install guide saying you have to do a dance with MTU settings before IPv6 or other stuff that relies on frame sizes like UDP streams from some cameras, VPN, etc work properly :)
i have read the post of john,
did i misunderstood it or there is a patch/update for this ?
i moved back to 18.7 and waiting for the confirmation to update.
-
Wait for Wednesday :)