OPNsense Forum
Archive => 21.7 Legacy Series => Topic started by: allebone on November 23, 2021, 02:10:18 pm
-
Hi,
Im with an ISP that allows the MTU of 1492 to be brought up to 1500 on a pppoe connection. Its not clear to me how everyone else achieved this. I have read several topics on the forum and tried the suggestions but I cant seem to get it to work on OPNsense 21.7.5-amd64.
I had a pppoe connection on top of em0 interface working on MTU of 1492 and started by setting the MTU to 1508 there which then states "calculated MTU 1500"
This had no effect so I read other posts that said you needed to make a dummy interface of em0 and simply enable it and set an mtu of 1508 there which I also did.
This also had no effect even after rebooting. The pppoe dials and ends up with an mtu of 1492 at the end. What is the method people use to force an mtu as I am clearly missing a step?
Kind regards
P
-
Maybe this image would clear it up a bit...
(https://i.imgur.com/jFPNaXO.png)
-
I had a pppoe connection on top of em0 interface working on MTU of 1492 and started by setting the MTU to 1508 there which then states "calculated MTU 1500"
that really is all that is needed - here's what ifconfig shows for me - it works
vmx1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1508
options=800028<VLAN_MTU,JUMBO_MTU>
ether 00:0c:29:44:42:53
inet6 fe80::20c:29ff:fe44:4253%vmx1 prefixlen 64 scopeid 0x2
media: Ethernet autoselect
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
...
pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
inet xxx.xxx.xxx.xx --> xxx.xxx.xx.x netmask 0xffffffff
inet6 xxxx::xxx:xxxx:xxxx:xxxx%pppoe0 prefixlen 64 scopeid 0x7
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
and from window I can confirm the mtu really is 1500
ping -f -l 1472 www.google.com
Pinging www.google.com [142.250.71.68] with 1472 bytes of data:
Reply from 142.250.71.68: bytes=68 (sent 1472) time=42ms TTL=117
Reply from 142.250.71.68: bytes=68 (sent 1472) time=41ms TTL=117
-
Thank you both for your replies. Unfortunately when I do ifconfig my MTU is not changed despite setting it. I dont know why this is:
pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492
I have checked and rebooted multiple times and for sure edited the MTU on the dummy interface and the pppoe connection in addition. There must be something different but I cant work it out.
-
pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492
I have checked and rebooted multiple times and for sure edited the MTU on the dummy interface and the pppoe connection in addition. There must be something different but I cant work it out.
what's the MTU shown on the parent ethernet device the pppoe device is attached to - and what hardware is that interface running on? It is possible the actual ethernet device won't allow mtu >1500
-
I see... I did set the parent interface to 1508 but I had not considered/didnt know the hardware would make a difference. I am using a protectli box so the nics are intel gigabit nics. If that doesnt support this then that would make sense I cant get it to work.
-
I see... I did set the parent interface to 1508 but I had not considered/didnt know the hardware would make a difference. I am using a protectli box so the nics are intel gigabit nics. If that doesnt support this then that would make sense I cant get it to work.
Intel NICs definitely can do mini jumbo frames - before I virtualised I ran bare metal and used mini jumbos on an i210, worked fine
-
Don't know if it helps you but my PPPoE connection only started working when I applied mss clamping.
So setting my MTU on the physical interface to 1508, so the PPPoE tunnel gets an MTU of 1500 (according to RFC 4638) and applying MSS clamping 1448 made everything work great. Dropped CPU load as well.
-
You should take care that the actual L2 supports that MTU as well or else the packets will get silently dropped somewhere.
-
Don't know if it helps you but my PPPoE connection only started working when I applied mss clamping.
So setting my MTU on the physical interface to 1508, so the PPPoE tunnel gets an MTU of 1500 (according to RFC 4638) and applying MSS clamping 1448 made everything work great. Dropped CPU load as well.
MSS of 1448 implies a MTU of 1488 - so you’ve basically overriden your MTU and actually gone even smaller than the default PPPoE mtu of 1492
-
Im at a loss why it doesnt work then. I have a switch that should allow it, and set all the options as others did but simply doesnt work :(
-
switch shouldn't matter as it's on the LAN side - I'm presuming you have a direct connection from your opnsense WAN nic to whatever terminates your ISP connection ( ONT / docsis modem etc )?
have you got a MTU of 1508 to work with this ISP and any other equipment previously? It could be that they're rejecting the larger MTU (PPP-max-payload) during pppoe mtu negotiation
-
No actually I dont have that setup. I have a normal RJ45 connection going from the wan port of the firewall to the switch which the switch vlan tags and then an SFP module in a different port on the same switch which is also on that same vlan as the connection is fiber and I cant plug that directly into the firewall as there are no ports to accommodate it. As far as I know everyone else on Bell Fibe has it working or at least they claim to have it working on the posts I have read at 1500 MTU.
-
I have a normal RJ45 connection going from the wan port of the firewall to the switch which the switch vlan tags and then an SFP module in a different port on the same switch which is also on that same vlan as the connection is fiber and I cant plug that directly into the firewall as there are no ports to accommodate it..
that should work fine - I’m running vlan trunking between two 10gbe switches to get the ISP feed from the GPON ONT in my garage thru to where the firewall actually sits.
You have checked you’ve got jumbo frames enabled on the switch if the switch has an option for it ( though a lot of switxhes nowdays just accept anything up to 9K frames and don’t have an option to enable/disable jumbo support )
-
No worries thanks for trying to help anyway. Yes its a unifi switch and has an option... I will sit on this problem for a while and if I notice anything will post back but as there is no immediate answer will require me to do some digging around on my own to try make progress...
-
I think the ISP maybe has to support it, also if you using a modem as a bridge, that also needs to support baby jumbo frames. So basically all intermediate devices.
-
What you have all said makes sense. I am continuing to investigate further.