MTU issues with certain sites like netflix, spotify, usps and even opnsense.org

Started by rgonzales98, November 27, 2024, 10:18:03 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
December 04, 2024, 09:08:34 AM #15
Quote from: rgonzales98 on December 04, 2024, 03:41:13 AM
I have tried to change the wan MTU config to different values and it still doesnt work. I moved over the ubuntu to ping and test my MTU. Tried the following for google and it worked.
Code Select
ping google.com -c 10 -M do -s 1472
PING google.com (142.250.115.101) 1472(1500) bytes of data.
1480 bytes from rq-in-f101.1e100.net (142.250.115.101): icmp_seq=1 ttl=106 time=16.5 ms
1480 bytes from rq-in-f101.1e100.net (142.250.115.101): icmp_seq=2 ttl=106 time=14.8 ms
1480 bytes from rq-in-f101.1e100.net (142.250.115.101): icmp_seq=3 ttl=106 time=17.4 ms
1480 bytes from rq-in-f101.1e100.net (142.250.115.101): icmp_seq=4 ttl=106 time=18.7 ms
1480 bytes from rq-in-f101.1e100.net (142.250.115.101): icmp_seq=5 ttl=106 time=17.9 ms
1480 bytes from rq-in-f101.1e100.net (142.250.115.101): icmp_seq=6 ttl=106 time=15.9 ms
1480 bytes from rq-in-f101.1e100.net (142.250.115.101): icmp_seq=7 ttl=106 time=17.4 ms
1480 bytes from rq-in-f101.1e100.net (142.250.115.101): icmp_seq=8 ttl=106 time=14.4 ms
1480 bytes from rq-in-f101.1e100.net (142.250.115.101): icmp_seq=9 ttl=106 time=17.0 ms
1480 bytes from rq-in-f101.1e100.net (142.250.115.101): icmp_seq=10 ttl=106 time=18.8 ms

--- google.com ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9014ms
rtt min/avg/max/mdev = 14.393/16.873/18.818/1.429 ms

I do the same command but with opnsense.org and it still times out. Im wondering if maybe its not an MTU issue lmao. I do have ipv6 disabled. Could this be the issue ?

Code Select
ping opnsense.org -c 10 -M do -s 1472
PING opnsense.org (178.162.131.118) 1472(1500) bytes of data.

--- opnsense.org ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 9197ms


As I said, you can check very easily: Use a smaller payload and test again. If that works, your potential physical payload is obviously smaller.

If that is the case:

- either you are successful in enlarging it - this depends on following my steps closely and if your hardware and your ISP's equipment actually support it at all
- or you reduce the WAN MTU to the appropriate value. Subtract 4 for a VLAN and 8 for PPPoE from the initial ethernet MTU of 1500.

The second option does not enable you to ping with a larger payload, but instead makes your OpnSense limit it to safe values. "Safe" meaning here values that also work with sites that do not handle "path mtu discovery" correctly, like Netflix and opnsense.org, but not google.com, which obviously does.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
Print
Go Up Pages 1 2
User actions