[HOWTO] Configure WAN MTU with VLAN and / or PPPoE

Started by meyergru, February 05, 2025, 09:04:11 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4
User actions
January 06, 2026, 03:31:21 PM #45 Last Edit: January 06, 2026, 03:52:34 PM by meyergru
1. It is correct that normally, with modern adapters, 1504 MTU is always possible, so you usually can add 4 bytes of VLAN tags without further ado. However, this was not the case with early ethernet equipment before the advent of 802.1q and also, for the sake of the argument that you should calculate the VLAN overhead, this will come to an end if you use QinQ. ISP equipment can do anything it likes, too. For example, german ISP Telekom does not like packets larger than 1504, so you cannot apply the guide there and have a net MTU of 1500 bytes - no matter what - I added a disclaimer for Telekom in the guide.

2. What OpnSense does by default with its calculations and/or fragmentation and what the FreeBSD kernel does has changed over time and releases and AFAIK, will again change with 15.x, see this for an example.

For good measure, I like to apply explicit value and even then, the returned values of "ifconfig" sometimes to not reflect the GUI settings.
I mentioned that in the guide by saying: test the effective settings after a reboot and also test what actually works - I have seen the results change from checking directly after I applied them and after a reboot. This is especially true when a "stack" of interfaces like WAN (pppoe) -> VLAN -> physical NIC is in play.


BTW: Testing against a local IP like 192.168.1.1 does not make sense for a WAN optimization, but after having said that, it should always yield 1500 bytes. To enable a WAN MTU of the same size as the usual WAN MTU, to avoid fragmentation with all of its issues is the main goal in the first place. If even your LAN MTU differs, it would be useless. If you get a 1226 byte MTU with the supplied script to a local IP, sometime seems way off.

Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
January 06, 2026, 03:43:34 PM #46 Last Edit: January 06, 2026, 03:50:18 PM by carepack
Ok. Thx Patrick. It seems we have the same setup with telekom, vlan 7, pppoe . May I ask what mtu values you definded and entered in your setup for

1. physical adapter =
2. vlan adapter =
3. pppoe mtu in pppoe config not wan =

This would a big help to me. Thank you!

@meyergru
Thx for the information. In first place the ip was another one: 1.1.1.1 But I get really strange values running the script wit an externel ip. Maximum MTU size would the be 3654 which looks incorrect to me. Iirc was 192.168.1.1 is the ip fo my modem but your right. Also makes no sense testing with that.
January 06, 2026, 03:48:50 PM #47
None at all. All of this works out of the box.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 06, 2026, 03:51:28 PM #48
ok, opnsense doin' the job right already. Thanks again!
March 04, 2026, 02:17:50 PM #49
@meyergru With which ISP in Germany are you utilizing the sortachonky-mini-baby-jumbo Frames?

I'm also oddly honored to have my post made it in the pppps of the OP :) Credit goes to the post I found on github for the workaround.
March 04, 2026, 02:33:02 PM #50
I use it with M-Net. I know that Telekom and their resellers does not work with 1500 bytes MTU.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
March 04, 2026, 02:37:09 PM #51 Last Edit: March 05, 2026, 10:53:30 AM by funtowne Reason: Clarifying a few points
Quote from: meyergru on March 04, 2026, 02:33:02 PMI use it with M-Net. I know that Telekom and their resellers does not work with 1500 bytes MTU.

Good to know; I'm also on M-Net FTTH.  Looks like I have some homework tonight and can unwind my MSS workaround in the same go.  Thanks for the quick reply!

*EDIT* With a bit of trial and error, I am working at MTU 1500 as expected. on my PROXMOX + opnsense setup  My steps in a nutshell:

PROXMOX:

1.) Set my dedicated "WAN" bridge (vmbr1 in my case) and its associated single interface (enp2s0 in my case) to 1512 MTU; reboot


OPNSENSE:

1.) (Interfaces > Assignments) Enable interface vtnet0 (which is mapped to WAN bridge vmbr1 in PROXMOX); assign it the name WAN_VLAN_PARENT; set MTU of WAN_VLAN_PARENT to 1512
2.) (Interfaces > Assignments) Enable interface vlan0.40 (which is for me VLAN40 for my ISP M-Net mapped to vtnet0); assign it the name WLAN_VTNET40; set MTU of WLAN_VTNET40 to 1508
3.) (Interfaces > Devices > Point-to-Point) Set MTU of PPPoE interface pppoe0 to 1500 (under advanced options)
4.) REBOOT opnsense (important!)

Note: The WAN interface in opnsense may still show that the "calculated MTU" remains 1492; ignore this as you've overriden the MTU on pppoe0! Test the config with a site like http://pmtud.enslaves.us/ -- IPv4 should show a MTU of 1460 and IPv6 an MTU of 1440 if the above steps were configured correctly.

To future readers:  your interface names (italic) above across your virtualization host and opnsense may vary, please remap accordingly!  Follow the notes in the guide in the OP if you are on a bare metal install as that takes out the complexity of configuring the MTU of the virtualization host.

With this setup I no longer need my MSS clamping workaround on my WAN interface for DNSMASQ; it's as if I have a "normal" ISP without PPPoE.  Reiterating OP's post that this only works with select ISPs and especially NOT telekom or telekom-hosted ISPs like 1&1, O2, etc.
Print
Go Up Pages 1 2 3 4
User actions