MTU bug
-
@jknott certainly possible but the OP stated he changed his MTU so I assume it was once at 1500
Firewall: NetGate,Palo Alto-VM,Juniper SRX
Routing: Juniper, Arista, Cisco
Switching: Juniper, Arista, Cisco
Wireless: Unifi, Aruba IAP
JNCIP,CCNP Enterprise -
so I assume it was once at 1500
But maybe it wasn't.
If the MTU setting has been removed entirely from pfSense I would recommend power cycling the firewall completely. Some NICs will retain settings across a reboot.
Steve
-
@jknott certainly possible but the OP stated he changed his MTU so I assume it was once at 1500
The question becomes whether the DHCP client overrides a manual config. Normally, you don't set MTU with DHCP. Perhaps he could set the MTU before connecting and see if it retains the setting after.
-
Another thing he could do is run Packet Capture to see if DHCP option 26 is used and what value it is.
-
Yeah it would be very unusual to see that set.
-
My internet connection is typical cable provided by comcast/xfinity so yes, it's dhcp.
when i adjusted the mtu, i arrived at 1472 by plugging my laptop directly into the modem and running the commands until it stopped fragmenting, and then i used that number input the mtu size in pfsense, so i was able to adjust it.
i've rebooted the firewall a few times, so it's definitely locked to that number where rebooting wouldn't solve the problem.
seems like for me to correct the setting i'd have to manually edit a config file.
-
But did you fully power cycle it? Like actually remove the power rather than just reboot?
On many devices the NICs remain powered across a reboot and will retain their state.
-
when i adjusted the mtu, i arrived at 1472 by plugging my laptop directly into the modem and running the commands until it stopped fragmenting, and then i used that number input the mtu size in pfsense, so i was able to adjust it.
On the WAN interface, you have to use the MTU your ISP uses. Otherwise, some frames may be discarded. Do you know where the fragmenting is happening? It could be anywhere between you and the destination. You can determine that by looking at the source address of the ICMP messages. Fragmentation is the mechanism to get around the different MTUs and is entirely normal, though these days Path MTU Detection is often used and is mandatory with IPv6. Also, what was fragmenting? On Linux PMTUD is generally used for everything and with TCP on Windows.
-
@stephenw10 yes, fully powered off. changed the setting, shut the pfsense box off, turned off the modem, and went away for the weekend. Still hangs onto 1472.
-
@jknott that i don't know.
I arrived at 1472 by plugging my win10 laptop directly into the modem and pinging with the flag set at whatever it was and working my way down until it stopped fragmenting. i didn't realize that the 28bits for the header were to be added onto the mtu size once the fragmentation limit was found. it's all fine, works great without any issue. just thought you'd all like to know about my experience.
