Allow fragmented packets (for att microcell to work) Please help.
-
I also am using a AT&T microcell but I don't have that option to allow fragmented packets. Mine works just fine.
I've spent a very long time googling this, the problem is hit and miss with pfsense users along with people using various other firewall appliances. The only commonly posted solution that actually seems to work is allowing packet fragmentation. I'm glad yours is working out of the box, mine refuses to.
-
Out of the box? Nah … it has traffic shaping on it. not sure if that does anything with fragments, but that is on only extra thing I have going. I also have a voip vlan running through pfsense. Once you set the option to clear df bits instead of dropping, did it start working for you?
-
Out of the box? Nah … it has traffic shaping on it. not sure if that does anything with fragments, but that is on only extra thing I have going. I also have a voip vlan running through pfsense. Once you set the option to clear df bits instead of dropping, did it start working for you?
Nope, clear df bits, disable scrubbing, conservative firewall optimizations, manual outbound nat with and without static port, forwarding all the required ports, setting MTU 1492 on WAN, disable hardware checksum offload, none of those options have done anything to help.
-
One thing I also did on the microcell was to create a reservation in DHCP to make sure I know what IP it has for traffic shaping.
What version of pfSense are you using? I have used my microcell under 1.2.3, 2.0.1, and 2.1 (all 32 bit). I did have some trouble with it in 1.2.3 with dropped calls. ATT did have to make a change in the settings to stabilize it. -
One thing I also did on the microcell was to create a reservation in DHCP to make sure I know what IP it has for traffic shaping.
What version of pfSense are you using? I have used my microcell under 1.2.3, 2.0.1, and 2.1 (all 32 bit). I did have some trouble with it in 1.2.3 with dropped calls. ATT did have to make a change in the settings to stabilize it.Sorry I forgot to mention I created a static dhcp lease for the microcell, it's one of the first things I did. I'm running 2.0.1, packet captures in wireshark have been showing tons of fragmentation related problems :( very similar to posts I've read regarding m0n0wall and IPSec as well as others with microcells in my position who never posted solutions.
-
I had ATT work with us to resolve stability issues. Perhaps setting the MSS on WAN to something lower than WAN MTU would help. Perhaps to 1200 or 1000.
-
I had ATT work with us to resolve stability issues. Perhaps setting the MSS on WAN to something lower than WAN MTU would help. Perhaps to 1200 or 1000.
I really appreciate the help, thank you. I'm running the amd64 build, on the off chance i'm encountering some insane bug ill give i386 a shot..figure it can't hurt. I'll also try playing with the MSS and i just found the option for setting MSS on vpn traffic under advanced > misc so ill try that as well.
-
I wanted to post a follow up to this, I found my solution. Switching to the i386 version of pfsense solved everything. Out of the box, 0 configuration options changed the microcell just connects and works fine. I went crazy with every option i could think of on 2 different installs of the 64bit pfsense, so my uneducated guess is that there is a bug with the 64bit build that effects this somehow. Hopefully this helps someone in the future!
-
I have a customer with the 64bit version of 2.1 working with a microcell just fine. Might be a solution for you…
-
I have a customer with the 64bit version of 2.1 working with a microcell just fine. Might be a solution for you…
I'll give this a shot when 2.1 is pushed to stable, but until then i don't really have any need for 64bit. I just default to 64bit for everything in general and didn't really think there would be any down sides.
