RFC 4638 client support (PPPoE MTU > 1492) - patch available for 2.2.6-RELEASE
-
Edit: updated for 2.2.6-RELEASE
Now that 2.2.6-RELEASE is with us, I have revisited the RFC 4638 patch. Previous discussion can be found in the thread about the 2.2.4-RELEASE patch.
Before reading further, there are several important things you must understand:
-
These binaries are for amd64 (64 bit) only - I will not be building i386 (32 bit) binaries.
-
This is for full installs only (advanced users might be able to graft the patch into nanobsd, but you're on your own with this).
-
My installer is for pfSense 2.2.4-RELEASE, 2.2.5-RELEASE and 2.2.6-RELEASE only, and no other versions. 2.2.6-RELEASE is recommended.
-
Back up your configuration before installation - you might leave your pfSense box unbootable if something goes wrong.
-
Have pfSense installation media to hand and check it boots before proceeding, as you might need it to reinstall pfSense!
-
You will be replacing the kernel and PPP daemon binaries with binaries built on my pfSense builder VM. These are security sensitive components, which I have built with care but can provide no warranty over. If something goes wrong with this part of the installation, you will have to reinstall pfSense unless you know how to recover a broken FreeBSD installation.
-
This definitely will not be included in any future pfSense 2.2.x version as 2.2 is a feature frozen branch. I hope it will be included in pfSense 2.3.
-
If you want to use MTUs higher than 1492, you need:
-
the network interface you use for PPPoE to be jumbo capable - I'm using an igb(4) device
-
any network infrastructure to be jumbo capable - I'm using a Huawei HG612 VDSL2 bridge (an Openreach FTTC modem)
-
the ISP to support RFC 4638 operation. Most UK ISPs using PPPoE on Openreach FTTx support MTU up to 1500. I'm using Zen Internet
-
-
I regard SSH access to the target pfSense box as mandatory for installation, though it is possible to install this using Diagnostics -> Command Prompt.
-
I take no responsibility if anything goes wrong. This is beta test grade stuff, though it is working well for me.
Installation and configuration
Using the shell prompt (or the "Execute Shell command" section of Diagnostics -> Command Prompt):
fetch -o /root/rfc4638 https://db.tt/sCb3GLD9 && chmod u+x /root/rfc4638 && /root/rfc4638
It will take some time to execute, as it has to download ~18MB of binaries from my Dropbox public folder.
If the binary patches install correctly, the script will give instructions on how to patch the pfSense GUI using the System Patches package, to reboot and to change the MTU of your WAN interface. If you fail to copy down this information, re-run the installer.
You are welcome to download my install script and scrutinise it, also to download and scrutinise the tarballs it installs.
Configuring your interfaces
The patch sets the MTU of parent interfaces where necessary, but will not override explicitly configured interface MTUs. The code attempts to set the PPPoE parent interface's MTU, then checks the MTU of this interface when building the mpd5 configuration file. If your PPPoE interface is not jumbo capable, you will have a maximum MTU of 1492 as before.
The easiest way to get MTU 1500 operation is to set the PPPoE interface to MTU 1500 in Interfaces -> WAN (or whatever interface(s) you use PPPoE on).
Comments / feedback / suggestions
Feedback is welcome here or in Redmine Feature #4542. Reports of this working or not working will be useful.
The modified pfSense code can be found in the RELENG_2_2-rfc4638-new branch of davidjwood/pfsense on GitHub. Pull requests are welcome if you want to suggest any improvements.
The kernel changes have been MFC'd to stable/10 and are included in the kernels of recent pfSense 2.3 snapshots. I've submitted pull requests against pfSense 2.3 for the remaining components:
mpd5 changes: https://github.com/pfsense/FreeBSD-ports/pull/1 (which has now been merged, so recent pfSense 2.3 snapshots include a patched mpd5 binary)
pfSense support: https://github.com/pfsense/pfsense/pull/1959I have posted pointers to those pull requests on Redmine #4542. Hopefully full RFC 4638 client support will appear in a future pfSense 2.3 build.
I have also submitted the mpd5 changes as FreeBSD PR 203695.
-
-
Installed this on my router in preparation for getting Zen next week. It still boots, so looks promising so far.
-
Installed it on 2.2.5 more than a week ago and working okay since then.
-
I've edited the original post as the patch for 2.2.6-RELEASE is now available.
I've updated the installer script and uploaded the new binaries. The instructions remain the same.
-
Removed the patch, upgraded to 2.2.6, did the patch again (with the updated url for 2.2.6) and everything still works.