Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    RFC 4638 (PPPoE 1500 MTU/MRU) - let's pitch in

    Scheduled Pinned Locked Moved Completed Bounties
    13 Posts 7 Posters 8.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Stealthii
      last edited by

      US $50 if done before June 10th. US$15 after.

      1 Reply Last reply Reply Quote 0
      • N
        nietzowietzo
        last edited by

        Only reason that I don't use pfSense at this moment is lack of support for RCF4638
        10euro / 10$ dollar from me when it's done.

        1 Reply Last reply Reply Quote 0
        • C
          csutcliff
          last edited by

          $50 from me when done

          1 Reply Last reply Reply Quote 0
          • D
            David_W
            last edited by

            Though the mpd5 part of this is a bit messy at the moment, the kernel and mpd5 work required for RFC 4638 support are now done.

            Dmitry Luhtionov, one of the mpd5 developers, is responsible for the kernel patch to FreeBSD HEAD and mpd5 CVS.

            The kernel patch applies trivially to any FreeBSD 10.x RELEASE as the ng_pppoe(4) code has been very stable in recent years. I've backported the RFC 4638 patch for mpd5 to mpd 5.7, so it's not necessary to switch to the CVS HEAD version of mpd5 that contains a lot of other changes. I also fixed a bug I found in Dmitry's code during testing. I've posted this work online today in the Sourceforge bug for RFC 4638 support in mpd5.

            Unfortunately, I don't have a build VM for pfSense, nor do I have access to the pfsense-tools repository, otherwise I'd build a custom version of pfSense-2.2.4 with the patches incorporated and complete the GUI work.

            The changes required to the pfSense PHP code are fairly trivial. I've documented the slight mpd*.conf syntax difference for MTU > 1492 in the Sourceforge bug.

            It is necessary to ensure that the parent interface of the PPPoE connection has an MTU at least 8 bytes greater than the desired PPPoE MTU. The same MTU change also needs to be made to any parents of the parent interface. For example, on my pfSense box, the PPPoE parent interface is a vlan, so the MTU of the network needs raising first, then the MTU of the vlan. This means that the PPPoE parent interface and any relevant network infrastructure must support jumbo frames.

            1 Reply Last reply Reply Quote 0
            • H
              heper
              last edited by

              perhaps someone should update https://redmine.pfsense.org/issues/4542  and provide the "trivial' patches

              1 Reply Last reply Reply Quote 0
              • D
                David_W
                last edited by

                I've updated redmine, have executed the pfSense contributor and licence agreements, and hope the pfSense team will set me up with access to the pfSense-tools repository. If so, I will attempt to complete this work over the next few days.

                1 Reply Last reply Reply Quote 0
                • D
                  David_W
                  last edited by

                  I'm continuing to work on this.

                  I've now got a build VM for pfSense 2.2.x and, having fought with the build system, I can see why it's being abandoned for pfSense 2.3! Despite all this, I've managed to build a patched kernel and mpd5 binary, which I've manually installed into my 2.2.4-RELEASE amd64 box.

                  If anyone wants to see the pfsense-tools part of the work, it's on Github (that link will only work if you have been granted access to the private pfsense-tools repository).

                  I've yet to complete the modifications to the pfSense code. The hardest part is to set the MTU of the PPPoE interface's parent interface to 8 bytes above the desired PPPoE MTU, with the added complexity that, on some systems including mine, that parent interface is a vlan.

                  To verify the work so far, I brought down mpd5 at the command prompt and brought it back up with a modified configuration file set for a 1500 byte MTU.

                  Here's the results whilst SSHed into the pfSense box:

                  [2.2.4-RELEASE][admin@[censored]]/root: ifconfig pppoe0
                  pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1500
                          inet6 [censored]%pppoe0 prefixlen 64 scopeid 0x11
                          inet [censored] –> 62.3.84.27 netmask 0xffffffff
                          inet6 [censored] prefixlen 64 autoconf
                          nd6 options=23 <performnud,accept_rtadv,auto_linklocal>[2.2.4-RELEASE][admin@[censored]]/root: ping -D -s 1472 8.8.4.4
                  PING 8.8.4.4 (8.8.4.4): 1472 data bytes
                  1480 bytes from 8.8.4.4: icmp_seq=0 ttl=57 time=11.178 ms
                  1480 bytes from 8.8.4.4: icmp_seq=1 ttl=57 time=11.549 ms
                  1480 bytes from 8.8.4.4: icmp_seq=2 ttl=57 time=11.314 ms
                  1480 bytes from 8.8.4.4: icmp_seq=3 ttl=57 time=11.552 ms
                  1480 bytes from 8.8.4.4: icmp_seq=4 ttl=57 time=11.328 ms
                  1480 bytes from 8.8.4.4: icmp_seq=5 ttl=57 time=11.314 ms
                  1480 bytes from 8.8.4.4: icmp_seq=6 ttl=57 time=11.581 ms
                  1480 bytes from 8.8.4.4: icmp_seq=7 ttl=57 time=11.335 ms
                  1480 bytes from 8.8.4.4: icmp_seq=8 ttl=57 time=11.369 ms
                  1480 bytes from 8.8.4.4: icmp_seq=9 ttl=57 time=11.610 ms
                  ^C
                  –- 8.8.4.4 ping statistics ---
                  10 packets transmitted, 10 packets received, 0.0% packet loss
                  round-trip min/avg/max/stddev = 11.178/11.413/11.610/0.140 ms
                  [2.2.4-RELEASE][admin@[censored]]/root: ping6 -D -s 1452 www.google.co.uk
                  PING6(1500=40+8+1452 bytes) [censored] –> 2a00:1450:4009:80a::2003
                  72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=0 hlim=59 time=10.081 ms
                  72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=1 hlim=59 time=10.113 ms
                  72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=2 hlim=59 time=10.099 ms
                  72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=3 hlim=59 time=10.130 ms
                  72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=4 hlim=59 time=10.137 ms
                  72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=5 hlim=59 time=10.378 ms
                  72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=6 hlim=59 time=10.121 ms
                  72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=7 hlim=59 time=10.163 ms
                  72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=8 hlim=59 time=10.171 ms
                  72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=9 hlim=59 time=10.396 ms
                  ^C
                  --- www.google.co.uk ping6 statistics ---
                  10 packets transmitted, 10 packets received, 0.0% packet loss
                  round-trip min/avg/max/std-dev = 10.081/10.179/10.396/0.107 ms

                  [2.2.4-RELEASE][admin@[censored]]/root:</performnud,accept_rtadv,auto_linklocal></up,pointopoint,running,noarp,simplex,multicast>

                  I have a Huawei HG612 acting as a VDSL2 bridge. The ISP is Zen Internet (UK) and my account has native IPv6 enabled.

                  I've censored my IP addresses and domain names in the output above. It is otherwise a verbatim log.

                  Edit to add: I have submitted the kernel and mpd5 changes as a pull request against the pfsense-tools repository. I am unclear whether this will qualify for inclusion in a future 2.2.x version of pfSense or will have to wait for pfSense 2.3. Either way, the kernel and mpd5 work is now complete and tested.

                  1 Reply Last reply Reply Quote 0
                  • D
                    David_W
                    last edited by

                    The pfSense team are reviewing the changes to the kernel and mpd5. As pfSense 2.2 is a feature frozen maintenance branch, the decision has been taken that this will not appear in 2.2.x but is targeted for 2.3.

                    I continue to work on the GUI side of this - well, I say GUI side. The substantive changes are to the support code in interfaces.inc that builds the mpd configuration file and sets interface MTUs. Fortunately, there are currently few changes in that file between pfSense 2.2 and pfSense 2.3, with the only large change being the removal of PPTP support in pfSense 2.3. I can continue to develop and test on pfSense 2.2 before porting the changes to pfSense 2.3 for submission.

                    Work will be a little slower for a while as my partner was admitted to hospital yesterday. I'll keep going as strength allows.

                    1 Reply Last reply Reply Quote 0
                    • D
                      David_W
                      last edited by

                      I've completed the GUI work and have posted instructions in the Development forum. Please read the caveats there carefully before proceeding.

                      1 Reply Last reply Reply Quote 0
                      • D
                        David_W
                        last edited by

                        RFC 4638 support was merged to pfSense 2.3 earlier today, shortly before 2.3 was redesignated as a beta.

                        I didn't follow any of the procedures relating to bounties before starting to work on this, and it would probably be rather out of order for me to expect any payment for the work I did to implement this.

                        Should any of those who pledged wish to pay up, I suggest they donate their pledge to the FreeBSD Foundation.

                        1 Reply Last reply Reply Quote 0
                        • C
                          csutcliff
                          last edited by

                          @David_W:

                          RFC 4638 support was merged to pfSense 2.3 earlier today, shortly before 2.3 was redesignated as a beta.

                          I didn't follow any of the procedures relating to bounties before starting to work on this, and it would probably be rather out of order for me to expect any payment for the work I did to implement this.

                          Should any of those who pledged wish to pay up, I suggest they donate their pledge to the FreeBSD Foundation.

                          I've just seen this and have done as you wished :)

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.