Software or Hardware issue?
-
@gertjan Greetings,
Here is the output of ipconfig from my machine (where I`m trying to access reddit(example))Windows IP Configuration Unknown adapter OpenVPN Wintun: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Ethernet adapter Ethernet: Connection-specific DNS Suffix . : homenet.pri IPv4 Address. . . . . . . . . . . : 192.168.2.247 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 Unknown adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wi-Fi: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : bundlearrows.com Wireless LAN adapter Local Area Connection* 1: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Local Area Connection* 10: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :Here is the output from ifconfig from pfSense:
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=81009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER> ether 00:15:17:cb:21:88 inet6 fe80::215:17ff:fecb:2188%em0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: em1 options=81009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER> ether 00:15:17:cb:21:89 inet6 fe80::215:17ff:fecb:2189%em1 prefixlen 64 scopeid 0x2 inet 192.168.1.5 netmask 0xffffff00 broadcast 192.168.1.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=81209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER> ether 18:03:73:d0:5c:b2 inet6 fe80::1a03:73ff:fed0:5cb2%em2 prefixlen 64 scopeid 0x3 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1480 description: HOMELAN options=201b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,WOL_MAGIC> ether e0:8f:ec:00:39:2d inet6 fe80::e28f:ecff:fe00:392d%re0 prefixlen 64 scopeid 0x4 inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> enc0: flags=41<UP,RUNNING> metric 0 mtu 1536 groups: enc nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> pfsync0: flags=0<> metric 0 mtu 1500 groups: pfsync pflog0: flags=100<PROMISC> metric 0 mtu 33160 groups: pflog em1.1000: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: IIVLAN options=3<RXCSUM,TXCSUM> ether 00:15:17:cb:21:89 inet6 fe80::215:17ff:fecb:2189%em1.1000 prefixlen 64 scopeid 0x9 inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 groups: vlan vlan: 1000 vlanpcp: 0 parent interface: em1 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> em0.1001: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: ServerVLAN options=3<RXCSUM,TXCSUM> ether 00:15:17:cb:21:88 inet6 fe80::215:17ff:fecb:2188%em0.1001 prefixlen 64 scopeid 0xa inet 10.1.0.1 netmask 0xffff0000 broadcast 10.1.255.255 groups: vlan vlan: 1001 vlanpcp: 0 parent interface: em0 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> em1.1002: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: ProxmoxClusterVLAN options=3<RXCSUM,TXCSUM> ether 00:15:17:cb:21:89 inet6 fe80::215:17ff:fecb:2189%em1.1002 prefixlen 64 scopeid 0xb inet 10.0.10.1 netmask 0xffffff00 broadcast 10.0.10.255 groups: vlan vlan: 1002 vlanpcp: 0 parent interface: em1 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> em0.1003: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: LVLAN options=3<RXCSUM,TXCSUM> ether 00:15:17:cb:21:88 inet6 fe80::215:17ff:fecb:2188%em0.1003 prefixlen 64 scopeid 0xc inet 10.2.0.1 netmask 0xffffff00 broadcast 10.2.0.255 groups: vlan vlan: 1003 vlanpcp: 0 parent interface: em0 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> em0.1004: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: BA options=3<RXCSUM,TXCSUM> ether 00:15:17:cb:21:88 inet6 fe80::215:17ff:fecb:2188%em0.1004 prefixlen 64 scopeid 0xd inet 10.2.1.1 netmask 0xffffff00 broadcast 10.2.1.255 groups: vlan vlan: 1004 vlanpcp: 0 parent interface: em0 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> em0.1005: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: DDHTLXX options=3<RXCSUM,TXCSUM> ether 00:15:17:cb:21:88 inet6 fe80::215:17ff:fecb:2188%em0.1005 prefixlen 64 scopeid 0xe inet 10.2.2.1 netmask 0xffffff00 broadcast 10.2.2.255 groups: vlan vlan: 1005 vlanpcp: 0 parent interface: em0 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> em0.1006: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: DDHTLXVI options=3<RXCSUM,TXCSUM> ether 00:15:17:cb:21:88 inet6 fe80::215:17ff:fecb:2188%em0.1006 prefixlen 64 scopeid 0xf inet 10.2.3.1 netmask 0xffffff00 broadcast 10.2.3.255 groups: vlan vlan: 1006 vlanpcp: 0 parent interface: em0 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492 description: WAN inet 195.yyy.yyy.yyy --> 195.xxx.xxx.xxx netmask 0xffffffff inet6 fe80::215:17ff:fecb:2188%pppoe0 prefixlen 64 scopeid 0x10 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> ovpns1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 fe80::215:17ff:fecb:2188%ovpns1 prefixlen 64 scopeid 0x11 inet 10.4.0.1 --> 10.4.0.2 netmask 0xffffff00 groups: tun openvpn nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> Opened by PID 14530 ovpns2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 fe80::215:17ff:fecb:2188%ovpns2 prefixlen 64 scopeid 0x12 inet 10.4.1.1 --> 10.4.1.2 netmask 0xffffff00 groups: tun openvpn nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> Opened by PID 53796 ovpns3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 fe80::215:17ff:fecb:2188%ovpns3 prefixlen 64 scopeid 0x13 inet 10.4.2.1 --> 10.4.2.2 netmask 0xffffff00 groups: tun openvpn nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> Opened by PID 89803 ovpns4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 fe80::215:17ff:fecb:2188%ovpns4 prefixlen 64 scopeid 0x14 inet 10.4.3.1 --> 10.4.3.2 netmask 0xffffffff groups: tun openvpn nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> Opened by PID 73903 ovpns5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 fe80::215:17ff:fecb:2188%ovpns5 prefixlen 64 scopeid 0x15 inet 10.4.4.1 --> 10.4.4.2 netmask 0xffffff00 groups: tun openvpn nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> Opened by PID 16490 ovpns6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 fe80::215:17ff:fecb:2188%ovpns6 prefixlen 64 scopeid 0x16 inet 10.4.5.1 --> 10.4.5.2 netmask 0xffffff00 groups: tun openvpn nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> Opened by PID 46386 -
@myxomopec you are using pppoe on wan - so it might be an mss issue.
you could try setting mss clamping on your wan to 1492 (or lower)
-
@heper I`ve tried but that does not change the behavior.
Also, from other networks I can still access reddit. -
stephenw10 Netgate Administratorlast edited by stephenw10 Mar 2, 2023, 2:22 PM Mar 2, 2023, 2:20 PM
What's the user rule that's passing that traffic? Also I assume those are pass logs? The default pass rule would not normally log.
If it was a packet size issue you would still see the initial TCP handshake succeed. Those packets are tiny.
-
@stephenw10 Yes, We`ve dump the tcp traffic and we can see that we have response from the target IP.
I hope this rules you are referring to:
-
Ok so you do see a TCP handshake complete in a pcap?
If the first packet that fails it a large packet this probably is an MTU issue.
You can see re0 has a lower MTU than any other NIC. I assume you set that?
-
@stephenw10 Only my home network has MTU of 1480 ... others are by default which should be 1500 I think.
-
Exactly. I assume because you set that? And that's the subnet that cannot connect to those sites.
-
@stephenw10 OK ... So why now? This was working for year and something.
Here is info from dump when I try to curl reddit with 5 sec timeout:
-
Something else in the route changed probably and the PMTU discovery is failing.
Set the re0 NIC back to MTU 1500. Test that, it should be idebntical to the other interfaces at that point.
It that still fails set the MSS on that NIC to something lower, like 1452.Steve
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.