Changing MTU doesn't work on PFSense 2.0 FINAL
-
Hi,
i installed Pfsense 2.0 final in a virtual machine on KVM hypervisor. When i change MTU on the web interface i check it on the shell through ifconfig and it displays that MTU has changed. But MTU doesn't work correctly and if i check in internet loading a web page requiring right MTU to be loaded, it fails.Why?
-
Are you able to change the MTU on the virtual NIC?
-
Yes but it doesn't work…before installing Pfsense i had a VM with Kerio Firewall and it works greatly with the different MTU (1496).
Any suggestions? I'm trying to replace Kerio but if i can't get Pfsense working, i can't do it.
-
What hypervisor are you using?
-
I'm using Proxmox 1.9 (based on KVM 0.15.0)
-
Any suggestion?
ps. if i try to use pfsense 1.2.3 mtu works correctly
why? -
In 1.2.3 the MTU box only adjusts MSS, not MTU
on 2.0 the MTU setting actually does MTU. The MSS value is separate.
-
I put in MTU box 1496 and in MSS box 1456 but it still doesn't work as it should. WHY?
I have an Internet connection that need an MTU equal to 1496. how can I get this value working in PFsense???
-
any suggestion???
-
Have you changed the MTU and MSS rates and applied a reboot? Sometimes the hypervisor needs the VM to be rebooted before virtual hardware changes are applied.
-
Yes, i tried to reboot vm after applying mtu but it still doesn't work. Is there anyone who have got working a diffrenet mtu in pfsense 2? I'm beginning to think that it is a pfsense bug…
-
I also tried to reboot the VM after MTU change.
Today I tried with a bare metal installation on a PC but I couldn't get it working neither in the PC.
In pfSense 1.2.3 WORKS…
WHY???? :'( :'(
-
Have you tried leaving the MTU at 1500 but changing only the MSS to 1496?
-
Yes… i tried every possible combination :D
It seems that the freebsd network stack doesn't change MTU even if i do a ifconfig the new value is correctly displayed...
-
It wasn't changing the MTU in 1.2.3 - so your problem is probably not the MTU.
In 1.2.3 the MTU value only adjusted MSS, not the MTU, so if it worked on 1.2.3, then the MTU change is not to blame.
And yes, FreeBSD does change the MTU.
Try doing a packet capture on the WAN and see if it really is sending out packets larger than the MTU.
try this with MSS set:
grep -i mss /tmp/rules.debug -
grep -i mss /tmp/rules.debug
output:
scrub in on $FORINI all max-mss 1456 fragment reassemble
It seems to be correct but if i vist some webpages which require correct MTU it doesn't work, while with other firewalls webpages are shown correctly!!!
WHY?
