PPPoE packet loss problem (MTU?)
-
I'm trying to diagnose and sort out an mtu problem with my multilink PPPoE connection and could use some assistance.
My pppoe interface is a 6-line MLPPP connection. Certain SSL web sites won't load completely and I suspected an MTU problem, so I did some testing.
When ping from pfsense to the upstream gateway, any payload size (-s) less than 1425 elicits a response, while any payload greater than 1424 times out (with no response appearing on tcpdump -i pppoe0 either).
I tried setting the mtu of pppoe0 to 1452 (using ifconfig in the shell). I tried setting the MTU and MRU of the member interfaces to 1452 (PPPs page in the GUI). None of these changes changed the result that no echo request packet larger than 1452 elicits a response from the ISP's gateway router.
No doubt I have configured something wrong due to a lack of understanding of PPP or MTU, but I'm not sure what to do about it, and I would appreciate some guidance.
My /var/etc/mpd_wan.conf file for reference:
startup: # configure the console set console close # configure the web server set web close default: pppoeclient: create bundle static wan set iface name pppoe0 set iface route default set iface disable on-demand set iface idle 0 set iface enable tcpmssfix set iface up-script /usr/local/sbin/ppp-linkup set iface down-script /usr/local/sbin/ppp-linkdown set ipcp ranges 0.0.0.0/0 0.0.0.0/0 #log -bund -ccp -chat -iface -ipcp -lcp -link create link static wan_link0 pppoe set link action bundle wan set link enable multilink set link keep-alive 10 60 set link max-redial 0 set link disable chap pap set link accept chap pap eap set link disable incoming set link mtu 1452 set link mru 1452 set auth authname "username@teksavvy.com" set auth password secret set pppoe service "" set pppoe iface em0_vlan201 open create link static wan_link1 pppoe set link action bundle wan set link enable multilink set link keep-alive 10 60 set link max-redial 0 set link disable chap pap set link accept chap pap eap set link disable incoming set link mtu 1452 set link mru 1452 set auth authname "username@teksavvy.com" set auth password secret set pppoe service "" set pppoe iface em0_vlan202 open create link static wan_link2 pppoe set link action bundle wan set link enable multilink set link keep-alive 10 60 set link max-redial 0 set link disable chap pap set link accept chap pap eap set link disable incoming set link mtu 1452 set link mru 1452 set auth authname "username@teksavvy.com" set auth password secret set pppoe service "" set pppoe iface em0_vlan203 open create link static wan_link3 pppoe set link action bundle wan set link enable multilink set link keep-alive 10 60 set link max-redial 0 set link disable chap pap set link accept chap pap eap set link disable incoming set link mtu 1452 set link mru 1452 set auth authname "username@teksavvy.com" set auth password secret set pppoe service "" set pppoe iface em0_vlan205 open create link static wan_link4 pppoe set link action bundle wan set link enable multilink set link keep-alive 10 60 set link max-redial 0 set link disable chap pap set link accept chap pap eap set link disable incoming set link mtu 1452 set link mru 1452 set auth authname "username@teksavvy.com" set auth password secret set pppoe service "" set pppoe iface em0_vlan206 open create link static wan_link5 pppoe set link action bundle wan set link enable multilink set link keep-alive 10 60 set link max-redial 0 set link disable chap pap set link accept chap pap eap set link disable incoming set link mtu 1452 set link mru 1452 set auth authname "username@teksavvy.com" set auth password secret set pppoe service "" set pppoe iface em0_vlan207 open -
Verify with your ISP that "ppp multilink fragment disable" is turned off on their end.
-
Thank you for the suggestion. I have inquired and will post back updates.
-
clarknova- any progress??
-
I had "Disable Firewall Scrub" checked. Unchecking this fixed the problem. I'm a little embarrassed, as I really thought that I had tried this already. Thanks for the responses.
-
Cool- good to see its working for you!
Now I need to go loiok at my setup and see if I have that checked or not…
:)
