4. PPPoE packet loss problem (MTU?)

PPPoE packet loss problem (MTU?)

  • C

    I'm trying to diagnose and sort out an mtu problem with my multilink PPPoE connection and could use some assistance.

    My pppoe interface is a 6-line MLPPP connection. Certain SSL web sites won't load completely and I suspected an MTU problem, so I did some testing.

    When ping from pfsense to the upstream gateway, any payload size (-s) less than 1425 elicits a response, while any payload greater than 1424 times out (with no response appearing on tcpdump -i pppoe0 either).

    I tried setting the mtu of pppoe0 to 1452 (using ifconfig in the shell). I tried setting the MTU and MRU of the member interfaces to 1452 (PPPs page in the GUI). None of these changes changed the result that no echo request packet larger than 1452 elicits a response from the ISP's gateway router.

    No doubt I have configured something wrong due to a lack of understanding of PPP or MTU, but I'm not sure what to do about it, and I would appreciate some guidance.

    My /var/etc/mpd_wan.conf file for reference:

    
startup:
        # configure the console
        set console close
        # configure the web server
        set web close

default:
pppoeclient:
        create bundle static wan
        set iface name pppoe0
        set iface route default
        set iface disable on-demand
        set iface idle 0
        set iface enable tcpmssfix
        set iface up-script /usr/local/sbin/ppp-linkup
        set iface down-script /usr/local/sbin/ppp-linkdown
        set ipcp ranges 0.0.0.0/0 0.0.0.0/0
        #log -bund -ccp -chat -iface -ipcp -lcp -link

        create link static wan_link0 pppoe
        set link action bundle wan
        set link enable multilink
        set link keep-alive 10 60
        set link max-redial 0
        set link disable chap pap
        set link accept chap pap eap
        set link disable incoming
        set link mtu 1452
        set link mru 1452
        set auth authname "username@teksavvy.com"
        set auth password secret
        set pppoe service ""
        set pppoe iface em0_vlan201
        open

        create link static wan_link1 pppoe
        set link action bundle wan
        set link enable multilink
        set link keep-alive 10 60
        set link max-redial 0
        set link disable chap pap
        set link accept chap pap eap
        set link disable incoming
        set link mtu 1452
        set link mru 1452
        set auth authname "username@teksavvy.com"
        set auth password secret
        set pppoe service ""
        set pppoe iface em0_vlan202
        open

        create link static wan_link2 pppoe
        set link action bundle wan
        set link enable multilink
        set link keep-alive 10 60
        set link max-redial 0
        set link disable chap pap
        set link accept chap pap eap
        set link disable incoming
        set link mtu 1452
        set link mru 1452
        set auth authname "username@teksavvy.com"
        set auth password secret
        set pppoe service ""
        set pppoe iface em0_vlan203
        open

        create link static wan_link3 pppoe
        set link action bundle wan
        set link enable multilink
        set link keep-alive 10 60
        set link max-redial 0
        set link disable chap pap
        set link accept chap pap eap
        set link disable incoming
        set link mtu 1452
        set link mru 1452
        set auth authname "username@teksavvy.com"
        set auth password secret
        set pppoe service ""
        set pppoe iface em0_vlan205
        open

        create link static wan_link4 pppoe
        set link action bundle wan
        set link enable multilink
        set link keep-alive 10 60
        set link max-redial 0
        set link disable chap pap
        set link accept chap pap eap
        set link disable incoming
        set link mtu 1452
        set link mru 1452
        set auth authname "username@teksavvy.com"
        set auth password secret
        set pppoe service ""
        set pppoe iface em0_vlan206
        open

        create link static wan_link5 pppoe
        set link action bundle wan
        set link enable multilink
        set link keep-alive 10 60
        set link max-redial 0
        set link disable chap pap
        set link accept chap pap eap
        set link disable incoming
        set link mtu 1452
        set link mru 1452
        set auth authname "username@teksavvy.com"
        set auth password secret
        set pppoe service ""
        set pppoe iface em0_vlan207
        open
    0

  • Verify with your ISP that "ppp multilink fragment disable" is turned off on their end.

    0
  • C

    Thank you for the suggestion. I have inquired and will post back updates.

    0

  • clarknova- any progress??

    0
  • C

    I had "Disable Firewall Scrub" checked. Unchecking this fixed the problem. I'm a little embarrassed, as I really thought that I had tried this already. Thanks for the responses.

    0

  • Cool- good to see its working for you!

    Now I need to go loiok at my setup and see if I have that checked or not…

    :)

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy