Fragmentation WAN PPPoE



  • Hi,

    I'll try to explain my problem.

    I've got a PPPoE connection with MTU 1492. Behind, a Nat 'Port forward" for an email server. Only one of our client can't send us big email. Small emails work correctly but if there is fragmentation some packets are dropped:

    May 7 09:43:08 SFR   194.250.153.xxx   5.39.xxx.xxx TCP:

    May 7 09:43:12 SFR   194.250.153.xxx   5.39.xxx.xxx TCP:

    May 7 09:43:20 SFR   194.250.153.xxx   5.39.xxx.xxx TCP:

    May 7 09:43:36 SFR   194.250.153.xxx   5.39.xxx.xxx TCP:

    I tested many configuration:

    • firewall optimization in conservative mode
    • Disable hardware checksum offload
    • Clear invalid DF bits instead of dropping the packets
    • Disables the PF scrubbing option which can sometimes interfere with NFS and PPTP traffic
    • disable net.inet.tcp.rfc1323
    • disable net.inet.tcp.sack.enable
    • set mtu 1492 on my server

    I'm running pfsense 2.0.3 64b. I don't know why a can't get message from this peer. Could you help me please?
    [packetcapture (16).txt](/public/imported_attachments/1/packetcapture (16).txt)



  • Hi,

    have no direct idea but you can test here your MTU and other helpful things:
    http://www.speedguide.net/analyzer.php



  • Hi,

    Thank you for your answer.
    In fact your site give me MTU 1460 and not 1492. I don't know why.

    TCP options string: 0204058c010303070402080a0006a9ea00000000
    MSS: 1420
    MTU: 1460
    TCP Window: 66176 (NOT multiple of MSS)
    RWIN Scaling: 7 bits (2^7=128)
    Unscaled RWIN : 517
    Recommended RWINs: 65320, 130640, 261280, 522560, 1045120
    BDP limit (200ms): 2647kbps (331KBytes/s)
    BDP limit (500ms): 1059kbps (132KBytes/s)
    MTU Discovery: ON
    TTL: 49
    Timestamps: ON
    SACKs: ON
    IP ToS: 00000000 (0)



  • @llelapin:

    Thank you for your answer.
    In fact your site give me MTU 1460 and not 1492. I don't know why.

    MSS: 1420
    MTU: 1460
    MTU Discovery: ON

    good thing seems that MTU discovery is on … can you see in your ppp logs what MTU is set by pfSense ?
    Perhaps you must set for security MTU in PPP page directly (there is a field for it).

    But normally also many other sites should have problems when using more than 1500 Bits ... its quick reached ;)


Log in to reply