This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PPTP/PPPoA and Policy Routing, MTU issue?

I have a NIC set as a PPPoA/PPTP tunnel that connect to a PPTP VPN at my ISP (only way to get static IP from them). The MTU on it is 1500, also my WAN is Cable with MTU = 1500
The VPN "works".

To test it out I have setup a Policy Route such as:

Type: Interface route
Source network: my laptop host
Services: Any
Destination network: Internet
Target Interface: PPPoA VPN Interface

This work pretty well for ping, internet download etc, however I noticed two things:

1) Some website partially load or load forever, wireshark show a HTTP GET then a ACK back and nothing else.

2) I sometime see the message: "ICMP Fragmentation Needed"

Any ideas?

Thanks!

This thread was automatically locked due to age.

Parents

0 BAlfson over 13 years ago

a friend suggested that I set PPPoA interface to 1492 (default), WAN: 1500,

That was what I was trying to say, but was confused by your setup. When you initally configured the PPPoA interface, it should have given you 1492, so that's why I suggested 1478. You should do this in WebAdmin instead of at the command line.

If that doesn't resolve your issue, then I would try different combinations of fixed speed and full/half-duplex in the Hardware settings for the PPPoA interface.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 x-cimo over 13 years ago in reply to BAlfson

Thanks for helping, I've tried the following:

I had a extra Intel NIC e1000 unused in the machine so I setted up the PPPoA on that interface instead of the realtek (onboard nic).

I've set the mtu back to 1492.

But without success... This page seem to discribe my exact problem:

Circumventing Path MTU Discovery issues with MSS Clamping (for ADSL, cable, PPPoE & PPtP users)

I gave it a shot:

with iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

but It dosen't seem to work...
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 x-cimo over 13 years ago in reply to BAlfson

Thanks for helping, I've tried the following:

I had a extra Intel NIC e1000 unused in the machine so I setted up the PPPoA on that interface instead of the realtek (onboard nic).

I've set the mtu back to 1492.

But without success... This page seem to discribe my exact problem:

Circumventing Path MTU Discovery issues with MSS Clamping (for ADSL, cable, PPPoE & PPtP users)

I gave it a shot:

with iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

but It dosen't seem to work...
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 x-cimo over 13 years ago in reply to x-cimo

This worked!

https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/18171

I just typed this in ssh:

iptables -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

However I think it will be gone at next reboot, is there now a way to do this from the GUI ? or add it to a file somewhere...

The /etc/rc.d/ipfilter.local mentionned in the thread dosen't exist anymore.. and that thread if from 2003 [:)]
Cancel
Vote Up 0 Vote Down

Cancel