issue with mtu/mss and in-kernel pppoe

[Thomas Schoeller]

hi misc,
i have installed a new firewall with my new WRAP board. and have tried the
new
in-kernel pppoe. and i had a problem with the mtu/mss. i have set the pf.conf
entry scrub out on pppoe0 max-mss 1440. and also have put the mtu on the
internal nic to 1492. but no success.
after some googling i found http://www.pro-bono-publico.de/openbsd/pppoe/.
i put scrub in all max-mss 1452 in my pf.conf and it works.

have i forgot something or is the pppoe(4) manpage wrong/notcomplete?

cheers
thomas

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: issue with mtu/mss and in-kernel pppoe

[Jason McIntyre]

On Sat, Jan 07, 2006 at 05:49:34PM +0100, Thomas Schoeller wrote:
 hi misc,
 i have installed a new firewall with my new WRAP board. and have tried the
 new
 in-kernel pppoe. and i had a problem with the mtu/mss. i have set the pf.conf
 entry scrub out on pppoe0 max-mss 1440. and also have put the mtu on the
 internal nic to 1492. but no success.
 after some googling i found http://www.pro-bono-publico.de/openbsd/pppoe/.
 i put scrub in all max-mss 1452 in my pf.conf and it works.
 
 have i forgot something or is the pppoe(4) manpage wrong/notcomplete?
 

as noted in the man page, 1452 should work fine but 1440 is a safer bet.
i use 1453 (i can't remember why). whatever, it just needs to be small
enough...

i don't know why 1452 would work for you and not 1440. you mention
changing the scrub out rule to scrub in all so perhaps sth else in
your ruleset is affecting it. you should not need to clamp max-mss on
incoming packets...

jmc