Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


368 posts

Ultimate Geek
+1 received by user: 133

Subscriber

Topic # 240914 2-Oct-2018 13:30
Send private message quote this post

I've run into an issue where my wife's new iPhone will not download from google music, or play any youtube videos when connected to our wifi. I've also noticed on my desktop yt-dl will not actually download any videos. I'm also receiving ssl timeouts when going to certain sites (one example is https://isthereanydeal.com ) When I connect to a vpn, it works just fine.

 

I believe this is an issue with mss clamping after quite a bit of searching. I've set the mtu and mss per the instructions on the voyager website, however I still have the issue. My boot.config for my edgrouter lite is here.

 

I'm smart enough to admit I'm not smart enough to figure this one out, so any help would be greatly appreciated to figure out what I'm doing wrong, or how I can fix this. It seems like the MTU and MSS is set correctly, but not being able to browse some ssl sites, and not being able to download from her iPhone seems to point at it not being set properly.


Create new topic
Mr Snotty
8029 posts

Uber Geek
+1 received by user: 4018

Moderator
Trusted
Lifetime subscriber

  Reply # 2100051 2-Oct-2018 13:41
One person supports this post
Send private message quote this post

I'm pretty sure Voyager support full 1500 byte MTU on UFB. @VygrNetworkMonkey is best to confirm this.

 

If this is the case - set the eth0 + eth0.10 interface to 1508 bytes and PPPoE to 1500. Disable MSS clamping. Set all your other interfaces to 1500 bytes and you should be all set.

 

Edit: Response below, I was incorrect but good to know. Looks like you've configured your Edgerouter right.





54 posts

Master Geek
+1 received by user: 40

Trusted
Voyager
Lifetime subscriber

  Reply # 2100063 2-Oct-2018 13:58
3 people support this post
Send private message quote this post

Hi @Taubin, (thanks for the ping @michaelmurfy!),

 

We run a 1492MTU - which equates to a 1452 TCP-MSS.
I can see on our BNG that your connection is indeed negotiated at 1492

 

We have seen the ERL's do some 'interesting' stuff with MTU and MSS in the past - but every time it's resolved by adjusting the configuration to the correct parameters.
Unfortunately I cant give you advise on the ERL, as I'm not familiar with it.

 

 





Voyager Internet - Network Monkey



368 posts

Ultimate Geek
+1 received by user: 133

Subscriber

  Reply # 2100080 2-Oct-2018 14:12
Send private message quote this post

michaelmurfy:

 

If this is the case - set the eth0 + eth0.10 interface to 1508 bytes and PPPoE to 1500. Disable MSS clamping. Set all your other interfaces to 1500 bytes and you should be all set.

 

 

Unfortunately, that broke all ssl sites (google, gmail, my own sites) on both my phone and my desktop after rebooting everything. Connecting to vpn fixed it. Changing it back to 1492 and 1500 fixed most of the sites without the VPN. My Nexus 5x doesn't have any issues with downloading from google music, or streaming youtube on our network, but her iPhone refuses to do either.

 

I've reset everything to default (ERL, Unifi AP AC Lite) and still had the issue over the weekend. I'm just now getting around to sitting down and trying to fix it again. The SD card in the ERL was also replaced over the weekend, however the issue with the iPhone and yt-dl were present prior to that.




368 posts

Ultimate Geek
+1 received by user: 133

Subscriber

  Reply # 2102380 6-Oct-2018 09:00
Send private message quote this post

Just wanted to update, after setting everything to the settings recommended by @VygrNetworkMonkey and rebooting the router as well as the ONT, I'm able to use most sites again. Hopefully this is fully resolved. Not sure why it started acting up in the first place.




368 posts

Ultimate Geek
+1 received by user: 133

Subscriber

  Reply # 2102626 6-Oct-2018 18:47
Send private message quote this post

I may have spoken too soon, it works properly for getting to ssl sites, however my wife's iPhone and apps like yt-dl will still not download. I've verified the settings in the ERL, so it should be transferring them properly. I've reset everything to default, and they all work over vpn, so I must be doing something wrong. I'll keep fighting with it.




368 posts

Ultimate Geek
+1 received by user: 133

Subscriber

  Reply # 2103642 9-Oct-2018 07:26
Send private message quote this post

Hopefully I have finally gotten this resolved. I had to drop the clamping to 1412 to get it to work. I had to both IPV4 and IPV6, so the clamping settings on the @VygrNetworkMonkey website may need to be updated, or there may be an underlying issue with my connection. Either way, it's working properly now, and my wife can get to youtube on her phone, which makes her very happy. TLS sites are also working properly after the change. Thank you both for your help and suggestions. Cheers. 


560 posts

Ultimate Geek
+1 received by user: 108


  Reply # 2103733 9-Oct-2018 10:02
Send private message quote this post

mss 1412 on IPv6 is ok but I'm wondering why mss 1452 on IPv4 didn't work with your setup.

 

set firewall options mss-clamp interface-type pppoe
set firewall options mss-clamp mss 1452
set firewall options mss-clamp6 interface-type pppoe
set firewall options mss-clamp6 mss 1412





No backup, no pity. Anyway, RAID isn't one.




368 posts

Ultimate Geek
+1 received by user: 133

Subscriber

  Reply # 2103839 9-Oct-2018 11:17
Send private message quote this post

Thanks, I've switched them and things are working well. I still have quite a bit to learn about this stuff, so I'm off to do more searching about the clamping and mtu items. I've updated the link to my boot config with my current config that's working.

 

Thank you all very much for the help, I'm a bit of an idiot when it comes to some of this stuff but I'm always willing to learn from my idiocy and mistakes. Cheers.


560 posts

Ultimate Geek
+1 received by user: 108


  Reply # 2107512 14-Oct-2018 08:23
One person supports this post
Send private message quote this post

Each pro once have been a beginner and a real pro never forgets this.





No backup, no pity. Anyway, RAID isn't one.


54 posts

Master Geek
+1 received by user: 40

Trusted
Voyager
Lifetime subscriber

  Reply # 2107730 14-Oct-2018 19:12
3 people support this post
Send private message quote this post

Heya @Taubin

 

Glad you found the fix!

 

It's often not easy to determine if you are visiting a IPv4 or IPv6 site, and what is causing the issue, due to 'happy eye-balls' doing it's thing so it's always a good idea to turn off IPv6 during troubleshooting to either exclude or pinpoint v6 on the issue - we actually require it while troubleshooting customers through issues.

 

Apologies, in my earlier post I forgot you were on IPv6, and the TCP-MSS details I relayed are for IPv4 only.

 

As you've noticed, IPv6 has a different TCP-MSS (the MTU stays the same of course).
This is due to the IPv6 header within the packet being double a standard IPv4 header.

 

An IPv4 TCP packet (within PPPoE) is comprised like this:
PPP Header: 8 bytes (this makes the max MTU 1492 bytes)
IPv4 Header: 20 bytes
TCP Header: 20 bytes
TCP Payload: 1452 bytes (this is the IPv4 TCP-MSS value)
Total: 1500 bytes

 

Compared to a IPv6 TCP packet (within PPPoE again):
PPP Header: 8 bytes (this makes the max MTU 1492 bytes)
IPv6 Header: 40 bytes
TCP Header: 20 bytes
TCP Payload: 1432 bytes (this is the IPv6 TCP-MSS value)
Total: 1500 bytes

 

I see you've gone for a 1412 IPv6 TCP-MSS - this of course will work, however, it's on the aggressive side.
If you've tried it at 1432 and you still have issues, something else may be at play?





Voyager Internet - Network Monkey



368 posts

Ultimate Geek
+1 received by user: 133

Subscriber

  Reply # 2107733 14-Oct-2018 19:22
Send private message quote this post

Thank you @VygrNetworkMonkey that makes sense with the larger header and smaller payload. I don't remember if I did try the 1432, or went straight to 1412. I have noticed a few sites taking a while to load with this config (most notably gfycat over ipv6). I'll change the IPv6 mss tomorrow when my wife as at work as to keep the aggro down ;) and I'll report back. Thank you again for all of the help! Cheers


Mr Snotty
8029 posts

Uber Geek
+1 received by user: 4018

Moderator
Trusted
Lifetime subscriber

  Reply # 2107755 14-Oct-2018 20:02
One person supports this post
Send private message quote this post

Thanks @VygrNetworkMonkey

 

I've confirmed this is the best configuration for Voyager. I've also updated my Edgerouter guide for future reference.





560 posts

Ultimate Geek
+1 received by user: 108


  Reply # 2107809 14-Oct-2018 21:53
Send private message quote this post

michaelmurfy:

 

Thanks @VygrNetworkMonkey

 

I've confirmed this is the best configuration for Voyager. I've also updated my Edgerouter guide for future reference.

 

 

You're welcome. It's very hard, isn't it? :-)





No backup, no pity. Anyway, RAID isn't one.


560 posts

Ultimate Geek
+1 received by user: 108


  Reply # 2107876 15-Oct-2018 00:56
Send private message quote this post

... and you will need to change the tutorial again since these commands exist to manually ‘fix’ connectivity to remote sites where ICMP is blocked and PMTU is broken.

 

I'd recommend still to go with mss 1412 @IPv6 for that reason regardless of ISP's 1432 (which is for sure correct but will not deal with the broken remote sites).

 

Just my 2 cents.





No backup, no pity. Anyway, RAID isn't one.




368 posts

Ultimate Geek
+1 received by user: 133

Subscriber

  Reply # 2108200 15-Oct-2018 14:02
Send private message quote this post

I've changed it over to 1432 and it's been running great all day. I've not had any issues with any remote sites, but if I do, I'll try to knock it back down to see if it fixes it. Only issue so far has been slow getting to gfycat (this isn't unusual unfortunately, they haven't configured ipv6 correctly from what I understand).


Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.