Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

PPPoE Interface - NOT to use MTU 1492?

BWCBWC Cybersecurity Overlord ✭✭✭
in Mid Range Firewalls

Hi,

while doing some research I came across the omnipresent burden of setting the correct MTU per Interface Type, in my case for a PPPoE Connection.

The general advice is, to set the MTU for Interface X1 (or any other) to 1492 when used as PPPoE client. But this is IMHO technically not correct, it should be left at 1500. When set at 1492 the PMTU Discovery from within the Appliance and via a device behind the Firewall results in a PMTU of 1484 (1492-8).

This might work well up to the point when starting with VPN, because the Option "Fragment non-VPN outbound packets larger than this Interface's MTU" does not take the MTU of the PPPoE Connection into account, it seems to use the MTU of the Ethernet Interface which is different from the resulting PPPoE Connection.

Is anyone running PPPoE with 1500 having any results? What about a router in front of the SonicWall which handles all of the PPPoE? In that case I could set 1492 on X1 without any trouble because the PPPoE 8 Bytes Overhead will be on the Router not the SonicWall, because it would be a simple DHCP/static IP setup.

This is just me digging around while having some MTU trouble from time to time and the majority is probably just fine with 1492.

--Michael@BWC

Category: Mid Range Firewalls
Reply

Comments

  • DavidDellacentaDavidDellacenta Newbie ✭

    are you using GV?

    did you check your MTU?

    ping www.google.com -f -l 1492

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @DavidDellacenta maximum for the ping test is 1484 when X1 is set to 1492. I did not do any further research on that topic to examine some of the VPN related traffic.

    --Michael@BWC

  • DavidDellacentaDavidDellacenta Newbie ✭

    Are you having problems with Global VPN?

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @DavidDellacenta all production units are still at 1492 and no problems (not using GVC though), I'am only wrapping my head around this weird implementation and will do VPN related research at a later point in time. This is strictly a discussion about the topic and no specific issue.

    --Michael@BWC

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Changing the Interface MTU to 1500 bumps the PMTU to 1492 as epxected, but this might be in conflict with VPN, need to play a bit further with it.

    IMHO the implementation is a bit wobbly, because MTU and PMTU should not differ, but for PPPoE on SNWL it's the case.

    --Michael@BWC

Sign In or Register to comment.