Scheduled maintenance on Saturday, August 8th from 7am to 10am (UTC). Licensing registrations and key activations will be unavailable during this period. More info here.
We'd love to hear about it! Click here to go to the product suggestion community
Why do I get this error when I try to configure it like this
This is a standard configuration for PPPOE networks
« SpeedGuide.net TCP Analyzer Results » Tested on: 2019.08.06 07:14 IP address: 83.45.xxx.xxx Client OS/browser: Windows 10 (Firefox 68.0) TCP options string: 020405ac0103030801010402 MSS: 1452 MTU: 1492 TCP Window: 262656 (not multiple of MSS) RWIN Scaling: 8 bits (2^8=256) Unscaled RWIN : 1026 Recommended RWINs: 63888, 127776, 255552, 511104, 1022208 BDP limit (200ms): 10506kbps (1313KBytes/s)BDP limit (500ms): 4202kbps (525KBytes/s) MTU Discovery: ON TTL: 112 Timestamps: OFF SACKs: ON IP ToS: 00100000 (32) Precedence: 001 (priority) Delay: 0 (normal delay) Throughput: 0 (normal throughput) Reliability: 0 (normal reliability) Cost: 0 (normal cost) Check bit: 0 (correct)DSCP (DiffServ): CS1 001000 (8) - class 1 (RFC 2474). Similar forwarding behavior to the ToS Precedence field.
Hi l0rdraiden As you are trying to configure PPPoE connection it will add 8 bytes into 40bytes difference in MSS.
mss = tcp-mss which is actually = MTU - 40 (20 Byte for TCP + 20 Byte IP)
so mss will be = 1460 if you have a MTU of 1500 The maximum MTU for Ethernet connections on devices is 1500 bytes (Ethernet maximum MTU size). Having an MTU of 1500 allows for 1460 bytes of data payload, 20 bytes of TCP header, and 20 bytes of IP header. With PPPoE connections, the PPP and PPPoE header increases the frame size by 8 bytes, so we must lower the MTU to 1492. With the Ethernet header added to this, we get a frame size of 1518 bytes.
In reply to Keyur:
Keyurmss = tcp-mss which is actually = MTU - 40 (20 Byte for TCP + 20 Byte IP)
This is absolutely correct, but the PPPOE-header of 8 bytes gets subtracted from both MTU and MSS, thus still leaving a difference of 40. 48 makes no sense to me at all.
In reply to donald2612:
I think is wrongly implemented in Sophos XG, it should be fixed.
Sophos engineers didn't understood how to implement this properly
Keyur please report this bug internally, the difference must be 40, not 48
In reply to l0rdraiden:
Hi l0rdraiden When you lower the size for MTU i.e 1492 it is not subtracting anything for PPPoE, MSS should be 48 bytes less than MTU size while configuration. If the MTU value is 1500 than MSS for PPPoE configuration should be 1452 in the XG configuration.
Sorry but you are wrong
The router of my ISP works with this, I have check another ISP in my country and they use the same. Both under PPPoE
MSS: 1452 MTU: 1492
MSS is MTU mins 40. And that's it. Please report the bug, it's either a bug or you don't undertand the definition of the terms. If the difference must be 48 then MTU is not MTU or MSS is not MSS and are something else.
You should open a Bug with the Sophos Support to get this reported.
In reply to LuCar Toni:
No, you, as an employee of your company should open a bug report, that somebody in the community found a bug. And be grateful for it.
I hate it, when basic principles get lost in too fast growing companies...
My company is in need of a new fw-solution, so I wander the forums before I choose. Do you think that this type of incompetent advice(s) are a good mind changer?
It's about only a small engineering problem, where an employee should show knowledge and if not given, get pro-active help activated.
I still think your UTM-project has matured, your XG-team has failed to develop this product, what kind of this threads show. Learn, implement and show sovereignty, that should be your credo. But it's hire and fire, leave and forget, I guess. Good luck!
for LuCar to create a bug report he needs your serial number which he does not have or you can create it and provide a little priority to it eg it is affecting your business with some application failing to connect because of MTU size.
Hi l0rdraiden I am working with the concern team about the reported issue and will inform you further with required details.
In reply to rfcat_vk:
Allow me to clarify the confusion in this thread.
While dealing with MTU and MSS value of any normal interface type, such as Static and DHCP then the MTU default would be 1500 and MSS value would be 1500-40=1460 value.
This is different in PPPOE case, we would need an additional 8 byte PPPoE i..e PPP-Max-Payload field and needs an additional 8 bytes and truncates the Ethernet MTU to 1492 and the value for MSS is 1452.
Difference between Ethernet MTU and IP MTU.
The main difference is interface MTU defined max packet size supported by an interface, while IP MTU is used to set MTU size of IP PACKET. Each interface has a default maximum packet size or MTU size. This number generally defaults to the largest size possible for that interface type.
IP MTU A.K.A MRU.
To set the maximum transmission unit (MTU) size of IP packets sent on an interface. The minimum is 128 bytes; the maximum depends on the interface medium.
Changing the MTU value (with the MTU interface configuration command) can affect the IP MTU value. If the current IP MTU value is the same as the MTU value, and you change the MTU value, the IP MTU value will be modified automatically to match the new MTU. However, the reverse is not true; changing the IP MTU value has no effect on the value for the MTU command.
"The Maximum-Receive-Unit (MRU) option MUST NOT be negotiated to a larger size than 1492. Since Ethernet has a maximum payload size of 1500 octets, the PPPoE header is 6 octets and the PPP Protocol ID is 2 octets, the PPP MTU MUST NOT be greater than 1492." -> Taken from RFC 2516
1. Interface MTU - default MTU size for an interface:
For PPPOE connection Ethernet MTU = IP MTU + 8. 8 bytes for overhead
For Normal Connection Ethernet MTU = IP MTU.
Mss value = IP MTU - 40.
So the difference between ethernet MTU and MSS value is 48, not 40.
In the screenshot mentioned above, the Ethernet MTU was set as 1492, so we would need an additional 48 bytes for overhead.
In reply to Aditya Patel:
This is a perfect post!
Just migrated from UTM to XG
I have been having DSL PPPoE WAN connections disconnecting every couple of hours since migrating
I have set my my MSS to 1412 and MTU to 1492
I am going to be performing some testing and will advise this post
Thanks Aditya Patel