This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable bad bugfix in 9.405-5 "Fix [NUTM-2840]: [AWS] UTM ignores MTU sent by DHCP server"

Do not do this if you don't feel comfortable messing up your UTM. 

I'm pretty shure this voids the warranty.  But my UTM is pretty useless using a MTU of 576 from my ISP.

The 9.405-5 upgrade introduces a mandatory, non disable, usage of the MTU provided with DHCP, if one is provided.

A lot of us have ISP's that provide bad MTU values. Like my own ISP giving a MTU of 576 (Confirmed with wireshark).

This is what you need to do to disable the usage of MTU from DHCP. Beware, you will be touching the system, and also.. it will not update MTU based on any DHCP.

(I'm not telling you how to get into the UTM, if you don't know... you have no business being there... better wait for the fix.)

In the 

/var/chroot-dhcpc/etc

There is a file named: default.conf

cat default.conf

interface "[<INTERFACE>]" {
timeout 20;
retry 60;
script "/usr/sbin/dhcp_updown.plx";
request subnet-mask, broadcast-address, time-offset,
routers, domain-name, domain-name-servers, host-name,
domain-search, nis-domain, nis-servers,
ntp-servers, interface-mtu;
[<HOSTNAME>]
}

"interface-mtu" : If you remove that (not the following ;!!!), and take your interface down/up, your MTU is possible to edit by hand again in the GUI.

AND ... it will use the number you give it, not the dumb MTU value one of your ISP's let be in their equipment because they did not bother to change it.

Finally I have a UTM back up and working, and I can get back to business.



This thread was automatically locked due to age.
Parents
  • I was able to just edit my External WAN and uncheck the box for Dynamic IP.  This left my current IP info in the fields.  I then changed my MTU to 1500, clicked save and I was back up and running fine.


    This is a temporary solution, but easier then performing an edit on the box.

    Rick

Reply
  • I was able to just edit my External WAN and uncheck the box for Dynamic IP.  This left my current IP info in the fields.  I then changed my MTU to 1500, clicked save and I was back up and running fine.


    This is a temporary solution, but easier then performing an edit on the box.

    Rick

Children
  • Thanks, this did work very easily for a temporary solution. Generally my IPs don't change unless there is a power loss for one reason or another (maintenance, power outage, etc) so it's isn't permanent but works for now.

  • leitzr said:

    I was able to just edit my External WAN and uncheck the box for Dynamic IP.  This left my current IP info in the fields.  I then changed my MTU to 1500, clicked save and I was back up and running fine.


    This is a temporary solution, but easier then performing an edit on the box.

    Rick

    Hi,

    I hope you did not just make your DHCP allocated address your static IP. If you'r on a DHCP subscription it can be a very bad idea to "just" switch to a static IP.

    As you know your DHCP client renew's your IP towards your DHCP server. Without that renewal someone else will get your IP assigned, resulting in a IP conflict.

    I'm not telling you what to do, but that I would NOT do.

  • Vegard,

    You have a valid point.  I happen to know what my typical dhcp lease time is and I manually renew my lease before the 50% point, which I should have recommended.  I prefer to do this while we wait for this issue to be resolved, instead of hacking my system.

    Rick

  • leitzr said:

    Vegard,

    You have a valid point.  I happen to know what my typical dhcp lease time is and I manually renew my lease before the 50% point, which I should have recommended.  I prefer to do this while we wait for this issue to be resolved, instead of hacking my system.

    Rick

    Hi Rick,
    I'm never going to push anybody into doing anything. Except if they are the ISP with a bad config.
    After a week of naging on my ISP they updated their MTU value on their DHCP server, so I just reverted my workaround.
    Hope Sophos does a fix, or feature update soon. 
    Best regards
    Vegard