This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable bad bugfix in 9.405-5 "Fix [NUTM-2840]: [AWS] UTM ignores MTU sent by DHCP server"

Do not do this if you don't feel comfortable messing up your UTM. 

I'm pretty shure this voids the warranty.  But my UTM is pretty useless using a MTU of 576 from my ISP.

The 9.405-5 upgrade introduces a mandatory, non disable, usage of the MTU provided with DHCP, if one is provided.

A lot of us have ISP's that provide bad MTU values. Like my own ISP giving a MTU of 576 (Confirmed with wireshark).

This is what you need to do to disable the usage of MTU from DHCP. Beware, you will be touching the system, and also.. it will not update MTU based on any DHCP.

(I'm not telling you how to get into the UTM, if you don't know... you have no business being there... better wait for the fix.)

In the 

/var/chroot-dhcpc/etc

There is a file named: default.conf

cat default.conf

interface "[<INTERFACE>]" {
timeout 20;
retry 60;
script "/usr/sbin/dhcp_updown.plx";
request subnet-mask, broadcast-address, time-offset,
routers, domain-name, domain-name-servers, host-name,
domain-search, nis-domain, nis-servers,
ntp-servers, interface-mtu;
[<HOSTNAME>]
}

"interface-mtu" : If you remove that (not the following ;!!!), and take your interface down/up, your MTU is possible to edit by hand again in the GUI.

AND ... it will use the number you give it, not the dumb MTU value one of your ISP's let be in their equipment because they did not bother to change it.

Finally I have a UTM back up and working, and I can get back to business.



This thread was automatically locked due to age.
Parents
  • I tired this work around and it didn't work for me. I was forced to re-install to the previous version and restore a backup config...

    I hope Sophos plans to fix this by allowing us to override the MTU provided otherwise many people will be looking for new UTM software. I would hate to do that and many others would as well but a broken connection isn't worth good software. 

  • pclov3r said:

    I tired this work around and it didn't work for me. I was forced to re-install to the previous version and restore a backup config...

    I hope Sophos plans to fix this by allowing us to override the MTU provided otherwise many people will be looking for new UTM software. I would hate to do that and many others would as well but a broken connection isn't worth good software. 

    Just curious,

    Would you be able to describe how this workaround did not work for you?

  • It refused to route traffic after doing the manual config change.

    It would work again if I added the interface-mtu; back 

  • It looks like your mistake was removing the semi-colon after and not removing the comma-space in front of interface-mtu

    Does it work after those corrections?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • It looks like your mistake was removing the semi-colon after and not removing the comma-space in front of interface-mtu

    Does it work after those corrections?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data