VyOS on a PCCW PPPoE link


Man am I annoyed!, when moving some internet connections off WharfTT to PCCW (as they promised us better site to site connectivity between Macau and Hong Kong) We got their stupendous PPPoE type connections instead of just a plain old Ethernet link.

What does that matter you might think, but with these PPPoE connections you need to screw your MTU down to 1492 to allow for the PPP overhead, and even worse, if you are using VyOS (or any other Linux Kernel based router/firewall for that matter) like we are, you would need to Clamp your MSS. And of course you will only find out how to do that when emails stop flowing in and internet connections crawl to halt.

So to save you some time,.. for VyOS (My favorite flavor of opensource routers) you do the following

Edit the file:

/config/scripts/vyatta-postconfig-bootup.script

And add the following line

iptables -t mangle -I POSTROUTING 1 -p tcp -o pppoe0 --tcp-flags SYN SYN -j TCPMSS --set-mss 1412

You would need to hack this since VyOS (using 1.6 now) does still not come with a modify (mangle) class in the firewall configuration.

For good measure, your VyOS firewalls are of course bound to the PPPoE interface like so.

ethernet eth1 {
 duplex auto
 hw-id 00:1c:c0:f1:d2:c5
 pppoe 0 {
 default-route auto
 firewall {
 in {
 name pppoe-in
 }
 local {
 name pppoe-local
}
out {
name pppoe-out
}

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s