VyOS on a PCCW PPPoE link

Man am I annoyed!, when moving some internet connections off WharfTT to PCCW (as they promised us better site to site connectivity between Macau and Hong Kong) We got their stupendous PPPoE type connections instead of just a plain old Ethernet link.

What does that matter you might think, but with these PPPoE connections you need to screw your MTU down to 1492 to allow for the PPP overhead, and even worse, if you are using VyOS (or any other Linux Kernel based router/firewall for that matter) like we are, you would need to Clamp your MSS. And of course you will only find out how to do that when emails stop flowing in and internet connections crawl to halt.

So to save you some time,.. for VyOS (My favorite flavor of opensource routers) you do the following

Edit the file:


And add the following line

iptables -t mangle -I POSTROUTING 1 -p tcp -o pppoe0 --tcp-flags SYN SYN -j TCPMSS --set-mss 1412

You would need to hack this since VyOS (using 1.6 now) does still not come with a modify (mangle) class in the firewall configuration.

For good measure, your VyOS firewalls are of course bound to the PPPoE interface like so.

ethernet eth1 {
 duplex auto
 hw-id 00:1c:c0:f1:d2:c5
 pppoe 0 {
 default-route auto
 firewall {
 in {
 name pppoe-in
 local {
 name pppoe-local
out {
name pppoe-out