Penguin

Draytek Vigor series of dsl modems are starting to become available here, which is of interest of those running linux router boxes due to the pppoa to pppoe translation these products do.

aptitude install pppoe pppoeconf; pppoeconf

covers most of the bases except for one issue. The pppoeconf asks you :

| Many providers have routers that do not support TCP packets with   |
| a MSS higher than 1460. Usually, outgoing packets have this MSS    |
| when they go through one real Ethernet link with the default MTU   |
| size (1500). Unfortunately, if you are forwarding packets from     |
| other hosts (i.e. doing masquerading) the MSS may be increased     |
| depending on the packet size and the route to the client hosts,    |
| so your client machines won't be able to connect to some sites.    |
| There is a solution: the maximum MSS can be limited by pppoe.      |
| You can find more details about this issue in the pppoe            |
| documentation.                                                     |
|                                                                    |
| Should pppoe clamp MSS at 1452 bytes?                              |
|                                                                    |
| If unsure, say yes.                                                |
|                                                                    |
| (If you still get problems described above, try setting to 1412    |
|                                                                    |
|                  <Yes>                     <No>                    |

if you answer yes, Debian etch pppoeconf will insert a firewall mangle rule like so:

less /etc/ppp/ip-up.d/0clampmss
#!/bin/sh
# Enable MSS clamping (autogenerated by pppoeconf)

iptables -t mangle -o "$PPP_IFACE" --insert FORWARD 1 -p tcp  \
   --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu

For a few reasons this isnt helpful. For a start it wont work with this modem. The problem is outlined here and Jan Seiffert kindly suggested an alternative rule.

iptables -t mangle -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN \
  -j TCPMSS --set-mss 1444

Basically the pppoa to pppoe translation sheilds your router from correct mss negotation with the modem. So specifying it manually solves the problem.

I advise selecting no at the mss step, and installing the rule into your own firewall yourself. My experience was that if you ifdown and up the eth interface that the pppoe link is on, pppoe will reinstall the rule and youll end up with multiple rules.

See also debian pppoe bug report

Other notes

Also note that pppoeconf doesnt comment your old /etc/network/interfaces ethx config, so if you have a gateway or otherstuff listed there you will to edit it yourself.

Also note that the process of reconfiguring Vigors from default dhcp on ip 192.168.1.1 involves a few steps. Its best to do it two stages to avoid confusing the modem. First change the ip and port, and turn off dhcp. Then lastly turn on pppoe pass through.

Also note that mss clamping is not a pretty thing, and certainly doesnt enhance your throughput. Some sources however claim a mss of 1414 is efficient as it evenly splits the pppoe packet into pppoa's 48 byte frames. Edit: you can go as high as 1452, but this wont allow for any extra tcp headers, or the other odd broken router /server along the road. 1444 gives a 8 byte margin, but does mean your lan clients RWINs are a bit off etc.

A more up to date and complete howto is at webspaces howto