Penguin
Recent Changes
Blame: Draytek Vigor
EditPageHistoryDiffInfoLikePages
Annotated edit history of Draytek Vigor version 10 showing authors affecting page license. View with all changes included.
Rev Author # Line
5 PeterScott 1 Draytek Vigor series of dsl modems are starting to become available here, which is of interest of those running linux router boxes due to the pppoa to pppoe translation these products do.
2
3 aptitude install pppoe pppoeconf; pppoeconf
4
5 covers most of the bases except for one issue. The pppoeconf asks you :
6
7 <verbatim>
8 | Many providers have routers that do not support TCP packets with |
9 | a MSS higher than 1460. Usually, outgoing packets have this MSS |
10 | when they go through one real Ethernet link with the default MTU |
11 | size (1500). Unfortunately, if you are forwarding packets from |
12 | other hosts (i.e. doing masquerading) the MSS may be increased |
13 | depending on the packet size and the route to the client hosts, |
14 | so your client machines won't be able to connect to some sites. |
15 | There is a solution: the maximum MSS can be limited by pppoe. |
16 | You can find more details about this issue in the pppoe |
17 | documentation. |
18 | |
19 | Should pppoe clamp MSS at 1452 bytes? |
20 | |
21 | If unsure, say yes. |
22 | |
23 | (If you still get problems described above, try setting to 1412 |
24 | |
25 | <Yes> <No> |
26 </verbatim>
27
28 if you answer yes, Debian etch pppoeconf will insert a firewall mangle rule like so:
29
30 <verbatim>
31 less /etc/ppp/ip-up.d/0clampmss
32 #!/bin/sh
33 # Enable MSS clamping (autogenerated by pppoeconf)
34
35 iptables -t mangle -o "$PPP_IFACE" --insert FORWARD 1 -p tcp \
36 --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu
37 </verbatim>
38
39 For a few reasons this isnt helpful. For a start it wont work with this modem. The problem is outlined [here|
40 http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q4/002581.html] and [Jan Seiffert|http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q4/002582.html] kindly suggested an alternative rule.
41
42 <verbatim>
43 iptables -t mangle -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN \
44 -j TCPMSS --set-mss 1444
45 </verbatim>
46
47 Basically the pppoa to pppoe translation sheilds your router from correct mss negotation with the modem. So specifying it manually solves the problem.
48
49 I advise selecting no at the mss step, and installing the rule into your own firewall yourself. My experience was that if you ifdown and up the eth interface that the pppoe link is on, pppoe will reinstall the rule and youll end up with multiple rules.
6 PeterScott 50
51 See also debian [pppoe bug report|http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432709]
5 PeterScott 52
53 __Other notes__
54
55 Also note that pppoeconf doesnt comment your old /etc/network/interfaces ethx config, so if you have a gateway or otherstuff listed there you will to edit it yourself.
56
57 Also note that the process of reconfiguring Vigors from default dhcp on ip 192.168.1.1 involves a few steps. Its best to do it two stages to avoid confusing the modem. First change the ip and port, and turn off dhcp. Then lastly turn on pppoe pass through.
58
59 Also note that mss clamping is not a pretty thing, and certainly doesnt enhance your throughput. [Some sources|http://www.mynetwatchman.com/kb/ADSL/pppoemtu.htm] however claim a mss of 1414 is efficient as it evenly splits the pppoe packet into pppoa's 48 byte frames. Edit: you can go as high as 1452, but this wont allow for any extra tcp headers, or the other odd broken router /server along the road. 1444 gives a 8 byte margin, but does mean your lan clients RWINs are a bit off etc.
9 PeterScott 60
61 A more up to date and complete howto is at [webspaces howto|http://www.webspaces.net.nz/page.php?view=draytek_modems]

PHP Warning

lib/blame.php:177: Warning: Invalid argument supplied for foreach()