I’m setting up a new VyOS install and am running into a bit of an issue that has me stumped.
I connect to my ISP (DSL) using PPPoE, a niche aspect of this config is that I have to set MSS clamping or I get some really odd behavior. The following 3 links seem to be just about all there is to say about this with VyOS:
https://docs.vyos.io/en/latest/configuration/policy/examples.html#clamp-mss-for-a-specific-ip
https://support.vyos.io/en/kb/articles/pppoe-sub-interfaces-2#comments
I’ve ended up with the following configuration:
policy {
route pppoe-mss-clamp {
description "MSS clamp for PPPoE"
interface eth1.1020
interface eth1.1200
interface eth1
interface pppoe0
rule 5 {
protocol tcp
set {
tcp-mss 1412
}
tcp {
flags {
syn
}
}
}
}
}
(for reference the eth1* interfaces are my LAN side interfaces. I know attaching it to the PPPoE interface shouldn’t do anything, mostly added it out of desperation just to see if anything happened.)
As far as I can tell this should work but it isn’t. I ran a PCAP on the PPPoE interface while attempting some problematic traffic from an internal server and the capture shows the MSS value of TCP SYN packets leaving my network as the default 1460. I can’t seem to figure out a command in VyOS to show me if/where the policy route is being applied to traffic, the ‘show policy route statistics’ command in the manual doesn’t seem to be valid. For reference I’m running 1.4-rolling-202302270317 but also observed this behavior on 1.4-rolling-202302150317.
Any advice on how to further troubleshoot the policy route (or another way to implement this?)