PPPoE Server adjust mss for ppp clients

noc.tlc · April 22, 2026, 3:27pm

Hi,

I’m doing some extensive tests on vyos as a possible BNG solution for my company, and I’m dealing with an mss-adjust issue.

I want to set the mss-adjust for all my pppoe clients at a defined value, let’s say 1440, without touching MTU/MRU, which is correctly set and working at 1492

My version is:

Version: VyOS 2026.03
Release train: circinus
Release flavor: generic

Built by: autobuild@vyos.net
Built on: Wed 18 Mar 2026 20:03 UTC
Build UUID: 3969e1c7-a4bb-459a-ac7f-54749c153d21
Build commit ID: 1cac4fd63750b0

The pppoe-server is listening on interface eth2, and I’ve configured following commands, which aren’t working as expected tho:

set interfaces ethernet eth2 ip adjust-mss ‘1440’
set policy route PPPOE-IN interface ‘eth2’
set policy route PPPOE-IN rule 10 protocol ‘tcp’
set policy route PPPOE-IN rule 10 set tcp-mss ‘1440’
set policy route PPPOE-IN rule 10 tcp flags syn
set policy route PPPOE-IN rule 10 tcp mss ‘1440’

I’ve looked at this post, but the command “set interfaces ethernet eth2 policy route ‘PPPOE-IN’“ can’t be done, syntax error

I’ve tried with just the first command, then with all but the latter, and then all commands, but neither worked

What i see from pcaps is that my pppoe client is setting the MSS value based on the negotiatied MTU and vyos isn’t rewriting that field

Can you help me achieve what i want?
Just to give you an example, on Cisco I can do this under
Interface Virtual-TemplateX
ip tcp adjust-mss 1440

Thanks in advance

Viacheslav · April 23, 2026, 11:19am

Why not set policy for the ppp* interface?

noc.tlc · April 23, 2026, 12:17pm

I was looking precisely for something like that, but I didn’t knew it would be possible.

Can you help me with the syntax?

BR

matthewr · April 23, 2026, 5:46pm

For example on 1.4.4:-

set interfaces pppoe pppoe0 ip adjust-mss '1412'

is all that is required.

noc.tlc · April 24, 2026, 8:21am

Hi, this isn’t correct.

This command is working on a PPPoE CLIENT interface, i’m using VYoS as a PPPoE SERVER

Thanks

Viacheslav · April 24, 2026, 2:25pm

Let me ask again.

Why not set policy for the ppp* interface?

noc.tlc · April 24, 2026, 3:03pm

Hi,

I asked for the commands to do so, I’ve tried following ones but it’s not working:

set policy route PPPOE-IN interface ‘ppp*’
set policy route PPPOE-IN rule 10 protocol ‘tcp’
set policy route PPPOE-IN rule 10 set tcp-mss ‘1400’
set policy route PPPOE-IN rule 10 tcp flags syn
set policy route PPPOE-IN rule 10 tcp mss ‘1400’

I checked the 3-way handshake via tcpdump on the next-hop of my BNG and the MSS is not modified by the rules.

I’ve tested it with an ssh connection from host A to the ppp, the SYN+ACK response has MSS 1452

noc.tlc · April 28, 2026, 7:31am

Hi Viacheslav,

do you have an idea why this isn’t working?

Viacheslav · April 29, 2026, 3:45pm

Try to add `not rst` rule here

set policy route PPPOE-IN rule 10 tcp flags not rst

If it will not help, check the nft counters

sudo nft list table ip vyos_mangle

noc.tlc · April 30, 2026, 9:42am

Hi,

it didn’t helped, so I checked the counters which are correctly incrementing.This is the output:

nft list table ip vyos_mangle
table ip vyos_mangle {
        chain VYOS_PBR_PREROUTING {
                type filter hook prerouting priority mangle; policy accept;
                iifname "ppp*" counter packets 965 bytes 484224 jump VYOS_PBR_UD_PPPOE-IN
        }

        chain VYOS_PBR_POSTROUTING {
                type filter hook postrouting priority mangle; policy accept;
        }

        chain VYOS_PBR_UD_PPPOE-IN {
                tcp flags syn / syn,rst tcp option maxseg size 1400 counter packets 0 bytes 0 tcp option maxseg size set 1400 comment "ipv4-route-PPPOE-IN-10"
                counter packets 965 bytes 484224 log prefix "[ipv4-PPPOE-IN-default]"

This is the tcpdump to check it’s not working, IP B is the pppoe client:


11:39:51.096720 IP (tos 0x0, ttl 116, id 32065, offset 0, flags [DF], proto TCP (6), length 52)
    ipA.29232 > ipB.443: Flags [S], cksum 0x18ac (correct), seq 2818528406, win 65535, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
11:39:51.097961 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 52)
    ipB.443 > ip.29232: Flags [S.], cksum 0x50ab (correct), seq 1601595709, ack 2818528407, win 65340, options [mss 1452,nop,nop,sackOK,nop,wscale 7], length 0

Thanks for the help

noc.tlc · April 30, 2026, 3:40pm

I managed to solve this, cleaned configuration is following one:

set policy route PPPOE-IN interface ‘ppp*’
set policy route PPPOE-IN rule 10 protocol ‘tcp’
set policy route PPPOE-IN rule 10 set tcp-mss ‘1400’
set policy route PPPOE-IN rule 10 tcp flags not rst
set policy route PPPOE-IN rule 10 tcp flags syn

What changed since last try?
removed following commands:

policy route PPPOE-IN default-log
policy route PPPOE-IN rule 10 tcp mss ‘1400’

I’ll do some more tries next week and update the topic for future help of some1 who might have the same needs

noc.tlc · May 4, 2026, 8:21am

Ok,

After some test, what made the whole configuration not working is this single command:

policy route PPPOE-IN rule 10 tcp mss 1400

The not rst command wasn’t needed, the end config is the following:

set policy route PPPOE-IN interface ‘ppp*’
set policy route PPPOE-IN rule 10 protocol ‘tcp’
set policy route PPPOE-IN rule 10 set tcp-mss ‘1400’
set policy route PPPOE-IN rule 10 tcp flags syn

Thanks for the help