On 13/09/2016 11:51, Harald Dunkel wrote: > Hi folks, > > I am using an openbsd (5.9) box as gateway/firewall to the > internet. ISP is Deutsche Telekom. In between is a Vigor 130 > VDSL2 modem, configured to PPPoE passthrough. The PPPoE > connection is initiated on the openbsd box. > > Problem: https via the tunnel gets stuck for some sites, e.g. > https://telekom.de/ (please note the irony). Other sites work > fine, e.g. https://kundencenter.telekom.de/. I tried a lot of > clients: chrome, firefox, Safari, wget, etc. and all platforms > I have at home. > > Other services (http, smtp, dns, ntp, vnc, ...) seem to work > flawless. > > The problem came up with the migration from ADSL to VDSL this > weekend. The gateway wasn't changed, but I wonder if there are > some issues or pitfalls with PPPoE and fragmented packages or > whatever, possibly breaking https negotiation? > > > Every helpful comment is highly appreciated > Harri >
Hi I had a similar problem. In my case it had to do with Path MTU issues. This site f.ex.: http://test-ipv6.com/ will check for that. The solution for me was to switch to "jumbo" frames below the pppoe device (1508 bytes if I remember correctly) and set the pppoe's MTU to 1500. Daniel