Am 13.09.2016 um 11:51 schrieb Harald Dunkel:
Hi folks,
I am using an openbsd (5.9) box as gateway/firewall to the
internet. ISP is Deutsche Telekom. In between is a Vigor 130
VDSL2 modem, configured to PPPoE passthrough. The PPPoE
connection is initiated on the openbsd box.
Problem: https via the tunnel gets stuck for some sites, e.g.
https://telekom.de/ (please note the irony). Other sites work
fine, e.g. https://kundencenter.telekom.de/. I tried a lot of
clients: chrome, firefox, Safari, wget, etc. and all platforms
I have at home.
Other services (http, smtp, dns, ntp, vnc, ...) seem to work
flawless.
The problem came up with the migration from ADSL to VDSL this
weekend. The gateway wasn't changed, but I wonder if there are
some issues or pitfalls with PPPoE and fragmented packages or
whatever, possibly breaking https negotiation?
Every helpful comment is highly appreciated
Harri
I use the same VDSL modem with Deutsche Telekom and can reach
https://telekom.de/
The only MTU related setting in pf.conf seems to be this:
ext_if = pppoe0
match in on $ext_if all scrub (no-df max-mss 1440)
It is an old soekris, which does not support gbit ethernet.
I do the VLAN tagging on the OpenBSD router, I think I disabled the
automatic tagging the modem supports.
Regards,
Markus
