Hiya.
Is it reasonable for you simplify your pf.conf in the interim?
I use kernel pppoe and have a very simple ruleset that "just works".
E.g.:
#options
set block-policy return
set debug urgent
set loginterface pppoe0
set optimization normal
set reassemble no
set require-order yes
set ruleset-optimization basic
set skip on lo
set state-policy if-bound
#packet filtering
block all
#pppoe0:network
pass out log on pppoe0 from (pppoe0) to any
pass out on pppoe0 from vr1:network nat-to (pppoe0)
pass out on pppoe0 from vr2:network nat-to (pppoe0)
#vr1:network
pass in on vr1 from vr1:network to any
pass out on vr1 from vr1 to vr1:network
pass out on vr1 from vr2:network to vr1:network
#vr2:network
pass in on vr2 from vr2:network to any
pass out on vr2 from vr2 to vr2:network
pass out on vr2 from vr1:network to vr2:network
Some of the options are defaults and unneccesary. The pppoe0 interface is vr0.
I've never had to scrub or set MTU. I'm not accepting any incoming
transactions, however but then your problem is with outgoing http
requests.
I'm no expert but perhaps if you stop scrubbing and let the MTU work
itself out you might be in the ballpark.
Here's my ifconfig (snipped):
pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
priority: 0
dev: vr0 state: session
Notice I get a spot on MTU of 1492 which from memory is the maximum allowable.
I can unplug my cat5 and reboot my modem, etcetera and pppoe comes back up fine.
Anyway, see here:
http://marc.info/?l=openbsd-misc&m=125810464015633&w=2
Best wishes.
