Set MTU for clients in LAN (WiFi/WLAN)

[Gymnae]

Device: RT-AC68U
Firmware: 380.68_4
Extra software: ab-solution

Problem:
My RT-AC68U is attached to a cable modem, which somehow does not report the correct MTU value to the Asus router. Thus, to reach all and not some websites, I need to adjust the MTU value on the LAN clients to 1459. Some clients, like Windows and MacOS accept this, but iOS or my Sony "Smart" TV do not allow me to.

So neither Netflix no VK are working on TV or iPhone.

Is there a way to ensure that the router tells the clients to use MTU value 1459?

I tried the following:

1. Created /jffs/configs/dnsmasq.conf.add with the following content

dhcp-option-force=26,1459

2. Added the following lines to /jffs/scripts/dnsmasq.postconf

ifconfig eth1 mtu 1459
ifconfig eth2 mtu 1459
ifconfig eth0 mtu 1459
ifconfig br0 mtu 1459

3. Added the following lines to /jffs/scripts/iptables_mss.sh

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -o eth0 -j TCPMSS --set-mss 1459
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -o eth1 -j TCPMSS --set-mss 1459
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -o eth2 -j TCPMSS --set-mss 1459
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0 -j TCPMSS --set-mss 1459
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth1 -j TCPMSS --set-mss 1459
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth2 -j TCPMSS --set-mss 1459

But iOS and Sony still happily seem to ignore and try accessing the Web with MTU 1500 and not reaching their goals.

 

[Gymnae]

To answer my own thread:
I was actually close.
iOS and MacOS ignore option 26 when being addressed by dnsmasq.
Ok, you do your thing, Apple. We still love you, like sudo root passwd.
Restricting MTU via ifconfig only affects the router locally, this means that while the Asus router's network ports are all now fine and dandy talking in 1459 packets, this does not translate to the modem, ISP or clients. Yes, that is basically useless: There's no ICMP communication with the sought end of the line to lower the package size to avoid fragmentation and dropping.

iptables is actually the correct method. But my Code in iptables_mss.sh did not solve it.

But a new file 'nat-start' solved it.
Steps:
1. Create a new script

vi nat-start

2. Content of the scripts

#!/bin/sh
sleep 15
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

3. Make sure the scripts is executable (along with the others in /jffss/)

chmod a+rx /jffs/scripts/*

Note: This will work no matter what your MTU is. I ain't never told em script the mtu of ma uplink, ya know.

 

[Noseratio]

Thanks for this great piece of information. Just found it while in process of my own home network optimization. I have a question though, how do you know for sure that Path MTU Discovery is broken and MSS Clamping is really needed here? Don't iOS/Sony just use PMTUD for packets meant to be sent outside the local network? AFAIU, it's a typical scenario when LAN MTU is 1500 which is optimal for local packets, but then PMTUD-determined MTU size is used for external traffic.

Can't speak for iOS, but it's my understanding this is how it's supposed to work under Windows. Although it's indeed hard to verify if it does in practice. E.g., this guy is using Microsoft Message Analyzer, then enforcing MTU via netsh. FWIW, I have a similar network setup to what you described and I tried your solution, but Windows still comes up with 1500 by default.

 

[Vexira]

Is the modem in bridge mode?

 

[Noseratio]

Is the modem in bridge mode?

Yes, it's a VDSL2 modem in bridge mode and PPPoE is configured on the router (RT-AC68U/Merlin) with WAN MTU of 1492. A pretty common setup I imagine. Should I worry at all about the MTU size of the local network devices (a mix of Android, Windows and iOS), which is 1500 by default?

 

[Gymnae]

Thanks for this great piece of information. Just found it while in process of my own home network optimization. I have a question though, how do you know for sure that Path MTU Discovery is broken and MSS Clamping is really needed here? Don't iOS/Sony just use PMTUD for packets meant to be be sent outside the local network? AFAIU, it's a typical scenario when LAN MTU is 1500 which is optimal for local packets, but then PMTUD-determined MTU size is used for external traffic.

Can't speak for iOS, but it's my understanding this is how it's supposed to work under Windows. Although it's indeed hard to verify if it does in practice. E.g., this guy is using Microsoft Message Analyzer, then enforcing MTU via netsh. FWIW, I have a similar network setup to what you described and I tried your solution, but Windows still comes up with 1500 by default.

You are correct, that is how it's supposed to work. I ran some tests on the router to see the package sizes when communicating with web servers and it was 1500 all the time. So I assumed that the cable modem just doesn't play along.

Another element to get Sony back onto Netflix and the Internet in general was to white-list it from network-wide DNS based ad-blocking. I have installed http://www.ab-solution.info/ on my Asus router and it works really nice, but Sony "smart" TVs communicate with ad-hosts. The youtube app for example connects to Google ad servers. If this is blocked, then the video plays, but the TV opens a forced closed information overlaying the video...

 

[Vexira]

Yes, it's a VDSL2 modem in bridge mode and PPPoE is configured on the router (RT-AC68U/Merlin) with WAN MTU of 1492. A pretty common setup I imagine. Should I worry at all about the MTU size of the local network devices (a mix of Android, Windows and iOS), which is 1500 by default?

No you shouldn't, I'm running ipoe vdsl2 connection with a dreyteck vigor 130 in bridge mode, my MRI is 1500 and I have no issues with web pages or anything.

 

[Vexira]

@Gymnae
Is your cable modem in bridge mode because it sounds like its not form your original post,.that possibly could be the root of your problem.