In my cloud infrastructure, I’ve been testing pfSense running as the router in front of my other virtual servers. It give you VPN access into your cloud network and more fine grained routing control to your cloud servers. I can also then run pfBlocker to limit threats and lock ports to certain regions.
While testing everything seemed to be working fine, however i noticed a internet issues when connecting out. I noticed that in particular that Uptime Kuma could not reach many known good websites through http, pings were fine.
I’ve been using BinaryLane – love them by the way. Thier hosting is dead easy, you can change VM specs/plan anytime, setup virtual networks. I highly recommend them for Australian hosting. Anyway, I split the network on the pfSense VM so that there is one interface for internet and one interface for the binary lane virtual LAN network.
I then loaded up Wireshark and saw a high number of TCP retransmissions after a TCP DUP. The websites would just keep sending the retransmissions.
This is what solved the issue for me.
- First you want to change the “Hardware Checksum Offloading” to disabled. Head to System -> Advanced -> Networking. Once these scroll to the bottom and tick the box to disable the “Hardware Checksum Offloading” option.
- Next you want to reduce the MTU on both the LAN and WAN. For this head to Interfaces -> LAN and change the MTU to 1450. Next repeat the same process for Interfaces -> WAN and change its MTU to 1450.
- That should be it! once I completed these changes I saw the retransmissions stop and everything was working as expected.
Recent Comments