Thanks for all the comments. I may try setting the MTU to 1508 and see what happens. I'll post back here if I do. I'm just a bit cautious as the router has two LAN-LAN VPN connections and a couple of dial-in VPN users but nothing mission critical.

Personally I would just leave it at the default. Any potential througput increase is going to be negligible (1% at most) but the decrease if it causes fragmentation is going to be much greater.

Whatever approach you try make sure you are only changing the MTU on the WAN ethernet interface so that your LAN interfaces stay on the default 1500.

Also check if you can find the MSS clamping option in your router.
The default behaviour should be applying it only to connections which will require the outgoing WAN interface
with TCP MSS automatically set to MTU-40 (IPv4, 1460) and MTU-60 (IPv6, 1440).

As I mentioned before the intended result is 1508 MTU on the WAN ethernet interface and 1500 MTU on the inside of the PPP interface (of PPPoe).

You can test the outcome with options on a PING command, example for Windows:

ping 1.1.1.1 -f -l 1472

where this requests to send an un-fragmentable (DF) packet that will completely fill the 1500 MTU.
1472 should succeed while
1473 should receive the standard error: "Packet needs to be fragmented but DF set."

Your VPN connections should already be allowing for overhead and their virtual interfaces will have their own smaller MTU typcially in a range 1400 (e.g. IPSec) to1420 (e.g. Wireguard).

Edited by prlzx (Mon 19-Feb-24 13:23:21)

I'm not actually too interested in the potential throughput increase as I'm pretty happy with my speed right now, although that would be a bonus. I want to try a larger MTU because I have a cheap Netgear managed switch (GS308E) which I can't connect to when I'm accessing it via a remote VPN tunnel. After a lot of head scratching and googling I found a comment someone made about the very basic IP stack on the switch's micro controller is not able to handle a smaller MTU than the default so I thought I would try and see if the MTU change on the router would resolve my issue.

I have already been using another GS308E switch at a remote location for a few years and has always worked just fine over a VPN connection so I never even thought there would be an issue when I got another one to use here, but after a bit of poking around I noticed that that other router had an MTU of 1500 via a 4G connection and thought maybe that's why it works.

However, if my VPN connections already allow for overheads and lower MTUs then I'm not sure why the other switch works through a VPN.

If the switch responds to PING, you can use it as the target of a DF PING (as per previous post) from remote when coming back in over VPN to determine what size it replies to.

(Start from max PING payload of 1472 and some arbitrarily smaller values, e.g. 1372, 1252 see if it replies).

However if it only replies to requests from the local subnet that can be a sign of the default gateway being missing from the switch's IP configuration.
One way to check is if the switch can even see the Internet assuming it has diagnostic tools for ping and traceroute built-in?

Edited by prlzx (Mon 19-Feb-24 21:34:59)