Murphx fragmentation issue - Sure Signal Vodafone

Hi,

I use a Vodafone Sure Signal box at home which has had a connection issue since I moved from Newnet to ADSL24 (Murphx).

Doing some digging, I can see traffic hitting my router to be NATted out.

root@OldTimbers:~# tcpdump -vv -i br0 port 4500
tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 68 bytes
12:10:22.669578 IP (tos 0xb8, ttl 64, id 11546, offset 0, flags [none], proto UDP (17), length 29) 192.168.202.109.4500 > host212-183-133-179.uk.access.vodafone.net.4500: [udp sum ok] isakmp-nat-keep-alive
12:10:26.249781 IP (tos 0xb8, ttl 64, id 11547, offset 0, flags [none], proto UDP (17), length 476) 192.168.202.109.4500 > host212-183-133-179.uk.access.vodafone.net.4500: NONESP-encap: [|isakmp]

As can be seen, the Sure Signal box is trying to create an IPSec NAT-T connection on UDP port 4500.

The response never makes it back through the router though. On the outside I can see

tcpdump: listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 68 bytes
12:10:22.669917 IP (tos 0xb8, ttl 63, id 11546, offset 0, flags [none], proto UDP (17), length 29) 109-224-xxx-xxx.bb.adsl24.co.uk.4500 > host212-183-133-179.uk.access.vodafone.net.4500: [udp sum ok] isakmp-nat-keep-alive
12:10:26.250153 IP (tos 0xb8, ttl 63, id 11547, offset 0, flags [none], proto UDP (17), length 476) 109-224-xxx-xxx.bb.adsl24.co.uk.4500 > host212-183-133-179.uk.access.vodafone.net.4500: NONESP-encap: [|isakmp]
12:10:26.371451 IP (tos 0x0, ttl 245, id 13388, offset 1480, flags [none], proto UDP (17), length 1012) host212-183-133-179.uk.access.vodafone.net > 109-224-136-20.bb.adsl24.co.uk: udp

The third packet is of interest, it is the response from Vodafone. You can see it has a fragment offset of 1480, which means it is the 2nd packet of a fragmented stream. It has no flags set

12:10:26.371451 IP (tos 0x0, ttl 245, id 13388, offset 1480, flags [none], proto UDP (17), length 1012) host212-183-133-179.uk.access.vodafone.net > 109-224-136-20.bb.adsl24.co.uk: udp

This would be OK if I had a packet before this one from VF with an offset of 0 but a flag of + (more fragments). It appears, something is fragmenting the packets between VF and my DSL router and one of the fragments isn't making it.

It looks like someone (Murphx I guessing, but I could be wrong) is dropping fragments.

Any ideas?

Thanks, Cuthbei

I never went into as much detail, but I also couldn't get my SureSignal to work over Murhpx. I'm using a linux gateway and using tshark to check the stream to see what was going on and could see some communication but it quickly died.

Luckily I have a second DSL so routed traffic for Vodafone over the BE* link and it worked fine, sort of proving it wasn't my network, but Murphx's.

I'm fairly confident I know what this problem is now.

It looks like the Vigor 120 combined with my PPPoE router is not correctly negotiating the link MTU with Murphx. Murphx think my router has an MTU of 1500 bytes, when in face the largest packet the Vigor 120 can bridge is 1492 (1500 - 8 Bytes PPPoE header). This means the first fragement of the response from Vodafone is getting dropped by the bridge.

I have not been able to prove that the Vigor is at fault or Murphx, as I would really need to see both ends of the PPP link at the same time to be sure.

Cuthbei

I too had problems with a sure signal box + Vigor 120 (using pfsense).

On the pfsense forum I found a couple of people having issues - the only solution seems to be replacing the Vigor 120.

I know this is an old thread but I am rethinking the need for 2 ADSL's and want to drop the BE* link.

I've since moved to the FTTC package and still have the same issue.

Prior to FTTC I've tried the Suresignal on MurphX with a Netgear DG834, Billion Bipac 7800N and a Zyxel P660HW all with the same issue.

As soon as I plug it into the BE* link, its up and running within 30 seconds.

Has anyone else figured this out yet?