We are using iot-gate-imx8 as wifi AP. We are planning to advertise MTU via DHCP option 26 to wifi-clients, however currently we cannot update/write to NetworkManager’s dnsmasq config dir as it’s read-only and there is no overlay for /mnt/state/rootfs-overlay/etc/NetworkManager/dnsmasq*. How can we add custom options to dnsmasq conf to add ‘dhcp-options=26, 1428’
Just for more info
iot-gate-imx8 also shares internet with wifi clients via cellular modem. However in-order for shared internet to work, we need wifi clients (ios/android) on MTU of 1428 (this is because cellular modem uses MTU of 1428 as set by the carrier). So we are also looking for other ways to have path MTU of 1428 if wifi client ignores dhcp option 26.
cellular MTU 1428 (iot-gate-imx8) <----> shared wifi ap (iot-gate-imx8) <-----> wifi-clients (need to use MTU 1428)
Just for more info, I tried running iptables --clamp-mss-to-pmtu option but it fails with unknown option. is there version on iptables supported by Balena that supports --clamp-mss-to-pmtu or --set-mss?
root@47e7444:~# iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o wlan0 -j TCPMSS --clamp-mss-to-pmtu
iptables v1.8.4 (legacy): unknown option "--clamp-mss-to-pmtu"
Try `iptables -h' or 'iptables --help' for more information.
Switching cell modem to ppp0 (wvdial/pppd) inetreface can seamlessly handle MTU path differences without requiring --clamp-mss-to-pmtu fix or client dhcp option to advertise mtu.
I do not think it is possible to adjust the DHCP options when access point is created with ipv4.method=shared, Possibly through setting 802-11-wireless.mtu in the AP connection profile will help you adjust the MTU.
Alternatively instead of using shared, you may start your own instance of dnsmasq in a privileged container with host networking mode and set corresponding iptables rules for Internet connection sharing in a similar way NetworkManager does that.
Hello Majorz and Rahul,
Thank you for updates. We did try forcing MTU and DHCP option 26 on wireless but none of them worked. However issue was resolved with switching modem data connection over to ppp0 instead of default wwan. Just mentioning it below in-case if anyone trying to make iot-gat-imx8 as wifi AP with shared internet access via cell network.
Setup:
cell network <----> iot-gate-imx8 (ppp0 or wwan0) <---------> iot-gate-imx8 wlan0 AP <-----> wifi clients (laptops/android/ios)
Problem with wwan0:
4G LTE MTU is either 1428/1430 for some major US carriers. This resulted in path-MTU difference when wifi clients (1500 MTU) tried to access large websites and failed. This could be seen on wwan0 interface trying to break 1500 packet into 1428/1430 and remaining bytes resulting in fragmentation and rx errors. Here forcing anything on wlan0 doesn’t work as main issue is wwan0’s MTU. One can force wwan0’s MTU to 1500 and this fixed issue on wifi clients but broke openVPN. Only solution that works here is ‘–clamp-mss-to-pmtu’ which works for both wifi clients and openVPN (–clamp-mss-to-pmtu does require kernel to be built with CONFIG_NETFILTER_XT_TARGET_TCPMSS and CONFIG_NETFILTER_XT_MATCH_TCPMSS, which are enabled as module in recent BalenaOS but were missing in prior BalenaOS).
Other possible solution is switch modem connection to ppp0 (using wvdial/pppd) which results in ppp0 interface with MTU of 1500. With this, both wifi internet-sharing and openVPN works seamlessly without forcing MTU or clamping mss. BalenaOS doesn’t have wvdial/pppd packages but one can install these inside privileged container and configure ppp0.
I am glad you were able to find a way to make this work. I would like to try to reproduce such a behavior locally. What is the modem model you are using? It may have to do with the modem firmware, so I would like to try it out possibly with the same model.
So if I make setup a cellular and an access point with Internet sharing enabled on a US carrier with lower MTU I should expect to see fragmentation problems and packet drops.