@stephenw10 said in Now Available: pfSense Plus 25.11.1:
Mmm, it could be failing to apply the MTU setting somewhere. I'm not aware of any issue with DCO there though.
It's not about the MTU. We have the problem at multiple customers and multiple sites, with or without added MTU configuration, with it configured on both ends or not, it does NOT matter. What matters is that immediately after removing the DCO toggle and saving your configuration, the setup starts working again without any other settings touched. Also this is only happening after upgrading to 25.11(.1).
We had the same problem four weeks ago when a customer late to update updated their datacenter machines and the tunnels had the problem immediately after, in that case only appearing the day after as the upgrade was done in the evenings and it was only the next day when work started, that it was apparent that several things worked but others didn't. We debugged the whole day. It was NOT an MTU issue as we e.g. had tests with CIFS or HTTPS data transfers that went without problems but their own software and other connections wouldn't get any connect at all. The packets seemed to simply vanish on the firewall.
Then I had the same problem last week. Another customer with an DC to office OVPN tunnel. Running 25.07 without issue WITH DCO enabled. Upgrading to 25.11.1 and they had the exact same problem with "only some connections being extremely slow or won't come up at all while others seem working but slower overall". This just slowly grows in our customer base and as described before I even see the problem happening on only some connections of the same customer. 11 boxes no problem, the 12th clearly showing symptoms, disabled DCO, everything fine again. It's not every connection and every tunnel. If so it would be easy to diagnose.
So yeah, there IS something clearly going on with DCO in the recent update that nobody seems to get a grip on and I have customer setups to prove and test them further to help reign this in, but this is nothing I can debug myself at this point. We already went deep on this but didn't get any other intel besides that. It now is a real gamble if we set up a OVPN tunnel if it's working with DCO or not. That wasn't the case with 25.07 though. Almost any setup was working then without problems.
I just mentioned MTU problems as the DCO problem seems somewhat similar but only in some aspects. And the count is rising.
Cheers
