Unifi Security Gateway MTU & MSS Clamping

How Can We Help?

Unifi Security Gateway MTU & MSS Clamping

How to fix a Unifi Security Gateways (USG) to work on a PPPOE connection.

On the Unifi controller, set the security gateway to enable “MSS clamping” and set the size of clamping at a custom size of “1406”.

If that alone does not fix the problem, you might need to also set the MTU size to 1480.
Unfortunately, this cannot be done from the GUI and will need to be performed through CLI. SSH onto the gateway and running:

configure
set interfaces ethernet eth0 pppoe 0 mtu 1480
commit

If setting the MTU resolves the problem, rebooting your USG gateway can revert the changes. You will have to save the MTU change to the filesystem of your UniFi Network Controller for it to persist.

1.) Create config.gateway.json with the settings (See the example config.gateway.json)
2.) Copy or upload the config.gateway.json to your UniFi Network Controller filesystem /data/sites/

Found in the following directories:

  • UniFi Cloud Key: /usr/lib/unifi
  • Debian/Ubuntu Linux: /usr/lib/unifi
  • Windows: %userprofile%/Ubiquiti UniFi.
    The original is default.

3.) Force provision the USG in the UniFi Controller GUI

For additional detail, refer to the Ubiquiti support article – https://help.ui.com/hc/en-us/articles/215458888-UniFi-USG-Advanced-Configuration-Using-config-gateway-json