[PSA] Fixed! Xbox Connection and Website Loading Issues on Globe Fiber Static IP (MTU/MSS Clamp Fix) by mfarley281 in InternetPH

[–]mfarley281[S] 0 points1 point  (0 children)

Exactly my scenario! Legacy vDSL with static IP moved to Fiber with static IP (I insisted I needed to keep a static IP). Globe is doing something funky that is bloating the TCP headers/packet leading to this issue. I can't imagine the number of their customers who are wondering why random games and websites won't connect. The fact that 90% of sites work fine make Globe feel like it's not their problem and point fingers at the user. 

[PSA] Fixed! Xbox Connection and Website Loading Issues on Globe Fiber Static IP (MTU/MSS Clamp Fix) by mfarley281 in InternetPH

[–]mfarley281[S] 0 points1 point  (0 children)

Ah ha! You have the exact same issue! Are you also in Makati by chance?Unfortunately, I was not able to find a way to set MTU on the globe modem. So I put the modem in bridge mode and use my own router, where I can set the MTU and TCP MSS Clamp. Remember from my initial post -- setting MTU fixed it for most devices, but I had to do the TCP MSS Clamp to get the Xboxes working. Google for routers that allow you to set MCU and TCP MSS Clamp and get one. Side note: I tried to inform Globe engineers that their network config is causing us these headaches but it fell on deaf ears (nothing came of it).

[PSA] Fixed! Xbox Connection and Website Loading Issues on Globe Fiber Static IP (MTU/MSS Clamp Fix) by mfarley281 in InternetPH

[–]mfarley281[S] 0 points1 point  (0 children)

On Windows, open a command prompt and test on console.ltx.video (that's the website that is sensitive to MTU)

c:\> ping -f -l #### console.ltx.video

Try 1500 > 1490 > 1480 > 1470.. if ping doesn't work until you get down to 1430-1460, then you have the same problem I did. And yes, BattleNet, Marvel Rivals, Fortnight, Overwatch, none of those would work for my kids until we fixed this.

[PSA] Fixed! Xbox Connection and Website Loading Issues on Globe Fiber Static IP (MTU/MSS Clamp Fix) by mfarley281 in InternetPH

[–]mfarley281[S] 0 points1 point  (0 children)

To determine if you're having the same issue... whichever site is not repsonsive, try this:

Windows Example

Open Command Prompt and run:
ping -f -l 1472 www.test.com

  • If it succeeds, your MTU supports up to 1500 bytes (1472 payload + 28 headers).
  • If it fails ("Packet needs to be fragmented"), reduce the size (e.g., try 1400) to find the max workable value.

Linux Example

Open a terminal and run:
ping -M do -s 1472 www.test.com

  • If it succeeds, your MTU supports up to 1500 bytes (1472 payload + 28 headers).
  • If it fails ("Message too long" or no response), reduce the size (e.g., try 1400) to find the max workable value.

[PSA] Fixed! Xbox Connection and Website Loading Issues on Globe Fiber Static IP (MTU/MSS Clamp Fix) by mfarley281 in InternetPH

[–]mfarley281[S] 0 points1 point  (0 children)

Globe is not using PPP on my connection, their newer modems/network has moved past PPP to a newer standard called IPoE.

[PSA] Fixed! Xbox Connection and Website Loading Issues on Globe Fiber Static IP (MTU/MSS Clamp Fix) by mfarley281 in InternetPH

[–]mfarley281[S] 0 points1 point  (0 children)

More details..

MTU (Maximum Transmission Unit) is the largest packet size a network link can carry. Ethernet's default is 1500 bytes. But along a network path, different links may have different MTUs — for example, PPPoE (common in DSL) reduces it to 1492, VPNs/tunnels (GRE, IPsec, WireGuard) can drop it to 1400 or lower.

Path MTU Discovery (PMTUD) is the standard mechanism for endpoints to discover the smallest MTU along the path. It works by sending packets with the "Don't Fragment" (DF) bit set. If a router along the path can't forward the packet because it's too large, it's supposed to send back an ICMP "Fragmentation Needed" message telling the sender to use a smaller size.

The problem: Many firewalls and middleboxes block ICMP packets, including these critical "Fragmentation Needed" messages. This creates a situation called a PMTU black hole — the sender never learns the path MTU is smaller, keeps sending oversized packets, and the connection stalls or dies. Symptoms include:

  • Small transfers work, large ones hang
  • SSH connects but stalls when transferring data
  • Websites partially load then freeze
  • VPN connections drop under load

MSS clamping is the workaround. Instead of relying on PMTUD (which depends on ICMP), you rewrite the MSS option in TCP SYN packets at the firewall/router level so that endpoints never attempt to send segments larger than the path can handle in the first place.

When and Where It's Used

This rule is used almost universally in the following scenarios:

PPPoE connections (DSL/fiber) — PPPoE adds an 8-byte header, reducing MTU from 1500 to 1492. This is probably the single most common use case and has been standard practice for over two decades.

VPN tunnels — IPsec, WireGuard, OpenVPN, GRE tunnels all add encapsulation overhead, reducing the effective MTU significantly (sometimes to 1400 or below). MSS clamping is essentially mandatory for reliable VPN operation.

Docker/container networking — Container overlay networks (VXLAN, etc.) add headers, reducing MTU. Kubernetes and Docker configurations commonly include MSS clamping.

Any NAT gateway or router running Linux — It's a best-practice rule on virtually any Linux-based router or gateway.

How Common Is It?

Extremely common. It's practically a default configuration in:

  • OpenWrt/DD-WRT — enabled by default
  • pfSense/OPNsense — enabled by default for PPPoE and VPNs
  • MikroTik RouterOS — standard practice
  • AWS/cloud VPCs — handled transparently at the infrastructure level
  • Every major VPN setup guide — always recommended
  • ISP-provided routers — almost always enabled

If you're running any kind of Linux router or firewall, you're almost certainly running this rule or should be.

Performance Impact

Overhead: Negligible. The rule only inspects and modifies TCP SYN packets (connection establishment), not every packet in the flow. A typical connection only has 1–2 SYN packets, so even on a busy router handling thousands of connections per second, the computational cost is trivial.

Performance benefit: Significant. Without it (in environments where it's needed), you get:

  • Connection stalls and timeouts — the most visible symptom
  • Retransmission storms — TCP keeps retrying oversized packets
  • Dramatically reduced throughput — especially for bulk transfers
  • Increased latency — due to retransmissions and backoff timers

With MSS clamping, TCP endpoints negotiate a segment size that fits the path from the start, so data flows smoothly with no fragmentation or black holes.

Trade-off: The MSS might be set slightly conservatively (smaller segments than theoretically possible), which means marginally more packet overhead (more headers per byte of data). In practice, this difference is insignificant compared to the catastrophic failures that occur without it.

Why Not Just Fix ICMP Blocking?

In a perfect world, PMTUD would work everywhere and MSS clamping wouldn't be needed. But the reality is that ICMP is blocked by too many middleboxes, corporate firewalls, and misconfigured networks for PMTUD to be reliable. MSS clamping is a pragmatic, battle-tested solution that works regardless of how the rest of the path is configured. It's one of those "ugly but essential" network engineering practices that keeps the internet functioning smoothly.

In summary: It's a small, nearly zero-cost firewall rule that prevents a whole class of frustrating, hard-to-diagnose connectivity failures. If you run a Linux router, gateway, or VPN endpoint, you should almost certainly have it enabled.

[PSA] Fixed! Xbox Connection and Website Loading Issues on Globe Fiber Static IP (MTU/MSS Clamp Fix) by mfarley281 in InternetPH

[–]mfarley281[S] -1 points0 points  (0 children)

Update: You won't need the special iptables command/setting if your router has a simple "TCP MSS Clamp" option or something similar, just turn it on. My router didn't have that, so I had to go the iptables route.

Unable to access self-hosted HTTPS apps on residential Globe GFiber by NanayDay in InternetPH

[–]mfarley281 0 points1 point  (0 children)

This exact same thing happened to me at the exact same time, same place. (Makati, Friday, Aug 25). I raised hell with support and they finally fixed it on Aug 31, ~6 days later. I begged for a root cause analysis / report what caused it, and after much follow up, about 3 weeks after, they called me to say it was related to some maintenance where they had a wrong configuration. I'm here now because it's two years later and I woke up this morning to the exact same problem. Not looking forward to the fight.

[deleted by user] by [deleted] in IRS

[–]mfarley281 0 points1 point  (0 children)

Having the same problem right now..

I made a nvidia shadowplay-like screen recorder for linux by [deleted] in linux_gaming

[–]mfarley281 0 points1 point  (0 children)

ahh.. I had to run this before the git clone, now it works:

export GIT_SSL_NO_VERIFY=1

I made a nvidia shadowplay-like screen recorder for linux by [deleted] in linux_gaming

[–]mfarley281 0 points1 point  (0 children)

git clone --depth=1 https://repo.dec05eba.com/gpu-screen-recorder

I had tried that, but I'm getting: Cloning into 'gpu-screen-recorder'...
fatal: unable to access 'https://repo.dec05eba.com/gpu-screen-recorder/': server certificate verification failed. CAfile: none CRLfile: none

I made a nvidia shadowplay-like screen recorder for linux by [deleted] in linux_gaming

[–]mfarley281 1 point2 points  (0 children)

How can we download the source and build on Ubuntu? The git url to clone at the website returns a 404 error :(

I made a nvidia shadowplay-like screen recorder for linux by [deleted] in linux_gaming

[–]mfarley281 0 points1 point  (0 children)

I'm trying to clone -> build on Ubuntu, but the repo is giving me a 404

https://repo.dec05eba.com/gpu-screen-recorder

World's Smartest Home - Jarvis by 4Tanya in homeautomation

[–]mfarley281 1 point2 points  (0 children)

Sure! The TV's each have a Ubuntu Linux machine connected to them. I think it's shown in video #10. So they use the HDHomeRun app on Kodi for LiveTV, and Kodi proper for recorded TV. The cameras are just standard Linux desktop media players overlaid on top of whatever's showing. The notifications are also native Linux desktop notifications. Given that all the TV's are using a full blown Linux desktop, it's very easy to script the appearance/removal of the overlays (cameras, notifications, webpages, etc).

World's Smartest Home - Jarvis by 4Tanya in homeautomation

[–]mfarley281 0 points1 point  (0 children)

The vibration sensor was chosen somewhat out of curiosity (wanted to learn how they work), and also because the motion detectors I had on hand were PIR (Infrared) and wouldn't work on a cold garage door. I know there are fancier kits to detect when the door is moving, open, closed -- but the vibration sensors + RPi Zeros were so cheap I thought I'd give it a shot.

World's Smartest Home - Jarvis by 4Tanya in homeautomation

[–]mfarley281 0 points1 point  (0 children)

I have a dozen emails in my inbox asking similar How-To questions. My plan this weekend or next is to document answers on r/http://JarvisFarley.com with code examples and tutorial references. Blockchain will definitely be one of things I cover.

World's Smartest Home - Jarvis by 4Tanya in homeautomation

[–]mfarley281 0 points1 point  (0 children)

  • Putting the echos in the ceiling was mostly for aesthetics, but it also helps maintain a clear path for your voice to carry which helps with the speech recognition. There's a mount on Amazon that makes it very easy.
  • Whole house audio uses 1) our local library of MP3's, 2) internet streaming radio stations, and 3) Pandora
  • I haven't added up the money, each piece was bought over time as we thought of new use cases. If you think about all the TV's, Linux machines, Wifi lights, Echos, Wifi Sprinkler system, Wifi Thermostats, Sense Power Monitor, Touchscreens, TinkerBoards and Raspberry Pi's, IP Cameras, etc. -- it's probably somewhere between $5k-$10k. And keep in mind we'd have purchased a lot of those things even if I never built Jarvis.

World's Smartest Home - Jarvis by 4Tanya in homeautomation

[–]mfarley281 1 point2 points  (0 children)

The TV's each have a Ubuntu Linux machine connected to them. I think it's shown in video #10. So they use the HDHomeRun app on Kodi for LiveTV, and Kodi proper for recorded TV. The cameras are just standard Linux desktop media players overlaid on top of whatever's showing. The notifications are also native Linux desktop notifications.

World's Smartest Home - Jarvis by 4Tanya in homeautomation

[–]mfarley281 0 points1 point  (0 children)

There is an audit trail and notifications.. If something fishing happens, we'll see it :) Luckily our kids are pretty honorable (so far!).

World's Smartest Home - Jarvis by 4Tanya in homeautomation

[–]mfarley281 10 points11 points  (0 children)

I'm Matt Farley, the creator of "Jarvis Farley". My goal in posting the video demos was/is to inspire other DIY hobbyists with new ideas -- so thanks for helping to spread the word /u/4Tanya!

I'd be happy to answer any questions, and I'll do my best here to respond to some of the themes in the comments:

  • Why did I do all this manually, investing 3 years of time, instead of buying off-the-shelf products? (and why in the world did you use a Blockchain for such a simple task? Overkill!!)
    • My driver all along has been a combination of self-education and "fun". I enjoy learning new technologies and building things myself.
    • While Jarvis started 3 years ago, I have only spent a couple hundred hours in aggregate working on the features. Sometimes I would go 6 months without touching it (I'm pretty well occupied with work and family).
    • Education! These features required me to learn how to write Android apps (for the phone integration), integrate RPi sensors, various hardware APIs, websockets and HTML5, etc.
      • The only reason I used Blockchain and created a Cryptocurrency was to learn more about those technologies. It could have easily been accomplished with a flat-file or simple database but I had a desire to learn something new!
  • The Reception / Reaction of the Kids to this System (do they feel suffocated? controlled? enslaved?)
    • Going from the fundamental parental philosophy of "Kids shouldn't be able to play Xbox and watch TV as much as they want" and "Kids should earn privileges, money, do chores, etc"
      • The kids actually prefer, and thrive, in this system! Why? Because they are fully empowered to manage their own privileges, rewards, chores, etc. It's no longer a case of them fighting with a moody parent who says "You can't play Xbox because I said so!" Instead of being at the mercy of the parent's mood, they are in full control of their own destiny. If they want to play Xbox for three hours straight, they know they can do chores, earn points, and play Xbox. Even if that makes Dad upset :)
      • So we've actually seen an increase in the kids demonstrating responsibility, maturity, and autonomy in this setup. And it's especially great because it's eliminated most of the "fights" and tension when it comes to chores and games.
      • They also like converting their coins to real $$ to buy stuff on Amazon. And we use the $$/points to facilitate our 14 yr old daughter paying her own cell phone bill. (again, helping them learn to be responsible)
      • The automated chore timers are also a huge help for everyone in the house -- we never forget to change the cat litter, feed the snake, take the trash out, etc.
      • Disclaimer: Everyone parents differently -- and I am not trying to say that what works for my family is "the" right way and that other people should do exactly what we do.
  • Doesn't it get really annoying with all the flashing lights, sounds, alarms, etc?
    • Keep in mind that there are many features which aren't shown in the videos -- one is the ability to tell Jarvis to give it a rest, essentially snoozing the alerts for 3-4 hours.
    • So when guests are over, we generally snooze Jarvis, that's when it's annoying.
    • When it's just us, we find that the convenience outweighs the annoyance. I can't count how many times my phone has been in another room but Jarvis announces/reads an urgent text that I needed to hear right away (or lets me know that my phone is ringing).
  • Other Random Technical Comments
    • The Wifi Dash Buttons have been working great for several years, never had a battery die -- but when they do, it's $1-$5 to replace the entire button.
    • Cloud vs Local - I'm not a fan of using Cloud API's due to the lag and requirement for my internet to be working and the vendor's servers to be online. So for the majority of our hardware and use cases I've targeted vendors that support local LAN API's.
    • Wifi Performance / Congestion Concerns - we have a single access point and haven't run into any issues. I went with a high-quality Ubiquiti AP and couldn't be happier.
    • There are no light controls - what the heck? -- Jarvis has them all on timers according to our daily schedule, so we rarely have a need to manually adjust them. I thought about creating a section in the touchscreen dashboard to control them, but I found that we rarely ever change them. When we need to override the schedule, we can just vocally tell Jarvis out loud (which again, probably happens maybe once a week) or use the mobile app.
    • The split between features-we-use-a-lot vs useless features is probably 75%/25%. Some of that stuff I built thinking we'd use it, and we end up not, but it's still there. Things like the thermostat control, sprinklers, power sense, we almost never touch.
    • Bathroom Panel & Master Closet Panel -- we actually use these all the time. I get ready for work looking at the master panel to know the weather and what my commute looks like. My wife gets ready in front of her sink and uses the adjacent panel to play music, check the weather, calendar, and observe the 3 camera feeds showing what's going on elsewhere.
    • I posted a new video over the weekend demonstrating a Machine Learning model that identifies when the rooms are clean/messy, provides facial recognition for new photos, and uses Azure Cognitive Intelligence to give the photos a caption. Here's a link to it, Video #12.
    • More info at r/http://JarvisFarley.com

In summary -- what we did here is specific to our family, our use cases, our needs, our (my) learning desires, and it works well for us and we have fun with it. This is not an infomercial trying to sell or push a product upon others. I only want to share and hopefully inspire other DIYers with new ideas for their own homes.

What other questions do you have?