If you are having problems with some websites not loading correctly or not at all and you are, I have good news, you are not alone, the issue can be fixed and purchasing your Ubiquiti USG was probably still a good decision 🙂
The problem with some websites not loading correctly or not at all is caused by incorrect/unsuitable MSS Clamping settings. If you are experiencing this issue, then you can probably resolve the problem by changing your MSS Clamping settings.
What MSS Clamping settings should I use on the Ubiquiti USG?
In my case, Ubiquiti’s tech support suggested I change my MSS Clamping settings from Auto to Manual and assigning a value of 1382. That immediately fixed all my problems. From what I understand, the the MSS Clamping value you use is dependant on your ISP, your WAN connection type (My IPV4 Connection Type is PPPoE) and ultimately the MTU that your ISP uses on your connection.
The TCP MSS is derived from the MTU and a standard ethernet frame MTU is 1500 bytes. If you are using PPPoE then the ethernet frame MTU is reduced by 8 bytes to 1492. The IP header and TCP header are each 20 bytes in size so they reduce the ethernet frame MTU by a further 40 bytes. So a standard TCP MSS is 1,500 – 8 – 20 – 20 = 1,452 bytes.
So to calculate your MSS Clamping setting, you need to know the MTU your ISP is using. If you get hold of your ISP, they will be able to provide this to you. Alternatively, you could get hold of Ubiquiti’s technical support via ‘Live Chat Support’ in the UniFi Controller.
I would try contact your ISP first as it is pretty technical to export logs from the Ubiquiti USG that Unifi tech support will need to determine what MSS Clamping setting you should be using.
What is MSS Clamping?
MSS Clamping is used by some routers to change the maximum segment size (MSS) of all TCP connections passing through links with a MTU lower than the Ethernet default of 1500.
The maximum segment size (MSS) is a parameter of the options field of the TCP header that specifies the largest amount of data, specified in bytes, that a computer or communications device can receive in a single TCP segment. It does not count the TCP header or the IP header (unlike, for example, the MTU for IP datagrams).[1] The IP datagram containing a TCP segment may be self-contained within a single packet, or it may be reconstructed from several fragmented pieces; either way, the MSS limit applies to the total amount of data contained in the final, reconstructed TCP segment.
Wikipedia: https://en.wikipedia.org/wiki/Maximum_segment_size
Getting support logs from the Ubiquiti USG
When I contacted the Unifi 24/7-live tech support to try to resolve my issue, they asked me to a few questions about my setup such as the USG firmware version, Experience Score, Controller Version etc and then asked me to extract logs from the device so they they could investigate the issue. I extracted the logs as follows.
Step 1: Getting your SSH Credentials from the Unifi Controller
Before you SSH into the USG, you will need to get the SSH Username and password from your Unifi Controller. You can find them pre-populated in Network Settings, Device Authentication. Make sure Enable SSH Authentication if turned on. Probably a good thing to turn it off once you are finished.
Step 2: SSH into the Ubiquiti USG using putty
Now, use the credentials and the IP address of your USG to SSH into it with Putty. Download Putty here if you don’t already have it installed.
Step 3: Create and Extract logs from the USG
Next you need to run the following command to extract all the logs that Unifi tech support will need to investigate.
show tech-support | no-more
Tech support suggested I use “Session > Logging > Session Logging: Printable Output > Logfile” to export the output to a text file. This didn’t work for me so I just copied the output from the command line, pasted it in a text file and send tech support the file.
Note: Your configuration will include some sensitive information such as passwords and public IP addresses. Please remove these manually before sending them.
My Journey to using the Ubiquiti USG
There is possibly nothing more frustrating that an intermittent or unreliable internet connection! It was exactly this that lead me to investigate the equipment that I would need to make my home/home office network stable and reliable. Most online networking guru’s point to Ubiquiti’s Unifi range as the solution to all ones networking problems so a Ubiquiti USG and three Unifi AP-AC-Lite’s later and I was on the road to networking heaven!
After setting up my new Ubiquiti USG and adopting it with my Unifi Controller, I was pretty concerned to see unusual problems loading some website. At first I though the issues were on the websites server side but it quickly became obvious that it could only be the Ubiquiti USG causing the issuse! I had convinced my wife that this relatively expensive piece of kit would be the solution to all of our problems so I was now deeply concerned!