New install failing

HAOS 13.1 on an x86_64 VM under Linux, using Virtual Machine Manager and a downloaded qcow2 image.

During the initial startup it is failing to clone from github.

Packet capture on the Linux hypervisor system of the interface for the VM shows a TCP conn to github hanging during TLS startup, with a “previous not captured” packet from github at Seq 2849, immediately after the Client Hello. I suspect that was the tail of the Server Hello; the preceding packet from github was the SYN,ACK
so a couple, probably large ones, were dropped.

I’m thinking of an MTU issue at this point. I have already nailed the “virbr0” interface that the Linux VMM sets up, to have MTU 1420; this did have the effect of dropping the MTU of the “enp3s0” interface visible via the VM console (“login”, “ip link”) to 1420 from its previous-attempt 1500. However, all the others are still 1500 - and the SYN sent to github had MSS 1460.

Is there some way of getting that lower value to replicate across all the interfaces HAOS uses internally? Or something else I am missing?

Further investigation shows the far end of my (thin) VPN happily generating ICMP frag-needed packets and firing them at github. Repeatedly. So the MTU issue is confirmed.

Getting the HA containers to use the same MTU as the HA host OS would be the best fix. I think it is a bug that they do not; how do I get one raised?

A workaround might be to get something at my end to clamp the MSS in TCP SYN packets.