Finding MTU on Mac

Right so you have just moved house and your internet falls off when you connect to your works VPN – likelihood is your MTU is set too high for your ISP.

Searching for this on the net there is a ton of misinformation. So usually the mac has a maximum MTU of 1500 for some ISP’S this limit needs to be set much lower.

So first lets take a look at what your macs MTU currently is.

ToDo this:

1.Open ‘Terminal’

2.Type: “networksetup -getMTU en0″

This will return you with what your MTU is currently set at. For Macs this is usually 1500.

Now you need to test what is the maximum MTU you can use on your connection

3. In terminal enter: “ping -D -s 1500” , You will probably get the message ‘ping: sendto: Message too long’

Procedure to find optimal MTU:

If your MTU is currently set too low, for example 576, the following procedure will not be able to detect whether you have discovered the “Optimal MTU size”. First reset the MTU setting of your equipment to 1500, the maximum size it could possibly be. For PPPoE, your Max MTU should be no more than 1492 to allow space for the 8 byte PPPoE “wrapper”. 1492 + 8 = 1500. From there it is possible to experiment and find the optimal MTU value. For PPPoE, the stakes are high: if you get your MTU wrong, you may not just be sub-optimal, things like uploading files, or the loading of web pages may stall, or not work at all! The ping test we will be doing does not include the IP/ICMP header of 28 bytes. 1500 – 28 = 1472. Include the 8 byte PPPoE wrapper if your ISP uses PPPoE and you get 1500 – 28 – 8 = 1464. The reason for these numbers will be apparent very soon.

To find out if your packets are getting fragmented, we use a Ping command from the command prompt.

The best value for MTU is that value just before your packets get fragmented. Add 28 to the largest packet size that does not result in fragmenting the packets (since the ping command specifies the ping packet size, not including the IP/ICMP header of 28 bytes), and this is your Max MTU setting.

Original source :

4. With this procedure in mind go back to terminal and enter : “ping -D -s 1500”  Replacing the 1500 with something smaller as advised in the procedure above.  So essentially what you need todo is minus increments of 28 from 1500 until you reach a satisfactory limit.

5. Rinse and repeat until you reach a number that works for example : 1280

6. OK so now 1280 is working now we need to change the MTU on the system

7. Go back to ‘Terminal’ and enter ‘networksetup -setMTU en0 1280’

8. Now we need to confirm an MTU of 1280 has been set. Enter ‘networksetup -getMTU en0’ in return we should get a response of Active MTU: 1280 (Current Setting: 1280)

Right so job done, Now the VPN should work correctly! Test the VPN and see if it has worked.