--- ppp-2.4.3/pppd/ccp.c	2004-11-13 02:28:15.000000000 +0000
+++ ppp-2.4.3/pppd/ccp.c	2004-11-22 16:36:21.654092711 +0000
@@ -67,6 +67,7 @@
  */
 #ifdef MPPE
 bool refuse_mppe_stateful = 1;		/* Allow stateful mode? */
+bool mppe_lower_mtu = 1; /* Set to 0 to disable dropping the MTU by 4 */
 #endif
 
 static option_t ccp_option_list[] = {
@@ -156,6 +157,15 @@
       "allow MPPE stateful mode", OPT_PRIO },
     { "nomppe-stateful", o_bool, &refuse_mppe_stateful,
       "disallow MPPE stateful mode", OPT_PRIO | 1 },
+    
+    /* Option to avoid lowering our MTU by 4 (as should be done) to avoid
+     * breakage with devices that don't handle PMTUD
+     */
+    { "mppe-lower-mtu", o_bool, &mppe_lower_mtu,
+      "lower the MTU by 4 bytes for MPPE connections", OPT_PRIO | 1 },
+    { "nomppe-lower-mtu", o_bool, &mppe_lower_mtu,
+      "don't lower the MTU by 4 bytes for MPPE connections", OPT_PRIO },
+
 #endif /* MPPE */
 
     { NULL }
@@ -1185,9 +1195,16 @@
 		     * allocate MPPE_PAD extra bytes in xmit buffers.
 		     */
 		    mtu = netif_get_mtu(f->unit);
-		    if (mtu)
-			netif_set_mtu(f->unit, mtu - MPPE_PAD);
-		    else
+		    if (mtu) {
+			/* Dropping the MTU seems to break Path MTU discovery
+			 * particularly where load-balancers are involved.
+			 * Not dropping the MTU may mean the occasional packet
+			 * goes unencrypted due to them being 4 bytes larger
+			 * and CCP thinking it's not worth encrypting.
+			 */
+			if (mppe_lower_mtu)
+			    netif_set_mtu(f->unit, mtu - MPPE_PAD);
+		    } else
 			newret = CONFREJ;
 		}
 
--- ppp-2.4.3/pppd/pppd.8	2004-11-22 16:36:21.663090491 +0000
+++ ppp-2.4.3/pppd/pppd.8	2004-11-22 16:43:15.169028425 +0000
@@ -622,6 +622,10 @@
 Enables the use of PPP multilink; this is an alias for the `multilink'
 option.  This option is currently only available under Linux.
 .TP
+.B mppe\-lower\-mtu
+Lowers the MTU by 4 bytes for MPPE connections. This is the correct
+behaviour but breaks accessing some sites. This is the default.
+.TP
 .B mppe\-stateful
 Allow MPPE to use stateful mode.  Stateless mode is still attempted first.
 The default is to disallow stateful mode.  
@@ -766,6 +770,11 @@
 .B nomppe\-128
 Disable 128-bit encryption with MPPE.
 .TP
+.TP
+.B nomppe\-lower\-mtu
+Disables lowering the MTU by 4 bytes for MPPE connections. This is sometimes
+required to access servers behind load balancing devices that break Path
+MTU Discovery.
 .B nomppe\-stateful
 Disable MPPE stateful mode.  This is the default.
 .TP