First correct MSS:
in /etc/nftables.d/mssfix.nft
chain mangle_postrouting {
type filter hook postrouting priority mangle; policy accept;
oif $wan_devices tcp flags syn / syn,fin,rst tcp option maxseg size set rt mtu
}
(fw4 check && service firewall restart)
Then apply this patch (note if ppoe lowlevel device is not vlan like eth0.1 it is not sufficient)
-> view file -> raw -> upload to /usr/share/ucode/fw4.uc (backing up original just in case)
then do the firewall check & restart