Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
eugeneSA2016-09-27 12:21:03
Computer networks
eugeneSA, 2016-09-27 12:21:03

Mikrotik with PPPoE, how to choose MTU?

Hello!
Already tormented in the region and I want to request community help on one issue:
We have Mikrotik hAP lite (6.36.2 firmware) + PPPoE to the provider. And not opening to any dropbox.com, on the face of a classic problem with the size of the window and Google is probably already tired of answering this question.
At the moment, Change TCP MSS = yes is enabled in the PPP connection profile, while automatically generated rules appear in mangle - forward:

0  D chain=forward action=change-mss new-mss=1440 tcp-flags=syn protocol=tcp out-interface=all-ppp tcp-mss=1441-65535 
 1  D chain=forward action=change-mss new-mss=1440 tcp-flags=syn protocol=tcp in-interface=all-ppp tcp-mss=1441-6553

And the MTU pppoe-out of the interface stops at the value - MTU 1480;
pppoe connection config:
0  R name="pppoe-out1" max-mtu=auto max-mru=auto mrru=disabled interface=ether1 user="user" password="pass123" profile=default keepalive-timeout=60 service-name="" ac-name="" 
      add-default-route=yes default-route-distance=0 dial-on-demand=no use-peer-dns=yes allow=pap,chap,mschap1,mschap2

Those. It would seem that everything is logical (at least from my point of view) 1480 to Provo and 1440 to the internal network, but the site does not open.
If you remove Change TCP MSS from the PPP profile, and add similar rules to the mangle, but manually and even using a smaller MTU value, the picture does not change. In this connection, a logical question arises, what went wrong and how to win it. There is also 3011 with similar symptoms and the same provider.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
E
eugeneSA, 2016-09-27
@eugeneSA

Well, actually everything is quickly resolved as it turned out.
In the PPP profile settings, disable change-tcp-mss. Whatever the tick, stop phasing your rules in the mangle.
Then bring it to something like this (I personally got stuck on such values), where pppoe-out1 is your pppoe interface:

 > ip firewall mangle print 
Flags: X - disabled, I - invalid, D - dynamic 
 0    chain=forward action=change-mss new-mss=clamp-to-pmtu passthrough=no tcp-flags=syn protocol=tcp in-interface=pppoe-out1 tcp-mss=1300-65535 log=no log-prefix="" 

 1    chain=forward action=change-mss new-mss=clamp-to-pmtu passthrough=no tcp-flags=syn protocol=tcp out-interface=pppoe-out1 tcp-mss=1300-65535 log=no log-prefix=""

Similar questions
S
Sergey Kutylev2015-09-17 22:05:18
How to resolve routing in a network with openvpn server? 2Reply
I
IvankoPo2017-07-28 18:00:50
How can I permanently disable an intruder from my computer? 7Reply
M
Melhiorat2015-08-23 16:06:15
Is there a good online note/blog service? 6Reply
I
Ignat2017-07-29 22:37:00
Twisted Pair Rights? 5Reply
N
Nikkier2015-08-24 17:48:25
How to resume a group member? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question