Why doesn't the internet work without change-mss?

S

Shamil2018-02-03 15:36:26

Computer networks

Shamil, 2018-02-03 15:36:26

There is a Mikrotik, to which 2 providers are connected:

pptp; mtu-1436
pppoe;mtu-1480

for some reason, both connections require changing change-mss in the mangle, otherwise most of the sites practically do not open (I went through the mtupath utility, found the values \u200b\u200bto be set in TCP MSS);
I tried to find out from the providers, the first sent back with the words that I had the wrong mikrotik, the second did not answer yet, but they say that no one except me dealt with a similar problem.
Why did I decide to ask for help at all, and not pay attention - because 3CX telephony stopped working, the operator (beeline) said that my equipment was dropping packets. As a result, I had to transfer telephony to another office, but as soon as the Internet disappears there - call the center begins to resent

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

W

Wexter, 2018-02-03
@Wexter

Because your local network has an MTU of 1500 and pptp/pppoe is less, add a rule

/ip firewall mangle add chain=postrouting action=change-mss new-mss=clamp-to-pmtu passthrough=yes tcp-flags=syn protocol=tcp out-interface=all-ppp log=no

, then Mikrotik itself will split the packets correctly

D

Denis Michurin, 2018-02-03
@denistu10

It's strange for you, of course. I can suggest playing with RouterOS firmware. Maybe there is a bug

D

Dmitry Skoromnov, 2018-02-03
@kursy-po-it

I recommend posting the entire config.