Searching MSS in this forum returned 45 pages of results, didn't find anything relevant that I hadn't already tried.
I was running 6.42.12, upgraded to 6.43.14, and now stable, 6.44.2.
My topology...
I have two Mikrotik routers, a RB760iGS. Ether1 connects to my CCR1016-Ether1 through my managed switch. Ether4 connects to a DSL modem. Ether5 to a Cable modem. Ether4 and Ether5 are both set as DHCP (both have MTU of 1500). Ether1 has a public static IP from a /30 subnet..
My internet is done from a VPN provider that routes me a public IP block over a L2TP connection. The DSL or Cable modem connects to the L2TP service then routes a larger IP block to my CCR1016 using the second usable of the /30. PING/ICMP traffic is allowed
I have random sites that have issues, as far as I can tell it seems to be MTU/MSS issues..
The L2TP is showing Actual MTU of 1470, I am sure this used to show 1460, not that it really matters..
I've tried to use a 'Change MSS' mangle rule,
Chain: Forward (and a second for Output)
Out Interface: L2TP VPN
TCP MSS: ! 0-1420
TCP Flags: syn
Action: Change MSS
New TCP MSS: 1420
I've tried TCP MSS: 1421-65535 instead of !0-1420, I've also tried values 1440, 1400, 1380, even 1300.. But certain traffic still does not work.
One site I was reading said do the Change MSS mangle rule in both directions, in and out, I tried this but the L2TP-In rule was showing 0 packets (which is what I expected).
I've tried setting the CCR1016's Ether1 interface to a 1400 MTU, hoping the built-in(?) automatic MSS adjustment would do it... No effect. I matched the RB760iGS Ether1 also to 1400, no change.
If I manually set the host's network interface to 1400 MTU, everything works great.
This seems like the simple/traditional MTU/MSS issue but I can't seem to correct it. What am I missing? Any suggestions?
Thank you