Bridged an EOIP then some web site become inaccessable

RouterOS Beginner Basics
1

I create a EOIP over SSTP. after bridge EOIP interface to main bridge, then some website become inaccessible. No all website, just some.
I use traceroute before and after in My laptop, the traceroute is the same.
I create an new bridge just have ether4 and EOIP, and the website is ok.
I disable the EOIP tunnel from interface, the website is not inaccessible.
Any idea?

/interface eoip
add allow-fast-path=no clamp-tcp-mss=no !keepalive local-add
192.168.201.185 loop-protect=on mac-address=02:D0:1E:89:
remote-address=192.168.201.186 tunnel-id=201

/interface bridge port
add bridge=bridge comment=defconf interface=ether2-ma
add auto-isolate=yes bridge=bridge comment=defconf in
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=eoip-QF

Route print

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 ADS 0.0.0.0/0 219.77.176.254 1
1 ADC 192.168.185.0/24 192.168.185.1 bridge 0
2 ADC 192.168.200.186/32 192.168.200.185 GZsstp 0
3 ADC 192.168.201.186/32 192.168.201.185 QFsstp 0
4 ADC 219.77.176.0/24 219.77.176.40 ether1 0

before
traceroute to 203.31.33.69 (203.31.33.69), 64 hops max, 52 byte packets
1 router (192.168.185.1) 2.014 ms 0.871 ms 0.766 ms
2 n219077176254.netvigator.com (219.77.176.254) 2.197 ms 3.956 ms 2.481 ms
3 10.193.232.54 (10.193.232.54) 2.425 ms 2.957 ms 2.547 ms
4 wtsc3a014.netvigator.com (218.102.40.14) 2.990 ms 3.115 ms 3.078 ms
5 lcsd3-rge.hkix.net (123.255.90.145) 3.072 ms 2.992 ms 4.779 ms
6 *^C
after
traceroute to 203.31.33.69 (203.31.33.69), 64 hops max, 52 byte packets
1 router (192.168.185.1) 2.078 ms 3.456 ms 0.826 ms
2 n219077176254.netvigator.com (219.77.176.254) 2.478 ms 1.916 ms 52.306 ms
3 10.193.232.54 (10.193.232.54) 5.596 ms 2.337 ms 2.078 ms
4 wtsc3a014.netvigator.com (218.102.40.14) 2.905 ms 2.604 ms 2.450 ms
5 lcsd3-rge.hkix.net (123.255.90.145) 5.715 ms 3.548 ms 3.627 ms
6 *^C

2

Hi,

The issue is most likely caused to the MTU set on EOIP tunnel. Try to reduce this and see if you still have the same issue.

Rob

3

unfortunately no,
I have reduce the MTU=1300
add allow-fast-path=no clamp-tcp-mss=no !keepalive local-address=192.168.201.185
loop-protect=on mac-address=02:D0:1E:89:3C:AF mtu=1300 name=eoip-QF remote-address=
192.168.201.186 tunnel-id=201

Any tools to test what is the route in the Mikrotik for the 203.31.33.69 wetsite? which cause it fail.
I mean i have no issue to access the website without bridge EOIP. After bridge EOIP, the website become inaccessible

Strange enough from Windows the remote mikrotik is present in Winbox with MAC address:00:00:00:00 and correct IP address.

4

Sorry my mistake on last.
modified MTU does not help, even set MTU to 1300

The remote Mikrotik display with an mac address 02:E3:48:73:xx:xx with IP address 0.0.0.0, when i enable the EOIP interface.

My purpose is to link the EOIP to internet, so I add the EOIP to the bridge. Can I route the EOIP traffic to gateway? Any suggestion.

5

Try adding a mangle rule on the internet facing side of the tunnel to change the tcp mms for all the tcp syn connections.

 /ip firewall mangle add chain=forward protocol=tcp tcp-flags=syn action=change-mss tcp-mss=1350
6

When apply the Change MSS to Eoip-QF interface, the following error message.
in/out interface matcher not possible, when interface (eoip-QF) is slave, use master instead (bridge)
how can I apply to eoip interface? is it out-interface?


Apply to Bridge and it work, I can access the external website, thank for help, if there any issue if apply in Bridge interface? slow down all traffic?
/ip firewall mangle
add action=change-mss chain=forward in-interface=bridge new-mss=1350 passthrough=no
protocol=tcp tcp-flags=syn

7

The problem is automatic mtu of bridge, before add eoip is 1500, after is around 1400. The solution is set mtu of eoip to 1542 in both of tunnel eoip, or forced the mtu bridge to 1500.
I have the same problem with host https://serviciodecorreo.es
Sorry for my English.