I am having a few issues using an internet connection with the mikrotik. The current set up is a miktotik router at my house with a broadband connection, with an IP tunnel using IPSec back to a hub at our data center.
I get certificate problems on almost every web site i try. Some website like amazon.com will only load about halfway, making them unsueable. Things like vpn and RDP work fine. I’ve tried asjusting mss to 1360 but it doesn’t seem to help. There is another firewall down the line that still MAY be an issue and of course ill look into that as well, but its not causing an issue for non mikrotik users so im doubting thats the problem.
Does anyone know anything about this specific problem?
Every time I have seen this, it was an MTU issue. many HTTPS servers don’t work well over a VPN tunnel. You will need to do a mangle rules that changes the mss on ssl traffic before it gets to the VPN. This isn’t a MikroTik issues, as much as an IP issue.
Here is a good article from Cisco on it..
http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html
I uses these mangle rules for my routers. One for ppp connections, the other for IPSec.
/ip firewall mangle
add action=change-mss chain=forward new-mss=1470 out-interface=all-ppp passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=forward dst-address=10.0.0.0/8 new-mss=1410 passthrough=yes protocol=tcp tcp-flags=syn