EoIP Magic Packet Size Filtering!

cramerit · August 25, 2006, 11:34pm

I had some trouble last night with an EoIP tunnel that was established over a wireless link. This tunnel had been working well for some time (months), but after a reboot of Router B (see below) the EoIP tunnel would no longer pass packets greater than 1458bytes in size. Any packets 1458 bytes or less would go right through, but packets 1459 bytes and greater would not make it through the EoIP tunnel. What could have caused this all of the sudden? I have rebooted all four routers below and the problem persists.

[Router A]-----{ethernet}-----[Router B]-----{wireless link}-----[Router C]----{ethernet}----[Router D]

The EoIP tunnel runs from Router A to Router D.

Same problem referenced on your forum with no posted solution:

http://forum.mikrotik.com/t/eoip-tunnel-problems/5425/1

Can anyone suggest a workaround? There are a few other times we have seen this on EoIP tunnels and we really need to get this nailed down.[/url]

changeip · August 26, 2006, 5:16am

do you have any ipsec policies on the box? I just learned ipsec policies can modify packets even if peers aren’t configured / connected. Don’t fragment bit can be cleared or set - although I can’t make it work, maybe it’s part of it.

Sam

cramerit · August 26, 2006, 5:38pm

We’re not using any ipsec on any of our boxes, but if we could use it to make the packets get through by modifying them to be smaller, I would be interested to hear how.

cramerit · August 26, 2006, 8:27pm

So are you saying that enabling connection tracking may help this issue?

changeip · August 26, 2006, 11:01pm

I believe I read in these forums that connection tracking is required when dealing with fragmented packet reassembly.

Sam

cramerit · August 28, 2006, 9:22pm

Enabling connection tracking does seem to do the trick.

Thanks for your help!