Hello guys.
Straight to the question.
I have very strange problem with one router. Here is the scenario:
Mikrotik Router – (layer2 ethernet vlan) – (internet service provider / cloud)
I configured a pptp server running on the Mikrotik router. From a foreign site I connect to the router with windows pptp client. The authentication is mschap with encryption mppe (standard and basic pptp setup). The router assigns me an ip address from bogus network 192.168.1.254/24 with a local ip address 192.168.1.2 (mikrotik router). Everything is cool, I can browse a websites, I can check my email as well but I was noticed by my colleague that the ICMP (and other non TCP traffic maybe) fails to pass throughоut the router with size bigger than 1472. However I start to looking at this and here is some ping statistics from my pc (pptp client) to some destinations:
route print 0.0.0.0
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.254 1
ping -l 1472 yahoo.com -t
Pinging yahoo.com [206.190.60.37] with 1472 bytes of data:
Reply from 206.190.60.37: bytes=1472 time=155ms TTL=54
Reply from 206.190.60.37: bytes=1472 time=152ms TTL=54
Everything is fine… but look further
ping -l 1473 yahoo.com -t
Pinging yahoo.com [206.190.60.37] with 1473 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 206.190.60.37:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Another byte was added to icmp data field and the traffic stop passing through. I check my settings and I found that the MTU of the pptp interface is 1460 bytes (something that I suppose is a normal behavior to avoid an IP fragmentation by the router) Anyway I’ve set this MTU value to 1400 too and the situation is absolutely same again → 1472byte packets passed but one more byte in the data (1473) and the result is “Request timed out”. I did some packet analyzing by Ethereal (now Wireshark) and I found this:
Pings from 192.168.1.254 to Yahoo.com with size 1472 bytes of data:
222 97.000000 192.168.1.254 206.190.60.37 ICMP Echo (ping) request
224 97.155274 206.190.60.37 192.168.1.254 ICMP Echo (ping) reply
226 98.000977 192.168.1.254 206.190.60.37 ICMP Echo (ping) request
228 98.155274 206.190.60.37 192.168.1.254 ICMP Echo (ping) reply
Pings from 192.168.1.254 to Yahoo.com with size 1473 bytes of data:
238 106.083008 192.168.1.254 206.190.60.37 ICMP Echo (ping) request
243 111.199219 192.168.1.254 206.190.60.37 ICMP Echo (ping) request
252 116.699219 192.168.1.254 206.190.60.37 ICMP Echo (ping) request
262 122.199219 192.168.1.254 206.190.60.37 ICMP Echo (ping) request
275 136.091797 10.11.19.2 192.168.1.254 ICMP Time-to-live exceeded (Fragment reassembly time exceeded)
297 141.211915 10.11.19.2 192.168.1.254 ICMP Time-to-live exceeded (Fragment reassembly time exceeded)
300 146.710938 10.11.19.2 192.168.1.254 ICMP Time-to-live exceeded (Fragment reassembly time exceeded)
The 10.11.19.2 address is a vlan interface on the router. Anyway, I can ping both 10.11.19.2 and 192.168.1.2 even with 5000 bytes of data (so the fragmentation anyway works fine) but when I’m trying to reach some destination beyond the router (lets say 10.11.19.1 which is the default gw of the Mikrotik router) - again the same issue (1472 pass - 1473 can’t)
This is happening with a clients attached directly to the ethernet interface on the router too. Anyway from the router I can ping the yahoo.com and everyone destination with a packet size of >1500 bytes (2000,3000 and more)
And I’m asking WHY? Why is this happening? I tried to setup the MTU size to be 1400 on the pptp interface (together with MRU size) but the result is quite same?
Any suggestions ?