Setup:
Mikrotik Router, latest OS as of today - 6.37.3
DNS server locally from a server running dnsmasq
External DNS served from OpenDNS
Up until this time, everything has worked fine.
Yesterday I configured KeepSolid VPN into the router OS following these instructions:
https://www.vpnunlimitedapp.com/en/info/manuals/mikrotik-router
Mostly it works.
But, it is taking a long time to load some web sites.
Others do not work at all, such as github.com - it times out on windows, and spins forever on Linux in Firefox.
Running with lynx in linux, it gets stuck making the HTTPS connection.
Here is what I see from a TCP dump - lots of ARP requests
jks.com is the local internal domain.
oradns02 is the server where dnsmasq is running.
14:23:29.278667 IP 192.168.1.86.36196 > 192.30.253.112.https: Flags [.], ack 1, win 229, options [nop,nop,TS val 121933384 ecr 3453902430], length 0
14:23:29.290484 IP 192.168.1.86.36196 > 192.30.253.112.https: Flags [P.], seq 1:252, ack 1, win 229, options [nop,nop,TS val 121933387 ecr 3453902430], length 251
14:23:29.336121 STP 802.1d, Config, Flags [none], bridge-id 1000.00:41:d2:0b:5d:04.8035, length 43
14:23:29.578531 IP 192.30.253.112.https > 192.168.1.86.36196: Flags [P.], seq 2797:3591, ack 252, win 29, options [nop,nop,TS val 3453902505 ecr 121933387], length 794
14:23:29.578708 IP 192.168.1.86.36196 > 192.30.253.112.https: Flags [.], ack 1, win 241, options [nop,nop,TS val 121933459 ecr 3453902430,nop,nop,sack 1 {2797:3591}], length 0
14:23:31.336071 STP 802.1d, Config, Flags [none], bridge-id 1000.00:41:d2:0b:5d:04.8035, length 43
14:23:32.084388 ARP, Request who-has 192.168.1.86 tell 192.168.1.1, length 46
14:23:32.084402 ARP, Reply 192.168.1.86 is-at 08:00:27:0a:e1:cd (oui Unknown), length 28
14:23:32.084586 IP 192.168.1.86.56374 > oradns02.jks.com.domain: 4273+ PTR? 1.1.168.192.in-addr.arpa. (42)
14:23:32.085242 IP oradns02.jks.com.domain > 192.168.1.86.56374: 4273 NXDomain* 0/0/0 (42)
14:23:32.364855 ARP, Request who-has oradns02.jks.com tell 192.168.1.86, length 28
14:23:32.365234 ARP, Reply oradns02.jks.com is-at 60:a4:4c:af:75:f4 (oui Unknown), length 46
14:23:33.336241 STP 802.1d, Config, Flags [none], bridge-id 1000.00:41:d2:0b:5d:04.8035, length 43
14:23:35.336226 STP 802.1d, Config, Flags [none], bridge-id 1000.00:41:d2:0b:5d:04.8035, length 43
14:23:37.225373 IP office01.jks.com.17500 > 192.168.1.255.17500: UDP, length 199
14:23:37.225532 IP 192.168.1.86.59271 > oradns02.jks.com.domain: 46775+ PTR? 255.1.168.192.in-addr.arpa. (44)
14:23:37.226004 IP oradns02.jks.com.domain > 192.168.1.86.59271: 46775 NXDomain* 0/0/0 (44)
14:23:37.226143 IP 192.168.1.86.27252 > oradns02.jks.com.domain: 46057+ PTR? 58.1.168.192.in-addr.arpa. (43)
14:23:37.226742 IP oradns02.jks.com.domain > 192.168.1.86.27252: 46057* 1/0/0 PTR office01.jks.com. (73)
It looks like something is not right with DNS when the VPN is connected, but I really don’t know what the problem is.
If I disable the VPN, everything goes back to normal.
KeepSolid support is not much help for this, they say it is my problem.
Thanks for any help you can offer.