I have the same problem.
I try RouterOs 6.24, 6.25 and all the release candidates after 6.25
a suggestion…
MSS problem? change mss in ppp to 1492 or 1500.
also look MSS rules in mangle to be on TOP of the list
Thanks for reply
My routerboard is connect to ISP modem as DHCP-client.
Not PPP and i have the same issue.
you should have dsl modem in bridge mode and leave mikrotik to do the PPPOE
This is not a ADSL but cable modem.
I can load other websites but not speedtest.net and some other websites.
The modem is correct connect with the routerboard.
I think bug in RouterOs
@Mikrotik Can you check that?
this sounds like definitely like a MTU setting issue what is your current MTU on your WAN interface?
Nowbody knows?
Webistes that’s not can open
http://www.speedtest.net
http://www.wirelessinfo.be
anybody?
Working with RouterOs 6.19, ROS 6.20, ROS 6.21, ROS 6.22
Most likely an MTU issue. I suggest adding the MTU/MSS Rules manually Alter the ‘TCP MSS’ and ‘New TCP MSS’ values accordingly till you can find the highest value that works all the time, I suggest no higher than 1492 though.
IP Firewall
Mangle
2 New Rules
Rule No. 1
General Tab
Chain: Forward
Protocol: tcp
In Interface: Your interface where you connect to the Cable ISP. e.g. ether1
Advanced Tab
TCP MSS: 1453-65535
TCP Flags: syn
Action Tab
Action: Change MSS
New TCP MSS: 1452
Passthrough: Checked
Rule No. 2
General Tab
Chain: Forward
Protocol: tcp
Out Interface: Your interface where you connect to the Cable ISP. e.g. ether1
Advanced Tab
TCP MSS: 1453-65535
TCP Flags: syn
Action Tab
Action: Change MSS
New TCP MSS: 1452
Passthrough: Checked
/ip firewall mangle
add action=change-mss chain=forward new-mss=1452 in-interface=ether1 protocol=tcp tcp-flags=syn tcp-mss=1453-65535
add action=change-mss chain=forward new-mss=1452 out-interface=ether1 protocol=tcp tcp-flags=syn tcp-mss=1453-65535
I have the same issue, tried this and it didnt work. The only difference is my router is not in PPPOE, its in STATIC mode
Even though you’re not on PPPoE, MTU could still be the issue somewhere.
As a check, get the IP for the server you’re failing to connect to and ping from the router with just the normal settings.
Provided you get a reply you can proceed by setting the packet size to 1500 and check the ‘Don’t Fragment’ box.
If it says ‘fragment needed…’ keep reducing the packet size until you get a normal reply again.
Provided the packet size isn’t ludicrously small you should then try setting the ‘New TCP MSS’ and ‘TCP MSS’ range accordingly then try accessing the website again.
If you don’t get a reply from the first server with normal ping settings try one of the others you’re having issues with as they may just have icmp blocked or disabled.
If this doesn’t shed any light but you do find another solution to the issues I would be interested in your findings.
I tried pinging one of the sites(weather.com) from TOOLS>PING with default size packet 50, i got a response,then tried pinging with 1500 and got response PACKET TOO LARGE. The lowest i could get a response from was 1400. This was all with default interface(not changing anything). However when i changed the interface to ether1 with size 1500 i get a response,ether2 i receive timeout with any set value. What would you suggest to do now, and where can i set the values for TCP MSS ? Thank You you have been very helpfull so far
Hi RazorMK,
use the following, making sure that where I have set ether1 you set it to the interface where you connect to your isp.
/ip firewall mangle
add action=change-mss chain=forward new-mss=1400 in-interface=ether1 protocol=tcp tcp-flags=syn tcp-mss=1401-65535
add action=change-mss chain=forward new-mss=1400 out-interface=ether1 protocol=tcp tcp-flags=syn tcp-mss=1401-65535
Finally a working solution, Thank you very much
Is the problem solved?
This sure is a way of making it work, but I don’t understand the root cause of the problem, the packetsize may not exceed 1400.
It makes no sense to me. Even more because RazorMK has different behavior between 2 ether interfaces, as he stated