L2 connection mikrotik<->mikrotik breaks some https connections

koronabora · April 15, 2019, 1:26am

Hello!

I have some troubles with setting up connection mikrotik ↔ mikrotik using layer 2 tunnel (L2TP+BPC or EOIP):
If interface is active, some https connections could not be established from any computer at local network. I tryed to increase bridge path cost, but it not solve my problem. Some of https connections established sucsesfully, other - not.

Example (using opennsl client):

“Bridge” on L2TP profile enabled:

C:\Program Files\OpenSSL-Win64\bin>openssl s_client -connect www.tinkoff.ru:443
CONNECTED(000000F4)

“Bridge” on L2TP profile disabled:

C:\Program Files\OpenSSL-Win64\bin>openssl s_client -connect www.tinkoff.ru:443
CONNECTED(000000F4)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Ro
ot CA
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Ro
ot CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte RSA CA 2018
...

Thank you!

vecernik87 · April 15, 2019, 6:51am

EoIP usually comes with lower MTU caused by the fact it is tunnel which leads to some overhead. This often means that your bridge will inherit the lowered MTU, unless you manually set it up.

Try to change MTU on your bridge manually to 1500

koronabora · April 15, 2019, 7:03am

All works fine now! It seens I’m an idiot