MLPPP WAN Connectivity

tuff · January 10, 2011, 7:35am

Newbie here, so please be gentle

I’ve recently purchased a RB750G, and currently have it configured for PPPoE MLPPP.

Everything is working as it should, until i configure the 2nd line, once the 2nd line authenicates i lose almost all WAN connectivity.

Google, and a few other urls seems to be working and thats about it.

I can ping from the RB750G just fine.

Any ideas what i’ve missed?

Cheers in advance.

fewi · January 10, 2011, 3:24pm

http://wiki.mikrotik.com/wiki/Manual:RouterOS_FAQ#TCP.2FIP_Related_Questions

I cannot surf some sites when I use PPPoE.
Use /ip firewall mangle to change MSS (maximum segment size) 40 bytes less than your connection MTU. For example, if you have encrypted PPPoE link with MTU=1492, set the mangle rule as follows:

 / ip firewall mangle 
 add chain=forward protocol=tcp tcp-flags=syn action=change-mss tcp-mss=!0-1448 new-mss=1448

tuff · January 10, 2011, 5:52pm

Thanks for your response.

Unfortunately, it seems that if i don’t use an MRRU of atleast 1500 then both lines to not connect.

My ISP has told me to use 1500.

I’ve tried your mangle entry, and i’ve also tried to change the New TCP MSS to 1460 (40 bytes less than the MRRU) and neither seem to work.

Below is some configuration settings from the RB750G.

/ip firewall address-list
add address=192.168.88.0/24 comment=LAN disabled=no list=local
add address=192.168.88.0/24 disabled=no list=admin-access
add address=192.168.1.0/24 disabled=no list=admin-access
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s
tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=
10s
/ip firewall filter
add action=accept chain=input connection-state=established disabled=no
add action=accept chain=input connection-state=related disabled=no
add action=accept chain=input disabled=no src-address-list=admin-access
add action=drop chain=input disabled=no dst-port=21,22,23,80,443,8291 protocol=tcp
/ip firewall mangle
add action=change-mss chain=forward disabled=no new-mss=1448 protocol=tcp tcp-flags=syn tcp-mss=!0-1448
/ip firewall nat
add action=masquerade chain=srcnat comment=NAT disabled=no out-interface=ADSL24
add action=dst-nat chain=dstnat disabled=no dst-port=113 in-interface=ADSL24 protocol=tcp to-addresses=192.168.88.65 to-ports=113
add action=accept chain=dstnat disabled=yes in-interface=ADSL24
/ip firewall service-port
set ftp disabled=no ports=21,113
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no

Any help would be appreciated.

tuff · January 11, 2011, 6:48am

Once i’d figured out that the mangle rule needed to be set to 1440 (40 bytes less than the configurable MAX MTU) everything is now working as it should.

Setting the MRRU to 1614, the default windows MRRU value, responses seem to be quicker while browsing.

Thanks once again for your help fewi.