NordVPN issue

A new day a better solution.

Till now we only tackled TCP packets by setting a fixed MTU size for those packets. Sindy found the better solution than that by adding a line to /ip ipsec policy.

When using solution you can do away with the MSS line in mangle and the client will receive finally the packet stating to lower the MTU.

This line moved above the dynamic lines in /ip ipsec policy, and now my sniffer line gives Destination unreachable (Fragmentation needed). Never been so pleased to read te word unreachable before.

This is the line that add to /ip ipsec policy. Replace 192.168.88.0/24 by your own local IP range if you are using a different range:

add action=none dst-address=192.168.88.0/24 src-address=0.0.0.0/0

See the whole topic: http://forum.mikrotik.com/t/undecoded-packets/134293/1