Problem with PureVPN setup - ICMP workls, HTTP does not

RouterOS Beginner Basics
1

Hello,
I’m trying to configure VPN on my router using my working PureVPN account. I guess my problem is something very obvious but I cannot find where the problem is and how to fix it.
The router: hAP ac., the latest RouterOS,
The problem: VPN connection establishes just fine but HTTP connections through VPN do not work, ICMP works just fine, I see packets in Wireshark from the remote machines.
With HTTP connections I see SYN, ACK from the remote machines during connection establishment, then client sends ACK and first HTTP data and then it never getting anything back. When client resets the connection I see packets from the server. The whole conversation looks like below:

218 3.852897000 192.168.0.100 216.58.213.228 TCP 66 4995→80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
219 3.942741000 216.58.213.228 192.168.0.100 TCP 66 80→4995 [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=1360 SACK_PERM=1 WS=128
220 3.942808000 192.168.0.100 216.58.213.228 TCP 54 4995→80 [ACK] Seq=1 Ack=1 Win=66560 Len=0
221 3.944295000 192.168.0.100 216.58.213.228 HTTP 156 GET / HTTP/1.0
222 4.244137000 192.168.0.100 216.58.213.228 HTTP 156 [TCP Retransmission] GET / HTTP/1.0
254 4.844182000 192.168.0.100 216.58.213.228 HTTP 156 [TCP Retransmission] GET / HTTP/1.0

more retransmissions are here.

657 15.648562000 192.168.0.100 216.58.213.228 HTTP 156 [TCP Retransmission] GET / HTTP/1.0
1021 25.248923000 192.168.0.100 216.58.213.228 TCP 54 4995→80 [RST, ACK] Seq=103 Ack=1 Win=0 Len=0
1026 25.332625000 216.58.213.228 192.168.0.100 TCP 60 [TCP Window Update] 80→4995 [ACK] Seq=1 Ack=1 Win=43008 Len=0

I used the instructions from PureVPN site and other sites, they all are basically the same except for DNS settings, but name resolving is not a problem.
I know mangle rule works fine, I can change source and destination lists and ports and in this case VPN connection establishes only if I connect from/to machines in these lists but HTTP connection then does not work the same way. Not only HTTP protocol does not work but anything that establishes TCP connection. Only the simple protocols like ICMP work.
I looked at MTU, MRU but everything seems work there, pings 1372 bytes long get through as they should, MTU is 1400.

Where are no any additional firewall rules that can block packets, everything is default. The router connected to internet via 4G modem/router but it worked fine with the previous Linksys E4200 router and there not much I can configure. I can establish VPN connection from any of the client machines just fine.

So any idea where to look?

Any help is appreciated

thanks!

2

Found the reason - Fasttrack!
Seems that a lot of people are experiencing the same problem, I just had to find the correct keywords while searching.

Excluding VPN marked routes from fasttrack in firewall rules resolves the problem.

4 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection
connection-state=established,related routing-mark=main log=no
log-prefix=“”

Not sure if I’m doing it right but for some reason routing-mark=!VPNMark does not work.

3

This worked for me as well.

4

Hi,

This is the basic guide for all the VPNs:

Here are some basic steps that you can follow to setup VPN on your router (do remember that some of these steps may vary based on the router you are using).

Connect your cable modem with your router using an Ethernet cable.

Go to your routers control panel from your system.

In your router’s control panel, go to ‘Network’/ ‘Basic Setup’ / ‘Basic’ tab to configure the internet or WAN settings.

Now enter the login credentials and other information provided by your VPN provider (username, password, subnet mask, gateway, and information).

Next, you will be promoted to select the protocol settings. Choose the suitable protocol and change your ‘Connection Type’ depending on your VPN provider’s settings.

Now choose the suitable DCHP settings based on your VPN provider.

‘Save’ and ‘Apply Settings’. That’s it, you’re done!

For PureVPN setups and guides read this detailed post: https://www.bestvpnprovider.com/purevpn-review/. and if you are looking for a purevpn review then head out to: https://www.purevpnreview.com/