When you think the MSS is the issue (I do not know Starlink and if it has a <1500 byte MTU) you can add a rule in /ip firewall mangle to set the TCP MSS.
That won’t work when you have a 1500-byte MTU ethernet connection to a 3rd party router, but there is an MTU bottleneck further down the path. That is why I mention an explicit MSS instead of clamp-to-pmtu.
Again I have no idea if Starlink has a lower MTU in the network. When it had, it would probably do clamp-to-pmtu in their own routers. But then the issue described by the OP would not exist, at least not for TCP.
“Using MSS 1024 seems very low though and could unnecessarily reduce throughput.”
Well, it isn’t that dramatic. But when you want to get the last % of throughput you can find the optimal MSS to use.
I always get suspicious when I see a reseller router in there. Starlink uses CGNAT for IPv4. What kind of ip address is your reseller giving you? You are behind NAT with your TP Link, and then possibly again with your reseller.
It would help to know what type of starlink service your reseller is using. They do have some enterprise services where the reseller would receive public IPv4 without CG-NAT. This is usually delivered by the Enterprise antenna as well.
Starlink does give native IPv6, so you could ask to receive that and see if it helps.
Also Nat-PMP may help out a bit both on your tplink and on the reseller device.
TCP-MSS has been covered by the others.
You could ask the reseller to send you a /24 or /27 (private RFC 1918) from their router and then put your TP Link in to routed mode (no nat) to avoid one set of NAT.
Finally, the reseller could be load balancing across a number of starlink antennae and their PCC algorithms in Mikrotik may be misbehaving.
I confirmed that my reseller is using standard residential Starlink (not enterprise) and only one dish, no load balancing.
I checked my side and I’m clearly receiving a private IPv4 address (192.168.x.x), so I’m definitely behind:
Starlink CGNAT
Reseller MikroTik NAT
My TP-Link NAT
That aligns with the triple-NAT concern you mentioned.
Given this, I think requesting native IPv6 end-to-end is the best next step, and I’ll also ask the reseller about enabling NAT-PMP / UPnP. If possible, I’ll see whether they can route a subnet to me so I can avoid one NAT layer.
Thanks again — this helped clarify where the issue most likely sits.
There could be an even worse thing going on. Starlink Residential systems provide a starlink branded router/wifi device as standard.
You CAN use the starlink app to turn off the NAT in that device (put it in bridge mode) up to Gen2 starlink and Gen3 onwards you can remove the starlink router comletely and connect mikrotik directly to the gen3 dish.
So, is it possible that this is your scenario:
Starlink CGNAT - Starlink Router with NAT - Mikrotik with NAt - TP Link with NAT?
This usually points to an MTU or MSS issue in the MikroTik path.
Starlink often needs MSS clamping on TCP connections to avoid fragmentation problems.
Check that TCP MSS is clamped on the MikroTik WAN interface and that no queues are forcing a lower MTU.
Also, make sure fasttrack is not interfering with NAT or connection tracking.
Since it works when bypassing MikroTik, the router configuration is the most likely cause.
@pe1chl the question... reveals..
I wouldn't be surprised if a link to some PS2 emulator for Android pops up soon inside the text of edited post or on another post...
