RouterBOARD 750G r3 slow with Microsoft OneDrive servers

dainiuv · February 9, 2023, 7:51am

Hello,

My RouterBOARD 750G r3 is slow with Microsoft OneDrive servers and other Microsoft servers. I tried Google Drive - everything is fine.
Firmware version: 6.49.7

How can I check where is problem?

dainiuv · February 14, 2023, 11:41am

I have figured out that Mikrotik drops some TLS packets. How can I fix it? Or debug which setting is dropping packets?

holvoetn · February 14, 2023, 4:15pm

First option:
Check firewall, especially the drop rules.
See which counters increase when you make connection to OneDrive.
Also check raw rules if you have those.

dainiuv · February 15, 2023, 5:18pm

Hi,

I tried to upgrade RouterOS to 7.7 version. Still the same.
Checked packets - there is some but not from Microsoft servers.

Here is firewall config:

feb/15/2023 19:15:06 by RouterOS 7.7

software id = CBIH-XCX9

model = RB750Gr3

serial number = 6F38075C6F0E

/ip firewall filter
add action=accept chain=input comment=“Allow OpenVPN” dst-port=1194 protocol=tcp
add action=accept chain=input src-address-list=Admin
add action=accept chain=input dst-address=88.119.197.114 dst-port=1723 in-interface=ether1 protocol=tcp
add action=accept chain=input dst-address=88.119.197.114 in-interface=ether1 protocol=gre
add action=accept chain=input comment=“reikalinga VPN sertifikatui pasiimti” dst-port=443 protocol=tcp
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=accept chain=input comment=“defconf: accept established,related” connection-state=established,related
add action=accept chain=forward dst-address=172.20.45.34 dst-port=80 protocol=tcp src-address=192.168.1.0/24
add action=accept chain=forward dst-address=172.20.45.34 dst-port=80 protocol=tcp src-address=192.168.8.0/24
add action=accept chain=forward comment=“Spausdinimas i\F0 EMC-Sveciams \E1 centrin\E1 spausdintuv\E0” dst-address=172.20.45.100 dst-port=515,721-731,9100-9102 protocol=tcp src-address=192.168.1.0/24 src-port=“”
add action=accept chain=forward dst-address=172.20.45.100 dst-port=161,162 protocol=udp src-address=192.168.1.0/24 src-port=“”
add action=accept chain=forward comment=“Spausdinimas i\F0 EMC2 tinklo \E1 centrin\E1 spausdintuv\E0” dst-address=172.20.45.100 dst-port=515,721-731,9100-9102 protocol=tcp src-address=192.168.8.0/24
add action=accept chain=forward dst-address=172.20.45.100 dst-port=161,162 protocol=udp src-address=192.168.8.0/24
add action=drop chain=forward dst-address=172.20.0.0/16 src-address=192.168.1.0/24
add action=drop chain=forward dst-address=172.20.0.0/16 src-address=192.168.8.0/24
add action=drop chain=input comment=“defconf: drop all from WAN” in-interface=ether1
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack” connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=“defconf: accept established,related” connection-state=established,related
add action=drop chain=forward comment=“defconf: drop invalid” connection-state=invalid
add action=drop chain=forward comment=“defconf: drop all from WAN not DSTNATed” connection-nat-state=!srcnat,dstnat connection-state=new disabled=yes in-interface=ether1

I have only default Raw rule.