HI,
We have the same hotspot config running in multiple locations, and its seems that some users when loogin in cannot view some websites, it generally seems to be asian websites.
The latest one is yahoo.com.hk
I seem to be able to view it on our test MT but he definately cannot.
Is there any “Quick fix” for why this would happen.
I have not Firewalling etc in place for any websites.
This is usually an MTU issue and has been discussed many times. Search the forum for MTU & mangle.
Regards
Andrew
I dont think its an MTU issue, we have the mangle rule with “clamp to pmtu” selected as per all the examples.
On the “clamp to pmtu” issue, I tried to find what that really means in the manual today cause I thought it could be that, but I couldnt find that.
Mabye it is MTU, mabye I am misunderstanding what “clamp to pmtu” does?
Instead of clamp-to-pmtu, try clamping to a fixed value instead. You may need to go pretty low. I find 1360 is a good starting point.
Regards
Andrew
Changing From this config in connection tracking:
enabled: yes
tcp-syn-sent-timeout: 1m
tcp-syn-received-timeout: 1m
tcp-established-timeout: 1d
tcp-fin-wait-timeout: 10s
tcp-close-wait-timeout: 10s
tcp-last-ack-timeout: 10s
tcp-time-wait-timeout: 10s
tcp-close-timeout: 10s
udp-timeout: 10s
udp-stream-timeout: 3m
icmp-timeout: 10s
generic-timeout: 10m
tcp-syncookie: yes
max-entries: 255600
total-entries: 1531
to this:
enabled: yes
tcp-syn-sent-timeout: 1m
tcp-syn-received-timeout: 1m
tcp-established-timeout: 1d
tcp-fin-wait-timeout: 1m
tcp-close-wait-timeout: 1m
tcp-last-ack-timeout: 1m
tcp-time-wait-timeout: 1m
tcp-close-timeout: 1m
udp-timeout: 1m
udp-stream-timeout: 3m
icmp-timeout: 1m
generic-timeout: 10m
tcp-syncookie: yes
max-entries: 255600
total-entries: 1401
I kind of get it, but will there be any adverse effects by doing this?