Some websites do not open

plisken · October 18, 2015, 9:31am

CRS125-24 g-1S-RM
RouterOS 6.30 to latest rc
Firmware 3.24

6.10 works better but not support CRS
This problem has long been known.
What can be done?

ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no
interface=ether1_ISP-wan

ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1_ISP-wan

No other firewall rules added.
If i try another non Mikrotik router thats working fine

Very disappointing that this problem persists.

marrold · October 18, 2015, 3:24pm

You’ve not really provided any information.

I suspect this is a config error

plisken · October 18, 2015, 4:57pm

This is no a config error.

RouterOs 6.10 works

cobra2411 · January 22, 2016, 3:06am

I’m going to jump in here too. I have a similar problem. I have an out of the box configuration with only PPTP client added. The PPTP works great, but some sites don’t load. I swap out a different router and it works fine.
https://www.youtube.com/watch?v=EpAFwgWNDX8

darkprocess · January 22, 2016, 8:37am

I think you need to add two mss claping rules

ganewbie · January 22, 2016, 11:53am

It happened to me too, and I found out by changing the MTU from the default of 180 to 1492, all sites open normally.
Again earlier did not notice but recently yes.
** I am using PPPoE** as gateway.

cobra2411 · January 25, 2016, 5:38pm

I’m not using PPPoE, so I don’t know if this applies.

Would mss clamping help? If so, where would I look to add that? What I’ve see so far relates to PPPoE.

Thanks

ZeroByte · January 25, 2016, 7:49pm

It’s used most in a PPPoE scenario, but any time you want to force the MTU down below what the client devices use, it’s useful.
VPN would be another scenario for this.

If you have Ethernet on both sides, then you don’t have a checkbox for clamping mss - but you can set it up by putting a rule in the prerouting chain of the mangle table. Try clamping the mss down to something silly like 1200 and if that fixes the problem, start making it larger and larger until the problem returns.

BTW - are you blocking all ICMP on your WAN interface? ICMP isn’t just pings and redirects, you know. Path MTU discovery depends on ICMP messages too - and filtering all ICMP breaks path MTU discovery.

cobra2411 · January 26, 2016, 12:26am

Not sure if IMCP is blocked or not. Other than configure the PPTP client everything is out of the box. The PPTP client works beautifully, as do some sites. Others… Not so much. Real PITA.

I’ve got ethernet on both sides. Cable modem into Eth1 and lan on Eth2+. Also have WiFi.

I’ll play around with it later tonight and let you guys know.

Thanks,

cobra2411 · February 3, 2016, 3:54pm

Well I’ve been playing around with mss clamping from 1200-1450 and it doesn’t seem to be helping.

Amazon and amazon hosted sites seem to be more problematic. Not sure what the difference is. Facebook and Netflix on the other hand work great.

Any other ideas, thoughts, questions?

cobra2411 · February 4, 2016, 4:19pm

Upgraded to 6.34 with no change in performance.

cobra2411 · May 26, 2016, 4:53pm

Now running 6.36rc16 with the same results…

Anyone???

plisken · May 26, 2016, 5:02pm

Do you use bridge and EOIP-tunnel?
Set by bridge MTU on 1500 static

ZeroByte · May 26, 2016, 5:03pm

If you route everything directly (not via the PPTP) does it all work 100% in that case?

Someone earlier in the thread mentioned that their PPTP had a default MTU of 180 - that’s quite low - check whether you can raise this to something more “modern” (of course the other side of the tunnel must agree)

Perhaps the other side of the PPTP tunnel is breaking PMTU or is doing something that breaks your connectivity.