I had to do a hard-reset to reset my configuration (I set the max-limit to 1k/1k on a queue that my PC was not in and lost all connectivity - this had worked fine a day or two ago), and after I reconfigured (see below), I discovered that ping, dns, and port 80 worked fine to external (internet) sites, but 443 (https) and 22 (ssh) timed out. In other words, I can go to an http: site, but not an https: site. It is this way for all devices (multiple PCs). I’ve done reset-configuration several times, and it always comes back to this behavior.
Setup
- DSL modem in bridge mode
- PPPoE user/pass set in MikroTik
- fwiw, before that first hard-reset, I was using 6.42.. When I was reconfiguring, I updated to 6.43.4. I tried downgrading to 6.42.9 but it didn’t help.
When I re-configure after resetting, all I do is set up PPPoE user/pass (successfully). At this point, I can web into http: sites, but not https: sites, both from wireless and LAN connection. I can ping anywhere.
I tried with a different router, and it works fine, so the issue is not downstream from the MikroTik.
I’ve checked firewall settings, NAT settings, everything I can possibly think of.
Any ideas?
I set the max-limit to 1k/1k on a queue that my PC was not in and lost all connectivity
What this mean
I had 2 (simple) queues: my PC was in one queue (“Jim’s PC”) and all other devices were in another (“Others”). My internet connection is slow, so when another device was using all the bandwidth (such as my iPhone backup up photos) and I needed bandwidth for my PC, (such as phone conference), I would do the following to give my PC essentially all the bandwidth:
/queue simple set Others max-limit=1k/1k
And when my phone conference (etc.) was over, I would do this:
set Others max-limit=0/0
Ok 1k/1k is too low or equivalent of not having connection at all but that may not be your problem. In case of dsl pppoe connection is encapsulatedand you cant send full size packets without fragmentation. Some dynamic rules in firewall mangle should be created automatically based on the configuration of your isp. In case they are not created you may need to create them manually. Search the forum for mtu size in dsl connections or clamp-to-pmtu topics. How to detect maximum packet size you can send and recieve without fragmentation needed etc. You can ping and you can open some sites probably because ping uses low packet size by default and not all sites require big packet size to open. In case of ssl connection is different. Also some dns responses are big in size. Hope it helps in your case otherwise post some configuration so maybe we can help again.