Hej there Mikrotik-Community!
It may seems odd, but I’m facing the problem, that my wifi-users can’t access github.com…
An RB2011UAS-RM is handeling 3x cAP 2n Access Points.
The cable-bound LAN-Users are using a different path (directly to the default gateway of the network) and do not have these problems.
What I found from google research:
https://github.com/.../mikrotik-java/issues/2
Which is exactly the behaviour we are experiencing right now…
Is there any fix for this issue?
The first step I would probably take is to plug a client into the 2011 and verify if it works from there or not. Are you using CAPSMAN or are the APs provisioned independently?
hereby veryfied.
It’s a CAPSMAN Setup.
Every client using the 2011 as a default gateway, fails to establish a secure connection via ssl.
Changing the default gateway to “not the mikrotik”, fixes the problem, but is obviously not a solution, since I want the 2011 to do firewalling, forwarding and so on…
So basically a huge bug no one cares about? ^^
Interesting…
are you using CAPsMANv1 or CAPsMANv2?
CAPs are connected to the CAPsMAN via Layer2 or IP?
I suspect your problem is not the one you found on Google as that seems to be related to connecting to the Mikrotik itself via SSL and not problems with the Mikrotik forwarding SSL.
Usual problems with SSL is MTU size - can your users access any other SSL enabled sites (MS or eBay for example)?
V2
Two of them are connected via l2 - one via l3
Same problem for all of them.
Since it seems to be a bug in the Java implementation handling DH-keys, used at the controller, I was hoping for a hotfix from the vendor.
fixed with mikrotik support
/close