Hi everyone!
This problem occurred a year ago and I had a conversation with support on it. I have upgraded then from 6.28 to 6.29 and suddenly several sites was unable to open in any browser. First advice from support was to play with MSS value, but then I downgraded back and found out that everything works again. So after some time I've discovered, that its EoIP interface included in bridge-local, that does the thing. So if you exclude it from the bridge or disable it - everything works fine. After more time I think I got advice to check MAC addresses and found out that EoIP interface has the same address as bridge-local and there was some glitch about it. So with every interface having its own unique MAC all works fine.
Now, a week ago the same thing occurred again, while I was on vacation and colleagues moved EoIP from one mikrotik to another, but I've checked and everything was fine. Suddenly users report that several sites are unavailable. Finally the reason is found - same EoIP in local bridge problem. So I had an advice from MTCNA to remove EoIP interface from the bridge, make a VLAN with EoIP as parent and include VLAN into bridge. Now everything works fine, but all this schema looks like crutches to me. Should it be like that? Maybe there is a way to make it better?
The whole idea using EoIP is to get a remote LAN segment available on layer 2. Also EoIP goes over L2TP which is encrypted with IPSec. L2TP MTU is 1400, EoIP MTU is 1358.