I have IPsec site-to-site tunnel. This was working without much setup, only following this tutorial:
https://wiki.mikrotik.com/wiki/Manual:I ... sec_tunnel
However, it stoped. I suspect this was due to recent updates on both sides. So, it stopped passing by http/https traffic. For example, remote desktop was working just fine, copying files through remote desktop was also fine, although the speed was not very satisfying (only 3Mbit/s, router cpu on 30% while copying),
Both routers are the same: 2011UiAS-2HnD. On site A it is ppoe (1480 mtu), on site B it is 1500mtu ethernet Internet connection.
I was reading a lot, and concluded this has to do with MTU/MSS. I added mangle rule, and now office to office http/https works. However, office to other-office internet out link is not working. Traceroute is not going through, and traffic is going very slowly, almost none. I am enabling this by ip firewall NAT rule, saying accept anything going to 0.0.0.0/0 from this IP. And then this goes trough the IPSEC tunnels.
Pinging IP from MacOS on site A to any machine/mikrotik router on site B:
max 8192 bytes goes fine, more than this it is saying packet too large.
Pinging IP from Win machine on site A to Mikrotik on Site B:
even packages big 20000bytes are going trough.
Traceroute from Site A to Site B and vice-versa works. Traceroute to other destination going through the internet on the other side is not working. HTTP/HTTPS traffic also not working.
Tried adding proxy-arp on the interfaces, didn't help, although I remember this helped me few months back having similar issue (but not the same).
Anyone here can help?