I have a client who is connecting via PPPoE through our Mikrotik PPPoE Server. He has a problem accessing one secure citrix site... Now before you all jump to tell me "well change the MTU or MSS size silly" please read on.
When attempting to connect to the server in question, we'll call it ra.fubar.com, the connection times out repeatedly. No response when trying to access via a web browser, or telneting to ra.fubar.com on port 443. Just times out.
When hooking a packet sniffer up to the client while trying to connect to the server, it's as the error message says... I see the SYN packet sent to the server, but no SYN ACK back, nothing back to be exact.
Change TCP MSS is enabled on the MT PPPoE Server, and running ROS 2.9.42. I've had the client change the MTU to various sizes (starting at 1400 and going down from there) to no avail. I know due to certain Network Admins who like to block all ICMP traffic, can will cause problems with PMTU-D so this is why I tried lowering the MTU. Still nothing no response.
Here's the kicker, I can access https://ra.fubar.com from a server that is connected to the same switch as my PPPoE concentrator. The server is not connecting via PPPoE, and is using a standard MTU size of 1500.. Default MTU size on my PPPoE Server is 1480 (again I've already tried various MTU sizes on the client router).
So the problem has to be either with the PPPoE server. Or somehow the packets are getting dropped by the remote connection. Which I know not to be the case at least from an IP address standpoint (ie: they're not filtering my subnets)..
Now the packets could get getting dropped due to fragmentation, or some other filter but im just not sure... If anyone has any ideas on what may be going on here, I'd greatly appreciate it. I feel I've exhausted option thus far...
thanks.