Community discussions

MikroTik App
 
cata02
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Fri Mar 05, 2010 8:58 am

EOIP over PPTP browsing issues

Mon Oct 25, 2010 9:15 am

Hello everybody,

I've setup an EOIP tunnel over a PPTP connection between 2 MT devices (450g's).
I've bridged the tunnel to eth2 on one side and eth5 on the other.

This links my home to my office (large windows lan).

this is what works:
1. ping from my home to work and vice-versa (work->home).
2. name resolution (using ping).
3. nslookup against and dns server located in my work lan.

what doesn't seem to work:
1. internet browsing. Some times it seems to work, but mostly it doesn't. Parts of websites don't load (not the same on each refresh), sometimes it loads only the title. Overall i cannot successfully browse any website.
2. smb browsing and copying. Sometimes i can browse shares normally, but sometimes it times-out. File Copying is strange. Foar a few seconds i had 1.5mbyes/sec, but it crashed ->0b/s....

I've sniffed the packets on one internal webserver, and the source ip seems to be ok (the address of the laptop i am using at home--dhcp address from dhcp server at work lan).

I've tried to simplify MT configuration, but at least the 'concentrator' device has to have a lot of configuration (masquarade, firewall, nat, pptp...)

What should i investigate? how should i investigate?

Thanks all.
 
User avatar
MichelePietravalle
Trainer
Trainer
Posts: 99
Joined: Sun Apr 19, 2009 9:03 pm

Re: EOIP over PPTP browsing issues

Mon Oct 25, 2010 9:33 am

The MTU is correct? try to ping from one side to other with don't fragment and 1500 packets!
 
cata02
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Fri Mar 05, 2010 8:58 am

Re: EOIP over PPTP browsing issues

Mon Oct 25, 2010 9:57 am

All settings default.

Should i have changed that?

I'll try your suggestions later today.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: EOIP over PPTP browsing issues

Mon Oct 25, 2010 3:06 pm

you definitely has to decrease the MTU on the inner tunnels.

Also, one suggestion, if you bridge both ends of pptp tunnel you do not need the eoip tunnel anymore, so you do not hit this fragmentations problem.
 
cata02
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Fri Mar 05, 2010 8:58 am

Re: EOIP over PPTP browsing issues

Mon Oct 25, 2010 5:24 pm

I neet the eoip tunnel because i want the same broadcase domain.

I'll probably evolve toward ipsec later, but for now i want to use pptp (it's easier to setup).

Do you mean to bridge pptp connection to eth port on MT?

BTW. Toward what value sould i set MTU? On pptp connection or eoip connection?
 
cata02
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Fri Mar 05, 2010 8:58 am

Re: EOIP over PPTP browsing issues

Wed Oct 27, 2010 6:21 pm

i've tested the connection setup up to 1350mtu.

it seems to work ok.

i've changed the mtu:
1. on eth port
2. on tunnel
3. on bridge
on both routers with the same value 1350 (pptp has 1460mtu by default).

i've changed windows 7 mtu using netsh.

how can i overcome this limitation? maybe vpls? i'd like a simple solution.

or is it smth that i am missing. without manually setting windows mtu the link is not usable.:(
i've triad bridging the pptp connection to eth port but i cannot select pptp interface in the add port dialog. :(
 
cata02
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Fri Mar 05, 2010 8:58 am

Re: EOIP over PPTP browsing issues

Sun Oct 31, 2010 9:26 pm

anyone?

please, i need some advice.

thanks.
 
cata02
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Fri Mar 05, 2010 8:58 am

Re: EOIP over PPTP browsing issues

Mon Nov 08, 2010 9:23 am

I kinda solved it.

I've folowed Butch Evans's instructions on bridging pptp connections.
It didn't work initially; after a few days i've managed to make it work.

I had to enable 'ip firewall' on the bridges and create 2 mangle rules to change mss to (mtu-40). I've calculated mtu using ping (from winbox & windows).
I suspect 'change tcp mss' setting on the pptp profile page sould have done the trick, but it didnt. :(


It seems to work. Copying a large file eats 20-50%cpu in a 433ah for 1.3->1.8mbytes/sec (the limit at home i think).

Thanks all here & Butch Evans for the blog post ;)
 
joserpe
just joined
Posts: 5
Joined: Fri Jun 04, 2010 4:56 pm

Re: EOIP over PPTP browsing issues

Tue Mar 15, 2011 12:19 am

Hi cata02,
I have the same issue than you.

I linked 2 MT routers with a pptp because of nat issue on one side of the tunnel.
Then i setup a eoip over the pptp tunnel
Finally i bridged the eoip with the lan.
I can ping, can get the dhcp from the master router but i can not browse.
It seems that packets bigger than 1450 are drop insted of being fragmented.

I left default MTU values for ethernet, eoip (1500) and pptp (1460)
How did you solve the issue?

Thanks in advance.
 
leobg
just joined
Posts: 10
Joined: Fri Nov 25, 2011 6:02 pm

Re: EOIP over PPTP browsing issues

Mon Nov 28, 2011 8:05 pm

Sorry for resurrecting this old topic. Same problem here. Can't seem to get packet with size larger than 1398 bytes to pass thru.
One of the Mikrotiks is running old OS (2.x) while the other is 5.8 (latest). Wonder if that could be the problem.
 
hz033
just joined
Posts: 7
Joined: Sat Jan 26, 2013 3:00 am

Re: EOIP over PPTP browsing issues

Sat Jan 26, 2013 3:08 am

I have same problem also. I'm between two rb2011 made ​​eoip tunnel. Tunnel working properly, I can ping other side, but when I try to ping without fragment, packets greater than 1250 can not pass.
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: EOIP over PPTP browsing issues

Tue Jan 29, 2013 6:46 pm

I have same problem also. I'm between two rb2011 made ​​eoip tunnel. Tunnel working properly, I can ping other side, but when I try to ping without fragment, packets greater than 1250 can not pass.

This doesn't really sound the same as the instances in the thread. What is maximum non-fragmented MTU between the two systems before to try EoIP?
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

 
User avatar
djmanu
just joined
Posts: 22
Joined: Tue Nov 25, 2008 4:44 pm
Location: Vienna
Contact:

Re: EOIP over PPTP browsing issues

Thu Aug 01, 2013 9:03 pm

i have the same problem....

i've tried with eoip over pptp and pptp with bridging... ping ok, dns ok, but websites or smb wont work...

ping with 1300 works.. with 1400 not...

i've tried many variations of mtu settings and nothing works...
i need help!

my setup:
CCR as main
RB2011UAS as client
i need the same network on booth sides!

LAN:192.168.101.0/23

CCR:
ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                                
 0   ;;; Config IP
     192.168.88.1/24    192.168.88.0    ether12                                                                                                  
 1   ;;; !!!! -- R O U T E --  NET -- !!!! Fiber UPC
     91.118.x.x/30   91.118.x.x   ether1 Fiber Uplink                                                                                      
 2   ;;; CCR IP
     91.118.x.x/24    91.118.x.x    vlan20 WAN                                                                                               
 3   192.168.100.254/23 192.168.100.0   LAN Bridge                                                                                              
 4 D 192.168.103.1/32   192.168.103.2   VPN Wels
/interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE         MTU L2MTU  MAX-L2MTU
 0  R  ether1 Fiber Uplink                 ether       1500  1590      10226
 1  RS ether2                              ether       1500  1590      10226
 2   S ether3                              ether       1500  1590      10226
 3   S ether4                              ether       1500  1590      10226
 4   S ether5                              ether       1500  1590      10226
17  R  LAN Bridge                          bridge      1350 65535
19  R  Team VLAN                           bond        1500
20  R  VPN Wels                            pptp-in     1460
21  RS eoip-tunnel10                       eoip        1350 65535
25  RS vlan10 LAN                          vlan        1500
28  R  vlan20 WAN                          vlan        1500
/interface bridge> print
Flags: X - disabled, R - running 
 0  R name="LAN Bridge" mtu=1350 l2mtu=65535 arp=enabled 
      mac-address=D4:CA:6D:8E:70:AD protocol-mode=none priority=0x8000 
      auto-mac=yes admin-mac=D4:CA:6D:8E:70:AD max-message-age=20s 
      forward-delay=15s transmit-hold-count=6 ageing-time=5m 
[/code]
/interface bridge port> print
Flags: X - disabled, I - inactive, D - dynamic 
 #    INTERFACE         BRIDGE            PRIORITY  PATH-COST    HORIZON
 0    vlan10 LAN         LAN Bridge          0x80         10       none
 1    eoip-tunnel10     LAN Bridge          0x80         10       none
/interface eoip> print
Flags: X - disabled, R - running 
 0  R name="eoip-tunnel10" mtu=1350 l2mtu=65535 mac-address=00:00:5E:80:00:01 
      arp=enabled local-address=0.0.0.0 remote-address=192.168.103.2 
      tunnel-id=10 
/interface pptp-server server> print
            enabled: yes
            max-mtu: 1460
            max-mru: 1460
               mrru: disabled
     authentication: mschap1,mschap2
  keepalive-timeout: 30
    default-profile: VPN colocation
/interface pptp-server> print detail        
Flags: X - disabled, D - dynamic, R - running 
 0   R name="VPN Wels" user="colocation-wels" mtu=1460 mru=1460 
       client-address="80.123.xxx.xxx" uptime=4m58s 
       encoding="MPPE128 stateless" 
/ppp profile> print
Flags: * - default 
 0   name="VPN colocation" remote-ipv6-prefix-pool=(unknown) use-ipv6=default 
     use-mpls=default use-compression=default use-vj-compression=default 
     use-encryption=yes only-one=default change-tcp-mss=default address-list="" 
/ppp secret> print
Flags: X - disabled 
 #   NAME                SERVICE CALLER-ID   PASSWORD     PROFILE             REMOTE-ADDRESS 
 0   colocation-wels   pptp                       xxxxxxx          VPN colocation    192.168.103.2


RB2011UAS
ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                
 0   ;;; LAN
     192.168.101.252/23 192.168.100.0   bridge-lan                               
 1   ;;; WAN
     80.123.xxx.xxx/30  80.123.xxx.xxx  ether1-gateway                           
 2 D 192.168.103.2/32   192.168.103.1   VPN-Wien

interface print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE         MTU L2MTU  MAX-L2MTU
 0  R  ether1-gateway                      ether       1500  1598       4074
 1  R  ether2                              ether       1500  1598       4074
 2  RS ether3                              ether       1500  1598       4074
 3  RS ether4                              ether       1500  1598       4074
 4   S ether5                              ether       1500  1598       4074
 5  RS ether6                              ether       1500  1598       2028
 6  RS ether7                              ether       1500  1598       2028
 7   S ether8                              ether       1500  1598       2028
 8   S ether9                              ether       1500  1598       2028
 9   S ether10                             ether       1500  1598       2028
12   S wlan1                               wlan        1500  2290
13  R  VPN-Wien                            pptp-out    1460
14  R  bridge-lan                          bridge      1350  1598
15  RS eoip-tunnel10                       eoip        1350 65535
/interface bridge> print
Flags: X - disabled, R - running 
 0  R name="bridge-lan" mtu=1350 l2mtu=1598 arp=enabled 
      mac-address=00:00:5E:80:00:02 protocol-mode=none priority=0x8000 
      auto-mac=yes admin-mac=00:0C:42:AF:85:04 max-message-age=20s 
      forward-delay=15s transmit-hold-count=6 ageing-time=5m

/interface bridge port> print
Flags: X - disabled, I - inactive, D - dynamic 
 #    INTERFACE               BRIDGE               PRIORITY  PATH-COST    HORIZON
 0 X  ether3                  bridge-lan               0x80         10       none
 1 X  ether4                  bridge-lan               0x80         10       none
 2 X  ether5                  bridge-lan               0x80         10       none
 3    ether6                  bridge-lan               0x80         10       none
 4 I  wlan1                   bridge-lan               0x80         10       none
 5 X  ether7                  bridge-lan               0x80         10       none
 6 X  ether8                  bridge-lan               0x80         10       none
 7 X  ether9                  bridge-lan               0x80         10       none
 8    ether2                  bridge-lan               0x80         10       none
9    eoip-tunnel10           bridge-lan               0x80         10       none
/interface eoip> print
Flags: X - disabled, R - running 
 0  R name="eoip-tunnel10" mtu=1350 l2mtu=65535 mac-address=00:00:5E:80:00:02 
      arp=enabled local-address=0.0.0.0 remote-address=192.168.103.1 
      tunnel-id=10 
/interface pptp-client> print
Flags: X - disabled, R - running 
 0  R name="VPN-Wien" max-mtu=1460 max-mru=1460 mrru=disabled 
      connect-to=91.118.xxx.xxx user="colocation-wels" password="xxxx" 
      profile=VPN colocation keepalive-timeout=60 add-default-route=no 
      dial-on-demand=no allow=pap,chap,mschap1,mschap2
/ppp profile> print
Flags: * - default 
 0   name="VPN colocation" use-mpls=default use-compression=default 
     use-vj-compression=default use-encryption=yes only-one=default 
     change-tcp-mss=default address-list=""

Who is online

Users browsing this forum: Baidu [Spider], jvanhambelgium, rashmitrnitu and 69 guests