Community discussions

 
locodog
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Sun Apr 12, 2015 4:00 am

Problem when adding EoIP tunnel to interface with hotspot

Wed Jun 17, 2015 10:30 am

My setup is like this
on ether1 I have hotspot running and all users function without problems.
We are currently into transition from hotspot to PPPoE.
I do that by creating EoIP tunnel and bridging it with ether1.
Users that go via that tunnel to PPPoE server have internet access without a problem.
But users who remained on hotspot have troubles accessing certain websites, like kurir.rs, blic.rs and making calls over Viber.

This problem was first noticed on RB1100AHx2 with 6.27RoS. And I resolved the issue with downgrading to 5.26.
Now same is happening on RB433AH on 6.28. I think that this is a bug because downgrading ROS makes problem dissapear.
But this router is on very remote location so I'm reluctant to downgrade because couple of times after downgrading router got stuck in reboot loop.
Can someone help me troubleshoot this and solve it.
I will provide any aditional info needed.
 
locodog
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Sun Apr 12, 2015 4:00 am

Re: Problem when adding EoIP tunnel to interface with hotspot

Wed Jun 17, 2015 10:05 pm

I narrowed down problem to http websites. When EoIP tunnel and ether (or wifi) interface are in same bridge and there is hotspot running on that bridge this problem occures. I've found a workaround by adding a web proxy, but it's a bit too resource intensive.
I'm not sure on this, but it looks like this problem appears when there is more than one hotspot on device. My guess is that some hotspot firewall or nat rule are messed up.

After doing some more research, it looks like adding EoIP to bridge does something with MTU, and that's why some websites don't work. I've found this on some other forum, but last post was from 20 days ago and I don't know what solution is, other than trying to change MTU values on EoIP, bridge and ether1. Any idea is welcome.
 
User avatar
greek
Member Candidate
Member Candidate
Posts: 111
Joined: Thu Nov 04, 2010 11:37 pm
Location: Russia, 78rus

Re: Problem when adding EoIP tunnel to interface with hotspot

Wed Sep 30, 2015 11:19 am

I have the same problem.
Disabling EoIP in bridge ports solve trouble, but not solve problem.
 
locodog
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Sun Apr 12, 2015 4:00 am

Re: Problem when adding EoIP tunnel to interface with hotspot

Wed Apr 06, 2016 3:42 pm

Today I finally found solution to this problem:
ip firewall mangle print 
Flags: X - disabled, I - invalid, D - dynamic 
 0    chain=forward action=change-mss new-mss=1410 passthrough=yes tcp-flags=syn protocol=tcp src-address=10.0.34.0/24 tcp-mss=1411-65535 log=no log-prefix="" 
Where 10.0.34.0/24 is subnet for hotspot users.
I'm guessing that there new-mss can be tweaked some more, but I didn't have time to experiment.
 
zerounu
newbie
Posts: 31
Joined: Thu Jun 07, 2007 1:22 pm
Location: Romania

Re: Problem when adding EoIP tunnel to interface with hotspot

Wed Apr 06, 2016 10:33 pm

Today I finally found solution to this problem:
ip firewall mangle print 
Flags: X - disabled, I - invalid, D - dynamic 
 0    chain=forward action=change-mss new-mss=1410 passthrough=yes tcp-flags=syn protocol=tcp src-address=10.0.34.0/24 tcp-mss=1411-65535 log=no log-prefix="" 
Where 10.0.34.0/24 is subnet for hotspot users.
I'm guessing that there new-mss can be tweaked some more, but I didn't have time to experiment.
Maybe this is your problem : http://forum.mikrotik.com/viewtopic.php?f=2&t=104960
 
locodog
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Sun Apr 12, 2015 4:00 am

Re: Problem when adding EoIP tunnel to interface with hotspot

Wed Apr 06, 2016 10:44 pm

I've just checked, and yes, mtu on bridge was lowered to 1458. At the moment I do not have physical access to test if that would fix it, but in the morning I will try to see if it will fix my problem and thus remove need for firewall based solution.

Who is online

Users browsing this forum: No registered users and 101 guests