I have strange problem with stability of IPSEC tunnel - it's site-to-site one with following schema:
[siteA-client ip 192.168.0.10] --- [RB2011 with PPPOE interface] --- IPSEC/ESP tunnel --- [RB3011 with ethernet interface] ---- [siteB-client ip 192.168.10.10]
Both MK's have firmware v6.45.6 (latest). PPPOE/IPSEC line is ok, well connected and fast as expected. But when I try to download file from siteA to siteB and vice versa over http/https, I'm geetting randomly error "reset connection by peer" or just "Failed download" in Firefox or simple stuck when I try wget... In case of CIFS there are errors like "file is locked" or some generic i/o errors.. Test file for download is approx 500 MB and error is on random byte - sometimes 5%, sometimes 50% - it's really random. SiteA/B clients are Windows 10 1903. The PPPOE client and IPSEC line is in case of fail up and working - ping is ok on both sides without any problem.
I tried some magic with MSS mangle rules, but absolutely without success. Default MTU for PPPOE is 1480, tried to change to 1500, 1400, 1300, 1200... also on siteB WAN interface - no change. I have "Change TCP MSS" pppoe option set to Yes or Default - no luck..
Has anybody similar problem?
Thanks for help!
When I move IPSEC tunnel to ethernet connection (siteA - different provider) - everything works like a charm! So it looks there's any problem with pppoe..