I didn't pay attention to that for a while, as those were rare occasions, but recently got curious and tried to debug.
To my surprise, I've noticed that packets over tunnel are sent with TCP MSS = 1440, even were it should be "clamp-tcp-mss" enabled by default on 6to4 interfaces. (according to https://help.mikrotik.com/docs/display/ROS/6to4 )
Anyone notices same behaviour? Something got broken in v7.x related to clamp-tcp-mss?
I fixed of course by adding line to ipv6/mangle, but it looks like clamp-tcp-mss option in 6to4 interfaces doesn't have any effect in 7.9.x:
Code: Select all
/ipv6 firewall mangle add action=change-mss chain=postrouting new-mss=clamp-to-pmtu out-interface=he protocol=tcp tcp-flags=syn