Hi, I may have the obscure answer that you're looking for. We had a similar problem recently with a customer running a VPN over a bridged Mikrotik point to point. I'll skip the story about how I found it. It ended up being that RouterOS v2.9 will not forward fragmented IP packets if there is at least one firewall filter rule in the input or forward chains _and_ IP connection tracking is disabled. The work arounds are to enable IP connection tracking, remove your firewall filter rules, or upgrade to RouterOS v3.
Even though this appeared to be the case for me, I didn't believe it until I saw it with my own eyes as "ping -s 3000 ..." would stop/start working as I disabled/enabled IP connection tracking. And just to be clear, this doesn't just affect packets destined for the router, but any forwarded packets as well. Hope that helps, -- Kristian Hoffmann System Administrator [EMAIL PROTECTED] http://www.fire2wire.com Office - 209-543-1800 | Fax - 209-545-1469 | Toll Free - 800-905-FIRE On Fri, 2008-05-09 at 10:23 -0500, Eric Sooter wrote: > Unfortunately, I believe that others feel the same. All the more reason > I would like to solve the problem. Butch, you have any ideas on why > PPPoE Client gives us problems with newegg and others? The only real > fix I have is to bridge them, which I want to avoid. I'm sure it is > some sort of MTU or TSS issue. > > Eric > > > Casey Mills wrote: > > If I couldn't get to newegg.com I would find another ISP. Sorry, I > > just really love newegg.com. > > > > Casey > > > > > > > > On 5/9/08, Mike Hammett <[EMAIL PROTECTED]> wrote: > > > >> I've noticed something similar, especially the NewEgg thing. I hope > >> someone > >> chimes in. > >> > >> > >> ---------- > >> Mike Hammett > >> Intelligent Computing Solutions > >> http://www.ics-il.com > >> > >> > >> ----- Original Message ----- > >> From: "Eric Sooter" <[EMAIL PROTECTED]> > >> To: "Mikrotik discussions" <[email protected]> > >> Sent: Thursday, May 08, 2008 11:09 AM > >> Subject: [Mikrotik] Dang PPPoE Client > >> > >> > >> > >>> We run PPPoE server on many of our Mikrotik towers. Normally they run > >>> just great. But there is the occasional site that just gives us hell > >>> (Newegg.com and certain secure sites). It only seems to be a problem > >>> when I have a Mikrotik CPE doing PPPoE Client. I've tried just about > >>> every setting I can think of. The AP's with PPPoE server is setup with > >>> the following config: > >>> > >>> > >>> Server: 2.9.51 > >>> / interface pppoe-server server > >>> add service-name="pppoe-service" interface=sector-pppoe max-mtu=1480 \ > >>> max-mru=1480 authentication=pap,chap keepalive-timeout=10 \ > >>> one-session-per-host=no max-sessions=0 default-profile=pppoe-profile \ > >>> disabled=no > >>> / ppp profile > >>> add name="pppoe-profile" local-address=x.x.68.1 remote-address=pppoe-pool > >>> \ > >>> use-compression=yes use-vj-compression=no use-encryption=yes \ > >>> only-one=default change-tcp-mss=yes comment="" > >>> > >>> > >>> The CPE setup (3.7): > >>> > >>> /interface pppoe-client > >>> add ac-name="" add-default-route=yes allow=pap,chap comment="" > >>> dial-on-demand=no disabled=no interface=wlan1 max-mru=1400 \ > >>> max-mtu=1400 mrru=disabled name="pppoe-out1" password="gump" > >>> profile=default service-name="" use-peer-dns=no \ > >>> user="bubba" > >>> /ppp profile > >>> set default change-tcp-mss=yes comment="" name="default" > >>> only-one=default use-compression=default use-encryption=default \ > >>> use-vj-compression=default > >>> > >>> I have tried MTU/MRU at 1460, 1450, 1440, 1420 also. I don't seem to > >>> have this problem on Deliberant CPE's. I have another customer that > >>> is using a Mikrotik router on a DSL connection. When we do PPPoE on the > >>> routerboard, I run into the same problem. When we let the DSL modem do > >>> pppoE then we are good (unfortunately, I need the Tik box doing PPPoE > >>> client). Is there a problem with my config? > >>> > >>> Eric > >>> > >>> > >>> > >>> Eric > >>> _______________________________________________ > >>> Mikrotik mailing list > >>> [email protected] > >>> http://www.butchevans.com/mailman/listinfo/mikrotik > >>> > >>> > >> _______________________________________________ > >> Mikrotik mailing list > >> [email protected] > >> http://www.butchevans.com/mailman/listinfo/mikrotik > >> > >> > > _______________________________________________ > > Mikrotik mailing list > > [email protected] > > http://www.butchevans.com/mailman/listinfo/mikrotik > > > > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik >
