passthru traffic problem

[peterx]

This is my current setup, my aim was to create optimized access to server in our HQ and also optimize traffic to internet for users connected via VPN.



I am experiencing weird behavior. Peering on both WANOS is up, but I there are very little of optimized data.

On host 10.0.0.230

• I got IP from DHCP server on 10.0.0.254 (from this I assume my L2 is fine)
• I can ping anything in 10.0.0.0/24
• I can ping 8.8.8.8
• I can ping both WANOS ( 10.0.0.123 and 10.0.0.97 )
• I am able to access http and samba on 10.0.0.1
• I can connect to web interface on 10.0.0.123
• I cannot connect to web interface on 10.0.0.97
• I can ssh to 10.0.0.97, but ofter after some transmitted bytes connection dies
• I can connect to any http in internet
• I cannot connect to any https in internet. ( Sometimes works but very slowly )

Seems like passthru traffic and local WANOS traffic has this problem. Is my design wrong ? Or could it be a bug ?

[ahenning]

Hi Peter,

Thanks for all the details, this helps a lot.

"I cannot connect to web interface on 10.0.0.97"
I think this is since http is optimized from .123 to .97 but does not flow all the way through .97. Https should always work or a bypass rule on .123 can be added to bypass all .97. It is also probably affected by the second problem.

"I cannot connect to any https in internet."
Since only bypass traffic seems to be affected, which means traffic is simply passed unchanged between lan0 <-> wan0, I think the problem is due to MTU or Fragmentation on the L2TP tunnel.
Optimized traffic seems to be ok since optimization is already making provision for extra protocol overhead and possibly avoiding the MTU/Fragmentation problem.

MSS clamping / MSS Adjust should be possible on the mikrotik, but if not, we can configure Wanos to apply the MSS Adjust to the bypass traffic.