Hi there,
Noob question here so apologies. I recently moved into a new house here in the UK that is only provided by OFNL. I previously used my MikroTik Hex5 with my old ISP on PPPOE with no issues.
For the move, I factory reset it and have connected it to the OFNL Fibre box and then into WAN/eth1. Eth2 then goes to my Eero for WIFI and ETH3 goes to my switch for the ethernet ports in the house.
Initially I had an issue with Geolocking as my property was being assigned IP addresses from a range that previously belonged to an USA company which got sorted. I'm now in a situation where a few websites in particular <removed> (which I use as part of my job) do not load or they load then stop working after a few seconds. I have raised this with my ISP and after a few mentions of MTU and MSS Clamping, I decided to look into this in a bit more detail. This seemed to add up as I've read <removed> detect VPN usage (to prevent unauthorised location access) via MTU value changing.
When I run Ping -D -s xxxx www.<removed>.com the value I get to before I get a frag needed error is 1452. I have reported this to my ISP but they don't seem interested in this anymore. They have said the fix is regarding DNS and that my DNS servers need to be 8.8.8.8 and 8.8.4.4. In RouterOS, I have added these in, both in DNS and then DHCP Server > Networks and have turned off DNS peer but still no luck. I'm at a point now where they want to charge me £15 per 15 minutes to diagnose this issue because I'm using a non-ISP router and the DNS issue has fixed this issue for all other customers, the only differentiater is that I'm not using their router. Before I cave into their demand I thought I'd seek assistance here as the hardware functioned fine on PPPOE at my old property.
RouterOS v7.13.5
Current MTU on pppoe-out1 is 1480
MTU on Bridge, Eth1, Eth2, Eth3, Eth4, Eth5 is all 1500.
Thanks in advance
Noob question here so apologies. I recently moved into a new house here in the UK that is only provided by OFNL. I previously used my MikroTik Hex5 with my old ISP on PPPOE with no issues.
For the move, I factory reset it and have connected it to the OFNL Fibre box and then into WAN/eth1. Eth2 then goes to my Eero for WIFI and ETH3 goes to my switch for the ethernet ports in the house.
Initially I had an issue with Geolocking as my property was being assigned IP addresses from a range that previously belonged to an USA company which got sorted. I'm now in a situation where a few websites in particular <removed> (which I use as part of my job) do not load or they load then stop working after a few seconds. I have raised this with my ISP and after a few mentions of MTU and MSS Clamping, I decided to look into this in a bit more detail. This seemed to add up as I've read <removed> detect VPN usage (to prevent unauthorised location access) via MTU value changing.
When I run Ping -D -s xxxx www.<removed>.com the value I get to before I get a frag needed error is 1452. I have reported this to my ISP but they don't seem interested in this anymore. They have said the fix is regarding DNS and that my DNS servers need to be 8.8.8.8 and 8.8.4.4. In RouterOS, I have added these in, both in DNS and then DHCP Server > Networks and have turned off DNS peer but still no luck. I'm at a point now where they want to charge me £15 per 15 minutes to diagnose this issue because I'm using a non-ISP router and the DNS issue has fixed this issue for all other customers, the only differentiater is that I'm not using their router. Before I cave into their demand I thought I'd seek assistance here as the hardware functioned fine on PPPOE at my old property.
RouterOS v7.13.5
Current MTU on pppoe-out1 is 1480
MTU on Bridge, Eth1, Eth2, Eth3, Eth4, Eth5 is all 1500.
Thanks in advance
Code:
# 2024-02-28 17:30:27 by RouterOS 7.13.5# software id = 7EUS-LBI8## model = RB750Gr3# serial number = 123456789/interface bridgeadd admin-mac=B8:69:F4:7F:2A:2A auto-mac=no comment=defconf name=bridge/interface pppoe-clientadd add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 user=\ pppoe_username/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip pooladd name=dhcp ranges=192.168.88.2-192.168.88.254/ip dhcp-serveradd address-pool=dhcp interface=bridge lease-time=10m name=defconf/portset 0 name=serial0/interface bridge portadd bridge=bridge comment=defconf interface=ether2add bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=ether5/ip neighbor discovery-settingsset discover-interface-list=LAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WANadd interface=pppoe-out1 list=WAN/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0/ip dhcp-clientadd comment=defconf disabled=yes interface=ether1 use-peer-dns=no/ip dhcp-server networkadd address=192.168.88.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4 \ gateway=192.168.88.1/ip dnsset allow-remote-requests=yes servers=8.8.8.8,8.8.4.4/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall mangleadd action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes \ protocol=tcp tcp-flags=syn/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" \ dst-port=33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN/system clockset time-zone-name=Europe/London/system identityset name=3EspinClose-MikroTik/system noteset show-at-login=no/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LANStatistics: Posted by BradzleyB123 — Wed Feb 28, 2024 7:32 pm