MSS is a TCP thing, and RADIUS only supports UDP as a transport, so the rules you've mentioned will never work with RADIUS. Fragmenting large UDP datagrams should not be a problem. Unless DF bit set, of course, in which case fragmenting is forbidden. The latter usually happens during path MTU disco...

I'm trying to setup 802.1x with EAP-TLS to secure wifi, but the RADIUS/connection server is a Azure VM, to which I can connect with a IPSEC tunnel. The problem is that when trying to connect to the wifi, I get an error that I can't connect. With some help I've discovered that with Wireshark I see (o...

Got it working. This is how: Create a self-signed CA certificate: /certificate add name="My CA" digest-algorithm=sha256 key-type=rsa country="NL" state="NH" locality="Amsterdam" organization="My Organization" unit="ICT" common-name="M...

Thanks to u/mintlou on on Reddit upgraded my RouterOS to the latest (4.46), and set my IPsec profile to the settings he mentioned. For future reference, below is my IPSec & firewall incl. NAT config: IPSec # mar/06/2020 09:07:08 by RouterOS 6.46.4 # software id = 6I9F-HF4C # # model = 960PGS # s...

I want to create a S2S IPSec tunnel to Azure, so I followed this guide and this guide, but both don't get a succesful connection. And from the logs I can't find (or understand) the (direction) of the problem. I hope someone here can help. Here's an export from my full config: # mar/05/2020 12:25:02 ...