Dear MikroTik users.

A customer wants to do this scenario:

1) At branch office there is a MikroTik connected to Starlink (the satellital provider). MikroTik cpe obtains IP addressing by dhcp (provided by Starlink cpe).
2) At HQ office there is a MikroTik with its IPv4 public ip adress.
3) I successfully set-up an IPSec connection between MikroTiks.
4) HQ lan network can reach branch lan network and viceversa.

But now the customer wants the branch office has Internet access using the Internet located at HQ, avoiding Starlink Internet service.

I set-up an IPSec policy (on branch MikroTik) encrypting the destination address (0.0.0.0/0) and branch network as source, but connection speed is too low and many Internet websites doesn't show.

Please, can you suggest any solution.

Thanks for attention and help.

Best regards

Hi @jlopez,

You might wanna check your MTU / adjust-mss setting.
The description of your problem of very slow and defunct internet connection over a tunneled connection rings all my MTU bells.

BR,
irrwitzer

Hi irrwitzer.

Please, can you tell me about setting MTU / adjust-mss?

Looking in forum I don't find any effective method.

Thanks four your attention and help.

Dear MikroTik users.

Finally I found solution by adding this command on mangle (viewtopic.php?p=1080868#p1080868):

/ip firewall mangle
add action=change-mss chain=forward new-mss=1380 out-interface=wireguard1 protocol=tcp tcp-flags=syn tcp-mss=1381-65535

Now branch office users can access multimedia content web pages sucessfully.

Please close this thread.

Thanks for your attention and help.

Best regards.