Secure Connection Failed

alisc · Wed Apr 12, 2017 2:45 pm

hi all ,

i have problem to access some of site ( HTTPS )

exmaple :

https://play.google.com
https://*.wordpress.com

site cannot open , and show " Secure Connection Failed " error

i write this rule , but , not working and problem not solved !

/ip firewall mangle
add action=change-mss chain=forward connection-state=new new-mss=1480 \
passthrough=no protocol=tcp tcp-flags=syn

export configuration :

/interface bridge
add name=bridge1

/interface ethernet
set [ find default-name=ether4 ] disabled=yes name=Local
set [ find default-name=ether1 ] name=WAN
set [ find default-name=ether2 ] disabled=yes

/ip pool
add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254


/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 bootp-support=dynamic disabled=no \
    interface=bridge1 name=dhcp1


/interface bridge port
add bridge=bridge1 interface=Local
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether2

/ip settings
set tcp-syncookies=yes

/interface pptp-server server
set authentication=pap,chap enabled=yes

/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
add address=79.175.***.***/28 interface=WAN network=79.175.**.**
add address=192.168.2.5/24 interface=ether3 network=192.168.2.0

/ip arp
add address=192.168.88.124 interface=bridge1 mac-address=60:E3:27:1F:AE:48
add address=192.168.88.103 interface=bridge1 mac-address=60:E3:27:1E:63:DF


/ip dhcp-server network
add address=192.168.88.0/24 dns-server=217.218.155.155,4.2.2.4,217.218.127.127 \
    gateway=192.168.88.1

/ip dns
set allow-remote-requests=yes servers=217.218.155.155,4.2.2.4

/ip firewall mangle
add action=change-mss chain=forward connection-state=new new-mss=1480 \
    passthrough=no protocol=tcp tcp-flags=syn

/ip firewall nat
add action=masquerade chain=srcnat

/ip route
add distance=1 gateway=79.175.**.**

Attention :
if , is set IP Public ( 79.175.x.x ) on PC ( ETHERNET ) , Problem Solved and site opened !
I did a test with 1480 and 1500 MTU and site opened ( not problem )

Model : RouterBOARD 941-2nD ( hAP )
Firmware : 3.19
ROS : v6.32.3

Please provide the solution
Best Regards

R1CH · Wed Apr 12, 2017 3:19 pm

Show your firewall config.

alisc · Wed Apr 12, 2017 5:45 pm

Show your firewall config.

is not rule in filter !
is not rule in NAT ,except masquerade !

alisc · Fri Apr 14, 2017 10:58 am

please help me

R1CH · Fri Apr 14, 2017 6:44 pm

Where are all those log entries coming from then?

alisc · Sat Apr 15, 2017 2:35 pm

Where are all those log entries coming from then?

I did not understand what you mean ?
It is possible to clearly explain ?

alisc · Sat Apr 15, 2017 3:31 pm

Where are all those log entries coming from then?
I did not understand what you mean ?
It is possible to clearly explain ?

R1CH · Tue Apr 18, 2017 1:03 pm

Your screenshot shows firewall log entries. This is not possible unless you have firewall rules. You need to double check your firewall config.

root87hk · Sat Jul 25, 2020 4:21 pm

hi all ,

i have problem to access some of site ( HTTPS )

exmaple :

https://play.google.com
https://*.wordpress.com

site cannot open , and show " Secure Connection Failed " error

i write this rule , but , not working and problem not solved !

/ip firewall mangle
add action=change-mss chain=forward connection-state=new new-mss=1480 \
passthrough=no protocol=tcp tcp-flags=syn

export configuration :

/interface bridge
add name=bridge1

/interface ethernet
set [ find default-name=ether4 ] disabled=yes name=Local
set [ find default-name=ether1 ] name=WAN
set [ find default-name=ether2 ] disabled=yes

/ip pool
add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254


/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 bootp-support=dynamic disabled=no \
    interface=bridge1 name=dhcp1


/interface bridge port
add bridge=bridge1 interface=Local
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether2

/ip settings
set tcp-syncookies=yes

/interface pptp-server server
set authentication=pap,chap enabled=yes

/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
add address=79.175.***.***/28 interface=WAN network=79.175.**.**
add address=192.168.2.5/24 interface=ether3 network=192.168.2.0

/ip arp
add address=192.168.88.124 interface=bridge1 mac-address=60:E3:27:1F:AE:48
add address=192.168.88.103 interface=bridge1 mac-address=60:E3:27:1E:63:DF


/ip dhcp-server network
add address=192.168.88.0/24 dns-server=217.218.155.155,4.2.2.4,217.218.127.127 \
    gateway=192.168.88.1

/ip dns
set allow-remote-requests=yes servers=217.218.155.155,4.2.2.4

/ip firewall mangle
add action=change-mss chain=forward connection-state=new new-mss=1480 \
    passthrough=no protocol=tcp tcp-flags=syn

/ip firewall nat
add action=masquerade chain=srcnat

/ip route
add distance=1 gateway=79.175.**.**

Attention :
if , is set IP Public ( 79.175.x.x ) on PC ( ETHERNET ) , Problem Solved and site opened !
I did a test with 1480 and 1500 MTU and site opened ( not problem )

Model : RouterBOARD 941-2nD ( hAP )
Firmware : 3.19
ROS : v6.32.3

Please provide the solution
Best Regards

Try to add command below:
/ip firewall mangle add action=change-mss chain=forward log=yes new-mss=clamp-to-pmtu out-interface-list=WAN passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1301-655
35

Refer:https://wiki.mikrotik.com/wiki/Manual:I ... all/Mangle
More Info:viewtopic.php?t=138205

Secure Connection Failed

Secure Connection Failed

Re: Secure Connection Failed

Re: Secure Connection Failed

Re: Secure Connection Failed

Re: Secure Connection Failed

Re: Secure Connection Failed

Re: Secure Connection Failed

Re: Secure Connection Failed

Re: Secure Connection Failed