Page 1 of 1

VPN and ping with big packet size. help me

Posted: Wed Oct 18, 2017 9:35 am
by lexalex83
Hello everyone.
I am fairly new to setup VPN and I try to do that with Mikrotik using mikrotik wiki: Manual:Interface/PPTP

I created PPTP server on my office router and trying to connect to that from my home network.
like this:
Image

but i make 2 PPTP clients: one on my home mikrotik and one on my home PC (windows 10)


all routes are created correctly, so simple pings can go from my office PC to my homePC (there and back) througth the both tunnels

but! when i changing the route on my home PC and redirect that over mikrotik VPN-client (not windows VPN client) something strange begins to happening.
pings walks to both sides, but when i trying to connect from my homePC to my office mikrotik with winbox, all windows in it are blanked! and the clock in winbox does not go.

and in soon time connection with winbox is lost.

but in the second case there is no such.
by trial and error I found out that ping with big packet size (10000) can not pass over mikrotik VPN client. But over windows vpn client all is OK. I think that's the whole point.

how can I solve this problem?

Re: VPN and ping with big packet size. help me

Posted: Thu Oct 19, 2017 6:48 pm
by effndc
Maximum ethernet default packet size is 1500-bytes, anything larger doesn't prove/disprove anything. When you add any tunnel, the end-to-end MTU size decreases (or is forced to fragment) as you are now having to wrap the full packet within another packet.

Management access may also have additional filters applied on the services, you can find those under IP --> Services.

What you don't detail is your firewall rules, you still have to allow the traffic if your default last rule is to drop/reject/deny traffic.

VPN issues are usually either routing, firewall, or path MTU (least likely though).

Re: VPN and ping with big packet size. help me

Posted: Fri Oct 20, 2017 5:44 pm
by idlemind
1) PPTP has been shown to not be secure so switch to a different protocol. L2TP/IPSec should work fine for remote access VPN or a site-to-site connection similar to PPTP while retaining client viability (Win10).
2) Post a /export hide-sensitive of all the involved devices.

As the previous poster stated it could be a multitude of things from path MTU discovery to routing or firewall rules.