MikroTik

We are running a wis, with clients connecting to the high site via pppoe, the problem is that they cannot connect to any secure website ie like online banking sites. Everything else is working like a dream.

Our firewall on the highsite mangle everything through the firewall, so its not that, we have V 2.8.91, had 2.8.21, but we though that its was causing problems.

Any help would be appreciated.

If a mangle for pppoe connections is setup right way and still have a problem, checkout src-nat rules if you have.
I have experienced same problem when have src-nat to range of external IP's.
The solution was to do masquarade or src-nat secure web sites to 1 external IP.

um, i have no scr-nat rules setup, also it will be difficult to add the ip's of the secure websites, due to the fact the mikrotik is sitting behind a server. The server is running suse 9.1 and we tested the interface thorugh which the high site come in to and it doesnt block the sites.

Will try that , but it didnt do it before, after I upgraded the hardware and the router os then it started this. So i downgraded again and the problem still persists

Problem is in TCP MSS.. don't change it and it will work

Problem is in TCP MSS.. don't change it and it will work

could you please explain this? if the MTU was set to a smaller value by a mangle rule, i thought the MSS has to be adjusted also.

thx.
   matthias

Just test and you'll see that :) I just change the MSS of client interfaces to 1400, and everithing is working fine

Just test and you'll see that :) I just change the MSS of client interfaces to 1400, and everithing is working fine

but MSS should be MTU - 40. usually i set MTU for pppoe-links to 1480 bytes, MRU also. the dynamic mangle rule (created by choosing change tcp-mss in the ppp profile) sets MSS to 1420, which seems to small, but works for me.

ok, these valuas are all maxima, so using a smaller one will work, but cost bandwith.

regards.
   matthias