Hi All

I am having a very strage problem with a MT <-> W2K3 routing scenario,
can not ping with large payload and neither does large packet TCP/UDP work properly.

I get about 3% packets through my link with 1400 bytes payload, other links that are running W2K3 <-> W2K3 properly fragments so that a ping x.x.x.x -l 1400 works 100%

Setup is like this;
Central site, several IP subnets, leased line VPNs, firewalls etc, PPtP tunnels to a W2K3 RRAS server. This server is basically installed with next,next, finish.. standard Windows setup Also this server is the endpoint for the working "pure" W2K3 tunnels

Remote test site, MT 2.9.10
PPP profile
add name="VPN-MAD" local-address=10.192.241.5 remote-address=10.192.241.6 use-compression=yes use-vj-compression=no use-encryption=yes only-one=default change-tcp-mss=default comment=""

interface pptp-client
add name="VPN-MAD" max-mtu=1460 max-mru=1460 connect-to=xx.xx.xx.xx user="VPN-MAD" password="something" profile=VPN-MAD add-default-route=no allow=pap,chap,mschap1,mschap2 disabled=no


IP firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=clamp-to-pmtu comment="" disabled=no
add chain=prerouting src-address=10.194.11.0/24 action=mark-routing new-routing-mark=VPN passthrough=yes comment="VPN Tunneling" disabled=no
add chain=output src-address=10.194.11.0/24 action=mark-routing new-routing-mark=VPN passthrough=yes comment="" disabled=no

ip route
add dst-address=0.0.0.0/0 gateway=10.192.241.6 scope=255 target-scope=10 routing-mark=VPN comment="" disabled=no

Anyone got an idea why the router doesn't handle large packets the same way as a W2K3 RRAS router?

/Jörgen

Similar config (policy based routing different due to ROS version) in a x86 machine with 2.8.8 works properly! We actually tested and build everything on 2.8.8 running in VmWare before purchasing the units... so we knew that it worked.... but not

The screenshot below shows two pings, both from the same machine, routed through the same central router (W2K3 SP1) through two PPtP tunnels to two different Mikrotik ROS routers. The first, that works, runs through a 2.8.8 router and the second that fails is a 2.9.10 (also tried 2.9.4) Only configuration difference is in policy based routing that goes through mangle now

**********************
C:\Documents and Settings\joeri>ping 10.192.10.15 -l 12200

Pinging 10.192.10.15 with 12200 bytes of data:

Reply from 10.192.10.15: bytes=12200 time=11ms TTL=125
Reply from 10.192.10.15: bytes=12200 time=11ms TTL=125

Ping statistics for 10.192.10.15:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 11ms, Average = 11ms
Control-C
^C
C:\Documents and Settings\joeri>ping 10.194.11.16 -l 12200

Pinging 10.194.11.16 with 12200 bytes of data:

Request timed out.
Request timed out.

Ping statistics for 10.194.11.16:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C
^C
C:\Documents and Settings\joeri>
******************

Any ideas guys?

/Jörgen

Anyone? Any ideas on where to look? I'm out of ideas now

/Jörgen