MikroTik

Hi all, good day! I have encountered some problem with my setup, hope there will be some help here.

I have a RB2011L-IN, and another RB751G-2Hnd
when I mean MTU below, I mean MTU/MRU


RB2011 is my PPTP server (I connected to internet with PPPoE 1492 MTU) RouterOS 6.9
I had created the PPTP server with 1460MTU

RB751G is my other remote site (which also connected to the internet with PPPoE 1492 MTU) RouterOS 6.10
This will be connecting back to RB2011 using PPTP also 1460MTU

Both sites are connected perfectly, routing in between then are alright, but I encountered something strange, that is from RB2011 site
I am not able to Ping the host in RB751G local hosts, but I can somehow browse some of the host!


Hosts -> RB2011 -> Internet -> RB751G -> Hosts
- While inside Winbox of both sites, I am able to Ping everything from both sites.
- While on a windows machine on RB2011 site, after connected, I am able to ping RB751G, but not the hosts after that (Request timed out)
- However, I am able to browse one of the host (Synology) webpage, while unable to browse other AP page (TP-Link with OpenWRT)
- I am not able to Ping both of this hosts
- I tried to Ping with MTU -f -l, and i tried almost every single size from 1500 to 1425, under that connection timed out, still not able to find a good MTU ping return.
- I tried change the TCP MSS to "No" under PPTP server profile
- I tried changing the MTU to 1460, 1450, 1452, 1440... still no avail...
- edit: I am unable to browse network share either

Please anybody can please help me?
Please let me know what kind of information I need to post...

Thank you very much in advance

How about firewall rules?

1) Install 6.11 on both side and upgrade the bios AFTER install 6.11:
http://www.mikrotik.com/download/share/ ... e-6.11.npk
[thanks Normis for the link (http://forum.mikrotik.com/viewtopic.php ... 61#p414543)]

2) set on both side authenication to mscahp1 & mscahp2 only, MTU & MRU to 1450, MRRU to 1614, and on the profile used change-tcp-mss to yes

3) retry.

If fail:
4) Place both "/export compact" command result on forum (read the export and filter sensitive data first!)

Hi rextended, thank for your tip on this
2) set on both side authenication to mscahp1 & mscahp2 only, MTU & MRU to 1450, MRRU to 1614, and on the profile used change-tcp-mss to yes
i tried some of the settings on and off, it seems that there is not much difference when i change to MRRU 1614 (and not) and the tcp-mss (and not)
even with MTU/MRU of 1450, i can only ping without fragment at 1422 and below, it seems i lost another 28 bytes, care to explain all these MTU? since my pptp is tunneled inside pppoe, will the 1492 pppoe (from my isp) affect the settings in pptp? is there any ways to increase to bigger packet size?

thanks for your help, please shed some light...




Hi Rudios, thanks for your tip also on firewall. it seems that i have a rule to disallow anything on any interface... and i didnt know it even affects pptp as i thought it has "come in" to my local network as in bridge to my bridge...
never know the firewall there need to allow a Forward rule on that interface... i still very new on these, care to explain?

thanks for everybody help i appreciate that