Mikrotik - Getting packet loss when trying to access websites over a EOIP tunnel

Mikrotik - Getting packet loss when trying to access websites over a EOIP tunnel

^{Created: 2023-10-25 22:16:20 | Last modified: 2023-10-25 22:21:15}
^{Access: Read}^{| Views: 23}^{| Rating: N/A}^{| Tags:}
After upgrading some client Mikrotiks that were using EOIP to connect the sites, some traffic was being dropped and some websites weren't able to be accessed.

After upgrading some client Mikrotiks that were using EOIP to connect the sites, some traffic was being dropped and some websites weren't able to be accessed. We tried adjusting the MTU on the bridge and EOIP tunnels with no luck.

It looks like the issue is caused by a broken PMTUD (Path MTU Discovery) between the routers. On the source routers making the connection to the websites, we had to add some mangle rules to get around the problem.

/ip firewall mangle
/ip/firewall/mangle> add chain=forward in-interface=the-bridge protocol=tcp tcp-flags=syn tcp-mss=1361-65535 action=change-mss new-mss=1360
/ip/firewall/mangle> add chain=forward out-interface=the-bridge protocol=tcp tcp-flags=syn tcp-mss=1361-65535 action=change-mss new-mss=1360

We then enabled use the IP firewall on the bridge.

We could then see packets counting on the firewall;