2Talk issue with Draytek in bridge mode and Mikrotik router

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › 2Talk issue with Draytek in bridge mode and Mikrotik router

Mattmannz

471 posts

Ultimate Geek

#144123 8-May-2014 09:08

I couldn't find a 2Talk forum so have posted this here - hope that's okay.

I have a client who has been running a Draytek 120 in bridge mode with a Mikrotik behind it. This was on a shared Xtra Adsl connection in the shared premises they are in. They have had their own Adsl circuit provisioned now from 2Talk and I am having issues getting everything to work again.

They are an NZ arm of an Aussie firm and they are running Voip phones registered back to a Pabx in Aussie. The Mikrotik was basically doing some client segmentation, basic filtering, traffic marking/queuing and SIP fixup.

After moving the gear over and changing the PPPoE details on the Mikrotik it initially looked like it was working okay, could ping everywhere no issues and the phones registered okay and we could make calls.

As soon as I tried to browse, no go. Can ping the addresses so DNS is working okay but no go on the http or https. The only address I can reliably get to is the 2Talk website but if I attempt to load the 2Talk support page which is https it fails to load.

I reset the Draytek and used it as a standard NAT router with PPPoA and no issues, can browse fine. Removed all the config off the Mikrotik so it's only doing PPPoE and NAT and issue remains.

Not sure where to go to from here...... Any help or suggestions gratefully received.

Cheers
Matt.

1 | 2

3830 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1038797 8-May-2014 09:58

Hmmmm that sounds pretty strange.

If I were there and really struggling, I would be tempted to back up the Draytek's config and the reset it. Set it up as a standard DSL router, connect a PC, and check the internet connection is working as advertised. (Or chuck in another DSL router to test it.) It is worthwhile eliminating the new broadband connection as the source of failure.

From there if you are confident the broadband is working fine, then you have to look at the next link ion the chain. Again back up the Mikrotek's config, reset it, and test it with the most basic of configurations. If that works fine, but it doesn't work when you restore your config, then the config is at fault. You might want to take screen shots of the relevant config pages and set the thing up from scratch, testing and backing up the config after each successful step.

Good luck.

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management. A great Kiwi company.

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

Mattmannz

471 posts

Ultimate Geek

#1038798 8-May-2014 10:01

Thanks for the reply, thats exactly what I have done.

Reset the Draytek and put PPPoA and Nat on it with just my PC behind it and it works fine with no issues.

Back in bridge mode with the Mikrotik and no go. Reset the Mikrotik and removed all the config except PPP and NAT and the HTTP/S issue remains.

It appears to be a large packet size issue as DNS is working fine and the SIP is all good. Very bizarre......

Cheers
Matt.

Dynamic

3830 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1038813 8-May-2014 10:06

That *is* weird.

TBH I've never used these in full bridge mode. I've only ever done the half bridge - Draytek call it the Active True IP. You could possibly give that a quick crack.

If the Draytek came from Snapper, flick the guys there an emaill. Their support has never failed to impress me. They won't want to spend ages troubleshooting the Mikrotek but might have a quick tip that would help.

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management. A great Kiwi company.

Mattmannz

471 posts

Ultimate Geek

#1038814 8-May-2014 10:09

I originally had it in half bridge mode but ended up moving to full bridge mode for a couple of reasons. The full bridge mode is very easy to setup, as was the half bridge mode.

I got it from Snapper so I will give them a yell.

Cheers
Matt.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1038829 8-May-2014 10:22

These work fine in full bridge. You've obviously some something configured incorrectly if it's not working.

The first thing to look at when you have browsing issues is MTU

Dynamic

3830 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1038831 8-May-2014 10:25

Smart thinking, sbiddle.

Matt have a look here for an example of how to test this: http://www.strongvpn.com/mtu_ping_test.shtml

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management. A great Kiwi company.

Mattmannz

471 posts

Ultimate Geek

#1038906 8-May-2014 11:55

Thanks guys.

Yes I assumed it was an MTU issue last night and did some testing.

For overhead with PPoE I need to allow 8 and with tcp and ethernet another 28 so a total of 36. 2Talk are advising an MTU of 1492.

I am about to head back to site soon to do some more testing.

Cheers
Matt.

Mattmannz

471 posts

Ultimate Geek

#1040516 9-May-2014 08:25

Its not an MTU issue.

Issue appears to be with the ISP however diagnosing this is slow....

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1040530 9-May-2014 08:50

I assume you've signed up for a plan that offers internet access, and not just one designed for their own voice offering?

Mattmannz

471 posts

Ultimate Geek

#1312699 27-May-2015 13:23

Sorry for the late post. The issue was MTU related, nothing to do with the hardware or it's setup. The issue was in the 2Talk network and wasn't resolved.

Client moved to UFB which negated the need for the bridge mode....

scampbell

16 posts

Geek

#1322050 10-Jun-2015 12:41

A common issue with PPPoE connections is not only MTU but MSS.

Mikrotik have a feature to reduce MSS automatically - to see if it is enabled check under IP FIREWALL MANGLE and see if there are any Dynamic Forward entries with action of Change MSS.

The usual symptom is some pages load, some dont.

There is also a nice tool to check MTU and MSS (Payload) - Google MTUPATH.EXE or MTUROUTE.EXE

DonGould

3892 posts

Uber Geek

#1322072 10-Jun-2015 13:03

Mattmannz: Thanks guys.

Yes I assumed it was an MTU issue last night and did some testing.

For overhead with PPoE I need to allow 8 and with tcp and ethernet another 28 so a total of 36. 2Talk are advising an MTU of 1492.

I am about to head back to site soon to do some more testing.

Cheers
Matt.

I do the same thing but have MTU and MTR set to 1480 on the PPPoE dialer in the Mtk.

Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

Mattmannz

471 posts

Ultimate Geek

#1322257 10-Jun-2015 15:42

scampbell: A common issue with PPPoE connections is not only MTU but MSS.

Mikrotik have a feature to reduce MSS automatically - to see if it is enabled check under IP FIREWALL MANGLE and see if there are any Dynamic Forward entries with action of Change MSS.

The usual symptom is some pages load, some dont.

There is also a nice tool to check MTU and MSS (Payload) - Google MTUPATH.EXE or MTUROUTE.EXE

Stuart - you assisted with this remember?

Mattmannz

471 posts

Ultimate Geek

#1322259 10-Jun-2015 15:43

DonGould:
Mattmannz: Thanks guys.

Yes I assumed it was an MTU issue last night and did some testing.

For overhead with PPoE I need to allow 8 and with tcp and ethernet another 28 so a total of 36. 2Talk are advising an MTU of 1492.

I am about to head back to site soon to do some more testing.

Cheers
Matt.

I do the same thing but have MTU and MTR set to 1480 on the PPPoE dialer in the Mtk.

Is this on 2Talk Don? The Mikrotik defaults to those values with PPoE

Cheers

DonGould

3892 posts

Uber Geek

#1322267 10-Jun-2015 16:03

Mattmannz:
DonGould:
Mattmannz: Thanks guys.

Yes I assumed it was an MTU issue last night and did some testing.

For overhead with PPoE I need to allow 8 and with tcp and ethernet another 28 so a total of 36. 2Talk are advising an MTU of 1492.

I am about to head back to site soon to do some more testing.

Cheers
Matt.

I do the same thing but have MTU and MTR set to 1480 on the PPPoE dialer in the Mtk.

Is this on 2Talk Don? The Mikrotik defaults to those values with PPoE

Cheers

na pppoe to snap in this case, but I've seen the problems you're reporting before and fixed it just by dropping the MTU and MRU right down to something I knew could be low enough.

I just make the settings on the pppoe dialer directly, I don't let the provider tell me.

/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=\
ether1-gateway max-mru=1480 max-mtu=1480 mrru=disabled name=SNAP-DSL-PPPoE password=xxxx profile=default \
service-name="" use-peer-dns=yes user=xxxx

Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

1 | 2