Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




376 posts

Ultimate Geek
+1 received by user: 54


Topic # 144123 8-May-2014 09:08
Send private message

I couldn't find a 2Talk forum so have posted this here - hope that's okay.

I have a client who has been running a Draytek 120 in bridge mode with a Mikrotik behind it. This was on a shared Xtra Adsl connection in the shared premises they are in. They have had their own Adsl circuit provisioned now from 2Talk and I am having issues getting everything to work again.

They are an NZ arm of an Aussie firm and they are running Voip phones registered back to a Pabx in Aussie. The Mikrotik was basically doing some client segmentation, basic filtering, traffic marking/queuing and SIP fixup.

After moving the gear over and changing the PPPoE details on the Mikrotik it initially looked like it was working okay, could ping everywhere no issues and the phones registered okay and we could make calls.

As soon as I tried to browse, no go. Can ping the addresses so DNS is working okay but no go on the http or https. The only address I can reliably get to is the 2Talk website but if I attempt to load the 2Talk support page which is https it fails to load.

I reset the Draytek and used it as a standard NAT router with PPPoA and no issues, can browse fine. Removed all the config off the Mikrotik so it's only doing PPPoE and NAT and issue remains.

Not sure where to go to from here...... Any help or suggestions gratefully received.

Cheers
Matt.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
2250 posts

Uber Geek
+1 received by user: 639

Trusted
Subscriber

  Reply # 1038797 8-May-2014 09:58
Send private message

Hmmmm that sounds pretty strange.

If I were there and really struggling, I would be tempted to back up the Draytek's config and the reset it.  Set it up as a standard DSL router, connect a PC, and check the internet connection is working as advertised.  (Or chuck in another DSL router to test it.)  It is worthwhile eliminating the new broadband connection as the source of failure.

From there if you are confident the broadband is working fine, then you have to look at the next link ion the chain.  Again back up the Mikrotek's config, reset it, and test it with the most basic of configurations.  If that works fine, but it doesn't work when you restore your config, then the config is at fault.  You might want to take screen shots of the relevant config pages and set the thing up from scratch, testing and backing up the config after each successful step.

Good luck.




"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams



376 posts

Ultimate Geek
+1 received by user: 54


  Reply # 1038798 8-May-2014 10:01
Send private message

Thanks for the reply, thats exactly what I have done. 

Reset the Draytek and put PPPoA and Nat on it with just my PC behind it and it works fine with no issues.

Back in bridge mode with the Mikrotik and no go. Reset the Mikrotik and removed all the config except PPP and NAT and the HTTP/S issue remains.

It appears to be a large packet size issue as DNS is working fine and the SIP is all good. Very bizarre......

Cheers
Matt.

 
 
 
 


2250 posts

Uber Geek
+1 received by user: 639

Trusted
Subscriber

  Reply # 1038813 8-May-2014 10:06
Send private message

That *is* weird.

TBH I've never used these in full bridge mode.  I've only ever done the half bridge - Draytek call it the Active True IP.  You could possibly give that a quick crack.

If the Draytek came from Snapper, flick the guys there an emaill.  Their support has never failed to impress me.  They won't want to spend ages troubleshooting the Mikrotek but might have a quick tip that would help.




"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams



376 posts

Ultimate Geek
+1 received by user: 54


  Reply # 1038814 8-May-2014 10:09
Send private message

I originally had it in half bridge mode but ended up moving to full bridge mode for a couple of reasons. The full bridge mode is very easy to setup, as was the half bridge mode.

I got it from Snapper so I will give them a yell.

Cheers
Matt.

25347 posts

Uber Geek
+1 received by user: 5188

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1038829 8-May-2014 10:22
Send private message

These work fine in full bridge. You've obviously some something configured incorrectly if it's not working.

The first thing to look at when you have browsing issues is MTU


2250 posts

Uber Geek
+1 received by user: 639

Trusted
Subscriber

  Reply # 1038831 8-May-2014 10:25
Send private message

Smart thinking, sbiddle.

Matt have a look here for an example of how to test this:  http://www.strongvpn.com/mtu_ping_test.shtml





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams



376 posts

Ultimate Geek
+1 received by user: 54


  Reply # 1038906 8-May-2014 11:55
Send private message

Thanks guys.

Yes I assumed it was an MTU issue last night and did some testing.

For overhead with PPoE I need to allow 8 and with tcp and ethernet another 28 so a total of 36. 2Talk are advising an MTU of 1492.

I am about to head back to site soon to do some more testing.

Cheers
Matt.





376 posts

Ultimate Geek
+1 received by user: 54


  Reply # 1040516 9-May-2014 08:25
Send private message

Its not an MTU issue.

Issue appears to be with the ISP however diagnosing this is slow....

25347 posts

Uber Geek
+1 received by user: 5188

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1040530 9-May-2014 08:50
One person supports this post
Send private message

I assume you've signed up for a plan that offers internet access, and not just one designed for their own voice offering?







376 posts

Ultimate Geek
+1 received by user: 54


  Reply # 1312699 27-May-2015 13:23
Send private message

Sorry for the late post. The issue was MTU related, nothing to do with the hardware or it's setup. The issue was in the 2Talk network and wasn't resolved.

Client moved to UFB which negated the need for the bridge mode....

16 posts

Geek
+1 received by user: 3


Reply # 1322050 10-Jun-2015 12:41
Send private message

A common issue with PPPoE connections is not only MTU but MSS.

Mikrotik have a feature to reduce MSS automatically - to see if it is enabled check under IP FIREWALL MANGLE and see if there are any Dynamic Forward entries with action of Change MSS.

The usual symptom is some pages load, some dont.yell

There is also a nice tool to check MTU and MSS (Payload) - Google MTUPATH.EXE or MTUROUTE.EXE

3872 posts

Uber Geek
+1 received by user: 159


  Reply # 1322072 10-Jun-2015 13:03
Send private message

Mattmannz: Thanks guys.

Yes I assumed it was an MTU issue last night and did some testing.

For overhead with PPoE I need to allow 8 and with tcp and ethernet another 28 so a total of 36. 2Talk are advising an MTU of 1492.

I am about to head back to site soon to do some more testing.

Cheers
Matt.




I do the same thing but have MTU and MTR set to 1480 on the PPPoE dialer in the Mtk.






Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz




376 posts

Ultimate Geek
+1 received by user: 54


  Reply # 1322257 10-Jun-2015 15:42
Send private message

scampbell: A common issue with PPPoE connections is not only MTU but MSS.

Mikrotik have a feature to reduce MSS automatically - to see if it is enabled check under IP FIREWALL MANGLE and see if there are any Dynamic Forward entries with action of Change MSS.

The usual symptom is some pages load, some dont.yell

There is also a nice tool to check MTU and MSS (Payload) - Google MTUPATH.EXE or MTUROUTE.EXE


Stuart - you assisted with this remember?



376 posts

Ultimate Geek
+1 received by user: 54


  Reply # 1322259 10-Jun-2015 15:43
Send private message

DonGould:
Mattmannz: Thanks guys.

Yes I assumed it was an MTU issue last night and did some testing.

For overhead with PPoE I need to allow 8 and with tcp and ethernet another 28 so a total of 36. 2Talk are advising an MTU of 1492.

I am about to head back to site soon to do some more testing.

Cheers
Matt.




I do the same thing but have MTU and MTR set to 1480 on the PPPoE dialer in the Mtk.




Is this on 2Talk Don? The Mikrotik defaults to those values with PPoE

Cheers

3872 posts

Uber Geek
+1 received by user: 159


  Reply # 1322267 10-Jun-2015 16:03
Send private message

Mattmannz:
DonGould:
Mattmannz: Thanks guys.

Yes I assumed it was an MTU issue last night and did some testing.

For overhead with PPoE I need to allow 8 and with tcp and ethernet another 28 so a total of 36. 2Talk are advising an MTU of 1492.

I am about to head back to site soon to do some more testing.

Cheers
Matt.




I do the same thing but have MTU and MTR set to 1480 on the PPPoE dialer in the Mtk.




Is this on 2Talk Don? The Mikrotik defaults to those values with PPoE

Cheers


na pppoe to snap in this case, but I've seen the problems you're reporting before and fixed it just by dropping the MTU and MRU right down to something I knew could be low enough.

I just make the settings on the pppoe dialer directly, I don't let the provider tell me.

/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=\
    ether1-gateway max-mru=1480 max-mtu=1480 mrru=disabled name=SNAP-DSL-PPPoE password=xxxx profile=default \
    service-name="" use-peer-dns=yes user=xxxx








Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Symantec protects data everywhere with Information Centric Security
Posted 21-Sep-2017 15:33


FUJIFILM introduces X-E3 mirrorless camera with wireless connectivity
Posted 18-Sep-2017 13:53


Vodafone announces new plans with bigger data bundles
Posted 15-Sep-2017 10:51


Skinny launches phone with support for te reo Maori
Posted 14-Sep-2017 08:39


If Vodafone dropping mail worries you, you’re doing online wrong
Posted 11-Sep-2017 13:54


Vodafone New Zealand deploy live 400 gigabit system
Posted 11-Sep-2017 11:07


OPPO camera phones now available at PB Tech
Posted 11-Sep-2017 09:56


Norton Wi-Fi Privacy — Easy, flawed VPN
Posted 11-Sep-2017 09:48


Lenovo reveals new ThinkPad A Series
Posted 8-Sep-2017 14:37


Huawei passes Apple for the first time to capture the second spot globally
Posted 8-Sep-2017 10:45


Vodafone initiative enhances te reo Maori pronunciation on Google Maps
Posted 8-Sep-2017 10:40


Voyager Internet expand local internet phone services company with Conversant acquisition
Posted 6-Sep-2017 18:27


NOW Expands in to Tauranga
Posted 5-Sep-2017 18:16


Windows 10 Fall Creators Update coming Oct. 17
Posted 4-Sep-2017 14:10


Garmin introduce Garmin vivoactive 3
Posted 1-Sep-2017 18:38



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.