I can connect to the VPN using my Mac and iPhone and can get traffic through to most websites (MacBook works fine). However when I try and load google and some other sites from the iPhone -- they do not load. I'm pretty sure this is MTU issue and I have tried changing the values aswell as added some mangle rules but still cannot get Google.com to load only on the iPhone. (Tested with Safari/Chrome) (Other things act strange aswell like the Apple AppStore won't load ('no connection error')
Scenario:
iPhone over Cellular 5G > Mikrotik L2TP = Google Does not work / AppStore does not load / other sites like Netflix work.
MacBook > Tethered to iPhone (over 5G) > L2TP Established via MacBook to Mikrotik Router = Google Works, no issues
Working from the Internal LAN, Google works for iPhone and there's no issues, so it's something related when L2TP is added into the mix. Tried dropping MTU to 1280 on the L2TP but this did not help and did not break anything so reverted back to default.
I am assuming that the MacBook is better handling the MTU vs the iPhone, any suggestions?
This is the whole config:
Code: Select all
/interface ethernet
set [ find default-name=ether5 ] name=SWITCH
set [ find default-name=ether1 ] name=WAN
/ip ipsec profile
set [ find default=yes ] dh-group=modp1024 enc-algorithm=aes-256 hash-algorithm=sha256
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-128-cbc
/ppp profile
set *0 dns-server=1.1.1.1 local-address=192.168.6.1 remote-address=192.168.6.10
/interface l2tp-server server
set enabled=yes ipsec-secret=secretkey123456 max-mru=1450 max-mtu=1450 use-ipsec=yes
/ip address
add address=192.168.6.1/24 interface=SWITCH network=192.168.6.0
/ip dhcp-client
add interface=WAN
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.6.0/24
/ip ipsec policy
add group=*3 proposal=*1 template=yes
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.6.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ppp secret
add name=username password=password