I have Mikrotik hEX in position & # 39; A & # 39;, Mikrotik hAP AC ^ 2 in position & # 39; B & # 39; installed and connected to OVPN L2. Both routers have the NAT functions activated and the private network.
hEX has the network 192.168.0.0/23 and hAP the network 192.168.3.0/24. These two local networks are bound as a local network 192.168.0.0/22. I have confirmed that all bridge, routing and DHCP policies are configured and working as expected.
After configuring the above setting, I try to connect to a public IP address (& # 39; X & # 39;) from a device connected under hEX in order to use this route.
Terminal -> hEX -> hAP – (NAT) -> remote server & # 39; X & # 39;
To achieve this, I have & # 39; X & # 39; added a routing policy to use the VPN server binding interface IP on hEX as a gateway, and confirmed that the ICMP echo response was well received and stable, and would require a response time of approximately 9-12 ms.
However, when I use software that uses TCP to connect (I haven't confirmed whether it also affects UDP, but I think this is negative), something strange happens as follows:
Even other TCP packets respond as quickly as possible under 50 ms when a TCP connection is established. However, only one TCP ACK packet is answered that SYN answers. The server's ACK is retransmitted for about 10 seconds, and then the handshake process continues. This behavior also occurs when establishing the HTTPS connection and is observed in all devices under hEX.
When I remove the routing policy to address X, I use route
Terminal -> hEX – (NAT) -> Remote Server & # 39; X & # 39 ;, TCP handshake is set up immediately.
If I connect to address X on the device under hAP, use the route
Terminal -> hAP – (NAT) -> Remote Server & # 39; X & # 39 ;, TCP handshake is set up immediately.
What is the problem and how should I fix it?