If you’re having trouble accessing certain websites—like partial page loads or dropped connections—your network’s Maximum Segment Size (MSS) may be the issue. This is common when the MTU (Maximum Transmission Unit) is mismatched across the network, causing packet fragmentation or loss. The problem is mostly on some “really” safe websites like banks, government, etc.
The Solution: Mikrotik MSS Clamping
Using a Mikrotik router, you can resolve this by clamping the MSS to the Path MTU (PMTU). This ensures packets are properly sized to avoid fragmentation:
/ip firewall mangle add chain=forward action=change-mss new-mss=clamp-to-pmtu passthrough=yes tcp-flags=syn protocol=tcp
Explanation
chain=forward: Applies the rule to forwarded traffic (outbound from the router).action=change-mss: Adjusts the MSS value.new-mss=clamp-to-pmtu: Matches MSS to the PMTU, preventing fragmentation.tcp-flags=syn: Ensures the rule only affects TCP SYN packets.
This method fixes many website access issues caused by improper MSS settings. To apply, log in to your Mikrotik router, add this rule in the “Mangle” section under “Firewall”, and test your connection. You should now be able to access websites without problems!
Why This Works
When a TCP connection is established, the MSS value is negotiated during the SYN packet exchange. If the MSS is set too high, packets can exceed the MTU on some parts of the path, leading to fragmentation or packet loss. By clamping the MSS to the PMTU, this rule ensures that the MSS is small enough to avoid these problems, thereby allowing smooth communication with the website.