Hi, I have IPSec remote access VPN setup on Mikrotik router. I am not able to reach WLC/ME web interface through browser. I have no problem to open any website HTTP/HTTPS when connected to VPN, only web management of WLC is an issue, SSH CLI works fine. I have no problem accessing web GUI on LAN, my PC and WLC management are in different VLANs. After entering https://ip to my browser, it asks me whether I trust certificate, I click yes and it loads to infinite. I tried different browsers too. I did a PCAP on client and also on router, there are duplicate ACKs and retransmits, also ICMP fragmentation needed messages. No split tunneling si set, MSS is adjusted on forward traffic to 1000, firewall is setup correctly as PC in VPN get same IP/subnet as in LAN also router is not overloaded. I think it can be connected with MTU/MSS. Access points 1815i were updated twice to 8.10.130 and now 8.10.142. Thank you for any relevant ideas.
Solved! Go to Solution.
Ok, https session is not loading, did you try opening http session?
Does WLC has proper clock settings?
If the certificate is self-signed, then i would recommend to regenerate and retry
You can verify the MTU issue by pinging with the "do-not-fragment" bit set. All ping clients should have this option. Also try a different browser, might be a policy or cache issue on the local client.