I’ve been losing my mind for almost 4 hours, and I feel like an idiot.
At first I couldn't understand why the TLS handshake was always taking more than 300 milliseconds. I thought it was a local or server-side issue. Only after about an hour did I test google.com and saw the exact same behavior.
That's when I realized that with my other WAN connection, the timing drops significantly.
So I started going crazy over my MikroTik configuration, convinced it had to be something related to multi-WAN. I even briefly asked an AI (I know, I know...), which said the problem was probably my neighbor, who had eaten too much pizza.
At that point, I kept spiraling.
Then it hit me that the Vodafone Station has its built-in Wi-Fi disabled, since I manage the network behind it. I could enable it and bypass the MikroTik. I enabled it and ran a direct test.
Bingo. Same problem.
So the issue is upstream. I suspect it’s "Vodafone Rete Sicura", some awful thing I never wanted and that probably does some kind of traffic inspection.
I really can't wait for FTTH to arrive so I can finally get rid of this stuff.