Community discussions

MikroTik App

Search found 108 matches

by Rockyboa
Thu Oct 03, 2024 12:09 am
Forum: General
Topic: Wi‑Fi 7 / 802.11be
Replies: 96
Views: 32074

Re: Wi‑Fi 7 / 802.11be

Would like to see something like hap ax2, but wifi 7 and with USB port.
Yes, I would also like an SFP+ cage for my PON ONT, 2.5G Ethernet interfaces and get this Homeplug AV2 1300 standard back for CPL meshing over powerline option in a USB-C power supply option!

Rock.
by Rockyboa
Tue Jul 09, 2024 4:51 am
Forum: General
Topic: mantbox ax 15s
Replies: 0
Views: 1047

mantbox ax 15s

Runing latest RouterOS 7.15.2 on two mantboxax, I wish to make a bridge between those two. On is configure as a AP, the other one as a bridge-station on the 5GHz wifi interfwace. I need the 2.4Ghz for cameras located close to the antenna and bot Mant 2.4GHz antenna are set to AP To my suprise the al...
by Rockyboa
Tue Feb 27, 2024 10:45 pm
Forum: General
Topic: PPPoE over vlan [SOLVED]
Replies: 6
Views: 2611

Re: PPPoE over vlan [SOLVED]

Hi, first I want to thank all of you. I finally solved my issue. I reset my CRS328 to default and magically started to work the way I wanted. 1) after reset I quickset to router and set sfp1 as the WAN interface temporarely and 2) /interface vlan add interface=bridge name=bridge-vlan35 vlan-id=35 3)...
by Rockyboa
Fri Feb 23, 2024 10:15 pm
Forum: General
Topic: PPPoE over vlan [SOLVED]
Replies: 6
Views: 2611

Re: PPPoE over vlan [SOLVED]

RhoAius, You actually provide me a missing piece, the addition of the VLAN inside on the same bridge with VLAN id =35 allows me to ping interface ether1 on vlan35 on CRS125 from ether1 on vlan25 on CRS328. Strangely the on the bridge VLAN 35 is mandantory CRS328 to add my brigde in untagged. But rem...
by Rockyboa
Fri Feb 23, 2024 5:53 pm
Forum: General
Topic: PPPoE over vlan [SOLVED]
Replies: 6
Views: 2611

Re: PPPoE over vlan [SOLVED]

Thank you very much for your reply. My goal is to have a dual PPPoE connection from one device (CRS125) and a second one from my second router (CRS328) to make some tests / home lab whitout playing with my environment. They both use same PPPoE credential but will end up with two public IP thus ahavi...
by Rockyboa
Tue Feb 20, 2024 8:41 pm
Forum: General
Topic: PPPoE over vlan [SOLVED]
Replies: 6
Views: 2611

PPPoE over vlan [SOLVED]

Hi, I have a question concerning PPPoE over VLAN, I'm hoping someone could help. Running a CRS125-24G and a CRS328-24P-2S+ connected via both ether1 interface. Since my ISP allows me to have two public adresses I'm trying to get two PPPoE interface over tagged vlan 35 from the same GPON ONU in my CR...
by Rockyboa
Fri May 27, 2022 3:20 pm
Forum: General
Topic: dhcp server sending host-name
Replies: 2
Views: 938

Re: dhcp server sending host-name

Hi, Thank for taking time to reply to my question. It is actually the case and when using a Linux machine running dnsmasq with this configuration line dhcp-host=00:e0:66:59:88:8b,client1,192.168.78.51,set:diskless it does assign the client1 to my device. So trying to achieve similar behavior with th...
by Rockyboa
Mon Apr 25, 2022 2:00 am
Forum: General
Topic: dhcp server sending host-name
Replies: 2
Views: 938

dhcp server sending host-name

Hi, looking at the different way to change all the hostname of my servers that are booting using PXE, I'm trying to leverage the isc- dhclient https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcp-options that handle host-name. I build a script that use host to do reverse DNS, but I have some issue ...
by Rockyboa
Tue Feb 01, 2022 5:02 am
Forum: Wireless Networking
Topic: cAP XL ac reflector and mounting
Replies: 4
Views: 1691

Re: cAP XL ac reflector and mounting

Anav,

Thank you, when I look at the gain (6 on 2.4GHz and 5.5 on 5GHz) it makes me believe that the shape is not so spherical anymorem, but I'm no wifi expert.

Obviously, I want to manage them using CAPsMAN, I'll look at your suggestion though if a manage solution exist.

Martin
by Rockyboa
Sun Jan 30, 2022 10:45 pm
Forum: Wireless Networking
Topic: cAP XL ac reflector and mounting
Replies: 4
Views: 1691

cAP XL ac reflector and mounting

Hello, I'm interested in getting some cAP XL ac. My concerns are related to the wall mounting and reflectors on the antenna. I would supposed this unit is design optimally to be mounted on ceiling. In my case it would be preferable to mount them on wall. Looking at the doc it seams to be an option, ...
by Rockyboa
Sat Nov 13, 2021 1:56 am
Forum: Beginner Basics
Topic: Audience mesh setup problem
Replies: 1
Views: 1922

Audience mesh setup problem

Hi Mikrotik Forum. I order a couple of Audience to understand meshing technology by studying the default configuration of Audience and learning WDS / Mesh from this experience (more on that later). As usual, I first updated my firmware on all my 3 units to the latest stable 6.49. I then proceed to a...
by Rockyboa
Fri Oct 22, 2021 4:24 pm
Forum: General
Topic: Data Over Powerlines firmware
Replies: 4
Views: 1908

Re: Data Over Powerlines firmware

I ordered more CPL devices, I like them very much.

Even though the PWR-LINE AP and PWR-LINE US use the same QCA6410, I have different version of the firmware

Again trying to update those to latest.

Here
PR-LINE AP PL6411
1.2.0(3008-20171215-CS)

PWR-LINE US
1.1.2(1611-20150928-CS)

Martin
by Rockyboa
Wed Mar 24, 2021 1:22 am
Forum: General
Topic: Data Over Powerlines firmware
Replies: 4
Views: 1908

Re: Data Over Powerlines firmware

Hi,

I can connect both unit via CPLwihtout issue, I'm just wondering how is newer PLC firmware are provided.

Are they provided through the normal process via routerOS upgrade.

I noticed a /interface pwr-line upgrade-firmware command. wondering where can I get newer firmware

Rock
by Rockyboa
Mon Mar 22, 2021 1:41 am
Forum: General
Topic: Data Over Powerlines firmware
Replies: 4
Views: 1908

Data Over Powerlines firmware

Hi, I'm a big fan of data over power lines. I'm using PWRLine-US in combo with TP-LINK AV500. I noticed today that my speed from two AV500 was noticeable better than between my hAP mini+Powerline and an AV500. Notice also that my firmware insode my AV500 was 1.3 and the one inside Mikrotik unit was ...
by Rockyboa
Thu Dec 31, 2020 9:18 pm
Forum: Wireless Networking
Topic: Roaming, repeater, WDS and Mesh (HWMP+) a
Replies: 0
Views: 971

Roaming, repeater, WDS and Mesh (HWMP+) a

Hi, I was up for a bit of reading and learn some new wireless tutorial. I have been experimenting a lot with capmans lately and now, wish to learn more about WDS and mesh. Reading different wiki, Here are some conclusion I came to and would like you to comment. - When no ethernet cables are availabl...
by Rockyboa
Sat Dec 19, 2020 6:26 pm
Forum: Scripting
Topic: Verify presence of intercafe in interface list
Replies: 1
Views: 876

Verify presence of intercafe in interface list

Hi,

I would I verify the presence of an interface in an list using a script?

Thank you

Rock
by Rockyboa
Tue Dec 15, 2020 3:25 am
Forum: General
Topic: IPSEC and Fastrack
Replies: 1
Views: 845

IPSEC and Fastrack

Hi, I was trying to find why I had poor performance over my VPN provider until I found that Fasttrack was causing the issue. I then implemented this solution https://blog.johannfenech.com/mikrotik-fasttrack-configuration-with-l2tp-ipsec-vpn/ which solved my issue. My question is more about the two o...
by Rockyboa
Thu Dec 10, 2020 4:38 am
Forum: General
Topic: VPN traffic in bridge-mode [SOLVED]
Replies: 1
Views: 1070

VPN traffic in bridge-mode [SOLVED]

Hi, Using the Quick Set I configure a PL6411-2nD into PTP CPE CPE. As I understand it this configure the device into bridge-mode, which is what I wanted, i then setup a VPN with my provider and I do see the tunnel attributing an IP to my bridge. I also remove the ether1 interface from the bridge Wha...
by Rockyboa
Fri Oct 09, 2020 10:53 pm
Forum: Wireless Networking
Topic: Antenna-gain
Replies: 0
Views: 698

Antenna-gain

Should we specify the Antenna gain in the wlan interface config. The parameter is no longer there in winbox for my RB951G-2HnD v6.47.4 device.

Also for a specification of the antenna gain, we can read 2.5. I don't think we can put set a decimal parameter from the cli, shjould I go to 3 or 2?

R.
by Rockyboa
Fri Oct 02, 2020 2:22 am
Forum: General
Topic: hAP ac³ IPSEC VPN problem
Replies: 3
Views: 894

Re: hAP ac³ IPSEC VPN problem

Sindy, thanks for trying to help me. I would start by saying that my hAP ac³ was swapped with the 951G, so there is no other other equipment between the CPE and the router in both scenario. I'm putting back my default computer interface to MTU 1500 and try to see if that would work. Here is my NordV...
by Rockyboa
Thu Oct 01, 2020 10:33 pm
Forum: General
Topic: hAP ac³ IPSEC VPN problem
Replies: 3
Views: 894

hAP ac³ IPSEC VPN problem

I recently updated my home router RB951G-2HnD to a hAP AC³ LTE Router. I purchased the unit one day before the announcement of the none LTE version, which I would not use. But I would expect the same issue with it. I have copied all my config from exporting the appropriate section to my new rtouter....
by Rockyboa
Sun Sep 27, 2020 4:23 am
Forum: General
Topic: PWR-Line AP PL6411-2nD as a Home Wireless Router
Replies: 1
Views: 516

PWR-Line AP PL6411-2nD as a Home Wireless Router

I'm wondering if anyone, except me, is wondering or using if a PWR-Line AP PL6411-2nD is a viable option for an home AP router using the eth interface to connect my CPE. I bought one last week and configuring it as a nat / router. I personally like the small form factor and the possibility to extend...
by Rockyboa
Mon Sep 21, 2020 3:55 pm
Forum: General
Topic: Simple queue priority
Replies: 0
Views: 465

Simple queue priority

Hi made those rule to get a good iptv service and to have fair amount of bandwith to all remaining connection. I have a 15M/1M link /queue type add kind=pfifo name=TVqueue pfifo-limit=2000 /queue simple add burst-time=5s/5s max-limit=1M/8M name=TVqueue1 priority=6/6 queue=TVqueue/TVqueue target=\ 19...
by Rockyboa
Thu Nov 28, 2019 5:20 pm
Forum: Wireless Networking
Topic: Wireless bridge hardware recommendation
Replies: 4
Views: 2150

Re: Wireless bridge hardware recommendation

Thank you both for taking the time to explain. After looking at different vendor, I understand I do they achieve to configure more than one sector antenna on the same mast. obviously they synchronised the radio and make sure they listen and talk together on the same channel. Since I have been using ...
by Rockyboa
Mon Nov 25, 2019 3:42 am
Forum: Wireless Networking
Topic: Wireless bridge hardware recommendation
Replies: 4
Views: 2150

Wireless bridge hardware recommendation

Hi,

I always wonder if two back to back radios such as the mAntbos24 on the same pole, should share the same channel or use different one

Martin
by Rockyboa
Wed Nov 13, 2019 8:31 pm
Forum: SwOS
Topic: Switch stack
Replies: 5
Views: 7722

Re: Switch stack

oh... yes!

We have been waiting to much for such feature. LAG across more than one switch is the feature I need the most to migrate to Mikrotik switch product.

Rock
by Rockyboa
Wed Oct 09, 2019 6:20 pm
Forum: RouterBOARD hardware
Topic: Mikrotik VDSL / DSL Modem?
Replies: 391
Views: 215075

Re: Mikrotik VDSL / DSL Modem?

Anybody tested any of those SFP modem in north america?

Rock
by Rockyboa
Tue Oct 01, 2019 4:46 pm
Forum: General
Topic: NordVPN IpSEC fragmentation issue
Replies: 7
Views: 2815

Re: NordVPN IpSEC fragmentation issue

Thank you both, so I would guess that marking the connection based on the source adress list of the devices I want to be behing this VPN is my best bet. I guess a could be even more granular by actually connection marking protocol and ports! MSS. If the IP header (20 bytes) and ICMP (8Bytes) making ...
by Rockyboa
Mon Sep 30, 2019 10:51 pm
Forum: General
Topic: NordVPN IpSEC fragmentation issue
Replies: 7
Views: 2815

Re: NordVPN IpSEC fragmentation issue

Zacharias, thank you for this super fast reply. I'm using IPSec mode config with a source address list, thus not having an interface. This is where I get stuck. Should I mangle against the same source address-list? There is also a parameter to set a connection mark in this mode config dialog box, mi...
by Rockyboa
Mon Sep 30, 2019 8:47 pm
Forum: General
Topic: NordVPN IpSEC fragmentation issue
Replies: 7
Views: 2815

NordVPN IpSEC fragmentation issue

I have setup NordVPN accordingly to this guide https://support.nordvpn.com/Connectivity/Router/1360295132/Mikrotik-IKEv2-setup-with-NordVPN.htm Works great. But have an issue with multiple links.. I lowered the MTU on my windows10 to 1438 and since then I have no issues. I would like to use a mangle...
by Rockyboa
Thu Jun 20, 2019 8:09 am
Forum: General
Topic: Hardware VLAN [SOLVED]
Replies: 7
Views: 2458

Re: Hardware VLAN [SOLVED]

Sindy, thank you for the detail information. Running through you explanation I think I do understand most of it, and indeed, if I disabled vlan filtering on the single brigde setup but leave the virtual wifi interface to tag on VLAN ID 2, it works as expected. So this single bridge configuration on ...
by Rockyboa
Wed Jun 19, 2019 4:25 pm
Forum: General
Topic: Hardware VLAN [SOLVED]
Replies: 7
Views: 2458

Re: Hardware VLAN [SOLVED]

I think it will help if I post my cAP ac configureation /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \ country=canada disabled=no distance=indoors frequency=auto mode=ap-bridge \ name=wlan-2GHz ssid=AEPONYX-2GHz wireless-protocol=802.11 set [ find def...
by Rockyboa
Tue Jun 18, 2019 9:21 pm
Forum: General
Topic: Hardware VLAN [SOLVED]
Replies: 7
Views: 2458

Re: Hardware VLAN [SOLVED]

At the other end of this trunk port (now with an interface VLAN and DHCP serving some IPs to my new guest VLAN), I have a hAP ac. After struggling with the first implementation of this wiki ( https://wiki.mikrotik.com/wiki/Manual:VLANs_on_Wireless I'm still unable to get this bridge vlan working cor...
by Rockyboa
Mon Jun 17, 2019 6:44 am
Forum: General
Topic: Hardware VLAN [SOLVED]
Replies: 7
Views: 2458

Re: Hardware VLAN [SOLVED]

CZFan,

Thank you for this reply. So then, it will no be possible to run a dhcp server from a switch vlan nor a bridge vlan?

Rock.
by Rockyboa
Sun Jun 16, 2019 8:08 pm
Forum: General
Topic: Hardware VLAN [SOLVED]
Replies: 7
Views: 2458

Hardware VLAN [SOLVED]

I'm trying to configure a simple setup using the hardware offloading feature of VLAN table inside the Atheros 8327 switch chip. First question: I have a RB1100AH router where a configure the ether5 in trunk port with untagged traffic on VLAN ID 1 and Tagged traffic on VLAN ID 2. Can I add an IP addr...
by Rockyboa
Fri May 17, 2019 7:04 pm
Forum: General
Topic: Winbox Simple Queue display change
Replies: 2
Views: 1688

Winbox Simple Queue display change

Hi, recently playing with simple queues and reading / listening on different turorial I see that when a parent simple queue is added to another queue if get indent below. This is not my case and was wondering if this is a change that was made recently in winbox. Mine are shown without this indentati...
by Rockyboa
Thu Sep 06, 2018 8:48 pm
Forum: General
Topic: Radius to Microsoft IAS for VPN password characters issue
Replies: 0
Views: 695

Radius to Microsoft IAS for VPN password characters issue

Strange but would like to know if someone came across such situation After setting up PPP VPN with my internal AD using IAS service, some user were able to log some were not. After investigating a bit we believe that password containing the $ character were not able to sign in. Are they any other sp...
by Rockyboa
Fri Jul 20, 2018 6:48 pm
Forum: General
Topic: Ethernet ring protocol
Replies: 5
Views: 2845

Re: Ethernet ring protocol

+1 On MC-LAG feature!
by Rockyboa
Sun Jun 24, 2018 8:28 pm
Forum: Beginner Basics
Topic: Problem with VLANs and VLAN filtering on the Bridge [SOLVED]
Replies: 16
Views: 8763

Re: Problem with VLANs and VLAN filtering on the Bridge [SOLVED]

I'm trying to achieve the same. Starting from a defualt congif on hAP ac lite Add an ip address 192.168.89.4 to my ether4 port I have set my bridge port ether4 to pvid 10 Added the brige as a tag port on this Bridge VLAN I plug my pc into ether4 as soon as I turn on the VLAN filtering, I can no long...
by Rockyboa
Thu Mar 28, 2013 3:40 am
Forum: General
Topic: Prefered source
Replies: 3
Views: 3174

Re: Prefered source

Thank you omega for helping out. I might not be clear but I'm located on the main office router with a single WAN but with two public IP assigned to it. I'm not tying to mangle on two interfaces but trying to build a rule that will make sure that my traffic coming in my router (and ending there sinc...
by Rockyboa
Tue Mar 26, 2013 10:56 pm
Forum: General
Topic: Prefered source
Replies: 3
Views: 3174

Prefered source

I have two public IP on my WAN interface. I'm trying to build two tunnels to this interface originating from the same remote router. I think I have good chances to make this work but there is a little captcha I need to solve. on the main office WAN interface when I disable one of the IP thus changin...
by Rockyboa
Tue Mar 26, 2013 3:53 pm
Forum: General
Topic: two wan, l2tp on wan2 (routing problem)
Replies: 5
Views: 3177

Re: two wan, l2tp on wan2 (routing problem)

Same issue here, even building a route for the remote IP doesn't solve, tunnel will always instantiate from the default route. Whatever routing mark is goes over the WAN with the lowest metric and no mark
by Rockyboa
Thu Nov 08, 2012 6:39 pm
Forum: General
Topic: PPPoE Load balancing
Replies: 2
Views: 1172

Re: PPPoE Load balancing

I think I should clarify that I run multiple vlan, thus multiple PPPoE, maximum connections globally I wish to limit and wish not to manage them per running instance in each VLAN.
by Rockyboa
Tue Nov 06, 2012 4:39 pm
Forum: General
Topic: PPPoE Load balancing
Replies: 2
Views: 1172

Re: PPPoE Load balancing

I tought about it last night,

It would be a nice feature to add if it doesn't exist, a max-connection limit. Where can we propose such a thing as a feature request.

Martin
by Rockyboa
Mon Nov 05, 2012 11:47 pm
Forum: General
Topic: PPPoE Load balancing
Replies: 2
Views: 1172

PPPoE Load balancing

We have trouble scaling up our PPPoE service. We have setup some dedicated PPPoE Mikrotik to serve our PPPoE requests, we have disabled everything else on those RB1100AH. After 800 or so we see some connection being dropped. We have put together more than one box but we usually sees on one RB1100 ge...
by Rockyboa
Wed Oct 17, 2012 10:16 pm
Forum: Beginner Basics
Topic: Star topolgy using EoIP
Replies: 0
Views: 815

Star topolgy using EoIP

I would like to configure a simple network for VoIP using EoIP tunnels. Since my primary office will bridge all connection from remote office reading in the wiki http://wiki.mikrotik.com/wiki/Manual:Interface/EoIP we can read: When bridging EoIP tunnels, it is highly recommended to set unique MAC ad...
by Rockyboa
Fri Sep 14, 2012 9:22 pm
Forum: General
Topic: Feature requests
Replies: 1792
Views: 677375

Re: Feature requests

+1 for better IPSec support.

Would like to get mode-config push pull for road warrior

http://forum.mikrotik.com/viewtopic.php?f=2&t=45516
by Rockyboa
Mon Sep 10, 2012 10:56 pm
Forum: General
Topic: One to Many NAT?
Replies: 11
Views: 5514

Re: One to Many NAT?

This is an interresting topc on Natting. I'm trying to achieve basiacally the same and just to make sure I understand clearly here is what I understand on this subject; masquerade, is a src-nat rule that will automatically use the assigned destination IP of the outgoing interface src-nat: 1:1 Nat fr...
by Rockyboa
Thu Aug 30, 2012 5:16 am
Forum: General
Topic: 2 WAN - 1 LAN no PCC
Replies: 0
Views: 811

2 WAN - 1 LAN no PCC

Very simple setup for my configuration of 2 WAN. What I'm trying to do is par of one of my LAN vlan (vlan5-dmz LAN01) I wish to send an address list (iDigit Private Subnet) to WAN02 iDigit. When I activate the following mangle rule, tracert to external IP from iDigit Private Subnet still goes throug...
by Rockyboa
Fri Apr 20, 2012 5:23 pm
Forum: RouterBOARD hardware
Topic: serial1 on RB1100
Replies: 4
Views: 1734

serial1 on RB1100

I understyand that the RB1100 has one physiccal port witch is serial0, but is it possible to use serial1? Is there a pin out on the board to add an extra DB9?
by Rockyboa
Mon Oct 24, 2011 10:08 pm
Forum: Beginner Basics
Topic: HTB wiki missing figure 8.6
Replies: 1
Views: 827

HTB wiki missing figure 8.6

Looking at the example in the HTP wiki http://wiki.mikrotik.com/index.php?title=Manual:HTB&printable=yes . The refer to figure 8.6, which suppose to include a network diagram. I would like to know what they refer has the outgoing interface for upload and download lets take the same example would...
by Rockyboa
Mon Oct 17, 2011 6:01 pm
Forum: Virtualization
Topic: RouterOS over Citrix XenServer
Replies: 1
Views: 3608

RouterOS over Citrix XenServer

Anyone running RouterOS v5 on XenServer? hvm? I know that RouterOS 5 is no longer having a Xen aware kernel but would like some feedback about performance even though this PV support has been removed.
by Rockyboa
Thu Oct 06, 2011 9:41 pm
Forum: General
Topic: Radius backup accounting
Replies: 4
Views: 7176

Re: Radius backup accounting

Same issue here, so if an account is not recognized in the on-site radius, our central radius is also getting this request, even if we set-ip up has an accouning backup. We are getting thousand of request from all of our sites into our central radius. Is this normal behaviour or should I filled a bu...
by Rockyboa
Wed Sep 28, 2011 4:53 am
Forum: General
Topic: PPPoE Server
Replies: 5
Views: 2591

Re: PPPoE Server

Good point, how could I contact DNS without first establishing the PPPoE connection. I guess the best I could do is still use VRRP in a n+1 fashion and distributing manually those subnet across many RB1100 for example 2x /24 subnet per router and havin a hot standby in case of a unit break down. Wou...
by Rockyboa
Mon Sep 26, 2011 11:51 pm
Forum: General
Topic: PPPoE Server
Replies: 5
Views: 2591

Re: PPPoE Server

For load balancing I tought about using DNS round-robin and for redundancy VRRP (sorry.) The ISP just wish to get a gross figure of how many RB1100 or RB1200 (since just dicovered that RB1100 is eol and can't wait till RB1000AHx2 You are right about the broacast domain, but can the PPPoE server many...
by Rockyboa
Mon Sep 26, 2011 9:41 pm
Forum: General
Topic: PPPoE Server
Replies: 5
Views: 2591

PPPoE Server

Question from a customer running a small ISP of 5000 users. Is the RB1100 will handle PPPoE services correctly for this number of user, if not can someone tell me best practice or average we are looking at? Also can we use a combination of RB1100 for clustering the PPPoE server in a way that we have...
by Rockyboa
Mon Sep 26, 2011 5:38 pm
Forum: Beginner Basics
Topic: DMZ in transparent firewall using a bridge
Replies: 3
Views: 2666

Re: DMZ in transparent firewall using a bridge

Thank you very much for your valuable opinion fewi. I will then use a private subnet for my DMZ and make use of the IP firewall rules has I always did and avoid going into bridging. I would be nice from you if you can answer my remaining question about bridge interface (even though I wont use it) wi...
by Rockyboa
Sat Sep 24, 2011 5:26 am
Forum: Beginner Basics
Topic: DMZ in transparent firewall using a bridge
Replies: 3
Views: 2666

DMZ in transparent firewall using a bridge

I an attempt to save some ressources on my router, we decided to look at using, for our DMZ, a bridge. So instead of using a private subnet and do some connection tracking and natting, we bridge our WAN01 interface with our DMZ interface, we use the default name bridge1. I would like to know first, ...
by Rockyboa
Tue Aug 30, 2011 12:27 am
Forum: RouterBOARD hardware
Topic: Indoor Housing Doesn't Fit MMCX Cards Right
Replies: 13
Views: 3990

Re: Indoor Housing Doesn't Fit MMCX Cards Right

I hate to reopened such old thread, but I'm also still wainting for this USB cable pass-through cable. I haven't found a MFM indoor chasis that will let us use USB. I tought that this square hole would eventually get a USB external connector, did someone found a decent way to hook up USB devices usi...
by Rockyboa
Thu Aug 25, 2011 12:19 am
Forum: Wireless Networking
Topic: Virtual AP in defferent VLAN assigment to SSID
Replies: 1
Views: 821

Virtual AP in defferent VLAN assigment to SSID

I don't have a Mikrotik equipped with a radio card handy and I had this request today. Will it be possible from an AP to create 3 Wireless network in three diferent VLAN using three SSID.

Thank You
by Rockyboa
Tue Jul 12, 2011 4:17 am
Forum: General
Topic: Statefull Packet Inspection best practice
Replies: 1
Views: 1294

Statefull Packet Inspection best practice

I just passed my MTCNA and during the training we saw how to use statefull packet inspection in the firewall to only filter new connection to unload the filter. I do understand the benefit of doing so, but my question is, can a hacker spoof the state of a packet to make the router believe it is an e...
by Rockyboa
Fri Jul 01, 2011 5:15 am
Forum: Beginner Basics
Topic: Multiple public IP NATing
Replies: 2
Views: 12857

Multiple public IP NATing

I have a setup where I use NAT with masquerade that redirect different Public IP to my internal Private IP. Working fine but when a trace route from a internal server, they all go out using the same Public IP (the first IP that was assign to my WAN interface). Is there a way to control this outgoing...
by Rockyboa
Tue May 17, 2011 2:36 am
Forum: Beginner Basics
Topic: System reset renaming interface
Replies: 1
Views: 811

System reset renaming interface

Hum, just updated my new RB493G to 5.2, type /system reset-configuration and a strange thing happend. All my interfaces were rename starting at eher10 to ether18.

Do I have to rename them manually or this is normal behaviour?

Martin
by Rockyboa
Sun May 15, 2011 10:23 pm
Forum: Wireless Networking
Topic: Just a FYI, Rogers Cable 3G ZTE MF668 Modem
Replies: 4
Views: 3505

Re: Just a FYI, Rogers Cable 3G ZTE MF668 Modem and Nokia CS

I would lika also to confirm that Nokia CS-18 is working.

There is no mention on the wiki about this 3G key, it has been working for 24 hours without issue...

Martin
by Rockyboa
Mon Mar 14, 2011 7:54 pm
Forum: General
Topic: Stopping excessive retries
Replies: 0
Views: 580

Stopping excessive retries

We tend to use Tunnel for most of our external traffic. But we have to leave a RDP server dst-nat for some users.

We can see a lot of retries of people that fails the RDP autherntication. Is there a simple way to block those new connections after 5 retries for a day using a filter rule?

Martin
by Rockyboa
Wed Mar 02, 2011 10:05 pm
Forum: Beginner Basics
Topic: Open VPN on 5.0rc10
Replies: 2
Views: 1132

Re: Open VPN on 5.0rc10

Can someone, that use openVPN, on a windows or linux client,tell me if I really need to recompile the openVPN software --auth-user-pass. If someone has recompile 2.1.3 or 2.1.4 (if it works with openVPN in the routerOS 5.0rc10) for windows and would like to send it to me, I would really appreciate. ...
by Rockyboa
Mon Feb 28, 2011 10:57 pm
Forum: RouterBOARD hardware
Topic: New RB1100 Hardware acceleraion
Replies: 10
Views: 3395

Re: New RB1100 Hardware acceleraion

Fewi,

Yes, that will be great if Mikrotik eng., could at least give more info on what would be accelerated using this hardware.

MB
by Rockyboa
Mon Feb 28, 2011 5:27 am
Forum: RouterBOARD hardware
Topic: New RB1100 Hardware acceleraion
Replies: 10
Views: 3395

New RB1100 Hardware acceleraion

I always wonder whcih part of the RouterOS uses Hardware Acceleration. I'm pretty sure IPSec does but Profile Encryption also does? What about /interface ovpn-server server?

Thank you

MB
by Rockyboa
Mon Feb 28, 2011 1:38 am
Forum: Beginner Basics
Topic: Open VPN on 5.0rc10
Replies: 2
Views: 1132

Open VPN on 5.0rc10

Hi all, This is my first try at openVPN, many places stop allowing PPtP and wish to try ovpn. I would like to use a routed setup and Win32 clients. After struggling with this stuff all afternoon, I get some connection reset on my client. My question is, do we still need to create an authfile? If yes...
by Rockyboa
Wed Aug 25, 2010 4:27 am
Forum: SwOS
Topic: Switch product line
Replies: 1
Views: 3081

Switch product line

This is more a general vendor question than related to SwOS but think it would be great to ask this community for some input. I'm struggling to fing a good vendor switch solution that will offer a nice lineup of product but more competitive than Cisco such as Mikrotik does with their router. I need ...
by Rockyboa
Wed Aug 11, 2010 5:05 pm
Forum: RouterBOARD hardware
Topic: IPSec dedicated hardware
Replies: 3
Views: 1306

Re: IPSec dedicated hardware

Fewi,

But when I use a PPP-Profile associated to this L2TP with default-encryption set to yes, I guess it is encryted and somewhat secure? Would that default-encryption setting benefits from the hardware assisted chip in the RB1000?

Martin
by Rockyboa
Sat Aug 07, 2010 5:57 pm
Forum: Beginner Basics
Topic: Queue tree vs simple
Replies: 4
Views: 8276

Re: Queue tree vs simple

Thanks guys,

I don't have a lot of rule so I think I will strart with simple queues. I guess when they grow in numbers, then, I will rethink all of this but for now I wont use more than 8 to 10 rules for now.
by Rockyboa
Tue Aug 03, 2010 6:12 am
Forum: General
Topic: Multiple WAN remote access
Replies: 10
Views: 11669

Re: Multiple WAN remote access

Fewi, should he also take care of traffic in the forward chain? I use to mark this chain the same way as the input chain to make sure dst-nat is also working. I also saw you in another similar topic using the prerouting chain to mark the traffic, in this case no need to mark the forward chain since ...
by Rockyboa
Sun Aug 01, 2010 11:24 pm
Forum: Beginner Basics
Topic: Queue tree vs simple
Replies: 4
Views: 8276

Queue tree vs simple

Ok I'm convinced, I need to setup queues for better traffic management. I read a lot of post and wiki and certainly would like to keep it up to a fairly simple environment. I tought using priorization without queues at first but, I do understand that this is relatively not efficient. So I would like...
by Rockyboa
Wed Jul 28, 2010 4:40 pm
Forum: RouterBOARD hardware
Topic: IPSec dedicated hardware
Replies: 3
Views: 1306

IPSec dedicated hardware

As I understand RB1100 does not have the RB1000 capability of hardware accelerated IPSec cryp/decrype engine.

IS this dedicated hardware only use in IPsec or L2TP would also benefits from that?
by Rockyboa
Wed Jul 28, 2010 3:33 am
Forum: General
Topic: PPTP VPN Bridge and PCC
Replies: 10
Views: 5834

Re: PPTP VPN Bridge and PCC

I knew you would send me to that DFD! :) I manage to get all my subnet talking between them! Your help is very appreciated. I even created a rule that work for relaying my email by marking the route from any LAN with dstport 25 and unchecking passthrough. Two last questions: 1) When using !local in ...
by Rockyboa
Wed Jul 28, 2010 12:01 am
Forum: General
Topic: PPTP VPN Bridge and PCC
Replies: 10
Views: 5834

Re: PPTP VPN Bridge and PCC

Chupaka,

Will try this after operation hour. My IPSec tunnels are also no longer working. Are Mangle rules have priority over firewall rules?
by Rockyboa
Tue Jul 27, 2010 4:48 am
Forum: General
Topic: PPTP VPN Bridge and PCC
Replies: 10
Views: 5834

PPTP VPN Bridge and PCC

People, I have been trying to make the PCC Wiki working in my setup. It does work but break my PPTP VPN. My VPN is using a subnet range that is not in the same LAN subnet, since I have few LAN addresses available. Since I never was able to make the appropriate route to make the PPTP subnet work with...
by Rockyboa
Tue Jul 27, 2010 12:52 am
Forum: Beginner Basics
Topic: 2 WAN port forwarding
Replies: 27
Views: 62854

Re: 2 WAN port forwarding

Fewi, I have been wondering why would you mark connection in the prerouting chain instead of input and forward. I understand that you save mangle rules by doing so, but if you follow the PCC wiki, they mark input chain only. If you do dst-nat without adding any other rules than the one in this wiki,...
by Rockyboa
Wed Jun 16, 2010 8:14 pm
Forum: Beginner Basics
Topic: 2WAN 2LAN PCC and Mangle
Replies: 0
Views: 898

2WAN 2LAN PCC and Mangle

Trying to figure out why as soon as I activate my rule #8 both LAN100 and Bridge110 don't see each other anymore. This is taken directly from the PCC example. 0 ;;; from Telus mark conn_telus chain=input action=mark-connection new-connection-mark=telus_conn passthrough=yes in-interface=Telus 1 ;;; f...
by Rockyboa
Wed May 19, 2010 5:29 pm
Forum: Beginner Basics
Topic: PCC and dst-nat
Replies: 4
Views: 2537

Re: PCC and dst-nat

Humm, I don't see any mangle in this NAT rule. I disabled PCC alltogether just want to make thing simple to start. So I'm trying to resend all traffic from a NAT rule (like yours) to the WAN link that has a higher distance to the same interface. Using the same NAT rule on the WAN with the lower dist...
by Rockyboa
Mon May 17, 2010 7:22 pm
Forum: Beginner Basics
Topic: PCC and dst-nat
Replies: 4
Views: 2537

PCC and dst-nat

Hi all, I read the following wiki http://wiki.mikrotik.com/wiki/Manual:PCC but since implementation I'm unable to dst-nat some service inside my Local subnet such as: chain=dstnat action=dst-nat to-addresses=192.168.0.50 to-ports=80 protocol=tcp in-interface=WAN2 dst-port=80 Should it still work aft...
by Rockyboa
Fri May 07, 2010 11:31 pm
Forum: Beginner Basics
Topic: remote Dynamic IP tunnel using EoIP
Replies: 5
Views: 10440

remote Dynamic IP tunnel using EoIP

We currently have RB1000 and wish to leverage the IPSec offload processor. Since we have particular need we would like to use EoIP as our VPN tunnel architechture. So we started thinking about building a EoIP tunnel and use IPSec in transport mode over this tunnel. Problem is that remote sites are m...
by Rockyboa
Thu Apr 29, 2010 4:43 pm
Forum: Beginner Basics
Topic: Tunnel differences EoIP vs IPIP
Replies: 8
Views: 19031

Re: Tunnel differences EoIP vs IPIP

So no more MTU problems?! This is huge

And in terms of ressources used, is one more demanding than the other?

Martin
by Rockyboa
Wed Apr 28, 2010 4:47 pm
Forum: Beginner Basics
Topic: Tunnel differences EoIP vs IPIP
Replies: 8
Views: 19031

Tunnel differences EoIP vs IPIP

HI all, Since I'm pretty new to Mikrotik I would like to know the difference between EoIP and IPIP tunnel and in which situation examples should I use one or the other . I read the Wiki and here are some differences I figured out. IPIP: - Layer 3 routed type traffic - Inter operability with other ve...
by Rockyboa
Mon Apr 26, 2010 8:57 pm
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 11452

Re: DHCP Realy over IPSec tunnel

Sob,

I got the desired result with your mangle rule. Thank you very much for all your help.

Martin
by Rockyboa
Fri Apr 23, 2010 8:35 pm
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 11452

Re: DHCP Realy over IPSec tunnel

I'm trying real hard to create a rule in the remote site in the output chain that every request to UDP 67 going to 192.168.110.0/24 to be catch and forward to my IpSec tunnel instead on public interface. If any NAT expert can help me. I have almost a solution. On my main router I can see the followi...
by Rockyboa
Fri Apr 23, 2010 6:06 pm
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 11452

Re: DHCP Realy over IPSec tunnel

Sob, Very interresting. IPSec always worked but I use as as the sa-src on my Remote Site 0.0.0.0. Would you think I should script something to push the address for the sa-src? Some other weirdo: On my IpSec main site a total of three policies are generated dynamically. I was expecting only one. Also...
by Rockyboa
Thu Apr 22, 2010 7:09 pm
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 11452

Re: DHCP Realy over IPSec tunnel

Sob, Thank you for not letting me down, I really appreciate your help. Yes I forgot the giaddr which is 192.168.181.1 (remote router). Since I put created an new environment with 2x RB750, I creted the DHCP server on the test-main 192.168.110.1 router. That is why I was expecting some DHCP-server lo...
by Rockyboa
Wed Apr 21, 2010 8:59 pm
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 11452

Re: DHCP Realy over IPSec tunnel

No traffic increase on my IPSec policies statistic.

But even a Ping does not increase the counters, is this normal?

Martin
by Rockyboa
Wed Apr 21, 2010 12:34 am
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 11452

Re: DHCP Realy over IPSec tunnel

I just tried with two RB750G I had. Updated both to v4.6 like my production environment. on the remote site, I can see in dhcp-debug: dhcp-relay-181 sendind discover with id 2443951115 to 192.168.110.1 hops = 1 secs = 7424 flags = broadcast ciaddr = 0.0.0.0 chaddr = 00:26:9E:CA:D6:CE Msg-Type = disc...
by Rockyboa
Tue Apr 20, 2010 6:09 pm
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 11452

Re: DHCP Realy over IPSec tunnel

Humm, maybe I need to add something in my main site RB1000.. do I if I use my Windows Clustered DHCP? On my remote site I do ping my Windows DHCP over my IPSec Tunnel, but still unable to received lease. And yes I use IPSec in tunnel mode. I did provide on my RB450G a relay local address. (192.168.1...
by Rockyboa
Mon Apr 19, 2010 6:40 pm
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 11452

DHCP Realy over IPSec tunnel

I build an IPSec tunnel between two Mikrotik Router. I'm running a DHCP server behing my main site and would like to hand out addresses from a single point (since I have clustered DHCP server on my main site). Should DHCP relay work over a IPSec tunnel, because it doesn't.

Thanks

Martin
by Rockyboa
Fri Mar 19, 2010 5:49 pm
Forum: General
Topic: strange problem on RouterOs
Replies: 10
Views: 1728

Re: strange problem on RouterOs

Ok great. Would modify both of my wan interface to the max !frag packets. Leaving my PPPoE interface to 1492. And both MRU / MTU. So I should not need to modify some MSS?

Will try this and get back.

TY again.

Martin
by Rockyboa
Fri Mar 19, 2010 5:34 pm
Forum: General
Topic: strange problem on RouterOs
Replies: 10
Views: 1728

Re: strange problem on RouterOs

TY for this fast reply,

On the PPPoE side do I modify both the PPPoE client value and WAN value. Also should I lowered the MRU to the same value of the MTU? I guess to find the optimal value, to find the biggest not frag packet using the ping -l size -f?

Again thank you

Martin
by Rockyboa
Fri Mar 19, 2010 4:38 pm
Forum: General
Topic: strange problem on RouterOs
Replies: 10
Views: 1728

Re: strange problem on RouterOs

I have a similar problem. on two sites. using a IpSEC VPN connection. One DSL PPoE and one Broadband connection. 1) On the site using PPoE, should I change the MTU to 1492 on the WAN and PPoE interface or just the PPoE? 2) As soon as I lower one site the packets get framented to a least value when I...
by Rockyboa
Thu Oct 15, 2009 5:33 pm
Forum: General
Topic: Static DNS in MT - Round Robin
Replies: 5
Views: 3167

Re: Static DNS in MT - Round Robin

Argh... I tought I will get away using this little dns server, it would have been fine if it was going to round robin my clustered storage for my virtual host. I guess I would need to install two dns server just to accomodate my virtual hosts, yikes! I would have preffer my two RB1000. Mikrotik plea...
by Rockyboa
Thu Oct 15, 2009 4:25 am
Forum: General
Topic: Static DNS in MT - Round Robin
Replies: 5
Views: 3167

Re: Static DNS in MT - Round Robin

Thank for this quick reply, Yes thats what I did, in terms of adding static host record RR: Round Robin. So each time I interrogate the host name I would like to get the first IP, next time I would like to get the next IP, etc... What would be the use of setting three IP for the same host name if I ...
by Rockyboa
Wed Oct 14, 2009 11:28 pm
Forum: General
Topic: Static DNS in MT - Round Robin
Replies: 5
Views: 3167

Static DNS in MT - Round Robin

Hi,

We use the DNS in the Mikrotik and we are building a clustered SAN. We need to RR a host so we had 3 time the host record with the three different IPs in the static entry. MT doesnt seem to RR the host. Is there a way to do it?

Martin
by Rockyboa
Tue Sep 08, 2009 5:19 pm
Forum: Beginner Basics
Topic: Dynamic IPSec interoperability
Replies: 3
Views: 1699

Re: Dynamic IPSec interoperability

David,

no, what I meant was an IPSec tunel from a dynamic, not reserved IP site to a fixed IP. But strangely I would also need to do multiple tunnel scenario, but can you just prioritized the routing table using metrics?

Sabrina
by Rockyboa
Wed Sep 02, 2009 5:08 pm
Forum: Beginner Basics
Topic: Dynamic IPSec interoperability
Replies: 3
Views: 1699

Dynamic IPSec interoperability

Hi all, Since I have finally established dynamic IPSec tunnel between two Mikrotik, I would like to know if anyone had any success doing dynamic IPSec tunnel with other vendor. We are in the process of replacing a lot of RV042 but would like to do so without replacing them all at once. Also bigger c...
by Rockyboa
Thu Aug 27, 2009 10:37 pm
Forum: Beginner Basics
Topic: RB1000 VPN offloading feature
Replies: 9
Views: 2545

Re: RB1000 VPN offloading feature

Solved it, my mistake, peer needs to be 0.0.0.0/0 not 0.0.0.0/32 to all accept connections. Hope this will help others.

But still need explanation why it creates 3 dynamic policies (noticed that 2 are identical - src: remote ste dst: primary site)

Sabrina
by Rockyboa
Thu Aug 27, 2009 10:29 pm
Forum: Beginner Basics
Topic: RB1000 VPN offloading feature
Replies: 9
Views: 2545

Re: RB1000 VPN offloading feature

ahrg, usually I'm pretty good without needing to ask spoon feeding me the procedure. But again I'll need help and hopefully this will be helpfull for some other people. I deleted the policy on the remote site and check the generate policy, that works, but strangely it created not one, nor two but th...
by Rockyboa
Thu Aug 27, 2009 12:40 am
Forum: Beginner Basics
Topic: RB1000 VPN offloading feature
Replies: 9
Views: 2545

Re: RB1000 VPN offloading feature

IPSec is working fine, but unable to make it work with dynamic IP at remote site. Remote Site: /ip ipsec export /ip ipsec proposal set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \ name=default pfs-group=modp1024 /ip ipsec peer add address=69.x.x.122/32:500 auth-method=...
by Rockyboa
Wed Aug 26, 2009 4:53 pm
Forum: Beginner Basics
Topic: Packages
Replies: 1
Views: 824

Packages

Hi, I netinstall routeros-mipsbe-4.0beta4.npk on my RB450 and noticed that I had a NTP client but no NTP server, I configured the client using the RM but their was more info and options available, like active server, next update time, etc... I tought it was related the the newer version 4. I decided...
by Rockyboa
Tue Aug 11, 2009 2:18 pm
Forum: Beginner Basics
Topic: RB1000 VPN offloading feature
Replies: 9
Views: 2545

Re: RB1000 VPN offloading feature

Those are very good info and pointers I will try as soon as my vacation are over. Again, can someone with good knowledge in tunnelling technology using Mikrotik router would be able to give me a very easy to understand pros and cons of each of them, like I said we plan to use a pure Mikrotik solutio...
by Rockyboa
Wed Aug 05, 2009 5:02 am
Forum: Beginner Basics
Topic: RB1000 VPN offloading feature
Replies: 9
Views: 2545

Re: RB1000 VPN offloading feature

Thanks for the reply. Will experiment with pptp, but some says it is less secure than Ipsec, would I achieve higher perfomrance using pptp on my RB1000? But like I said would like prefer using IPSec hardware offloading feature of the RB1000. So is dynamic IP supported at the remote location, using R...
by Rockyboa
Fri Jul 31, 2009 4:07 am
Forum: Beginner Basics
Topic: RB1000 VPN offloading feature
Replies: 9
Views: 2545

RB1000 VPN offloading feature

Hi, We just bought some Mikrotik hardware and I just read that the RB1000 is having IPSec tunnel dedicated hardware, thats pretty cool and would really benefit from that. I would like to know which tunnel are supported by this feature, is PPTP, OVPN, L2TP and IPsec use the offloading engine? Also, w...