MikroTik

jonm

I am running 3.0. How do I bridge my client pptp vpn connections?

jonm

I'm trying to use a pp2p vpn server to play network games with friends. The connection works but we cannot see each other in the game. After doing some research it turns out the udp broadcasts are required and don't seem to work. Any ideas on how to get broadcast packets from vpn connections to forw...

jonm

Okay. I rebooted the mikrotik router and the problem went away (weird).

jonm

I have setup a PPTP server using version 3.7. (1 NIC only, 192.168.1.50/24) I have mapped TCP 1723 through my firewall (along with GRE). I can connect remotely to my PPTP server. (connect and receive address 192.168.1.60) I can ping the server's IP address from remote client. (ping 192.168.1.50 from...

jonm

I'm using static dhcp on one of my networks. I have a entry for each pc/printer with its mac address. Is there any way to block traffic coming (/ip firewall filter) if it is not coming from one of my dhcp people? For instance, if they assign a static address to their pc? Basically, I just don't want...

jonm

do you think using src-nat without masquerading would work better.
Like this?

add chain=srcnat out-interface=OUT action=src-nat to-addresses=205.162.x.x to-ports=0-65535

jonm

add chain=dstnat dst-address=205.162.x.x protocol=tcp dst-port=80 action=dst-nat to-addresses=172.16.0.6 to-ports=80

Here is the NAT rule, with the exception that I changed part of the dst-address to conceal the real IP.

jonm

Mikrotik box, 2 network cards, INSIDE and OUTSIDE. I'm using masquerading to allow the private inside network access to the internet. I'm also using dstnat to map through port 80 to a webserver on the private INSIDE network. Here's the problem I can access the webservice with its OUTSIDE/PUBLIC addr...

jonm

We've been running mirotik PPPoE server for our wISP clients for a couple of years. Occasionally we do have routers that simply will not connect. We either upgrade the router firmware or replace it. It seems like early on we had a lot of trouble with linksys routers working inconsistently. Now if yo...

jonm

Place rules in the [/ip firewall filter] to block traffic. There are 3 main 'chains' you can place rules in: Input - For packets addressed to the router Output - For packets leaving the router Forward - For packets going through the router, this where you want to put most of your internet rules I wo...

jonm

I strongly agree, there are many times when interface routing would be very handy. We use it all the time on our Cisco routers. Say why do you need to have 4 pppoe-client connections to the same place anyway?

jonm

Here is my setup. 1 router, (mt 2.9.38), 3 ethernet interfaces, 1 PPPOE client interface Interface 1 - OUT - Connects to the internet Interface 2 - PPPOE-out1 - Internet connection Interface 3 - STAFF - Internal staff network Interface 4 - PUBLIC - Public access network I'm trying to set this up so ...

jonm

Okay, I rework my radius server and now the attribute is succesfully passed to the Mikrotik box! A dynamic queue (Simple) is created when a user connects. However, the max-limit is always set to 0/0 instead of what I set it to '256k/256k'. Any ideas?

jonm

I have a MT box running 2.9.11. Currently I have pppoe users authenticating via RADIUS. I've added the Mikrotik Rate-Limit attribute to my dictionary. I've also added the rate-limit attribute to my pppoe user profile. In debug mode I can see the Rate-Limit attribute being sent. However, it appears t...

jonm

Hey everyone, I've got a bizarre issue here. We have a MT pppoe-server that seems to work fine for everyone except a customer with a cisco 1700 router connecting as a pppoe-client. We have set our max mru and mtu in our pppoe server to 1400. However, when the cisco connects the MT box shows its MTU=...

jonm

I really don't want to use any sort of nat for these backhaul connections, so that sounds great.

jonm

Does mt support per-packet load balancing across T1s? I'm currently running a cisco router that load balances 2 T1s for our backhaul. I'm wondering if it is possible to swap it our for a mikrotik, however it must be per-packet and not per-destination load balancing. The best I can find in the MT man...

jonm

I'm actually trying to write a server to receive the stream. I'm having trouble decoding the wrapper.

jonm

Hi all, I've been using the /tool sniffer with a streaming server to a ethereal client to troubleshoot malicous traffic on my mikrotik network. Anyway, I've reached the limit of what I can do with ethereal. I'm trying to write my own TZSP receiver in .NET. I can capture the packets but I'm having tr...

jonm

I got it figured out. I was specifying an out-interface. I replaced that with specifying the source-address subnet and not specifying an out-interface. Now everything works great.

jonm

Hi all, I'm setting up a MT box to be a basic NAT router. Everything works fine when I set the outside address to a static IP. However, when I switch the outside address to pppoe-client nothing is masqueraded. The pppoe-client connects successfully. I have even tried changing the 'outside-interface'...

jonm

Does anyone know if it is possible to run the routerOS from a bootable CD or USB flashdrive? I just thought this would be cool to dork around with new/beta versions.

jonm

they are. RADIUS works flawlessly to the same pppoe server. It just doesn't work with the pptp-server, I never receive any radius requests and mikrotik logs a 'radius timeout' message.

jonm

I have been running my radius in debug mode. I do not receive any radius packets. However the Mikrotik log complains of a radius timeout?? That's what made me think I had a configuration issue.

jonm

[admin@coreRTR1] > /ppp [admin@coreRTR1] ppp> /inter pptp-serv [admin@coreRTR1] interface pptp-server> print [admin@coreRTR1] interface pptp-server> server [admin@coreRTR1] interface pptp-server server> print enabled: yes mtu: 1460 mru: 1460 authentication: mschap2 keepalive-timeout: disabled defau...

jonm

I've tried that with no luck. How do I set the mikrotik to use the second ppp service for pptp and not to use the first ppp that is for pppoe?

jonm

Is there anyway to specify which IP Radius request come from? For some reason they are not coming from the address I want them to (I have multiple outside addresses bound to my card). Radius will reject the request if it is not coming from the correct IP (it gives a bad digest type error). Any help ...

jonm

Hey All, I'm trying to setup a PPTP server. I want to be able to authenticate to RADIUS. How do I set that up? I'm already using pppoe on this box and authenticating to radius just fine. I'm a little stumped on how to set this up for PPTP. PPTP ignores my current radius setup and there is no option ...

jonm

All of the values I've tried so far have been from this dictionary. I've tried the Ascend and the Mikrotik Rate-Limit. No luck so far.

jonm

I'm stumped as to why you would even want to run 2 interfaces on the same subnet..

jonm

ah hah! That works! Thanks.

jonm

Hey all, I've just got my new pppoe-server setup! It authenticates to my Emerald Radius 3 server! (that took a some work). The real problem now is getting it to limit traffic. I've setup a the Rate-Limit Attribute (vendor=14988, value=8) however it does not seem to work. I've put several values in t...

jonm

Eugene!

That works for the DHCP but not for the pppoe-server ;( pppoe server entires have service-names and not just plain names. Any ideas would be greatly appreciated!

jonm

Print command? I can't find one in the manual and I get error message about it not being valid when I try to use it (I'm using ver 2.8.18). Do you mean the PUT command? I've tried that too, no error messages are logged, but the action is not performed when I run the script any ideas here? I think sc...

jonm

Hey all, I'm trying to write a script to disable dhcp and pppoe. However, everytime I run the script I either get an error like 'input does not match any value of item name' or I do not receive an error but the actions are not carried out? Any ideas here? /system script set 0 source={/interface pppo...

jonm

Say I'm setting up pppoe on my box. What is the local-address setting under /ppp profile? It looks like it should be the internal mikrotik interface address. However, that does not make sense since it is recommended not to have an IP on the internet pppoe interface (for security). Any ideas here? Sh...

jonm

Yep, that fixed that problem! Say, any idea on how users are supposed to get to the internet? I have them on a private IP address. The subnet itself is masqueraded out, but doesn't seem to work. The default gateway is just their own address (which maches sense for PPP). Anything specila I need to do?

jonm

Hi All. I'm trying to setup my MT router as a PPPOE Access Concentrator. I think everything is setup, however my Radius debug messages tell me 'Authenticate: from PPPOE - No Password' . I can only guess that the password is not being sent (testing from WinXP). Any ideas or suggestions here? I have t...

jonm

nevermind, I got it. I looks like I needed to specify the action="nat" instead of 'masquerade'. Thanks for the help. I'm still trying to solve the gratitous arp problem.

jonm

lastguru, I've got another VRRP issue, I'm using src-nat masquerading to let my wireless customers out to the internet. I want the outside vrrp address to be the one that they get src-nat'ted through. does that make any sense? I've tried setting the to-src-address=205.162.25.125, but it does'nt seem...

jonm

okay, now I have a new problem. it appears that cisco routers (2600) also ignore gratitous arp packets. If most other network devices ignore these packets, then what use is vrrp?

jonm

Basically, behind the vrrp interfaces is a Waverider Access-Point, on the otherside of that is my computer. Both the AP and SU are bridges, not routers. Perhaps they are not passing those arp packets.. There may be an issue.. hmm..

jonm

It does'nt seem to matter, WinXPsp2, Win2003. The more I look at this, the more it looks like an arp problem. I need to get some packet captures so I can see what really happens.

jonm

UPDATE: It seems to happen no matter what I do, even if I don't do a traceroute. 1. Kill the master, let it reboot. 2. Fails to backup. 3. Master comes back up, takes over master role. 4. Reboot backup. 5. My computer can't get outside, it is still looking for the secondary IP even through it's gat...

jonm

most access routers implement this feature with SNMP and most radius programs can check to see if a user is really online using snmp. I wonder, can we see the logged on hotspot users with snmp? If not, adding that feature would definetly fix the problem and make it compatible with the majority of ra...

jonm

Hey guys, I just setup VRRP on my wireless network. The setup was easy and most everything seems to work fine. However, I'm trying to figure out a very odd problem. When I do a tracert, I don't see the virtual IP, I always see the master router's IP. This seems to be screwing me up. 1. I do a tracer...

jonm

I've seen some weird issues with VRRP, not a w2k3 issue yet. I actually have a win2k3 box at home behind a vrrp router and it works fine. Make sure to dump your arp table (or restart the computer) after you change the gateway.

arp -d *

Search found 47 matches

Re: Forwarding broadcast from pptp vpn

Forwarding broadcast from pptp vpn

Re: PPTP Connected but cannot access other PCs

PPTP Connected but cannot access other PCs

Block non dhcp users?

Can't access my dst-nat web service from inside

Setting priority of network traffic

Rate-Limit not working on PPPoE

Cisco PPPOE-Client trouble

Per-Packet T1 Load Balancing?

Help dissecting TZSP protocol.

Masquerade with outside interface as pppoe-client

RouterOS from a FlashDisk or CD?

Controlling Radius IPs

PPTP Server help

PPPoE Rate-Limit

Can't get basic 2 line script to work.

/ppp profile local-address?

PPPOE Radius - "No Password"

TraceRoute breaks VRRP??