MikroTik

ahtoh

Is it on the roadmap?
any ETA?

ahtoh

I must have mentioned, the first router is ISP provided (xfinity) and I don't see a way to request /56 or /60 from the provider and then make it pass the subnet prefix to the downstream mikrotik.
For my purposes NAT is good enough so I don't care.

ahtoh

Because I'm behind two routers. The first one does receive the prefix.
Don't know how to pass the prefix to the downstream router.

ahtoh

OK I figured this out - enabled EUI64 on the address and now it seem to work after reboot. here is my final config that works. hopefully this will help someone else generate your local ip6 address here:https://cd34.com/rfc4193/ /ipv6 settings set accept-router-advertisements=yes /ipv6 address add ad...

ahtoh

Ok I enabled Accept Router Advertisments and disabled that option to add default gateway in the DHCP client. But now I have another problem, after reboot it says duplicate address detected: If I disable and enable the address it works. So it's a similar situation for me as before, now instead of tog...

ahtoh

should I remove add-default-route=yes from the dhcp client?
It sounded that it's a hack that was not supposed to be there to begin with

ahtoh

So what am I supposed to change to make ipv6 work? this is so basic config so I'm surprised it's not working. I just want to automatically get ipv6 address from the upstream router and use NAT within a subnet behind mikrotik. Similar to default IPv4 config in many routers that just works out of the ...

ahtoh

these are my ipv6 settings, it's default on my router, and I'm using latest version 7.9.1

Screenshot 2023-05-24 100440.png

ahtoh

Could it be that your manual DHCPv6 client on ether1 conflicts with Router Advertisements on wlan1? They appear to be the same route, for whichever reason the bottom one uses different notation. What is not working? the default gateway that is automatically added by dhcp client is different - notic...

ahtoh

I noticed the difference between the routes:
after restart:

before-dhcp-toggle.jpg

after dhcp disable/enable:

after dhcp-toggle.jpg

any ideas why it does not come as on the last picture after router restart?

ahtoh

It starts to work if I disable and enable back DHCP client. Any ideas? here is my ipv6 config (firewall rules/address lists are there but all default) ether1 is my LAN and wlan1 is my WAN /ipv6 address add address=fd28:a78:c265:: interface=ether1 /ipv6 dhcp-client add add-default-route=yes interface...

ahtoh

I also vote for this feature
need it for XFINITY wireless network connection

ahtoh

These are settings from my windows 10, which work just fine. Windows connects after I enter my XFINITY username and password (also shows certificate issued by COMODO RSA CA) I can't find a way to replicate these settings on Mikrotik device (SXTsq 5 ac) No matter what I tried I get "802.1x authe...

ahtoh

yes the mss rule is still necessary
on the contrary, enabling or disabling the additional ipsec policy "action=none dst-address=192.168.11.0/24 src-address=0.0.0.0/0" had no visible effect

ahtoh

Mikrotik support quickly identified the issue and suggested me to add these firewall rules: /ip firewall filter add chain=forward action=accept src-address-list=vpn dst-address-list=!vpn place-before=6 /ip firewall filter add chain=forward action=accept src-address-list=!vpn dst-address-list=vpn pla...

ahtoh

I think this goes beyond my level of troubleshooting.
I'll just report this to Mikrotik and leave this to them

p.s. I wonder if the issue is because my WAN interface is wireless which is less common and have not been probably tested thoroughly

ahtoh

I tried to reduce it to 1200 but still the same Windows VPN client works just fine. It simply creates a new tunnel interface with MTU of 1400 and everything works great. So it's not something with my provider, it's Mikrotik VPN implementation that does not work. I'm behind two NATs here, not sure if...

ahtoh

Here is the full export. Firewall rules are all default I believe # oct/25/2020 20:02:05 by RouterOS 6.47.6 # software id = 4QAA-IY6H # # model = RBSXTsqG-5acD # serial number = XXX /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ ...

ahtoh

I thought the screenshot would be better as this is not very readable Flags: T - template, B - backup, X - disabled, D - dynamic, I - invalid, A - active, * - default # PEER TUNNEL SRC-ADDRESS DST-ADDRESS PROTOCOL ACTION LEVEL PH2-COUNT 0 T X* ::/0 ::/0 all 1 0.0.0.0/0 192.168.11.0/24 all none 2 T :...

ahtoh

if I add the mss mangle rule it starts to work, but again, every time I navigate on this forum (including preview page), there is a 2-3 seconds delay before it opens a page
Some sites like speedtest.net take 10 or 20 seconds "connecting" before it starts loading

ahtoh

this is how it looks when the tunnel is up
the first line is something that comes with default config, I did not touch that

Capture.PNG

ahtoh

yes I'm using IKEv2 my setup is the same as described here (with option 1 only) https://wiki.mikrotik.com/wiki/IKEv2_EAP_between_NordVPN_and_RouterOS I added this but it did not help /ip ipsec policy move *ffffff destination=0 add action=none dst-address=192.168.11.0/24 src-address=0.0.0.0/0 place-b...

ahtoh

I lost my previous config and trying to set up Ipsec tunnel again I use ipsec mode config with src address list "vpn" here is my mangle rule, but it does not seem to work, the sites are loaded slowly and not fully what am I missing here? /ip firewall mangle add action=change-mss chain=forw...

ahtoh

It started when I moved it by the window.
It was locking up when under sun light (coincidence?)
After 2nd lock up I drilled the holes and it never happened again.
These simple events make me think the overheating was the issue.

ahtoh

The specs says "Operation temperature -40..50" My understanding it is not the temperature inside next to the chip, it's the air temperature outside the unit. The room temperature was 25 when it stopped working. I doubt sunlight through a window made it over 50. Maybe my router is just faul...

ahtoh

1. Normis from Microtik support in post #7 says "it does not matter"
2. It was not DIRECT sunlight. two glass window was in between
3. Direct sunlight does not increase AMBIENT temperature

ahtoh

Looks like the holes helped
I think paper would not help THAT much
Anyway, the point here is that the temperature on the contrary DOES matter and the hardware can not handle very hot temperatures as was claimed above.

ahtoh

boring as the narrator in the CSS610 video
where is WiFi 6E router with 5 or better 8 2.5G ports?

ahtoh

It doesn't matter how hot it feels. The hardware can handle it and will work fine.

In my case it does matter.
My router is sitting by the window and would stop working when under sun light.
I drilled the holes to help cooling. Will see how it goes.

ahtoh

Here they say it wont work unless you have a special RouterBOOT version which is not public viewtopic.php?t=137262

ahtoh

I bought it as non-working. No idea when it happened. I did reset to factory defaults I was not able to make it show up in the netinstall application though, I followed the instructions but it just does not show up. The fact that the problem is intermittent and probably depends on the temperature ma...

ahtoh

yes, tried with both barrel jack and POE input

ahtoh

https://youtu.be/ra1eXyypNMI
Any ideas how to fix this?
Sometimes it boots just fine when it is cold

ahtoh

Did anyone report this to Mikrotik support?
I'm trying to do this but not able to register on their support portal

ahtoh

My suggestion is to use 100% MikroTik and you will be happy. It will not have a high cost to replace this repeater. https://wiki.mikrotik.com/wiki/Wireless_WDS_Mesh Check out the wireless signal Protocol used in both Ex: 802.11 Channel etc. The link is dead. Can you please point to wiki on how to s...

ahtoh

Yes my understanding is the same. And it works fine if I do not use DHCP on the client devices. So I was wondering if there is a workaround on the mikrotik to make that DHCP packets get through the wireless bridge. I tried to play with setting in the "DHCP server" and it sometimes worked a...

ahtoh

Mikrotik is basically in the default configuration with quickset option "Home-AP Dual"
Linksys is connected via wi-fi to wlan2 on Mikrotik (5Ghz) not sure what do you mean by port.

ahtoh

I'm using Mikrotik router in the normal "Router" mode (I think it is called Home AP in quickset) NAT and DHCP enabled and everything works fine when I connect to Mikrotik via wifi. I also use my Linksys router (AC1200) to extend the coverage and I set it up with "Wireless bridge"...

ahtoh

Just bought another brand because Mikrotik is missing this feature.
https://www.gl-inet.com/products/gl-mv1000/

ahtoh

I wonder if Qualcomm requires patent licensing for router SOCs in a similar way it does for cellphone chips
https://arstechnica.com/tech-policy/201 ... -20-years/

ahtoh

How do I do that?
There is no any option to set the MTU for the IPSEC tunnel in Mikrotik

ahtoh

I'm having the same problem with IPSEC/IKEv2 client on Mikrotik Windows 10 client works fine, but that's because win10 creates a separate interface with MTU set to 1400 Mikrotik does not create a PPP interface for IPSEC tunnels, thus leaving MTU unchanged. I know there is a mangle rule to clamp the ...

ahtoh

Switched to ipesc/ikev2 and get slightly better speed around 34 mbps with aes-128-cbc.
Looks like this router does not support ipsec encryption acceleration

ahtoh

It means you are using EAP authentication, unfortunately it is currently not supported in RouterOS for IKEv2 initiator (client) side. I see EAP option in version 6.45.6 so I assume it was added Please provide documentation on how to properly generate the certificates (for both EAP and RSA), these i...

ahtoh

I set up my wAP ac to use as L2TP/IPSec client and it reaches 100% cpu load when I run speed test.
The maximum throughput speed I get is about 26-27 Mbps
Are these numbers OK or I should look into optimizing some settings?

ahtoh

It means you are using EAP authentication, unfortunately it is currently not supported in RouterOS for IKEv2 initiator (client) side. I see EAP option in version 6.45.6 so I assume it was added Please provide documentation on how to properly generate the certificates (for both EAP and RSA), these i...

ahtoh

DYnamic and Static at the same time?

ahtoh

6RC9 installed - the issue is still there
can I have at least a confirmation or any comment on this?
can anyone confirm that I'm in the right forum for this issue?
how can I get any support from mikrotik? is it official forum or what?

ahtoh

any update?

ahtoh

router: RB750 RouterOS version: 6.0rc7 6to4 tunnel setup: http://wiki.mikrotik.com/wiki/Setting_up_an_IPv6_tunnel_via_6to4 with only difference in the route (one from manual does not work): ipv6 route add dst-address=::/0 gateway=ipng-tunnel ping ipv6.google.com - works ping ipv6.yandex.ru - does no...

Search found 50 matches