MikroTik

TimGuyUK

Hi Guys, So I've started to deploy LHG LTE6, LHG cat4 and tried the SXTLTE6. I can definitely say the LTE6 hardware is just a lot more money for no reason. *the cat4 does exactly the same job and provides the same speed* Not much comfort for you but at the advice of a UK supplier we started using a...

TimGuyUK

Probably R11e-LTE is not connecting to that Band what other devices and thats why you have that situation. USB Doungle have good speed, this measn it's not a antenna problem. Looks like band 20 is the only one I can use with the R11e-LTE, I cant unfortunately tell what band the dongle is running on...

TimGuyUK

Ill chip in my experiance. I have two RBLtAP-2HnD here in the UK. Using both O2 and Vodafone sims. One is currenty in London and one out in the country side. The 4 tests we have seen are as follows: Iphone test 50-60Mbps+, In london sometimes 90Mbps Huawei e3272 dongle 50-60 Mbps RBLtAP-2HnD 10Mbps ...

TimGuyUK

Preshared key OR certificates, even with Remote ID Ignore the IOS device can not have the same Local id (Remote id from MK side), if there different it works but I cant push that config out with a Apple MDM profile payload to all IOS devices. Anyone got IKEv2 VPN clients working with the same Local ...

TimGuyUK

I need to allow multiple IOS devices to connect to a MK server ideally with the same account / IKEv2 configuration. This is so I can have 'Always on' VPN for a filtering solution. Manually created VPNs do not have the always on option. I can do that on manually configured IOS devices by using the pr...

TimGuyUK

HI We are having some issues with some of our L2TP / bridged connections, Ill maybe post more in another post of the l2tp disconnections that weve been getting but would you clever people recommend the MTU/MRU for not only the L2TP but also the bridge? We started originally with L2TP IPSEC running E...

TimGuyUK

I have a L2tp vpn coming into a bridge thats linked to a vlan'ed interface. l2tp>Indivdual PPP Secrets for each user>PPP Profile with Local Address of CCR and Remote Address controled by Pool and Standard Bridge linked Bridge> Nothing special Proxy-arp enabled Bridge Ports> Indivdual L2tp connection...

TimGuyUK

Sounds like MTU issue, post anonymized version of the config (between code bracket) here for someone to look at

You are correct, Matching the MTU to 1500 on EoIPs at both ends solved my issue,

Cheers

Tim

TimGuyUK

I can only confirm that I had this today also. I just cant see what I’ve done different to all the other eoip I’ve setup.

Tim

TimGuyUK

On each end, the input rule in firewall must accept protocol=gre packets from the address from which the opposite end sends the EoIP transport packets. But thinking of it, read also this post as your setup is very similar. The seperate post of order of layers starting is always possible. Is the res...

TimGuyUK

On each end, the input rule in firewall must accept protocol=gre packets from the address from which the opposite end sends the EoIP transport packets. But thinking of it, read also this post as your setup is very similar. So still not 100% sure on the rule. Head Office External - 1.1.1.1 Head Offi...

TimGuyUK

I have a x86 router now running 6.44.3, it was running 42.x, remotely we have a mixture of MK routers but most of them are GR3's We have 10 EoIP tunnels over L2Tp/IPSec vpn/bridge coming into that router. Every now and again one of the EoIP tunnels will drop. We can see traffic from both sides of t...

TimGuyUK

I cannot suggest what is wrong with the EoIP tunnels, but if you have Mikrotiks at both ends of each tunnel, and unless you need VLANs to run through the tunnels and at the same time be tagged/untagged on the endpoint Mikrotiks, you can use the L2 tunneling capability of L2TP itself. Thanks Sindy Y...

TimGuyUK

I have a x86 router now running 6.44.3, it was running 42.x, remotely we have a mixture of MK routers but most of them are GR3's We have 10 EoIP tunnels over L2Tp/IPSec vpn/bridge coming into that router. Every now and again one of the EoIP tunnels will drop. We can see traffic from both sides of th...

TimGuyUK

Im at a trade show this week and the wifi is saturated. We always know to turn 2.4 off as that's a no go but this year with a hAP ac2 5Ghz is also a no-go. I sometimes get unicast key exchange timeouts and on the logs Im also getting Radar Detect @ 5805000. Googling about Ive increased Group key upd...

TimGuyUK

So I see a couple of threads from a few years ago saying you need individual ip address within the hosted cloud router and that if a line drops the whole thing is goes unstable unless you drop that line out the bond.

Im guessing that if that's the case its maybe not the best idea to peruse?

Tim

TimGuyUK

Hi Guys I'm looking for some short term bandwidth into a site. Its for less than a year, UK leased line for a years contact carry's large installation fees. My idea was to have a cloud hosted MK router with say 500Mb bandwidth connected to 4 bonded DSL connections into a physical MK on premise. I wo...

TimGuyUK

I seem to remember a thread or two on this forum where users complained about MT not allowing /31 netmask (if you think of it, it doesn't seem like valid net mask as it lacks network and broadcast addresses). But there's a workaround (from the first linked thread): /ip address add address=1.2.3.246...

TimGuyUK

Hi Dealing with UK lease line WAN circuit suppliers (well BT and Virgin) I always have to program the WAN interface of the MK with a mask of at least /29 (and sometimes /28) where as the documented subnet mask from the supplier is always 255.255.255.254 (/31). The Aggregation router is always the ne...

TimGuyUK

Hi So. I have some solutions coming up where we are replacing an out going ISP with a wires only provided solution meaning that we will replace the ISP router that would generally provide the customers true RIPE provided ip's on its LAN port. This means that for a customer that maybe has a firewall ...

TimGuyUK

Wouldn't they have another bridged tunnel elsewhere that may be causing a loop? Possible. They have a ruckus wireless network that could have some kind of bridge in it. The workstations going out via a SonicWALL appliance that I don't have access to. That is purely for web traffic and filtering but...

TimGuyUK

/interface bridge filter add action=drop chain=input in-bridge=pptp mac-protocol=ip src-address=10.0.0.0/8 add action=drop chain=output dst-address=10.0.0.0/8 mac-protocol=ip out-bridge=pptp add action=drop chain=forward in-bridge=pptp mac-protocol=ip src-address=10.0.0.0/8 add action=drop chain=fo...

TimGuyUK

I cannot guess how this setup could end with duplicated IPs, but after seeing 11.200... I understand the scenario and your will to simply filter it out and be done with it. You can filter directly in the bridge, make sure you select mac protocol 800 (ip), that will enable using IP addresses as crit...

TimGuyUK

Wanted the full export... Is ROS installed on bare metal, or are we speaking about a VM? Did you restore a .backup file on this server at any prior stage? Can you provide a diagram of the customer network addressing? (hand drawn is fine) Thanks. I have kept the original internal ip range in this ex...

TimGuyUK

post an export. Cheers. How much do you want. This is the PPP and Bridge stuff /interface bridge add arp=proxy-arp disabled=yes name=pptp /interface ethernet set [ find default-name=ether1 ] name=ether1-Wan set [ find default-name=ether2 ] name=ether2-Lan /ip pool add name=VPN ranges=192.168.10.250...

TimGuyUK

I have a customer who Ive setup a pptp server on a mk x86 sw router. All works fine, the mk has a dhcp pool for the lan side network and traffic flows between the internal lan and the pptp client. However. The customer has two devices on the internal lan that aren't anything to do with the mk router...

TimGuyUK

Hi Everyone Could anyone give me any advice on the following. I needing to do a DST-NAT (port forward / Publish from router to internal ip) with a Mangle Pre-routing Marked Filter rule for all 0.0.0.0/0 traffic. I have a remote site where I need all traffic to go up its VPN connection to head office...

TimGuyUK

Sorry to bring bonding up again. I read and I read but not having two DSLs in the same location its difficult for me to test this. I have a customer with a UK 80/20 FTTC connection where the upload speed is restrictive for the data they need to send. The solution is a l2tp vpn with EoIP bridge to my...

TimGuyUK

I don't believe any of the main UK distributors for MikroTik equipment will sell anything which is not permitted for use in the UK (e.g. I don't believe LinITX or MSDist sell any of the 900MHz gear). We've done a couple of "not quite line of sight" installs with MikroTik SXT devices - e.g...

TimGuyUK

So I have done a few Motorola / Cambium p2p non line of sites in my time and some obvious line of site 802.11 links up to 5km but I've never tried any MT kit. I am aware that there is some MT products that aren't allowed in the UK. As an exercise I was going to try and connect my house to the office...

TimGuyUK

I have a R850Gx2 EoIP over l2tp that Ive been running on a UK FTTC 80/20 line for a while. Its used for offsite hyperv replication. the l2tp is unencrypted, the EoIP is using IPSEC secret straight from the general tab of the tunnel. I have it bridged to a single device on a x86 Quad Core RouterOS de...

TimGuyUK

Boom.. Got it (for me at least) In my locked down firewall state I had to enter the following: add action=accept chain=input comment="Allow - IPsec Allow in" in-interface=WAN-Interface log-prefix="" protocol=ipsec-esp \ src-address=<Azure VPN IP> I already had port 500 open for o...

TimGuyUK

I have followed the Microsoft Mikrotik<>Azure VPN howto and I can get to a point where Azure is showing that there is a connection established but I can not transfer data between them. https://blogs.technet.microsoft.com/rharper/2012/11/14/creating-a-site-to-site-vpn-with-windows-azure-and-mikrotik-...

Search found 33 matches

Re: Cat6 LGH LTE Super bad performance

Re: Cat6 LGH LTE Super bad performance

Re: Cat6 LGH LTE Super bad performance

Re: Multiple IKEv2 IOS VPN Client to MK via MDM with same settings

Multiple IKEv2 IOS VPN Client to MK via MDM with same settings

L2TP EoIP/BCP Bridge MTU/MRU Recommendation

Re: VPN with multi L2 VLAN

Re: Need help, certain websites stop working after EOIP

Re: Need help, certain websites stop working after EOIP

Re: EoIP tunnels randomly fail

Re: EoIP tunnels randomly fail

Re: EoIP tunnels randomly fail

Re: EoIP tunnels randomly fail

EoIP tunnels randomly fail

hAP ac2 in busy wifi location

Re: Bonding Suggestions Hosted MK to Multi FTTC onprem

Bonding Suggestions Hosted MK to Multi FTTC onprem

Re: UK Lease line WAN subnet mask on MK routers

UK Lease line WAN subnet mask on MK routers

Replacing 2 ISP/Customer router solution with one

Re: filtering pptp srv/client bridge

Re: filtering pptp srv/client bridge

Re: filtering pptp srv/client bridge

Re: filtering pptp srv/client bridge

Re: filtering pptp srv/client bridge

filtering pptp srv/client bridge

DST-NAT Publish with Pre-Routing default route Rule

DSL bonding ipsec EoIP bridged tunnel over L2TP

Re: UK P2P trial with Mikrotik Kit suggestion

UK P2P trial with Mikrotik Kit suggestion

R850Gx2 - EoIP Over SSTP Speed

Re: Azure VPN in 6.34

Azure VPN in 6.34