Community discussions

MikroTik App

Search found 23 matches

by Alupis
Tue Apr 26, 2022 1:31 am
Forum: General
Topic: Very Slow output for traffic passing through CHR
Replies: 8
Views: 3531

Re: Very Slow output for traffic passing through CHR

Hmm... MTU or fragmentation issue? Just start count the overhead backwards from the MTU used by your ISP Thanks. I had initially suspected a possible MTU issue. According to Vultr, all interfaces on the VPC network must bet set to 1450 MTU. https://www.vultr.com/docs/how-to-create-a-vultr-virtual-p...
by Alupis
Sat Apr 23, 2022 12:39 am
Forum: General
Topic: Very Slow output for traffic passing through CHR
Replies: 8
Views: 3531

Re: Very Slow CHR -> CCR GRE/IPIP/EOIP Tunnel

I think I've narrowed the problem down to traffic going from any of the cloud servers through the CHR. So output from the CHR's perspective. A MTR in both directions shows zero packet loss: https://i.ibb.co/wZkSnRw/mtr-office-cloud.png Cloud Server to Cloud Server throughput is great, measured with ...
by Alupis
Fri Apr 22, 2022 10:46 pm
Forum: General
Topic: Yet another changelog thread
Replies: 52
Views: 3370

Re: v7.2.1 [stable] is released!

Changelog contains one line rough description of changes. It's not a blog. Well, you sound arrogant, don't you? I've paid for the hardware and the software license. You owe me explanation. BTW open source projects where I've paid nothing provide "blog posts" for every release and excellen...
by Alupis
Fri Apr 22, 2022 2:41 am
Forum: General
Topic: Very Slow output for traffic passing through CHR
Replies: 8
Views: 3531

Very Slow output for traffic passing through CHR

UPDATE IN BELOW POST - No longer think this is a GRE Tunnel issue Basic Setup: CHR P10 licensed & activated, hosted on Vultr cloud hosting provider running 7.2 Stable, 1000Mbps/1000Mbps CCR hardware running 6.48.6 Long Term, 1000Mbps / 45Mbps Topology: Office Workstation (Private: 10.0.0.5/27) |...
by Alupis
Tue Mar 08, 2022 7:23 pm
Forum: General
Topic: Can't Revoke Certificates after Importing to new hardware - has private key
Replies: 7
Views: 1270

Re: Can't Revoke Certificates after Importing to new hardware - has private key

It should be possible to create an individual identity , matching on that particular certificate, and give it a specific policy template group with no template in it. So that peer would be able to complete phase 1 but not create any policy. First try whether it works using one of the peers with a c...
by Alupis
Tue Mar 08, 2022 5:56 pm
Forum: General
Topic: Can't Revoke Certificates after Importing to new hardware - has private key
Replies: 7
Views: 1270

Re: Can't Revoke Certificates after Importing to new hardware - has private key

Thanks sindy - yes, I need to prevent this user from establishing a VPN connection. Deleting the certificate (which it allows since it doesn't recognize the Issued status) isn't sufficient, since it was signed by the same CA as the VPN server's certificate. Is there another work-around? Background -...
by Alupis
Tue Mar 08, 2022 5:11 am
Forum: General
Topic: Can't Revoke Certificates after Importing to new hardware - has private key
Replies: 7
Views: 1270

Re: Can't Revoke Certificates after Importing to new hardware - has private key

Thanks, I can export the certs (CA, Int, and User) with passwords successfully, but no dice on getting the "Issued" flag. I can't sign existing certificates, gives an error: "Couldn't start - At least one field specifying certificate name must be set!". I think this is because th...
by Alupis
Tue Mar 08, 2022 4:30 am
Forum: General
Topic: Can't Revoke Certificates after Importing to new hardware - has private key
Replies: 7
Views: 1270

Can't Revoke Certificates after Importing to new hardware - has private key

I'm in a bit of a pickle. I did the following: Exported CA certificate, intermediary certificate, and user certificates from old Mikrotik hardware. This was done using a password on each certificate so it would preserve the private keys. Imported all certificates into new Mikrotik hardware, starting...
by Alupis
Thu Dec 28, 2017 6:56 pm
Forum: Wireless Networking
Topic: Metal 52 ac station / RB2011UiAS-2HnD-IN client (slow speed)
Replies: 1
Views: 1060

Re: Metal 52 ac station / RB2011UiAS-2HnD-IN client (slow speed)

Had a similar experience with poor wireless performance. I was running with Frequency set to Auto, and Width set to 20/40 Ce, and there's quite a bit of wireless congestion in my area (neighborhood). Using my phone and a WiFi Analyzer app, I saw the Tik was picking channel 3 + 5, with 40 Mhz width. ...
by Alupis
Sun Nov 16, 2014 6:09 am
Forum: General
Topic: 6.22 released!
Replies: 151
Views: 71143

Re: 6.22 released!

read the changelog - if you don't need a feature/fix, don't upgrade if your setup is working fine. If you do, well, report problems back in a non-whiny way with the data necessary for MT to actually fix your problem. make sure you have a backup of your Know-Good config BEFORE you attempt an upgrade...
by Alupis
Sun Nov 16, 2014 5:44 am
Forum: General
Topic: 6.22 released!
Replies: 151
Views: 71143

Re: 6.22 released!

guys, calm down. did you see how fast they rolled from 6.21.1 -> 6.22? like 2 weeks. THEY ARE LISTENING AND ATTEMPTING TO FIX PROBLEMS! There was a beta upgrade -- but I assume the people complaining here did not download it, try it, and report back problems -- so MT has zero/little complains on bet...
by Alupis
Sun Nov 16, 2014 3:36 am
Forum: General
Topic: Import Script fails on line that does not exist
Replies: 1
Views: 1694

Re: Import Script fails on line that does not exist

hmm... so after some further experimenting, it seems configuring /system ntp client set enabled=yes server-dns-names=0.us.pool.ntp.org,1.us.pool.ntp.org in the script may have been causing some trouble since I was doing this without being plugged into the WAN. I tried doing the restore of the .backu...
by Alupis
Sun Nov 16, 2014 12:39 am
Forum: General
Topic: Import Script fails on line that does not exist
Replies: 1
Views: 1694

Import Script fails on line that does not exist

I have 2 CCR's that I'm trying to keep the configs in sync with each other. One is the primary unit, and the other is a backup unit that is off most of the time. I first tried to take a backup of the first CCR, then download the .backup file to my machine --> power on the backup unit, plug my comput...
by Alupis
Fri Nov 14, 2014 5:54 pm
Forum: General
Topic: 6.22 released!
Replies: 151
Views: 71143

Re: 6.22 released!

Why upgrade that critical router before testing by yourself on other non critical place ? I first upgrade my home MT router everything working then update non critical part of network and after that update critical part of network. I know people using today 2.9.27 or 3.30 or 4.17 or 5.26 or 6.22 an...
by Alupis
Thu Nov 13, 2014 7:42 pm
Forum: General
Topic: 6.22 released!
Replies: 151
Views: 71143

Re: 6.22 released!

I could give you many ticket IDs which show differently... no point in arguing. if you work in software development for a while, you would understand tickets filed that effect only a small subset of users take the backseat to show-stopping issues (like if the router stops passing traffic or somethi...
by Alupis
Thu Nov 13, 2014 6:31 pm
Forum: General
Topic: 6.22 released!
Replies: 151
Views: 71143

Re: 6.22 released!

fellas, calm down a second. any new release of any software will have some problems, not just mikrotik. if you have some core infrastructure that you cannot afford to have problems with -- don't upgrade immediately, let is play out for a few days/weeks while users who can afford to be "bleeding...
by Alupis
Wed Nov 12, 2014 9:44 pm
Forum: General
Topic: IPSec Users | Use ldap from Windows AD?
Replies: 3
Views: 2646

IPSec Users | Use ldap from Windows AD?

Is it possible to configure IPsec Users to be imported from a Windows AD? When I view IP -> IPSec -> Users there does not seem to be any options other than to just create a local static user. I would like to allow users or a group of users from the AD to use VPN access (so one less password/user com...
by Alupis
Tue Nov 11, 2014 8:23 pm
Forum: General
Topic: IPSec VPN Use custom DNS
Replies: 1
Views: 1368

IPSec VPN Use custom DNS

Hello, I am using IPSec with Shrew as the clients from some windows boxes. The RB's DNS settings have 3 dns servers, 1 is internal to the network, the other 2 are google dns servers in case the local dns goes down for some reason. the problem is, over the vpn, users are not always resolving local ne...
by Alupis
Mon Nov 10, 2014 8:40 pm
Forum: Scripting
Topic: SetNtpServers - Set System Time via NTP, Alternative Script
Replies: 12
Views: 12621

Re: SetNtpServers - Set System Time via NTP, Alternative Scr

Isn't it easier to setup your local NTP server for your local network on this spare linux box ? Quick example: http://ubuntuforums.org/showthread.php?t=862620 Sure, if you have one. Some folks just want their router to NTP itself... or don't have a spare box to setup NTP server on like in a SOHO en...
by Alupis
Sun Nov 09, 2014 3:21 am
Forum: Scripting
Topic: SetNtpServers - Set System Time via NTP, Alternative Script
Replies: 12
Views: 12621

Re: SetNtpServers - Set System Time via NTP, Alternative Scr

I can confirm the NTP script works without modification on v6.21.1

I did notice it took a little bit before the time actually updated. Also, make sure you have specified your timezone in the System --> Clock menu.
by Alupis
Wed Feb 29, 2012 7:58 pm
Forum: Beginner Basics
Topic: Open port for entire network?
Replies: 6
Views: 6027

Re: Open port for entire network?

hmm.. here's some more backstory if it helps... This all runs from my house... and I have a single public IP (dynamic - but that doesn't matter) I have a home server that runs a few different services for myself and a few friends and clients (instant messaging, email, game servers... etc.) My home s...
by Alupis
Wed Feb 29, 2012 7:03 pm
Forum: Beginner Basics
Topic: Open port for entire network?
Replies: 6
Views: 6027

Re: Open port for entire network?

is there a way to just open that port then and not forward? maybe in the filters use the Input / Accept filter chain? I really want to avoid having to change ports for my home server as I have several clients running off it and it would be a pain to have to change them all over. I'd really just like...
by Alupis
Wed Feb 29, 2012 6:33 pm
Forum: Beginner Basics
Topic: Open port for entire network?
Replies: 6
Views: 6027

Open port for entire network?

I want to open some ports for my entire home network so my roommates can play one of their games. I have the ports open under NAT rules, but when i put the dst-nat to address 0.0.0.0 or 0.0.0.0/0, the traffic doesn't seem to reach the machines...(or one machine is getting all of the traffic???) Can ...