Community discussions

MikroTik App
 
tinka
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Wed Dec 02, 2009 5:48 pm

Can't access certain sites through CAPsMAN setup

Fri Aug 15, 2014 5:11 pm

I am trying to setup CAPsMAN with one cap. The idea is to have my normal AP and a guest AP. The future guest APs I can block with rules in the firewall without going through vlans and needed additional switches. Hence CAPsMAN.

The setup is quite simple. I have two bridges. One bridge for "MyNetwork" and one bridge for "MyGuestNetwork". Both are masqueraded out of ethernet 1. I have setup DHCP on those bridges with two different ranges. The "real" cap interface is bridged to bridge1 together with ethernet2. The virtual cap is bridged to bridge2.

Everything works for MyNetwork but I can't reach http://www.google.com for MyGuestNetwork.

I have done some troubleshooting.

Switching the virtual cap to bridge1 one doesn't solve the problem. Switching real cap to bridge2 and it still works. From this I assume it has something to do with the caps (perhaps real vs virtual) and not with something above that (bridge/masquerade/firewall/...).

Normal sites (other than http://www.google.com) seem to work. http://www.google.com gets redirected to https but another https site i visit works normally.

I am a bit lost.

---> further information

It is not only related to google. Also other sites (none https) sites seem to suffer. The loading takes forever.

After a reboot of both the router and the AP the problems are gone.

I hope it stays this way but i doubt it will.

--> some further information

I assume the following is more or less as its supposed to be but comments are appreciated
/interface bridge
add comment="MyNetwork Bridge" l2mtu=1520 name=bridge1
add comment="MyGuestNetwork bridge" l2mtu=1520 name=bridge2

/interface ethernet
set [ find default-name=ether2 ] arp=proxy-arp
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] arp=proxy-arp
set [ find default-name=ether5 ] arp=proxy-arp

/ip neighbor discovery
set ether1 discover=no
set bridge1 comment="MyNetwork Bridge"
set bridge2 comment="MyGuestNetwork bridge"

/caps-man configuration
add datapath.bridge=bridge1 name=MyNetwork security.authentication-types=\
    wpa2-psk security.encryption=aes-ccm security.passphrase=XXXXXXXXXXXXXX \
    ssid=MyNetwork
add datapath.bridge=bridge2 name=MyGuestNetwork \
    security.authentication-types=wpa2-psk security.encryption=aes-ccm \
    security.passphrase=XXXXXXXXXXXXXX ssid=MyGuestNetwork

/interface wireless security-profiles
set [ find default=yes ] group-ciphers="" unicast-ciphers=""

/ip pool
add name=pool179 ranges=192.168.179.120-192.168.179.254
add name=pool50 ranges=192.168.50.120-192.168.50.254

/ip dhcp-server
add address-pool=pool179 authoritative=yes disabled=no interface=bridge1 \
    name=DHCPserver179
add address-pool=pool50 authoritative=yes disabled=no interface=bridge2 name=\
    DHCPServer50

/caps-man manager
set enabled=yes

/caps-man provisioning
add action=create-dynamic-enabled master-configuration=MyNetwork \
    slave-configurations=MyGuestNetwork

/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge2 interface=ether5

/ip address
add address=192.168.179.1/24 comment=MyNetwork interface=bridge1 network=\
    192.168.179.0
add address=192.168.50.1/24 comment=MyGuestNetwork interface=bridge2 network=\
    192.168.50.0
	
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1

/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=\
    xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx

/ip firewall address-list
add address=192.168.50.0/24 list=local-all
add address=192.168.179.0/24 list=local-all	
	
/ip firewall nat
add action=masquerade chain=srcnat comment="default PAT" out-interface=ether1 \
    src-address-list=local-all
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Can't access certain sites through CAPsMAN setup

Fri Aug 15, 2014 11:42 pm

One hint:
/ip dns
set max-udp-packet-size=4096


Why you have enabled proxy-arp on various ethernet interface?
 
tinka
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Wed Dec 02, 2009 5:48 pm

Re: Can't access certain sites through CAPsMAN setup

Sat Aug 16, 2014 12:20 am

One hint:
/ip dns
set max-udp-packet-size=4096


Why you have enabled proxy-arp on various ethernet interface?
Thanks,

I will change the packet-size to 4096 and monitor the behaviour.

I think i had proxy-arp enabled for a vpn connection. I now have set them to enabled. Have to check of vpn still works.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Can't access certain sites through CAPsMAN setup

Sat Aug 16, 2014 12:32 am

Mmm, I'm expecting this.

I suggest you to use route to make some type of VPN running instead of proxy-arp

But is seem to not be your case.
 
tinka
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Wed Dec 02, 2009 5:48 pm

Re: Can't access certain sites through CAPsMAN setup

Sun Aug 17, 2014 2:06 am

The situation occured again so the dns entry change did not fix it completely.
Rebooting the cap had no effect. Rebooting the router with CAPsMAN did fix it.
 
warnercz
just joined
Posts: 2
Joined: Tue Dec 16, 2014 11:19 am

Re: Can't access certain sites through CAPsMAN setup

Tue Dec 16, 2014 11:22 am

I have the same problem. Firmware 6.23 and all Google services are inaccessible.
 
warnercz
just joined
Posts: 2
Joined: Tue Dec 16, 2014 11:19 am

Re: Can't access certain sites through CAPsMAN setup

Wed Dec 17, 2014 10:05 am

The solution for me was CAPsMAN v2. Package "Wireless-cm2".
 
User avatar
hvdhelm
just joined
Posts: 17
Joined: Sat Aug 27, 2011 9:37 am

Re: Can't access certain sites through CAPsMAN setup

Wed Feb 04, 2015 4:05 pm

Same problem here.
We have this issue on multiple sites. Wen you not using CAPsMAN, no problem. On a CAPsMAN config you can't access Google services on slave interfaces. If I connect to the master-config SSID I can access the Google services, on both slave-configs I can't. All other site working fine.

Has any one found out something more about this issue....
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: Can't access certain sites through CAPsMAN setup

Wed Feb 04, 2015 4:40 pm

Please upgrade the RouterOS to v6.26 and also try to install the CAPsMAN v2.
 
User avatar
hvdhelm
just joined
Posts: 17
Joined: Sat Aug 27, 2011 9:37 am

Re: Can't access certain sites through CAPsMAN setup

Wed Feb 04, 2015 4:43 pm

:)
Doing both at the moment!
So at this moment I can't tell witch one is the possible solution.

I will post if it solved.
 
User avatar
hvdhelm
just joined
Posts: 17
Joined: Sat Aug 27, 2011 9:37 am

Re: Can't access certain sites through CAPsMAN setup

Wed Feb 04, 2015 5:08 pm

Upgrading to 6.26 and CAPsMANv2 was my solution.
Thanks for the quick respons.

Who is online

Users browsing this forum: honzam, ips and 32 guests