Community discussions

MikroTik App

Search found 88 matches

by halacs
Sun Jul 02, 2023 2:19 am
Forum: General
Topic: Hide IPv6 host behind router like port forward [SOLVED]
Replies: 13
Views: 1549

Re: Hide IPv6 host behind router like port forward [SOLVED]

I wanted to make the change transparent for the clients. This means I wanted to use one IPv6 address assigned to a domain name same way as it is implemented with IPv4: one IP for all the published services. Domain name also must be the same in both stacks. Maintaining more then one domain name would...
by halacs
Wed Jun 28, 2023 3:45 pm
Forum: General
Topic: "Warning: memory not running at default frequency" - Mikrotik CCR1009-7G-1C-1S+PC [SOLVED]
Replies: 1
Views: 699

Re: "Warning: memory not running at default frequency" - Mikrotik CCR1009-7G-1C-1S+PC [SOLVED]

I sent a mail to support and they was so fast and kind so now I can publish the solution as well. [admin@router] > system/routerboard/settings/set memory-frequency=1066DDR [admin@router] > system/routerboard/settings/print auto-upgrade: yes> system/routerboard/settings/set memory-frequency baud-rate...
by halacs
Wed Jun 28, 2023 12:03 pm
Forum: General
Topic: "Warning: memory not running at default frequency" - Mikrotik CCR1009-7G-1C-1S+PC [SOLVED]
Replies: 1
Views: 699

"Warning: memory not running at default frequency" - Mikrotik CCR1009-7G-1C-1S+PC [SOLVED]

Hi, After upgrading to ROS 7.10.1 from the previous version, I got a warning about CPU and memory frequency discrepancy. I could googled out the default CPU frequency but what is it for the memory? I have a Mikrotik CCR1009-7G-1C-1S+PC device. I see this at the console: [admin@router] /system/router...
by halacs
Wed Jun 28, 2023 9:59 am
Forum: General
Topic: Hide IPv6 host behind router like port forward [SOLVED]
Replies: 13
Views: 1549

Re: Hide IPv6 host behind router like port forward [SOLVED]

Hi, Sorry for the delay! There were a few task I had to respond immediately. It works fine now. Allowing in the forward chain all dst-natted connections was the key to solve my problem. Thanks for your help! [admin@router] > /ipv6/firewall/nat/print Flags: X - disabled, I - invalid; D - dynamic 0 ;;...
by halacs
Sun Jun 25, 2023 11:17 pm
Forum: General
Topic: Hide IPv6 host behind router like port forward [SOLVED]
Replies: 13
Views: 1549

Re: Hide IPv6 host behind router like port forward [SOLVED]

SSH server listens on the tcp/22 port of fd00::100:6ef0:49ff:fe00:efc5 hal@hal:~$ nc -v fd00::100:6ef0:49ff:fe00:efc5 22 Connection to fd00::100:6ef0:49ff:fe00:efc5 22 port [tcp/ssh] succeeded! SSH-2.0-OpenSSH_8.9p1 ^C [admin@router] > sy telnet fd00::100:6ef0:49ff:fe00:efc5 22 Connecting to fd00::1...
by halacs
Sun Jun 25, 2023 10:01 pm
Forum: General
Topic: Hide IPv6 host behind router like port forward [SOLVED]
Replies: 13
Views: 1549

Re: Hide IPv6 host behind router like port forward [SOLVED]

Actually I made a nat rule but it doesn't work so far. Please ignore the fact that this rule below is disabled right now. - d00::100:6ef0:49ff:fe00:efc5 is the IPv6 address of the SSH server behind the router. - 2001:REDACTED::/64 is the internet facing address of the router where I would like to ma...
by halacs
Sat Jun 24, 2023 11:29 pm
Forum: General
Topic: Hide IPv6 host behind router like port forward [SOLVED]
Replies: 13
Views: 1549

Re: Hide IPv6 host behind router like port forward [SOLVED]

Thanks for the link! As I have globally routeable IPv6 address on all the nodes in my LAN, I would like to leave them as they are with no NAT while the port forward kind of thing influence only the router's WAN facing IP. Does it possible? If I'm right, link above push all the LAN nodes behind NAT w...
by halacs
Sat Jun 24, 2023 2:58 pm
Forum: General
Topic: Hide IPv6 host behind router like port forward [SOLVED]
Replies: 13
Views: 1549

Hide IPv6 host behind router like port forward [SOLVED]

Hi, I have a network with IPv6 addresses on all the nodes. All host have a global public IPv6 address as well as an fd00::.../64 local address. I would like to use the IPv6 address of my router like I did in case of IPv4 with port forward meaning that I need to be visible for the external world, fro...
by halacs
Thu Nov 24, 2022 9:22 pm
Forum: Beginner Basics
Topic: EoIP Tunnel Clamp TPC MSS
Replies: 16
Views: 7249

Re: EoIP Tunnel Clamp TPC MSS

But it has constraints: TCP-MSS-clamping will only work with untagged native IPv4 traffic passing through the EoIP interface. As soon as it is encapsulated (802.1q, 802.1ad or PPPoE) it won't work and you have to manually set up mangle rules. Ah gotcha! :) So this is the reason why TCP-MSS-clamping...
by halacs
Thu Nov 24, 2022 9:04 am
Forum: Beginner Basics
Topic: EoIP Tunnel Clamp TPC MSS
Replies: 16
Views: 7249

Re: EoIP Tunnel Clamp TPC MSS

I know that in wireguard this can work.to deal with MTU issues.
new-mss=clamp-to-pmtu !

Also one can use L2TP within wireguard and deal with MTU issues
by adjusting MRRU
Is wireguard a Mikrotik RouterOS feature? I haven't hear about it so far.
by halacs
Tue Jun 22, 2021 7:10 pm
Forum: Forwarding Protocols
Topic: Debugging EoIP tunnel
Replies: 12
Views: 5150

Re: Debugging EoIP tunnel

I tried to leave local IP field empty and set IPsec password at the same time, but this way tunnel doesn't get ready. You can probably write a script to handle the changes for the tunnel automatically in event of an IP change. So far it looks like empty source field is fine: changed WAN IP is not a...
by halacs
Tue Jun 22, 2021 7:09 pm
Forum: Forwarding Protocols
Topic: Debugging EoIP tunnel
Replies: 12
Views: 5150

Re: Debugging EoIP tunnel

I am wondering why UDP can 4 times quicket (cca 400 Mbps) then TCP (90-100Mbps). In case of UDP, packet size must be set to 1300 which is the MTU of the EoIP tunnel. For TCP, I have a TCP clamp rule in firewall: MSS is set to 1250. As I read btest is resource heavy I use two additional Mikrotik rout...
by halacs
Thu Jun 17, 2021 8:32 am
Forum: Forwarding Protocols
Topic: Debugging EoIP tunnel
Replies: 12
Views: 5150

Re: Debugging EoIP tunnel

Hmm, maybe the bandwidth it still not as expected: I noticed that even if my Ubuntu says cca 1Gbps speed, my Mikrotik routers (on EoIP interface) says only about 200-300 Mbps. Anyway this is much better then before but now I have no IPsec. I disabled the bridge I created months/years ago just before...
by halacs
Thu Jun 17, 2021 8:02 am
Forum: Forwarding Protocols
Topic: Debugging EoIP tunnel
Replies: 12
Views: 5150

Re: Debugging EoIP tunnel

Someone in this forum :) but now I understand then why my tunnel is so slow.

What to write into the local address of the EoIP tunnel? I have dynamic IP on both side. Can I leave them empty with IPsec?
by halacs
Wed Jun 16, 2021 11:16 pm
Forum: Forwarding Protocols
Topic: Debugging EoIP tunnel
Replies: 12
Views: 5150

Re: Debugging EoIP tunnel

I could try it without IPsec. The key was not the firewall rules because GRE was allowed originally but the source IP: previously I got the advice to add an extra NAT and define a private IP as source at both side to deal with dynamic IP addresses. When I removed both the IPsec secret and the source...
by halacs
Tue Jun 15, 2021 8:11 am
Forum: Forwarding Protocols
Topic: Debugging EoIP tunnel
Replies: 12
Views: 5150

Re: Debugging EoIP tunnel

Have you tried EoIP without encryption, and/or IPsec by itself without EoIP, for comparison purposes? I tried to remove IPsec secret from the EoIP interface (both side, of course) but the EoIP tunnel got disconnected and remained disconnected after 1-2 minutes too. I think I should not change my fi...
by halacs
Mon Jun 14, 2021 7:36 pm
Forum: Forwarding Protocols
Topic: Debugging EoIP tunnel
Replies: 12
Views: 5150

Re: Debugging EoIP tunnel

Config of Site A: https://gist.github.com/halacs/9d5ec999 ... 25f03bbea0

Config of Site B: https://gist.github.com/halacs/9de29479 ... 4c0f9fe6c5

Both after removing sensitive data.
by halacs
Sun Jun 13, 2021 9:17 am
Forum: Forwarding Protocols
Topic: Debugging EoIP tunnel
Replies: 12
Views: 5150

Debugging EoIP tunnel

Hi, I have an EoIP tunnel between a Mikrotik CCR1009-7G-1C-1S+PC (site A) and a RB4011iGS+RM (site B) router. I have run out of the ideas what to check, why I experience low bandwidth: cca 28 Mbps instead of 1 Gbps. Is there any idea what can be wrong? If needed I can attach config of both side. Abo...
by halacs
Thu Jun 10, 2021 10:44 am
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 68
Views: 39291

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Hi, I'm not sure on this but SwitchOS usage might be a reason for what you experience. As far as I remember RouterOS has a better fan control. Br, Halacs Hello, I have a problem that the fans are very loud and the processor temperature is not very high 65C where the housing is 35C. Anyone have an id...
by halacs
Wed Feb 10, 2021 3:53 pm
Forum: Beginner Basics
Topic: EoIP Tunnel Clamp TPC MSS
Replies: 16
Views: 7249

Re: EoIP Tunnel Clamp TPC MSS

I can't set out interface to the tunnel:
"in/out-interface matcher not possible when interface (eoip-tunnel-xxx) is slave - use maser instead (brdige1)"

On bridge1 I have vlan tags also and I use it so far in the mangle rule as out interface.
by halacs
Wed Feb 10, 2021 9:13 am
Forum: Beginner Basics
Topic: EoIP Tunnel Clamp TPC MSS
Replies: 16
Views: 7249

Re: EoIP Tunnel Clamp TPC MSS

Be aware that if you add an EoIP interface with an MTU<1500 to a bridge it will impact any traffic between local bridge ports too, usually breaking things. Yeah, actually there is a warning in the documentation: MTU should be 1500 in the EOIP tunnel. if I set it to auto it gets somewhere between 15...
by halacs
Tue Feb 09, 2021 11:35 pm
Forum: Beginner Basics
Topic: EoIP Tunnel Clamp TPC MSS
Replies: 16
Views: 7249

Re: EoIP Tunnel Clamp TPC MSS

I have set 1300 MTU on the EoIP tunnel. Additional rule set MSS to 1250. Reason behind 1300/1250 MTU if a PPPoE internet connection with VLAN tagged LAN plus a NAT in front of the tunnel because of the dynamic public IP. Am I right that, in this case, if MTU of the tunnel would be set to 1250 then I...
by halacs
Sun Feb 07, 2021 2:31 pm
Forum: Beginner Basics
Topic: EoIP Tunnel Clamp TPC MSS
Replies: 16
Views: 7249

EoIP Tunnel Clamp TPC MSS

Hi, I have an EoIP tunnel between a Mikrotik RB4011iGS+RM and a Mikrotik CCR1009-7G-1C-1S+PC device. There is a "Clamp TCP MSS" option at the EOIP settings page in winbox. Even if I set it, I also have to add another "change MSS" (with 1250 MSS) rule under Firewall/Mangle to have...
by halacs
Sun Sep 27, 2020 3:49 pm
Forum: The User Manager
Topic: user manager eats up my disk [SOLVED]
Replies: 8
Views: 12432

Re: user manager eats up my disk [SOLVED]

I want to share my experiences, might be usefull for others struggling with the same problems: user manager's database path setting is NOT permanent: it doesn't survive a reboot no external storage was working with user manager: neither microSD slot nor USB storage user manager's database is an sql...
by halacs
Fri Sep 25, 2020 11:31 pm
Forum: The User Manager
Topic: user manager eats up my disk [SOLVED]
Replies: 8
Views: 12432

Re: user manager eats up my disk [SOLVED]

Simply copying user-manager's directory to a USB stick then set db path to the new directory is enough to migrate without data loss. No need to do backups or whatever just disable the package, copy the files via SCP, re-enable the package and set db path in terminal. So issue is solved now, thanks a...
by halacs
Fri Sep 25, 2020 11:18 pm
Forum: General
Topic: CCR1009-7G-1C-1S+PC Cloud Core Router max microSD card size
Replies: 5
Views: 1159

Re: CCR1009-7G-1C-1S+PC Cloud Core Router max microSD card size

As the support didn't answer I had to take the risk and I bought a 64GB microSD card. So the answer is: 64GB card is supported, router could format it to ext3 but seems to be unusable as it is not stable at all. After a reboot microSD gets ejected/unmounted and cannot be remounted without pulling it...
by halacs
Fri Sep 25, 2020 10:18 pm
Forum: The User Manager
Topic: user manager eats up my disk [SOLVED]
Replies: 8
Views: 12432

Re: user manager eats up my disk [SOLVED]

Yeah, I had a similar idea: disabled user manager package, reboot, remove user-manager directory, re-enable um package, reboot then set the database directory but I got the same error: time out, send logs to the support. Before I did the above I downloaded the user-manger directory and copy-pasted m...
by halacs
Fri Sep 25, 2020 9:06 pm
Forum: The User Manager
Topic: user manager eats up my disk [SOLVED]
Replies: 8
Views: 12432

Re: user manager eats up my disk [SOLVED]

Now I have a microSD but can't work. I have tried two microSD: a brand new SanDisk 64GB and an older one which is 2GB big. Both could be formatted to ext3 but then I got the following error when I try to move the database which looks really bad. My best guess is 14MB free space on the internal disk ...
by halacs
Thu Sep 24, 2020 9:42 am
Forum: General
Topic: CCR1009-7G-1C-1S+PC Cloud Core Router max microSD card size
Replies: 5
Views: 1159

Re: CCR1009-7G-1C-1S+PC Cloud Core Router max microSD card size

So the question is now simplified a bit: is original SD, SDHC or SDXC supported by my router.
Software side is then clear with ext3: we can say there is no limitation in practice from software point of view. Thanks for the comment!
by halacs
Thu Sep 24, 2020 9:00 am
Forum: General
Topic: CCR1009-7G-1C-1S+PC Cloud Core Router max microSD card size
Replies: 5
Views: 1159

Re: CCR1009-7G-1C-1S+PC Cloud Core Router max microSD card size

My question is.... Why would they limit the possible size of such a card, its not some cheap chinese car video cam knockoff ;-) I saw so many devices with such a limitations. For example, I have a Hikvision network video recorder has 2 SATA disks with 4TB storage limit. Don't know why. Mikrotik did...
by halacs
Wed Sep 23, 2020 10:05 pm
Forum: The User Manager
Topic: user manager eats up my disk [SOLVED]
Replies: 8
Views: 12432

Re: user manager eats up my disk [SOLVED]

Regarding the microSD card: I found the answer for my question here: https://wiki.mikrotik.com/wiki/Manual:System/Disks#User_manager_moving_database_example The max size of the microSD card is still a question but I plan to order a 'SANDISK Ultra 64GB MicroSDXC 100 MB/s' one as soon as possible. I h...
by halacs
Wed Sep 23, 2020 9:52 pm
Forum: General
Topic: CCR1009-7G-1C-1S+PC Cloud Core Router max microSD card size
Replies: 5
Views: 1159

CCR1009-7G-1C-1S+PC Cloud Core Router max microSD card size

Hi,

I have a Mikrotik CCR1009-7G-1C-1S+PC Cloud Core Router.
Does anyone know what is the max microSD card size? I want to buy a 64GB card if it is compatible.

Thanks & br,
Halacs
by halacs
Wed Sep 23, 2020 3:35 pm
Forum: The User Manager
Topic: user manager eats up my disk [SOLVED]
Replies: 8
Views: 12432

Re: user manager eats up my disk [SOLVED]

It seems my router really have a MicroSD slot, I never used so far.
How can I configure to use microSD for user manager?

Edit:
Do you know the max size of the microSD card I can use? I cannot find it in the specification on mikrotik.com. Thanks!
by halacs
Wed Sep 23, 2020 2:21 pm
Forum: The User Manager
Topic: user manager eats up my disk [SOLVED]
Replies: 8
Views: 12432

user manager eats up my disk [SOLVED]

Hi, I have a Mikrotik CCR1009-7G-1C-1S+PC router acting as a RADIUS server as well with help of user manager package. Today when I wanted to upgrade to the latest RouterOS release I noticed there is no enough free space to do so. I can I free up some space? I noticed user-manager eats up almost all ...
by halacs
Sat Jul 18, 2020 11:31 pm
Forum: General
Topic: Forward UPS notifications. Possible?
Replies: 2
Views: 1202

Re: Forward UPS notifications. Possible?

And according to MT staff devices are designed to handle power outages without prior executing shutdown. This is a new information for me which means, especially with others you mentioned, I shouldn't care about power outage at all. If UPS is exhausted then it will turn off and will cause power out...
by halacs
Sat Jul 18, 2020 10:12 pm
Forum: General
Topic: Forward UPS notifications. Possible?
Replies: 2
Views: 1202

Forward UPS notifications. Possible?

Hi, I have a Mikrotik Cloud Core router with a USB attached UPS. I want to notify somehow my other device, which is a Mikrotik Cloud Core Switch, in case of a power outage or restore detected by the UPS. So somehow the router should forward the UPS's notifications. Router can hibernate then wake up....
by halacs
Mon Dec 16, 2019 11:21 pm
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

Re: IPv6 issues via HE tunnel

LAN interface MTU is 1500, true. In IPv6, ND MTU is set to 1280 for all interfaces.

I'm trying to connect servers within Hungary such as the biggest news portal (6ms ping on IPv4, 0% packet loss).

Thanks for your effort!
by halacs
Mon Dec 16, 2019 7:03 pm
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

Re: IPv6 issues via HE tunnel

In the meanwhile I tried to clamp MSS both in IPv6 firewall/mangle and IPv4 firewall / mangle. It didn't help doesn't matter how small I set (e.g. 1100). You were right.

I'm wondering then why even my Windows 7 PC doesn't work if it is a linux bug.
by halacs
Mon Dec 16, 2019 6:08 pm
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

Re: IPv6 issues via HE tunnel

Okay, so it is a bug in Ubuntu 18.04.3 LTS or Curl 7.58.0 released on 2018-01-24. If I know correctly, if remote server responds smaller MSS, that smaller MSS will be used in the connection. This is why I have internet at all. Right? But what about the 6to4 tunnel? Plus, if my PC sends too big MSS, ...
by halacs
Mon Dec 16, 2019 5:40 pm
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

Re: IPv6 issues via HE tunnel

hmm, why? What should I change in my Mikrotik?
I have a PPPoE Internet connection with 1480 MTU.
by halacs
Mon Dec 16, 2019 5:22 pm
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

Re: IPv6 issues via HE tunnel

On my remote Ubuntu server, I have never changed MTU and MSS. $ cat /sys/class/net/ens3/mtu 1500 ping looks good on IPv4. Curl gets back very fast as expected. On the picture you can see how I curl-ing my remote server. There an 1460 MSS in the SYN and 1440 in the SYN ACK. https://i.imgur.com/bzVQ3q...
by halacs
Mon Dec 16, 2019 1:14 pm
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

Re: IPv6 issues via HE tunnel

Hi, yes, sure! I pase few other tests below. I have an Ubuntu server with working ipv6 somewhere else. I have curl-ed it while tcpdump was writing pcap file. Here I also found "TCP Retransmission" lines. In contrast with the previous sniff what happened locally in my Mikrotik router, SYN A...
by halacs
Sun Dec 15, 2019 11:58 am
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

Re: IPv6 issues via HE tunnel

Thanks a lot pe1chl!
by halacs
Sun Dec 15, 2019 10:50 am
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

Re: IPv6 issues via HE tunnel

I got answer from the support:
We don't have any firewall rules on our side configured for any tunnel, except SMTP and IRC filters as exist by default.
-- -H U R R I C A N E - E L E C T R I C-
by halacs
Sat Dec 14, 2019 7:16 pm
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

Re: IPv6 issues via HE tunnel

So this is the point when I have to contact the tunnel support. Okay, thanks. I will contact them and come back to share the solution.
by halacs
Sat Dec 14, 2019 6:58 pm
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

Re: IPv6 issues via HE tunnel

I started a packet sniffer on the tunnel interface. I can see a TCP SYN MSS=1220 packet then a TCP SYN ACK mss=1220 (between my PC and google.com) This seems to be good if 1280 is the MTU on the tunnel. Right? What is interesting for me is the TCP Retransmission part. https://i.imgur.com/4NjpWiX.png
by halacs
Sat Dec 14, 2019 6:15 pm
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

Re: IPv6 issues via HE tunnel

Thanks for the ideas! I have changed MTU in ND as showed on the below picture but didn't help, even after a reboot on the client PC side then on the router side as well. Yes, native IPv6 would be better but as a Hungarian Telecom subscriber I can get native IPv6 address only via zero configuration. ...
by halacs
Sat Dec 14, 2019 9:26 am
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

Re: IPv6 issues via HE tunnel

Auch, I have pasted wrong curl call. Curl with google.com is not working even in case of http. $ time curl -6 -v -L google.com * Rebuilt URL to: google.com/ * Trying 2a00:1450:400d:808::200e... * TCP_NODELAY set * Connected to google.com (2a00:1450:400d:808::200e) port 80 (#0) > GET / HTTP/1.1 > Hos...
by halacs
Sat Dec 14, 2019 9:21 am
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

Re: IPv6 issues via HE tunnel

Well, it didn't help. I have set what you suggested but problem still exists: ipv6 connection is slow and not all the https pages are loading. Downloading google.com on ipv6 is wrong, but on ipv4: curl -6 -v -L google.com is stuck at https handshake but curl -4 -v -L google.com quickly gives back th...
by halacs
Thu Dec 12, 2019 4:36 pm
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

Re: IPv6 issues via HE tunnel

ah, sorry, it seems I attached configuration when I really disabled IPv6 address advertisement. IPv6 advertisement was on on the vlan-local interface where IPv6 address itself is now disabled to avoid full internet outage at the clients. I have tried to add IPv6 DNS servers and enable MAC and DNS ad...
by halacs
Mon Dec 02, 2019 11:11 am
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

Re: IPv6 issues via HE tunnel

If protocol 41 is blocked then no IPv6 ping should work.
IPv4 addresses at both end of the tunnel should be also fine as IPv6 ping works fine. If I disable the tunnel interface no ping anymore.
Please correct me if I'm wrong.
by halacs
Sun Dec 01, 2019 12:04 pm
Forum: General
Topic: IPv6 issues via HE tunnel
Replies: 29
Views: 6354

IPv6 issues via HE tunnel

Hi, I have a CCR1009-7G-1C-1S+ router with HE IPv6 tunnel. Ping6 works fine, but seemingly nothing else. Do you have any idea what could be the problem? I could setup successfully HE tunnel in my other flat. Full router config can be found here: https://gist.github.com/halacs/7194ff37a373fe7d9a5fc7e...
by halacs
Sun Nov 17, 2019 7:20 pm
Forum: Forwarding Protocols
Topic: Layer2 VPN packet filtering [SOLVED]
Replies: 3
Views: 10238

Re: Layer2 VPN packet filtering [SOLVED]

Few days ago I have set EoIP tunnels between my two flats and have set VLAN-s too. All fine, but now I can't filter out the IPv6 address advertisements. I tried to use the forward chain and the EoIP interface as the incoming interface with "86dd (ipv6)" MAC protocol, but PCs get IPv6 addre...
by halacs
Sun Jun 09, 2019 8:47 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 68
Views: 39291

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

I agree that it would be very good to have some kind of control on the fans. I think we don't really need to have so detailed control but at least some profiles would be really appreciated. Profile like "silent" would keep the fans off as long as possible then turn them on with a much high...
by halacs
Sat May 25, 2019 8:22 pm
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Actually the dst-nat rules were there. I disabled the eoip tunnel for a couple of minutes then enabled it back.
by halacs
Sat May 25, 2019 6:35 pm
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Thank you so much for your help and the detailed explanations! I checked that end where the issue happened and the rules were in different order: first accept gre, then the two dst-nat and finally the default masquarade. I moved default masquarade rule at the 2nd place right after the accept gre and...
by halacs
Sat May 25, 2019 7:59 am
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Magic :) It started to work now. I have configured both end now at the same way. Very cool! Thanks! :) One more question what I don't understand now: at both end, I can see a 'responder' and an 'initiator' in the ipsec remote peers. The strange thing is the two ends are different, meaning that at on...
by halacs
Fri May 24, 2019 5:54 pm
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

[admin@zoldmali.intra.example.com] > /ip firewall connection print detail where src-address~":4\?500" or dst-address~":4\?500" Flags: E - expected, S - seen-reply, A - assured, C - confirmed, D - dying, F - fasttrack, s - srcnat, d - dstnat 0 SAC protocol=udp src-address=x.y.5.1...
by halacs
Fri May 24, 2019 8:50 am
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

I'm just wondering loudly what could be the problem. I have PPTP and L2TP VPN servers on this end. Can it be the problem? Fast forward should be on or off on the bridge where 172.20.0.1 IP is?
by halacs
Thu May 23, 2019 7:03 pm
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Sure! I disabled the manually created peer (under IPsec/Peers in winbox) but nothing changed. [admin@router.intra.example.com] > /ip ipsec remote-peers print Flags: R - responder, N - natt-peer # ID STATE REMOTE-ADDRESS DYNAMIC-ADDRESS UPTIME 0 message-1-sent x.x.5.107 [admin@router.intra.example.co...
by halacs
Thu May 23, 2019 5:57 pm
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

But I've understood from what you wrote earlier that both ends have dynamic public IP so both need to be configured the other one's domain name, is that true? Yes, that's true. Both end are with dynamic IP changed quite rarely. Initial state is a EoIP tunnel with manually configured local IP addres...
by halacs
Wed May 22, 2019 11:00 pm
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

You are right, sorry. Here are the both end of the tunnel. Router A (where I have set NAT because of dynamic IP) [admin@router.local.example.com] > /ip ipsec peer print Flags: X - disabled, D - dynamic, R - responder 0 D ;;; eoip-tunnel-Zoldmali name="peer17" address=a.b.5.107/32 local-add...
by halacs
Wed May 22, 2019 9:04 pm
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Hi, today I had some time to understand a bit more the configuration you suggested but it still not working somehow. When I set local IP as my real IP on the WAN interface (ppoe now actually) my EoIP is working but in case of the private IP hack, it's not. Here is my configuration hopefully without ...
by halacs
Tue May 07, 2019 10:34 pm
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Sounds interesting! It's a bit much for the first glance now so give me some time to process what you wrote then I'll be back with the outcome.
by halacs
Mon May 06, 2019 10:16 pm
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

It works now, thanks! I have set the EoIP tunnel used by the public IPs of the routers and turned off the L2TP site-to-site VPN. It seems all fine with tagged L2 connection. Local endpoint can be only an IP at the EoIP settings. My WAN IP assigned dynamically via DHCP. You meant that this IP will be...
by halacs
Sun May 05, 2019 11:40 pm
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Okay, thanks! I the meanwhile, I managed EoIP on top of L2TP, but then it is secure enough if I set IPsec secret at the tunnel config. I hope I can set domain name for the remote host instead of the IP, but this is what I will check only tomorrow. WAN side firewall will be interesting, what I have t...
by halacs
Sun May 05, 2019 10:17 pm
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

One more maybe a bit more advanced question: I have site-to-site VPN between two mikrotik router. I have a same VLAN config on them with same IDs. With my previous VLAN settings when I had separated bridges for all VLANs, I could set a bridge in the PPP profile to create a layer 2 VPN connection. No...
by halacs
Sun May 05, 2019 5:20 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 68
Views: 39291

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Finally I took the risk and bought one. For others who will be in similar situations, below are the row data as well. There's no much load on it until now just 5 pieces Hikvision security cameras. Regarding the noise: okay, not fully silent because of the 2 fans, but good enough with this load, mean...
by halacs
Sun May 05, 2019 5:02 pm
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Suggest reading this source if your keen to do the vlan router method.........
viewtopic.php?f=13&t=143620
Thank you so much for the link! It helped a lot! Very good tutorial!
by halacs
Mon Apr 29, 2019 9:26 am
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Thanks for the link! It has an example with proper comments what seems very useful. I tried to do my setup in a very similar way but based on this one I will try it again and come back.

Thanks & br,
Halacs
by halacs
Sun Apr 28, 2019 10:20 pm
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 6071

VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Hi, First my question, then my environment. What is the best way to define these VLAN trunks and access point? What is the most flexible way? I will have a new switch what I want to add with the same VLANs but a new trunk cable. I'm not sure I did my configuration the best/easiest way. So about my e...
by halacs
Tue Apr 23, 2019 3:27 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 68
Views: 39291

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

I got the following answer from the support regarding the fan control. I share it as it is. It might be useful for others too. Yes, this device has 2 fans, you cannot control them. Fan speed depends on CPU and SFP temperatures. At full speed, they are louder than ambient noise. When CPU/SFP or PoE c...
by halacs
Tue Apr 23, 2019 11:49 am
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 68
Views: 39291

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Sounds good! One more question: does this also mean that if I have only a limited POE power request (8 devices with max 7 Watt/port) then my device won't turn on the fans? How it goes in your case? I only have 4 PoE devices connected to mine: ether1 ether2 ether11 ether24 poe-out: auto-on auto-on a...
by halacs
Mon Apr 22, 2019 4:18 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 68
Views: 39291

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Sounds good!
One more question: does this also mean that if I have only a limited POE power request (8 devices with max 7 Watt/port) then my device won't turn on the fans? How it goes in your case?
by halacs
Mon Apr 22, 2019 10:46 am
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 68
Views: 39291

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

That's bad. Then this device is not fit into my environment unfortunately.
There is no any device with passive cooling from any vendor, right?
by halacs
Mon Apr 22, 2019 9:25 am
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 68
Views: 39291

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Hi,

I see this topic is several month old already. I'm wondering if fan control is already solved.

I also want to buy want into my home office to feed my 8 POE security cameras (roughly 7W / camera). All the other devices would be non-POE.

Thanks!
by halacs
Tue Mar 19, 2019 8:30 am
Forum: Beginner Basics
Topic: Radus server in my Mikrotik router
Replies: 6
Views: 1351

Re: Radus server in my Mikrotik router

Thanks all the help. Now it works. I made a stupid mistake first why the package wasn't installed after reboot: forget to check the architecture.
Now I have a working radius server tested with MAC authentication on my WiFi. Next step would be to configure it with a DD-WRT WiFi AP too.
by halacs
Mon Mar 18, 2019 8:55 am
Forum: Beginner Basics
Topic: Radus server in my Mikrotik router
Replies: 6
Views: 1351

Re: Radus server in my Mikrotik router

It is part of the extra packages, right? I have downloaded these files but how to install?
by halacs
Sun Mar 17, 2019 8:38 pm
Forum: Beginner Basics
Topic: Radus server in my Mikrotik router
Replies: 6
Views: 1351

Radus server in my Mikrotik router

Hi, I have two Mikrotik router and a DD-WRT too. Would it be possible to use one of them as a radius server for the WiFi authentication at least? I have WPA2-PSK with MAC filtering. It would be nice to configure WiFi users only one place and other APs use that central authentication device. Radius l...
by halacs
Sun Feb 03, 2019 10:15 am
Forum: General
Topic: Performance of Mikrotik 951G-2HnD
Replies: 21
Views: 3663

Re: Performance of Mikrotik 951G-2HnD

Thanks! This helped me a lot!
by halacs
Sun Feb 03, 2019 9:04 am
Forum: General
Topic: Performance of Mikrotik 951G-2HnD
Replies: 21
Views: 3663

Re: Performance of Mikrotik 951G-2HnD

In case of RB951G-2HnD device, "Routing, 25 ip filter rules, 689.8 Mbps" is shown under the test results for 1518 byte packet size. Does this mean, that if I have just 25 IP filter rules (under IP / Firewall / Filter Rules) , then I should be able to reach this throughput without fast trac...
by halacs
Sat Feb 02, 2019 10:56 pm
Forum: General
Topic: Performance of Mikrotik 951G-2HnD
Replies: 21
Views: 3663

Re: Performance of Mikrotik 951G-2HnD

Great, thanks, I will check that one! Do you have any hint where I can find these performance related parameters? Where do you know these from?
by halacs
Sat Feb 02, 2019 10:27 pm
Forum: General
Topic: Performance of Mikrotik 951G-2HnD
Replies: 21
Views: 3663

Re: Performance of Mikrotik 951G-2HnD

I have just added the above two fasttrack firewall rules and my connection immediately because 2 times faster then before so this was definitely the problem. Big thanks! Just to make sure I understand correctly: they should be at the top of my firewall rules, right? Mkx, you mentioned 500Mbps is the...
by halacs
Sat Feb 02, 2019 9:50 pm
Forum: General
Topic: Performance of Mikrotik 951G-2HnD
Replies: 21
Views: 3663

Performance of Mikrotik 951G-2HnD

Hi, I have a Mikrotik 951G-2HnD router. I suspect it is the bottleneck of my network why I cannot reach Internet with 500Mbps/20Mbps what my ISP should provide. I would like to know what can cause this: configuration of my device or hardware failure. I can measure maximum 100-120Mbps download speed ...
by halacs
Sat Jul 21, 2018 3:19 pm
Forum: General
Topic: How to get IPv6 from my ISP
Replies: 0
Views: 802

How to get IPv6 from my ISP

Hi, I noticed that my ISP (UPC Hungary) provides IPv6 address but my Mikrotik router didn't get it. If I directly connect my Windows 7 PC into the ISP's modem, I get IPv6 tunnel IP. This is how I noticed that IPv6 provisioning. I tried to use DHCPv6 and 4to6 tunnel too to get IPv6 address from my IS...
by halacs
Fri Jun 08, 2018 10:15 pm
Forum: Forwarding Protocols
Topic: Layer2 VPN packet filtering [SOLVED]
Replies: 3
Views: 10238

Re: Layer2 VPN packet filtering [SOLVED]

Is this the so called "MAC Protocol-Num" in winbox in the "New Bridge Filter Rule"? If yes, how can I filter only the inter-VPN advertisements? I cannot select VPN interface. UPDATE: my problem seems to be solved with the above hint I got. I added a bridge filter for ipv6 MAC pro...
by halacs
Thu Jun 07, 2018 10:35 pm
Forum: Forwarding Protocols
Topic: Layer2 VPN packet filtering [SOLVED]
Replies: 3
Views: 10238

Layer2 VPN packet filtering [SOLVED]

Hi, I have 2 mikrotik routers interconnected with a layer 2 VPN. Layer 2 because I need to use broadcast messages between the sites because of a DLNA server in use. Is it possible somehow to block IPv6 IP address advertisements via the VPN? I want to avoid somehow to get IPv6 address from the other ...
by halacs
Sun Mar 11, 2018 11:29 pm
Forum: Beginner Basics
Topic: How to disable IPv6 address advertisements on L2 VPN
Replies: 0
Views: 711

How to disable IPv6 address advertisements on L2 VPN

Hi, I have a site-to-site L2 VPN. How can I disable to get IPv6 address via VPN? When I turn on IPv6 address advertisement on the Site1, Site2 also get IPv6 address automatically what I want to prevent. I tried with iptables6 rules but I could drop only ping packages while machine on the other site ...