MikroTik

nzjimmy

Hello, I had a bunch of sites working well with UM Hotspot using PayPal for many years, but then it suddenly stopped. Whilst trying to fix it I got the SSL working but never managed to fix the payment issue properly. I spent many hours trying to sort and have failed. It's the only problem i've never...

nzjimmy

Oh sure, sorry. I'm on a mac using Winbox 3.16 and ROS is 6.48.5 I though if it was a Winbox error i'd not have got the error message, as this looks to be a legit error. The Winbox locking up could be of course - I assumed it was ROS issue seeing as enabling one of the existing rules gets an error. ...

nzjimmy

Hello, When I try to enable one of my IPSec policies, it say's "peer not set" and won't allow it. If I click "add" button to make a new policy, Winbox crashes. Ive looked at next stable release info and there's nothing that looks like it would address this. I only have one peer, ...

nzjimmy

Thanks so much, Sindy!

I love Mikrotik.

Cheers!

nzjimmy

Thanks, Sindy! So, just to confirm, there's no need to put these 200VLANs onto a bridge, to save CPU? If they're on an eth interface it will be the CPU processing them, so wouldn't it make sense to put them on a bridge and make that bridge the special one? Sorry if you've answered this already, I ju...

nzjimmy

One thing I don't understand is why that apartment router, when updated, created a bridge and put all the VLANs on it. Previously all VLANs were directly on an ethernet interface, just like I have my WISP setup now. I wonder if it was because there were two LAN ports, with the old 'master port' func...

nzjimmy

Thank you all so much, appreciate the info. I'm hoping very much that LACP isn't going to cause such problems, and that the LACP algorithm will distribute traffic evenly, rather than putting all VLANs down one side. I seem to learn OK from videos so will watch any posted on these two topics. Thanks ...

nzjimmy

Hello, I have a small WISP (200 homes) and use VLANs, with one per customer. I use the switches to keep broadcast domains smaller to avoid typical L2 WISP problems. It works fine. My question is; I remember a few years back there was a change with Mikrotik OS, and [at an apartment complex site] all ...

nzjimmy

Hello again, I just finished building a WISP for 50 customers but 200 have joined. I've started upgrading backhauls and everything is going great. I need some help employing Tomas' script for this site as i'm upgrading to 2Gb backhauls and want to get this additional capacity through to customers. T...

nzjimmy

Sorry I never replied. I built the WISP and 200 customers joined : )

nzjimmy

Lol you sound like a nob head. Ive been building wifi networks for 10 years - this is not a network, its one router in a small house in the country. This is an old lady with once device - an iPhone12. I turn it up full as she likes to facetime her friends from the garden, and only 2.4 up full knacke...

nzjimmy

Hi everyone, On of my customers complained of poor wifi performance - on checking their router i'm watching their device's (iPhone 12) rssi switching from -64 to -88 over and over, and sometimes dropping altogether. They are not moving their device while this is happening. They said it happens on al...

nzjimmy

Thank you for such a quick fix, Mikrotik.

nzjimmy

Hi saburtwo,

thanks for the reply. I have updated to 6.48beta35 and issue still there. Can you confirm its resolved for you? If so, which fw did you load?

Thank you

James

nzjimmy

Hi,

Thanks for the info - Did you mean beta38 or beta 35?

I've upgraded to beta 6.48.beta35 and still have the PayPal issue. Am I missing something?

Cheers. James

nzjimmy

Hello, As of 10/09 NZ time all Paypal payments via Usermanager are failing. The error is PayPal - ssl connection error: handshake failed: unable to get local issuer certificate (6) Ive never used an SSL cert as customer didn't care about security warning in browser. I see others that do have cert ar...

nzjimmy

I have the same issue. Never had an SSL cert to start with and was thinking maybe it was time to ad one but, you have one and the issue is still happening?

Anyone else having troubles?

Cheers, James

nzjimmy

Hello, I have a powerbox pro that needs to run as a L2 poe switch with every port acting as a trunk port for a handful of vlans. I do not need any ports untagged and every port can be the same. I can achieve this by adding the same vlan interfaces to all ports, and bridging but I know this is the wr...

nzjimmy

Hello, I'm looking for feedback on my network design because I want it to be as good as I can make it, but think I may be making it strange. I see no other way of achieving what I want, but you may?! Core mt router -> ptp link -> ptp link -> ptp link -> ptp link -> AP - - - - > subscribers. At each ...

nzjimmy

What method of layers2 isolation are you referring to? More details would be good.

Thank you

nzjimmy

Hello, Can one subnet provide addressing for many vlans without 1:1 natting? I want one vlan per customer's CPE router, but instead of each vlan having its own /30, just one /25 is used across all vlans. The reason I want to do it this way is to avoid the use of PPPoE but still keep customer's traff...

nzjimmy

A /23 for everyone is must be then - my understanding of queuing is limited at best.

Thanks again XVO and Sindy

nzjimmy

XVO was right, I just changed the masks from 32 to 27 in queue types and it worked as desired, sweet. As much as i'd like to say solved, not quite yet. I have one subnet (hotspot) that is a /23 and the rest are all /27. Yes I could make them all /23 but that's yuk and not proper. Anyone have any ide...

nzjimmy

Thanks for your time Sindy, and thanks xvo for the possible solution. I will do testing and report back.

Thank you

nzjimmy

Hi Sindy, Thanks for such a detailed explanation. I think I actually understand you now, correct me if I am wrong - each vlan (with multiple hosts) will be presented (to queuing) as one IP address, then all the vlan's IPs will be queued in the same way the hosts IPs currently are PCQ'ed? The IPIP tu...

nzjimmy

Thank you Sindy. I think it would be OK to just balance the bandwidth between VLANs and then let the hosts on each VLAN fight for available bandwidth, as the goal is to replicate a typical one circuit per apartment setup so , just like it would be if each had their own connection/router. Having said...

nzjimmy

Hi Sindy, Sorry I never responded. I am revisiting this now as I must find a solution. Would you consider the method you speak of regarding src-nat to be a work-around or best practice? I must do it the 'proper' way as I will be rolling it out across many sites soon and can't let my lack of knowledg...

nzjimmy

Hi,

Thought i'd post I have updated to the latest RC and everything seems OK on CCR1009, AH1100x2 and 2011.

Cheers

nzjimmy

The next RC that will be released, will contain the required changes for Paypal to work again.

Is there a date for this? Or at least an estimated date?

nzjimmy

The next RouterOS release will add TLS 1.2 and fix this issue. Normis, do you have any idea when this will be? Will UM need to be running https as well or will http still work for Usermanager? I have hundreds of customers that can no longer purchase accounts, is there anything I can do to remedy th...

nzjimmy

Thanks Sob, I will do some testing to see it working, then it will make sense. I do have another site setup with second router with public IP as you describe - a /29 with WAN bridge on R1 for R2 and gateway for both at ISP. This current site had to be done this way as ISP accidentally provided much ...

nzjimmy

Thank you Sob, very helpful. I do however lose understanding with the point to point addressing, I have not done addressing where the network ID is in a different subnet from IP address. I need to understand why it works, and why any random IP works for the gateway for all. All private addresses are...

nzjimmy

Hello, I have an additional /30 public subnet routed through an existing /30 connection to ISP in the same way and wonder if you can help me also? My goal is to have a second router public facing, with a WAN IP from the new subnet. I have this working by adding the new subnet to an interface on R1 a...

nzjimmy

Thanks Sindy, unfortunately that went over my head.

I understand how to packet mark. All vlans are configured like 10.200.112.0/27 = vlan 112 etc. Can you break it down more or give me an example?

Thank you

nzjimmy

Hello clever people, I need to backup UM database every night from a bunch of routers to a Ubuntu server. I have been doing this via ftp to a windows box but it is not secure and the windows box is now a Ubuntu box. All routers are in different locations and are public facing, as is the server. Any ...

nzjimmy

Hello, I need to configure my queues in such a manner as to achieve an equal distribution of available bandwidth between a bunch of vlans. I have 15 vlans that each represent a residential unit, plus one more vlan that is a mikrotik hotspot. Current I am using a simple queue with pcq to evenly distr...

nzjimmy

Really? Nice tip. Thanks

nzjimmy

Update: The ISP ended up changing the current /30 to a /29 rather than routing another subnet down the existing /30. To get the result I wanted I applied one of addresses to eth1, created a bridge and added eth1 and eth2 to the bridge. Then connected the second router to eth2 and applied one of the ...

nzjimmy

That is an interesting option. I wonder what RB#2 WAN settings would be though seeing as every address in the subnet will be routed to me ... What would the gateway address be? and would WAN be a /32?

Thanks

nzjimmy

Thanks people, I think I should clarify the existing connection more, and how the new subnet will be available to use. The existing service is dedicated dark-fibre 400Mbps with static /30 addressing. No PPPoE or DHCP. Its is a routed connection where the gateway address is one of the 3 addresses in ...

nzjimmy

Thanks for the suggestion. I do wonder what the second router's config would be though, would its WAN address be one of the routed publics as a /32? and its gateway would be ??

Can't be that simple surely

nzjimmy

Hello, I must configure a second MT router with its own public IP and connect via the first MT router. I do not want to use 1:1 NAT as I need the second router to be UPnP capable, just as the first router is. The current connection is routed from ISP as a /30 and I can request them to route an addit...

nzjimmy

Ok I have an update. I believe the problem not to be caused by MT Hotspot. Issue now fixed by the following simple steps. - 'reset network settings' on iPhone - connect to hotspot network FIRST and log into hotspot. This resolved the issue. I know it seems simple, and it is. Previously I was connect...

nzjimmy

I apologise for not being clear in my original post - when I said "bypass" the hotspot, I actually meant not employing the hotspot at all. The test was run using MT router with UBNT UAP. Two vlans on router associate with two ssids on AP. First vlan interface is for hotspot, second vlan is...

nzjimmy

Users are not logged out of hotspot when this problem occurs. Keep-alives also fail..

Problem also occurs if phone is added to bypass list and can browse fine without traditional authentication steps.

Cheers man

nzjimmy

Hello, When using MT Hotspot, as soon as an iPhone goes to sleep (about 10 seconds after locking) iMessages and notifications fail. Once the screen is touched and phone wakes, notifications and messages arrive. The phone is not logged-out during the time when notifications fail. Using hotspot - I pi...

nzjimmy

Hey man thanks for reply, I have previously checked all those things and everything looks fine. The hotspot vlan has /23 with plenty of addresses left. There are a bunch of /28 vlans that have not yet had this issue, although there are not as many hosts compared to the hotspot vlan so sample size mi...

nzjimmy

Any ideas anyone? Went to site today and both my iPhone and macbook got hotspot dhcp addresses but couldn't login/browse or even ping gateway. How is it possible to be connected to wifi network, have a valid dhcp and router address but not be able to ping the gateway?? I removed both my host address...

nzjimmy

Hello, I have a problem I cannot solve myself and need your help please - Every day or two I get a call from a user saying they cannot browse the Internet. When I remove their LAN IP from DHCP lease list, they get a new IP and the problem is gone, until next time. The user can (but not always) get t...

nzjimmy

Thank you for the suggestion but I would need more information to get this working, and automated ... The wiki was empty

Cheers

nzjimmy

Thank you for response andriys. Yes policy-based IPsec tunnel. If i removed the /tool fetch and entered details manually to each necessay line could that solve the issue? And if so, could you possibly show me an example of what it would look like with source address included? If the above is not pos...

nzjimmy

Hello, I am using a script to backup router and user-manager every day but cannot find a way to chose the existing IPSec tunnel for securely uploading this files to ftp server. The tunnel is working in both directions, can access devices on each LAN in both directions.. The tunnel exists is between ...

nzjimmy

Thanks Tomas!

nzjimmy

Great presentation, this is exactly what I needed. Thank you.

Is it possible for me to see the slides in this presentation? It would be a great help.

nzjimmy

Hello, my first post ... am newbie Is there a way to route all traffic up to 100Mbps to come from WAN1 and the rest from WAN2? Also, if WAN1 goes down all traffic to route through WAN2? I have been looking at connection bytes with mangel rules but cannot find any posts where this is being done. Main...

Search found 55 matches