Community discussions

MUM Europe 2020

Search found 32 matches

by Raice
Sun Nov 04, 2018 9:08 am
Forum: General
Topic: SNMP DHCP Server
Replies: 1
Views: 451

SNMP DHCP Server

Hello! This page in wiki https://wiki.mikrotik.com/wiki/Manual:SNMP says that RouterOS uses following MIB - DHCP-SERVER-MIB Could you point me to the place where I can get this MIB? By googling I found only D-Link and Cisco MIBs I want to get some information (MAC, IP, hostname, lease time) from ROS...
by Raice
Tue May 23, 2017 7:06 pm
Forum: General
Topic: IKEv2 between 2 ROS routers
Replies: 23
Views: 5418

Re: IKEv2 between 2 ROS routers

There are example sin the manual for almost all the setup cases, including L2TP ipsec https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Ipsec.2FL2TP_behind_NAT This is definitely not my setup. My setup is between 2 ROS routers. Client ROS is behind provider's NAT. And, yes, I tried that setup in wiki....
by Raice
Tue May 23, 2017 5:44 am
Forum: General
Topic: IKEv2 between 2 ROS routers
Replies: 23
Views: 5418

Re: IKEv2 between 2 ROS routers

If packets you try to send over the tunnel have correct source address (10.224.2.82) then there shouldn't be any problems. If source address is wrong then of course policy will not match the packet.
Could you help me, please?
by Raice
Thu May 18, 2017 3:34 am
Forum: General
Topic: IKEv2 between 2 ROS routers
Replies: 23
Views: 5418

Re: IKEv2 between 2 ROS routers

If packets you try to send over the tunnel have correct source address (10.224.2.82) then there shouldn't be any problems. If source address is wrong then of course policy will not match the packet. Ok, I understand that. Can you tell me how, for example, I can make L2TP connection to server (10.22...
by Raice
Wed May 17, 2017 3:47 pm
Forum: General
Topic: IKEv2 between 2 ROS routers
Replies: 23
Views: 5418

Re: IKEv2 between 2 ROS routers

What routing table looks like on client device? Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0 pppoe-ct 5 1 ADC 10.224.2.82/32 10.224.2.8...
by Raice
Wed May 17, 2017 3:22 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 82646

Re: Feature Req: IKEv2 server and client

Ipsec is policy based, it is not supposed to push any routes.
Could you please look into my problem?
viewtopic.php?f=2&t=121609
by Raice
Wed May 17, 2017 3:14 pm
Forum: General
Topic: IKEv2 between 2 ROS routers
Replies: 23
Views: 5418

Re: IKEv2 between 2 ROS routers

Is it not honoring the configured remote-address? what "remote-address"? where? may be better to use IKEv1 then, there it works for sure how can IKEv1 help to solve these problems? I have a network of several clients connected to a central router and only the central router is on a fixed address wi...
by Raice
Wed May 17, 2017 2:20 pm
Forum: General
Topic: IKEv2 between 2 ROS routers
Replies: 23
Views: 5418

Re: IKEv2 between 2 ROS routers

I tried to change netmask in modeconf to 24. After that - client got route and I can connect to L2TP-server 63 ADC 10.224.2.0/24 10.224.2.82 pppoe-ct 0 But now I got another problem. Other clients cannot connect. Only first connected client. On the server I got messages when other clients try to con...
by Raice
Wed May 17, 2017 2:07 pm
Forum: General
Topic: IKEv2 between 2 ROS routers
Replies: 23
Views: 5418

Re: IKEv2 between 2 ROS routers

Thank you for your suggestion, but i think there is a misunderstanding. I CANNOT get static IP for IKEv2 client. IKEv2 client gets its address from the pool. That is the problem. Summary: 1. ROS-server doesn't push network route from split-include or ROS-client doesn't receive it. Anyway, network is...
by Raice
Wed May 17, 2017 1:15 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 82646

Re: Feature Req: IKEv2 server and client

i have insert 192.168.83.0/24 in mode-config for vpn and reconnect the vpn-client but the gateway will not push to them. Syntax Problem? [admin@router] /ip ipsec mode-config> print Flags: * - default 0 * name="request-only" 1 name="cfg1" system-dns=yes static-dns="" address-pool=vpnpool address-pre...
by Raice
Wed May 17, 2017 9:55 am
Forum: General
Topic: IKEv2 between 2 ROS routers
Replies: 23
Views: 5418

Re: IKEv2 between 2 ROS routers

Yes, I do not plan to use IPsec directly. I want to put L2TP over it, but I can't, because there is no route is added automatically, so L2TP server (server ROS) is unreachable without that route. And I can't add it manually, because there is no way to make IP address reservation for client router. E...
by Raice
Wed May 17, 2017 5:12 am
Forum: General
Topic: IKEv2 between 2 ROS routers
Replies: 23
Views: 5418

Re: IKEv2 between 2 ROS routers

This is probably the result of having NAT on the same router and no exception for the VPN traffic. Remember the router first checks the route table to see where the traffic has to go and what source address to use for that, and if there is no plain untranslated route to your VPN peer it will alread...
by Raice
Tue May 16, 2017 9:27 am
Forum: General
Topic: IKEv2 between 2 ROS routers
Replies: 23
Views: 5418

Re: IKEv2 between 2 ROS routers

Any ideas?
by Raice
Mon May 15, 2017 11:20 am
Forum: General
Topic: IKEv2 between 2 ROS routers
Replies: 23
Views: 5418

IKEv2 between 2 ROS routers

Hello! I'm trying to establish connection between 2 ROS routers. One is behind provider's NAT (PPPoE connection) and the other is with static IP. Here is my setup: Router #1 (client) /ip ipsec mode-config set [ find default=yes ] name=request-only /ip ipsec policy group set [ find default=yes ] name...
by Raice
Mon Jan 16, 2017 3:33 pm
Forum: General
Topic: IPsec - client behind NAT
Replies: 2
Views: 2365

Re: IPsec - client behind NAT

My favorite mode of IPsec operation is to use a tunnel interface (L2TP, IPIP, GRE) over IPsec transport, then use a routing protocol (BGP) to automatically route the endpoint subnets over the tunnel. Agree with that, but first, you have to establish IPsec connection, after that you can you any tunn...
by Raice
Thu Jan 12, 2017 8:42 am
Forum: General
Topic: IPsec - client behind NAT
Replies: 2
Views: 2365

IPsec - client behind NAT

Hello! Please help me to set up IPsec connection between 2 MT devices or MT (client) and Strongswan (server). Server has static public IP address Client has public dynamic address, but all connections are NATed For example, PPPoE connection on client router gets IP address 100.64.37.102, but when it...
by Raice
Thu Dec 29, 2016 11:44 am
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 112
Views: 33787

Re: RB750Gr3 - Report and questions

So just to confirm what i am reading, Hex v3 to Strongswan ipsec in transport will yeild somewhere around 100Mbits, and in tunnel can yield more? I want to put one of these in front of my 2011 for the aes128 HW encryption wanna make sure i can hit at least 75/75 Finally received a RB750Gr3 yesterda...
by Raice
Thu Oct 08, 2015 7:21 am
Forum: General
Topic: ROS as road warrior IPSec client
Replies: 1
Views: 706

Re: ROS as road warrior IPSec client

Hello to everybody!
Please help me. Any suggestions?
by Raice
Sun Sep 27, 2015 1:03 pm
Forum: General
Topic: ROS as road warrior IPSec client
Replies: 1
Views: 706

ROS as road warrior IPSec client

Hello! Is there any way to set up Mikrotik ROS device as as IPSec road warrior client to another Mikrotik ROS Device? I have following setup: 1. RB1100AHx2 with static public IP in IDC 2. RB2011 with dynamic public IP I followed this guide http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_s...
by Raice
Mon Nov 10, 2014 12:02 pm
Forum: General
Topic: GeoIP Routing
Replies: 1
Views: 3886

Re: GeoIP Routing

Found this post
http://blog.erben.sk/2014/02/06/country-cidr-ip-ranges/
/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/CN
/import file-name=CN
Example for CHINA
It generates script, which creates address-list named CN

Source of ip blocks is http://ipdeny.com/ipblocks/
by Raice
Sun Dec 01, 2013 5:12 pm
Forum: General
Topic: Log is flooded with "system, info address changed"
Replies: 5
Views: 1627

Re: Log is flooded with "system, info address changed"

I added this topic, trying to figure out what is going on
by Raice
Fri Nov 29, 2013 4:18 pm
Forum: General
Topic: Log is flooded with "system, info address changed"
Replies: 5
Views: 1627

Re: Log is flooded with "system, info address changed"

Here is my config # nov/29/2013 22:11:44 by RouterOS 6.6 # software id = # /interface bridge add admin-mac=D4:CA:6D:4C:90:E5 auto-mac=no l2mtu=2290 name=bridge-local \ protocol-mode=rstp /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=\ 20/40mhz-ht-below disabled=no...
by Raice
Fri Nov 29, 2013 1:23 am
Forum: General
Topic: Log is flooded with "system, info address changed"
Replies: 5
Views: 1627

Re: Log is flooded with "system, info address changed"

Help, please. The log is completely useless now :(
by Raice
Sat Nov 23, 2013 7:59 am
Forum: General
Topic: Log is flooded with "system, info address changed"
Replies: 5
Views: 1627

Log is flooded with "system, info address changed"

Hello!

After upgrade to 6.6 log is constantly flooded with message "system, info - address changed"

What does it mean? How to get rid of it?

Screenshot from winbox is attached
by Raice
Mon Dec 22, 2008 4:20 pm
Forum: General
Topic: IGMP Proxy in 3.16
Replies: 3
Views: 1446

Re: IGMP Proxy in 3.16

you have to set up igmp-proxy interfaces for igmp-proxy to work on the router. because there is no algorithm to determine upstream/downstream interfaces, you have explicitly set up these settings. from your linux configuration you set eth1 as upstream and eth0 as downstream, you have to do the same...
by Raice
Sat Nov 29, 2008 9:44 am
Forum: General
Topic: IGMP Proxy in 3.16
Replies: 3
Views: 1446

IGMP Proxy in 3.16

Hi! Please help me to configure IGMP proxy in ROS. Before upgrading to 3.16, i used linux-box for IPTV igmp proxying (igmpproxy) with this config quickleave phyint eth1 upstream ratelimit 0 threshold 1 altnet 10.0.0.0/8 phyint eth0 downstream ratelimit 0 threshold 1 it works fine, but this linux-box...
by Raice
Wed Feb 13, 2008 7:32 pm
Forum: General
Topic: Watching IPTV behind ROS 3.x
Replies: 4
Views: 2131

Re: Watching IPTV behind ROS 3.x

Tried to use this guide with no result
Could you give me more detailed explanation?
It seems that my ISP doesnot use PIM
by Raice
Wed Feb 13, 2008 5:08 pm
Forum: General
Topic: Watching IPTV behind ROS 3.x
Replies: 4
Views: 2131

Watching IPTV behind ROS 3.x

Hello! I'am very new to IPTV and i need some help I'm using ROS3.0 in my home network. My ISP provides IPTV via multicast. Now I can watch TV only if I connect my ISP's link directly to my PC. Then, I can use VLC player to watch TV with links: udp://@239.192.8.2:1234 udp://@239.192.3.9:1234 etc... a...
by Raice
Fri Jan 04, 2008 9:37 pm
Forum: General
Topic: Load Balancing and static routes (3.0rc13)
Replies: 1
Views: 1951

Load Balancing and static routes (3.0rc13)

Hi! I have such setup: 2 WAN links - 1 ADSL PPPoE and 1 Ethernet (DHCP) from different ISPs I set up load balancing /ip firewall mangle ;;; Mark NTH2-1 chain=prerouting action=mark-packet new-packet-mark=nlb-krasnet0 passthrough=yes connection-state=new nth=2,1 5 ;;; Mark NTH2-2 chain=prerouting act...
by Raice
Fri Jan 12, 2007 3:31 pm
Forum: General
Topic: SMTP server and 2 WAN links scenario
Replies: 3
Views: 959

Anybody knows?
by Raice
Wed Jan 10, 2007 4:33 pm
Forum: General
Topic: SMTP server and 2 WAN links scenario
Replies: 3
Views: 959

NAT rules

Access for LAN computers 3 ;;; Access to wan1 chain=srcnat out-interface=wan1 src-address=192.168.1.0/24 routing-mark=routewan1 action=masquerade 4 ;;; Access to ADSL modem chain=srcnat out-interface=wan2 src-address=192.168.1.0/24 dst-address=192.168.2.0/24 action=masquerade 5 ;;; Access to pppoe1 ...
by Raice
Tue Jan 09, 2007 7:42 pm
Forum: General
Topic: SMTP server and 2 WAN links scenario
Replies: 3
Views: 959

SMTP server and 2 WAN links scenario

Hi! Is it possible scenario? I have 2 WAN links, 1 ethernet (wan1) and PPPoE (pppoe1) both with static IPs In the local network I have SMTP Server on 192.168.1.3 I need the following: 1. LAN computers use pppoe1 to access Internet 2. SMTP Server is listeting and recieving incoming connections on bot...