I want to make sure that two MAC addresses from Site "A" will get from DHCP server IPs from Site "B", but rest of the network is cut from any DHCP visibility outside of own network.

Hello, I have configured EoIP, bridged and cut DHCP on UDP ports 67-68 just to make sure network is working correctly and Site "A" receives its own DHCP pool and Site "B" its own. In reality the traffic between Site A and B works L3 using Wireguard fully routed -> all works fine ...

Yeah I think about moving back to IPSEC (IKEv2) to test it... GUYS YOU WON'T BELIEVE! It's running full speed. What I have done? I forced both Mikrotiks RB5009 to work on max CPU Frequency = 1400Mhz without "auto" power savings! https://puu.sh/JW7Ad/db6c645fe1.png And here comes the result...

You are right. I launched 3 FTP sessions on WireGuard and managed to reach 80MB/s. But when I launched 3xSMB transfers they were all total 35MB/s so they were split 10-12MB/s each. What kinds of CPE's you have in both sites? I'm guessing from the speeds that at least the 2000/600 side is GPON some v...

I just tested FTP connection without WireGuard, and I managed to get full 1Gbit/s. There's no any queues, and config is really basic, with just UDP ports opened for WireGuard server. There's seriously nothing extraordinary in config. Totally default, zero queues. Hi, Could you graph the Rx only (To ...

I have enough of those Mikrotiks unfortunately, but I need 2.5GbE ethernet. Slowly I start to think to get rid of Mikrotiks.

I think about : QNAP QHORA-322 but doesn't have SFP+, I need 2.5GbE and SFP+.

I can't get more than 350Mbit/s on TCP, but server can receive 450Mbit/s. I don't get it. This is speed test from router "A" (1Gbit symmetric MTU=1500 without PPPoE) to "B" (2/600, PPPoE MTU=1492) on WireGuard tunnel. https://puu.sh/JVORn/1274866361.png But let's check only TX fr...

I guess you're hitting the CPU ceiling here. While running tests, run CPU profiler, likely one of CPU cores will be at 100%. And I can imagine that wireguard handling might be tied to single CPU core for a few good reasons. https://puu.sh/JVNUj/e205b48725.png I would say 300-350 is pretty decent wi...

Guys, I've been trying to get a full speed between 2 links using Wireguard tunnel. Ping between them is 5-7ms. Two different operators, but having link in local IX so path is very short. Both routers RB5009. One site which has server on board (let's call it A) is full symmetric 1Gbit/s, second one h...

I've been in contact with support on this and can now happily report as of latest version v7.11, for me this is now working!!! No more RX Loss. I was trying RB5009 + this UACC-CM-RJ45-MG on 7.11.2 and nope. It can see it, but nothing can be negotiated (1000Mbit/s on the other side), even if I put m...

My mangle rules stopped working after 7.9.1 update... on RB5009 It just can't mark certain CONTENT packets anylonger... Anybody has same issue? I made another entry in Mangle rule : chain=prerouting action=add-dst-to-address-list protocol=tcp address-list=TEST address-list-timeout=5d dst-port=443 lo...

I'm not sure if after 7.9.1 update suddenly my mangle rules stopped working. I have 2xWANs and there are some IPs I want to route through 2nd WAN. Normally I used this config to add specific CONTENT name using prerouting to a LIST and later mark routing to second WAN, it was working 100% fine and su...

Hello there :-) I had the same problem: mikrotik rb5009 and Arris TG 3442 cable modem. Also port was flapping off and on, and my internet connection was interrupting. I have changed settings on mikrotik: autonegotiation off, and set 1 Gb with full duplex, but this didn't help. Then I called my ISP,...

I have a pretty standard network config: Vodafone modem (Arris TG3442) -> RB5009 Got the same configuration 1:1 and same problem - Arris TG3492LG + RB5009. Sometimes once a day, sometimes 10 times per 10 minutes... v7.8. Anybody got any fix for that port flapping? Doesn't matter if it's port #1 2.5...

I think I found a mistake ... I created 2 tunnels : IPIP and IPSEC, instead of one tunnel IPIP encrypted by IPSEC...

Wrong entries in IPSEC addresses. I put external IP instead of local IPs... Tunnel connected on 1480, and all problems seems to be gone.

Guys just quick question I got 2xRB4011 on 2 sites. Got the linked by IPSEC Tunnel IPIP, I think I observe weird behavior and trying to figure out what's going on, but IPIP connects on MTU 1418, while rest of the network and of course internet connection is 1500. Can it have any influence? Result : ...

But it does not ...
So far the whole day IPIP works fine. I do not use IPv6 so don't really care about GRE if that's the only one difference vs IPIP, there are no drops in browsing pages like with GRE active tunnel.

Thanks, so far I've changed GRE to IPIP and looks like problem has gone. Don't know what happened but one site was changing MTU to 1380 second to 1420 and lots of problems were happening there. Changing MTU statically to 1500 on GRE killed performance and transfers and raised up tons of packet losse...

lower MTU to what value you suggest? Can MTU be lowered on WAN interface, but still be 1500 on the rest of the ports? After excessive tests it looks like my GRE tunnel is causing troubles. Have GRE IPSec connection to my parent's house to have LAN-LAN connection and that started to cause trouble. Le...

Guys, Weird thing, I got 3011 and from some time I'm facing some challenge. Suddenly router is not routing correctly. Ping works fine, but it doesn't want to display www I disconnected router and the same time put a cable directly to my computer - all works fine Each time need to leave as it is, but...

I do confirm. Has the same problem with IPSec...

Any workaround?

Got no clue. Replaced my old hAP AC to RB3011... I took, my old configuration from hAP and uploaded it to RB3011. No issues at all, except the fact that LED panel shows all the time "Starting services" while all works fine. Not sure, but initially it was working fine until I uploaded old c...

First thing which happened after upgrade to 6.41 from 6.40.5 was all the time SFP connection drop. I have to go to the router unplug it and plug it again. Running on :

RB962UIGS 5HACT2HNT HAP AC

During 4h after upgrade it happened twice till now. On 6.40.5 it was running rock solid on SFP.

And from 80 to 9 you can get the response?

How to check if a GRE (or any other) tunnel is running on an encrypted IPSec connection (tunnel) ?

Ok solved. Loved when I solve a problem by myself, as it's my 3rd day with Mikrotik :) I added NAT rule and it worked out, so destination to 3 IP addresses 10.0.1.251, 10.0.1.248. 10.0.1.249 are NATted : Based on 1 IP : 10.0.1.251 (I'll create a list with the exceptions) : By-pass NAT : https://puu....

second site https://puu.sh/yqEol/638290cb17.png Routes are OK. I think if I would have had a possibility to change in those 3 Access Points IP address to DHCP or set them gateways it would have solved the problem, but this is the problem I need to deal with. I think I need to cheat those 3 IPs and c...

This is how it looks, my static route. That's from the 10.0.1.250/24 172.16.1.2 side. I think last entry in the static route is this what you're talking about : Your approach with the GRE tunnel is good, but you forget to set routes to the network on the other side. So you need to add a route to 10....

I found the issue was created by 3xAP which with netmask /24 na IP addresses made static (they are routeres, so they can't get IP address via DHCP) : 10.0.1.251 10.0.1.248 10.0.1.249 They can't be accessed via 192.168.0.1/24, as all addresses from different sites are by-passed NAT. I can change curr...

I needed to link 2 networks. Mostly because of NAS which is located in one site (Both RB962). The tunnel seems to work fine, I by-passed NAT for local networks, so it looks like this : https://puu.sh/yqfR2/7eead0d2c0.png And got couple of noobie questions : 1/ Can I leave only IpSec removing tunnel ...