Community discussions

MikroTik App

Search found 64 matches

by icsterm
Tue Oct 25, 2022 2:18 pm
Forum: Beginner Basics
Topic: SSH tunneling using custom source WAN addreses
Replies: 1
Views: 267

SSH tunneling using custom source WAN addreses

Hello, If I create let's say 10 local users on my RB4011 and enable SSH forwarding, can I use dynamic forwarding to get internet connectivity using selective WAN IP addreses on the router? I have an entire public /27 range and I would like to have a way to tunnel each user using a dedicated public I...
by icsterm
Fri Oct 14, 2022 6:40 am
Forum: Beginner Basics
Topic: Firewall connection-state logic
Replies: 1
Views: 340

Firewall connection-state logic

Hi, If I create any firewall rule using the connection-state options, such as established | invalid | new | related | untracked, are these procesed as individual flags or as combined flags? For example, invalid + untracked flags ticked, will this match all possible permutation scenarios, such as: - ...
by icsterm
Sun Aug 21, 2022 11:01 pm
Forum: General
Topic: Wireguard performance on hap AC2
Replies: 2
Views: 2837

Wireguard performance on hap AC2

Hi, I'm running a hap AC2 with ROS 7.4.1 on a gbit PPPoe connection. I use fasttrack and masquerade and the non-VPN speeds are as expected - 900Mbps download and 900Mbps upload. If I connect the router to a Wireguard gigabit VPS server with the same speed capacity (tested using iperf and speeds are ...
by icsterm
Thu Sep 23, 2021 2:09 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91904

Re: MikroTik RB5009UG+S+IN

Did anyone test Wireguard performance on the RB5009 and can compare it with the RB4011?
I'm wondering if both can achieve gigabit speeds with Wireguard.

Thanks.
by icsterm
Sat Sep 11, 2021 5:38 am
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 309549

Re: ZeroTier added to RouterOS v7.1rc2

Is there any way we can set the interface MTU for ZeroTier?

At first glance everything looks to work fine, but I would like to avoid all packet fragmentation if possible.

No CLI command looks to fit this purpose so far.
by icsterm
Fri Sep 10, 2021 7:58 am
Forum: RouterBOARD hardware
Topic: what is difference flash vs nand?
Replies: 6
Views: 6600

Re: what is difference flash vs nand?

I would also like to know if flash-boot means USB boot.
The wiki does not explain anything about the difference between nand-boot and flash-boot.
by icsterm
Fri Sep 03, 2021 3:07 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 113
Views: 35347

Re: WinBox v3.29 released!

@nescafe2002
I only upgraded since 7.1rc1, it's an older bug for sure (I've not tested 3.28 nor previous 7.x builds).
Couting my sessions it seems that indeed, disconnecting does not clear active sessions.
by icsterm
Fri Sep 03, 2021 12:05 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 113
Views: 35347

Re: WinBox v3.29 released!

Somethig is badly wrong with this version, everytime I try to add side widgets such as cpu load, memory load, current time, etc., the app closes itself from taskbar. Also it happens 10-20% of times when trying to minimize the window to taskbar. I've cleaned %appdata%/roaming/Mikrotik and I've also n...
by icsterm
Fri Sep 03, 2021 12:01 pm
Forum: RouterOS beta
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 43784

Re: v7.1rc2 [development] is released!

Any way to get fastpath working on Wireguard tunnels so we can get more performance out of it?
Fastpath works for PPPoE for example, but not for Wireguard?
I know Wireguard uses built-in kernel module, isn't that fastpath?
FP.png
by icsterm
Mon Aug 30, 2021 11:57 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 76848

Re: v7.1rc1 [development] is released!

None answered so far, for 256MB RAM devices, loading the wave2 package on arm32 (hap ac2) will work if external flash is connected to router?
ROS 7 packages are tied 100% to internal NAND only?
by icsterm
Sun Aug 29, 2021 2:31 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 76848

Re: v7.1rc1 [development] is released!

Is there any possibility to load the wifi wave2 package if I got the 256MB RAM hap ac2 version of the router?
I can put in a flash drive for extra storage, will that work?
by icsterm
Sun May 02, 2021 4:07 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 171
Views: 89650

Re: v6.49beta [testing] is released!

The latest beta build still has the DoH memory leak bug, this bug is present since first 6.48 stable build, hope for a fix.
by icsterm
Sat Feb 06, 2021 4:08 am
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 103
Views: 60240

Re: v6.48.1 [stable] is released!

Why is the DoH leak still not fixed? We asked for a fix a month ago.
by icsterm
Wed Feb 03, 2021 6:44 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 171
Views: 89650

Re: v6.49beta [testing] is released!

No fix for DoH memory leak yet?
I agree, I was also waiting for a DoH memory leak fix.
by icsterm
Fri Jan 22, 2021 3:40 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 295
Views: 127552

Re: v6.48 [stable] is released!

Waiting patienly for the next "beta" release, the DoH memory leak is painful, every few days my hap ac2 needs restart because the 256MB of RAM is not enough, it sometime eats 10MB per hour, this didn't happen when 6.48 was beta (actual release branch).
by icsterm
Wed Jan 13, 2021 9:43 pm
Forum: General
Topic: Why high latency for lte interface ping?
Replies: 15
Views: 3104

Re: Why high latency for lte interface ping?

Here is proof also while using traceroute with Pingplotter: The USB modem is highlighted. There are no hubs or anything in-between. The jitter is so insane I think it's something related to USB bus. high latency.PNG Willing to experiment with firmware hacks to improve latency, but I most likely need...
by icsterm
Wed Jan 13, 2021 9:22 pm
Forum: General
Topic: Why high latency for lte interface ping?
Replies: 15
Views: 3104

Re: Why high latency for lte interface ping?

Can confirm the same with my hap ac2 and an Huawei E8372h-155, the ping is non-sense if you ask me, the firmware is stock and the modem is detected as LTE interface. Here is the ping to the modem's own IP while connected directly via USB: usb modem.PNG I think Mikrotik needs to improve this, it's to...
by icsterm
Thu Nov 12, 2020 12:43 pm
Forum: General
Topic: DoH certificate verification broken?
Replies: 1
Views: 1113

DoH certificate verification broken?

Hi, I moved on using Pi DNS DoH servers, and I see a strange behaviour on ROS side, steps to replicate this: 1. import DST Root CA X3 so RouterOS can check for LetsEncrypt certificates. 2. Set https://doh.centraleu.pi-dns.com/dns-query as DoH server and check 'Verify DoH Certificate' -> everything w...
by icsterm
Fri Jul 03, 2020 10:42 pm
Forum: Beginner Basics
Topic: Combining firewall filter connection-state
Replies: 1
Views: 846

Combining firewall filter connection-state

Sorry for asking a dumb question. If I apply a firewall filter deny rule with connection-state=invalid,new,untracked will it block: 1) - only invalid packets - only new packets - only untracked packets 2) any combination of the 3 options listed before. I'm a bit confused if it's 1 or 2 as the actual...
by icsterm
Sun May 03, 2020 1:12 pm
Forum: RouterOS beta
Topic: Feature Request - Wireguard Protocol
Replies: 167
Views: 84196

Re: Feature Request - Wireguard Protocol

+1 for Wireguard, it's the future of VPN, simplicity and high performance.
by icsterm
Wed Feb 19, 2020 12:58 pm
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 179715

Re: v6.47beta [testing] is released!

Latest TIK app indeed doesn't work with the latest ROS beta, constantly crashes after 'downloading plugins'. Using a hAP ac2. Also, we need the old way of displaying fonts, on smallest zoom on a 1080p monitor with 100% DPI scapping there is a lot of wasted space in the rows. We need a flag to enable...
by icsterm
Tue Jan 28, 2020 10:29 pm
Forum: Beginner Basics
Topic: USB LTE modem that supports cell lock
Replies: 1
Views: 1705

USB LTE modem that supports cell lock

Hey, Someone please recommend me a USB modem that can lock cells. My ISP has a few cells in my area and only one is constantly fast, but the signal strength is not the best on this cell. Which USB modem supports cell locking? Would like to not buy a new router just for this silly thing. Using a hAP ...
by icsterm
Thu Jan 09, 2020 2:08 pm
Forum: General
Topic: Dynamic src-nat troubles
Replies: 0
Views: 1155

Dynamic src-nat troubles

Here is my topology: - eth1 - 1 static public address W.X.Y.Z with default internet route - eth2 - 1 local gateway 192.168.0.1/24 - 1 IKEv2 tunnel running via eth1 There is an mangle rule that marks 192.168.0.128/25 (that's half of the primary local subnet) with "ipsec-hosts" conn-mark and...
by icsterm
Sun Jan 05, 2020 4:10 pm
Forum: General
Topic: Disable IKEv2 reconnection
Replies: 2
Views: 1275

Re: Disable IKEv2 reconnection

Because I use a VPN provider, they allow L2TP/IPSec but that hammers my hap ac2 CPU while torrenting because of the additional encapsulation. I managed to do a script which kills connections if the peer uptime is less than 15 seconds and made the script loop every 10s and also connect to a different...
by icsterm
Sun Jan 05, 2020 2:59 pm
Forum: Beginner Basics
Topic: Two bridged vlans, same port, same L3 domain
Replies: 2
Views: 1632

Re: Two bridged vlans, same port, same L3 domain

Solution is:
-create vlan interface, add it to the physical port to the PC
-add vlan interface in bridge
by icsterm
Sun Jan 05, 2020 1:52 pm
Forum: Beginner Basics
Topic: Two bridged vlans, same port, same L3 domain
Replies: 2
Views: 1632

Two bridged vlans, same port, same L3 domain

Hi, I am trying to have a PC with trunk capabilities use on a single NIC : - the default untagged VID 1 - as 1st interface - tagged VID 999 - as 2nd interface (using different generated MAC address) - vlans should be bridged in the same L2 domain, L3 domain (same subnet and dhcp server) running on &...
by icsterm
Sat Jan 04, 2020 8:56 pm
Forum: General
Topic: Disable IKEv2 reconnection
Replies: 2
Views: 1275

Disable IKEv2 reconnection

Hi, I would like to use a script that checks if PH2 state is established and if SA's are installed, and stop RouterOS from doing automatic reconnections, just like the way tunnels work with the "dial on-demand option'. I was thinking of a way to disable 'send initial contact' option but without...
by icsterm
Fri Jan 03, 2020 5:37 pm
Forum: General
Topic: blackhole/unreachable with IPSec policies [SOLVED]
Replies: 34
Views: 14962

Re: blackhole/unreachable with IPSec policies [SOLVED]

So the mangle rule assigning the routing-mark activating the blackhole route must match on the connection-mark if you use it the above way, or it must match on the actual src-address, i.e. the one before the src-nat. Damn, my issue is that I also have a separate PPTP tunnel, and I wanted once the I...
by icsterm
Fri Jan 03, 2020 3:47 pm
Forum: General
Topic: blackhole/unreachable with IPSec policies [SOLVED]
Replies: 34
Views: 14962

Re: blackhole/unreachable with IPSec policies [SOLVED]

Can someone post the config with both srcnat and mangle mark-route commands for the bridge blackhole scenario? I've successfully implemented the src-nat to 127.0.0.1, which drops packets once the dynamic mode-config src-nat rule dissapears once the vpn is down, but if I try using src-nat to let's sa...
by icsterm
Thu Jan 02, 2020 3:14 pm
Forum: General
Topic: IPsec Kill switch when vpn is down
Replies: 9
Views: 6361

Re: IPsec Kill switch when vpn is down

I've improved the killswitch by moving the filter in the output chain: 2 ;;; killswitch chain=output action=drop src-address=192.168.88.0/24 connection-mark=no-mark log=no log-prefix="" Because I mark both ipsec and non-ipsec using mangle in the forward chain, the non-ipsec traffic gets dr...
by icsterm
Wed Jan 01, 2020 5:28 pm
Forum: General
Topic: IPsec Kill switch when vpn is down
Replies: 9
Views: 6361

Re: IPsec Kill switch when vpn is down

After digging for a solution I found one that works: 1 ;;; fasttrack-no-ipsec chain=forward action=fasttrack-connection connection-state=established,related connection-mark=no-mark log=no log-prefix="" 2 ;;; killswitch chain=forward action=drop connection-state=established,related src-addr...
by icsterm
Tue Dec 31, 2019 10:43 pm
Forum: General
Topic: IPsec Kill switch when vpn is down
Replies: 9
Views: 6361

Re: IPsec Kill switch when vpn is down

I'm also interested in a rule that blocks non-ipsec traffic once the IKEv2 tunnel drops. Using an exclude connection mark like the way we do fasttrack except ipsec seems to not work at all under firewall - filter rules, all traffic is blocked lol: mangle: 4 ;;; mark-ipsec chain=forward action=mark-c...
by icsterm
Thu Nov 28, 2019 9:59 pm
Forum: General
Topic: Adding firewall rules in a certain position without move command
Replies: 2
Views: 3941

Adding firewall rules in a certain position without move command

Hi, How can I add filter or nat rules without adding the rule in the last position then using 'move' to change the sequence? Should be able to squeeze a new rule in-between other rules without using 2 commands instead of just one. I want to use a script to regenerate 2 NAT rules once a tunnel goes u...
by icsterm
Wed Nov 20, 2019 7:50 pm
Forum: General
Topic: Simple script to export address list into routing table?
Replies: 0
Views: 871

Simple script to export address list into routing table?

Hi,


I would like to make a script that looks up the address list, such as " > /ip firewall address-list print where list="ifconfig.co";" and writes the result in the routing table using a custom gateway.
Anyone knows how?
by icsterm
Sat Nov 16, 2019 9:35 pm
Forum: General
Topic: Fasttracking using filter vs mangle
Replies: 4
Views: 2455

Fasttracking using filter vs mangle

Hi, Can someone tell me what is the difference between: /ip firewall mangle chain=prerouting action=fasttrack-connection log=no log-prefix="" vs /ip firewall filter chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix="" Also, I can man...
by icsterm
Sat Nov 16, 2019 3:07 pm
Forum: General
Topic: Fastpath on L2TP client only working for RX
Replies: 1
Views: 1829

Re: Fastpath on L2TP client only working for RX

does anyone have a clue?
by icsterm
Fri Oct 18, 2019 2:33 pm
Forum: General
Topic: Fastpath on L2TP client only working for RX
Replies: 1
Views: 1829

Fastpath on L2TP client only working for RX

Hi, I'm using a PIA VPN L2TP connection without ipsec, I've enabled NAT (masquerade), fasttrack & accept filter rules & no other settings that might affect Fastpath. Why is my L2tp client connection only doing Fastpath on TX packets? Am I missing something? I've also messed with lowering MSS...
by icsterm
Thu Aug 01, 2019 4:05 pm
Forum: General
Topic: DHCP error message [SOLVED]
Replies: 4
Views: 3201

Re: DHCP error message [SOLVED]

Indeed, I was too lazy removing the dhcp client config. I only use static WAN ip addresses.
Thx a lot !
by icsterm
Thu Aug 01, 2019 3:58 pm
Forum: General
Topic: DHCP error message [SOLVED]
Replies: 4
Views: 3201

Re: DHCP error message [SOLVED]

I actually have the dhcp server on the bridge, which has all ethernet ports included in it (except sfp-plus). [admin@MikroTik] > /ip dhcp-server print detail Flags: D - dynamic, X - disabled, I - invalid 0 name="dhcp" interface=bridge lease-time=7h address-pool=default-dhcp bootp-support=d...
by icsterm
Thu Aug 01, 2019 3:53 pm
Forum: General
Topic: DHCP error message [SOLVED]
Replies: 4
Views: 3201

DHCP error message [SOLVED]

Hi,

How can I fix this DHCP error message?


"dhcp, error temporary moving client ether1 from slave to master port, update your config !!!"

Running v6.44.5 long-term on a RB4011, other than having dhcp server on the bridge interface directly, I can't figure out what is the problem.
by icsterm
Sat Feb 09, 2019 6:42 pm
Forum: Scripting
Topic: If e-mail is sent, true/false variable
Replies: 1
Views: 1026

If e-mail is sent, true/false variable

Hello, Can someone cook me a quick script that does the following: If "/tool e-mail send to=me@me.com body="$strName Logs for $strDate" subject="$strName Logs for $strDate $strTime" file=log" is sent successfully, then do: /file remove log log info message="Logs su...
by icsterm
Fri Feb 08, 2019 11:20 am
Forum: General
Topic: Allow tracert to work, without ICMP hole in firewall?
Replies: 4
Views: 4597

Re: Allow tracert to work, without ICMP hole in firewall?

For anyone wondering, creating input rules for both echo reply and time exceeded allow both ping and traceroute to work fine, while ping and traceroute from internet will be denied.
This is strictly for traffic originating from the router itself.
by icsterm
Thu Jan 24, 2019 3:26 pm
Forum: General
Topic: Srcnat and WAN fallover
Replies: 2
Views: 894

Re: Srcnat and WAN fallover

Judging by how many src-nat rules I use for WAN1 (I have 29 ip interfaces for the /27 provided by the WAN1 ISP), the check-gateway option on routes is not a solution. Checking the Mikrotik wiki I came around Netwatch which can run scripts when a target host is up/down. I will use that to swap around...
by icsterm
Thu Jan 24, 2019 2:30 pm
Forum: General
Topic: Srcnat and WAN fallover
Replies: 2
Views: 894

Srcnat and WAN fallover

I have an RB4011, 2 WAN connections and one private subnet which gets NATed for internet access. WAN1 has a /27 range alocated from ISP, while the secondary WAN2 is mainly for backup, just one IP. WAN1 uses srcnat 'one-to-one' NAT: add action=src-nat chain=srcnat comment="NAT" src-address=...
by icsterm
Thu Nov 15, 2018 12:15 pm
Forum: General
Topic: IP Neighbor Discovery
Replies: 12
Views: 7641

Re: IP Neighbor Discovery

Just filter out UDP broadcast packets with destination 255.255.255.255 & port 5678 on the devices you don't want taking part in MNDP.
by icsterm
Fri Aug 24, 2018 12:26 am
Forum: General
Topic: hAP ac² bridge graphing not working properly
Replies: 3
Views: 1279

Re: hAP ac² bridge graphing not working properly

Still, no one?
by icsterm
Tue Aug 21, 2018 10:14 am
Forum: General
Topic: hAP ac² bridge graphing not working properly
Replies: 3
Views: 1279

Re: hAP ac² bridge graphing not working properly

No one has ever activated graphs on the bridge on this board??
by icsterm
Mon Aug 20, 2018 6:50 pm
Forum: General
Topic: hAP ac² bridge graphing not working properly
Replies: 3
Views: 1279

hAP ac² bridge graphing not working properly

Hi, Is there any limitation in ROS graphing with hAP ac²(ARM) devices? I'm running v6.42.7 ROS version on all my MKT devices. I have one hAP ac² with fastpath+fastforward enabled on a single bridge, all interfaces in the same bridge, and the bridge graph shows less(or almost none at all) traffic tha...
by icsterm
Tue Jun 19, 2018 8:52 pm
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 39377

Re: v6.42.4 [current]

Just script it just be the new Mikrotik slogan :)
by icsterm
Tue Jun 19, 2018 6:14 pm
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 39377

Re: v6.42.4 [current]

It's tested & working just fine on 2 ROS devices I own. It's not my script but I find it usefull. The only bootloop possible is one caused by the new bootloader not being properly written. Which didn't happen to me on 30-40 RC updates. If bootloop happens, just netinstall the router again and ma...
by icsterm
Tue Jun 19, 2018 5:58 pm
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 39377

Re: v6.42.4 [current]

Can anybody make me a solution / script so after the ROS upgrade the unit either in the same reboot, or thereafter reboots again to update the fw version? Now each and every unit has to be rebooted twice. which is a pain if you have to do big amounts.... here you go :log info "Checking firmwar...
by icsterm
Sat May 26, 2018 4:27 pm
Forum: General
Topic: Search inside the log
Replies: 7
Views: 15927

Re: Search inside the log

This feature is such a pain in the ass, if it's not available under winbox maybe it's available under CLI?
Does anyone know a log filter command?
by icsterm
Wed Apr 25, 2018 11:45 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 98642

Re: v6.42.1 [current]

RouterOS version 6.42.1 has been released in public "current" channel! *) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices; Still can't turn off the port led indicators in the hap ac2, winbox returns error that the board doesn't have this functionality.
by icsterm
Fri Apr 20, 2018 10:11 pm
Forum: RouterBOARD hardware
Topic: HAP ac2 vs rb750gr3 cpu power
Replies: 3
Views: 8440

Re: HAP ac2 vs rb750gr3 cpu power

i have both, the hap ac2 is faster by a substantial amount.
on a 1gbit pppoe link, the rb750gr3 loads the cpu at max ~50% while the hap ac2 loads the cpu at 25-30%.
can't tell about the encryption, according to mikrotik the ipsec acceleration is also faster.
by icsterm
Tue Apr 17, 2018 11:59 am
Forum: General
Topic: OpenVPN SHA256 + UDP
Replies: 67
Views: 48173

Re: OpenVPN SHA256 + UDP

I'd consider switching to L2TP+ipsec or EoIP+ipsec(for mikrotik on both sides), both use UDP and encryption and should perform the same or better in performance. OpenVPN on UDP has been requested years ago and won't come too soon on Mikrotik, probably never. SHA256 is supported on the mentioned prot...
by icsterm
Tue Apr 17, 2018 10:18 am
Forum: General
Topic: L2TP VPN set up on MT so that they cannot detect it's a VPN
Replies: 2
Views: 1603

Re: L2TP VPN set up on MT so that they cannot detect it's a VPN

1. Try changing MTU so MSS is changed also accordingly to some random uncommon value. 2. Test with http://witch.valdikss.org.ru/ and https://ipleak.net/ If it fails, maybe your external ip is probed for common vpn ports and the vpn provider app uses some other ip that doesn't expose those ports. Or ...
by icsterm
Wed Apr 11, 2018 8:33 pm
Forum: Wireless Networking
Topic: hAP ac^2 Problems---Extremely Poor Performance found in 2.4G and 5G WiFi
Replies: 304
Views: 153141

Re: hAP ac^2 Problems---Extremely Poor Performance found in 2.4G and 5G WiFi

I find the same poor performance in 5G on the hAP ac^2, I have 1Gbps WAN connection but the 5G connection on AC/80MHz at one metter from the router only throughputs at about 220Mbps download and 270Mbps upload. If I connect a similar priced Asus RT-AC1200G+, use same wireless settings as on the hAP ...
by icsterm
Wed Mar 21, 2018 2:45 pm
Forum: Beginner Basics
Topic: Block web site with Firewall
Replies: 10
Views: 25182

Re: Block web site with Firewall

I would just add all the facebook and youtube prefix list in the routing table with type unreachable, keeping fasttrack and call it a day. But it seems a lot of youtube servers share the same subnet with google.com, so it's hard to do. One way around is to block youtube and facebook domains in the m...
by icsterm
Wed Mar 21, 2018 2:13 pm
Forum: Beginner Basics
Topic: Bypass VPN for Netflix?
Replies: 16
Views: 14412

Re: Bypass VPN for Netflix?

Here is the config for bypassing netflix on VPN. It includes all Netflix + Amazon CDN aggregated prefixed worldwide (326 summarized routes instead of ~1.2K routes). Don't forget to add default route through VPN too. Tested and working 100%, netflix bypasses VPN by CIDR matching in the route table. I...
by icsterm
Tue Mar 20, 2018 11:38 pm
Forum: General
Topic: L2TP VPN selective routing using mangle filters
Replies: 2
Views: 1673

L2TP VPN selective routing using mangle filters

Hi, Here is my setup: RB750Gr3 running 6.42rc46, PPPoE WAN connection, NAT with fasttrack enabled, and a L2TP client for selective NAT routing. Config: /ip firewall filter add action=fasttrack-connection chain=forward comment="fasttrack non-vpn" connection-state=established,related \ in-in...
by icsterm
Mon Mar 19, 2018 2:52 pm
Forum: General
Topic: 6.42rc43 breaks fasttrack [SOLVED]
Replies: 3
Views: 2412

Re: 6.42rc43 breaks fasttrack [SOLVED]

I'm having some sort of similar scenario on my RB750Gr3, after the same RC update I get some mixed bag of performance, despite "IP -> firewall -> Connections" show my IP sessions with the fasttrack flag, I can only saturate 70% of my gigabit pppoe line, before it was saturating just fine a...
by icsterm
Mon Mar 19, 2018 2:45 pm
Forum: General
Topic: RB750Gr3 SSH
Replies: 4
Views: 2051

Re: RB750Gr3 SSH

indeed, i had security package disabled that's why ssh was missing.
thanks guys !
by icsterm
Sun Mar 11, 2018 11:13 pm
Forum: General
Topic: RB750Gr3 SSH
Replies: 4
Views: 2051

RB750Gr3 SSH

Hello,

I decided to enable SSH server on the RB750Gr3 router, using 6.42rc39 build, but the /system ssh and /ip ssh commands are not accepted. Before buying this router the spec sheet of this model stated SSH on most websites that sold it.
Does it support SSH server/client at all?