Community discussions

MikroTik App

Search found 86 matches

by Zoolander06
Fri Feb 24, 2023 6:52 pm
Forum: General
Topic: Passive IPSec tunnel issue
Replies: 3
Views: 642

Re: Passive IPSec tunnel issue

Hello, The topology is pretty standard, I have 2 WAN interfaces and one LAN. First WAN is PPPoE, and is used for the problematic tunnel. Second WAN is IP, and is used as a backup, but not for this tunnel. There is multiple addresses on the LAN interface because the customer previously had multiple g...
by Zoolander06
Fri Feb 24, 2023 6:21 pm
Forum: General
Topic: Passive IPSec tunnel issue
Replies: 3
Views: 642

Re: Passive IPSec tunnel issue

Hello,

Nobody has any idea ?
I have now a second IKEv2 tunnel with the exact same issue...

Does anybody knows how I can trigger a ping when the tunnel goes up, it would be a workaround at least...

Thanks,

Joris
by Zoolander06
Tue Feb 07, 2023 5:38 pm
Forum: General
Topic: Passive IPSec tunnel issue
Replies: 3
Views: 642

Passive IPSec tunnel issue

Hello folks, I have a weird issue with an IKEv2 tunnel set as passive. The originator has no problem to establish the tunnel, and everything seems good, but there is absolutely no trafic. The weird part is that if I ping a distant device just once, everything start to work normally. I don't understa...
by Zoolander06
Fri Dec 09, 2022 11:20 am
Forum: General
Topic: Cannot ping LAN devices over IPSEC tunnel
Replies: 2
Views: 902

Re: Cannot ping LAN devices over IPSEC tunnel

Thanks a lot !!!
by Zoolander06
Thu Dec 08, 2022 5:14 pm
Forum: General
Topic: Cannot ping LAN devices over IPSEC tunnel
Replies: 2
Views: 902

Cannot ping LAN devices over IPSEC tunnel

Hello, I encounter a weird issue that I can't manage to resolve. I have a IKEv2 tunnel which was working fine until yesterday. I can still ping devices on the other side, but the other side can't ping devices on the LAN side of the Mikrotik. He's still able to ping the router tho. What is weird, is ...
by Zoolander06
Mon Nov 21, 2022 4:31 pm
Forum: General
Topic: Multiple PPPoE clients stopped working simultaneously
Replies: 2
Views: 485

Re: Multiple PPPoE clients stopped working simultaneously

Thank you for answering Sindy. I did what you said, and there just one difference : the payload is 8 bytes longer on my PC than on the router. It seems that the "host-uniq" tag is the one which is longer. One other thing : I still have one mikrotik router with working pppoe interface for a...
by Zoolander06
Thu Nov 17, 2022 4:43 pm
Forum: General
Topic: Multiple PPPoE clients stopped working simultaneously
Replies: 2
Views: 485

Multiple PPPoE clients stopped working simultaneously

Hello all ! I have a weird issue : on different Mikrotik routers, the PPPoE connection has stopped working at the exact same time. Of course there is a common point between all of these routers : it's the same FAI (Orange, french FAI) and the same type of connection (VDSL). The problem is obviously ...
by Zoolander06
Mon Jul 19, 2021 11:45 am
Forum: General
Topic: Overriding netmap
Replies: 6
Views: 1153

Re: Overriding netmap

Again, I can't do that because I already have something in the dst-address field : add action=netmap chain=dstnat dst-address=YY.YY.YY.96/29 in-interface=ether2 to-addresses=10.0.0.0/29 My accept rule was a nat rule : /ip firewall nat add action=accept chain=dstnat dst-address=YY.YY.YY.101/32 protoc...
by Zoolander06
Fri Jul 16, 2021 6:59 pm
Forum: General
Topic: Overriding netmap
Replies: 6
Views: 1153

Re: Overriding netmap

It's not a src-address that I want to exclude but a dst-address. Here is the rule : add action=netmap chain=dstnat dst-address=YY.YY.YY.96/29 in-interface=ether2 to-addresses=10.0.0.0/29 I want to exclude IPSec connections for the address YY.YY.YY.101 so I tried to add this rule before : add action=...
by Zoolander06
Fri Jul 16, 2021 6:31 pm
Forum: General
Topic: Overriding netmap
Replies: 6
Views: 1153

Re: Overriding netmap

I won't fit my needs : I want to exclude it just for one dst-address.
by Zoolander06
Fri Jul 16, 2021 5:29 pm
Forum: General
Topic: Overriding netmap
Replies: 6
Views: 1153

Overriding netmap

Hello, I have a RB3011 working well for months with a quite non-standard configuration (it's used as a failover device) with an extended use of netmap function. I used to use PPTP for maintenance purpose, but my ISP doesn't allow it anymore, so I wanted to switch to L2TP. Problem : it doesn't work. ...
by Zoolander06
Thu Mar 11, 2021 5:56 pm
Forum: General
Topic: Forwarding GRE packets not working
Replies: 9
Views: 1347

Re: Forwarding GRE packets not working

Ok thanks, I will retry this later :)
Thank you
by Zoolander06
Thu Mar 11, 2021 5:12 pm
Forum: General
Topic: Forwarding GRE packets not working
Replies: 9
Views: 1347

Re: Forwarding GRE packets not working

Thanks for your answer !
Actually, I renamed my pppoe-out1 interface, that's why there is adsl-ether1 in my nat rule.
But it's the right interface...

Joris
by Zoolander06
Wed Mar 10, 2021 5:36 pm
Forum: General
Topic: Forwarding GRE packets not working
Replies: 9
Views: 1347

Re: Forwarding GRE packets not working

It's a PPPoE client :)
by Zoolander06
Tue Mar 09, 2021 4:58 pm
Forum: General
Topic: Forwarding GRE packets not working
Replies: 9
Views: 1347

Forwarding GRE packets not working

Hello, I try to forward GRE packets to another router behind my router, so I added a dstnat rule : add action=dst-nat chain=dstnat dst-address=xx.xx.xx.xx in-interface=adsl-ether1 protocol=gre to-addresses=192.168.10.171 Sadly, this rule is never triggered (counter stays at 0) and incoming GRE packe...
by Zoolander06
Tue Feb 23, 2021 4:37 pm
Forum: General
Topic: Bridge and failover, is it possible ?
Replies: 4
Views: 987

Re: Bridge and failover, is it possible ?

Thanks, I wanted to know if there was a simple way to do what I wanted to do, in order to keep the same LAN address :)
No I know that there is no simple way to do that, so I did exactly what you advice.

Joris
by Zoolander06
Mon Feb 22, 2021 4:16 pm
Forum: General
Topic: Bridge and failover, is it possible ?
Replies: 4
Views: 987

Re: Bridge and failover, is it possible ?

You're right, but I can't modify anything on the existing router, it is not mine, and I don't have the credentials :/
That's why I'm looking for an alternative...
by Zoolander06
Mon Feb 22, 2021 3:29 pm
Forum: General
Topic: Bridge and failover, is it possible ?
Replies: 4
Views: 987

Bridge and failover, is it possible ?

Hello, Here is my problem : I need to install a 4G failover system on a network, but there already is a router, on which I have no control. This router is also a dhcp server. What I'd like to achieve is to put a Mikrotik router between this existing router and the LAN. Is it possible to setup router...
by Zoolander06
Fri Jan 22, 2021 1:39 pm
Forum: General
Topic: How to use a public subnet and a natted subnet
Replies: 9
Views: 1396

Re: How to use a public subnet and a natted subnet

Thanks Sob for those explanations :)

Joris
by Zoolander06
Fri Jan 15, 2021 6:38 pm
Forum: General
Topic: How to use a public subnet and a natted subnet
Replies: 9
Views: 1396

Re: How to use a public subnet and a natted subnet

Thanks a lot !
It's crystal clear now :)
You just saved me a lot of time and headaches, so thank you again !

Have a nice weekend :)

Joris
by Zoolander06
Fri Jan 15, 2021 4:52 pm
Forum: General
Topic: How to use a public subnet and a natted subnet
Replies: 9
Views: 1396

Re: How to use a public subnet and a natted subnet

Thanks Sindy, I think I understand what you say, but, I need an interface to assign the public subnet right ? So, my WAN interface will receive the IP address of the FTTH by DHCP. Both my LAN interfaces will have a private IP address (let say 192.168.1.254 and 192.168.2.254). But my subnet ? It's su...
by Zoolander06
Fri Jan 15, 2021 2:22 pm
Forum: General
Topic: How to use a public subnet and a natted subnet
Replies: 9
Views: 1396

How to use a public subnet and a natted subnet

Hello, The title of my topic is a little blurry, but I will try to explain what I want to do with my poor english level. So, I have a RB4011 router with a PPPoE FTTH link. My provider provides me a public /29 subnet, which is routed via the public IP of the FTTH. What I want to do is have two LAN in...
by Zoolander06
Wed Oct 21, 2020 12:23 pm
Forum: General
Topic: Bandwith test over a tunnel
Replies: 1
Views: 468

Re: Bandwith test over a tunnel

Nobody ?
by Zoolander06
Mon Oct 19, 2020 6:32 pm
Forum: General
Topic: Bandwith test over a tunnel
Replies: 1
Views: 468

Bandwith test over a tunnel

Hello, I tried to execute a bandwith test between a RB4011 and my laptop connected via an IPSEC tunnel. But nothing works : - if I start the test on ROS, it doesn't connect, either in send or receive mode, and is tcp or udp. - if I start it on my PC, it doesn't connect in udp, and it connect and dis...
by Zoolander06
Mon Oct 19, 2020 6:26 pm
Forum: General
Topic: Dynamic IPSec policy isn't created
Replies: 4
Views: 2150

Re: Dynamic IPSec policy isn't created

So, with the logs, I found the problem ! This line was wrong : /ip ipsec policy add dst-address=172.16.100.0/24 group=vpn proposal=vpn src-address=192.168.2.0/24 template=yes The correct one is : /ip ipsec policy add dst-address=172.16.100.0/24 group=vpn proposal=vpn src-address=0.0.0.0/0 template=y...
by Zoolander06
Mon Oct 19, 2020 5:49 pm
Forum: General
Topic: Dynamic IPSec policy isn't created
Replies: 4
Views: 2150

Re: Dynamic IPSec policy isn't created

Hello,

So I tried with IKEv2 embedded client, but, correct me if I'm wrong, it need either a certificate or a login/password.
In ROS I use a PSK (and don't want to use certificates), so it can't work...
by Zoolander06
Fri Oct 16, 2020 7:25 pm
Forum: General
Topic: Dynamic IPSec policy isn't created
Replies: 4
Views: 2150

Re: Dynamic IPSec policy isn't created

Thanks for your answer, I will try to log this way.

And I will try to use the embedded ikev2 client, which I didn't knew it was a thing :/

That's why I was using Shrew...

Joris
by Zoolander06
Mon Oct 12, 2020 12:04 pm
Forum: General
Topic: Dynamic IPSec policy isn't created
Replies: 4
Views: 2150

Dynamic IPSec policy isn't created

Hello, I try to establish a successful IPSec tunnel between a RB4011 and my laptop with the Shrew IPSec client. Everything seems well, Shrew says that the tunnel is established, but I can't ping the router. So I looked at the log, and had a phase 2 failure, due to the missing of a matching policy, s...
by Zoolander06
Thu Sep 17, 2020 5:25 pm
Forum: General
Topic: Very slow PPTP tunnel
Replies: 8
Views: 3123

Re: Very slow PPTP tunnel

Hi, the speed between two computers is even worse, I don't reach 1Mbps, both sides are connected via 1Gbps FTTH. Here is my conf : /interface bridge add admin-mac=C4:AD:34:D8:7D:AC arp=proxy-arp auto-mac=no comment=defconf \ name=bridge /interface gre add allow-fast-path=no local-address=195.216.141...
by Zoolander06
Thu Sep 17, 2020 12:59 pm
Forum: General
Topic: Very slow PPTP tunnel
Replies: 8
Views: 3123

Re: Very slow PPTP tunnel

I understand that, but, the problem is the same with L2TP/IPSEC or OpenVPN...
I already tried to lower the MTU, that makes no difference :(

Joris
by Zoolander06
Wed Sep 16, 2020 7:28 pm
Forum: General
Topic: Very slow PPTP tunnel
Replies: 8
Views: 3123

Re: Very slow PPTP tunnel

Hi,

Nobody has an idea about my problem ?

It bothers me because I have clients asking me for a good road warrior VPN solution, and I don't know what to answer...
by Zoolander06
Wed Aug 19, 2020 11:03 am
Forum: General
Topic: Very slow PPTP tunnel
Replies: 8
Views: 3123

Re: Very slow PPTP tunnel

I add that I tried with L2TP/IpSec and with OpenVPN with similar results (a little bit better with OpenVPN, but still ridiculous compared with the WAN bandwith).
by Zoolander06
Tue Aug 18, 2020 4:44 pm
Forum: General
Topic: Very slow PPTP tunnel
Replies: 8
Views: 3123

Very slow PPTP tunnel

Hello folks, One of my client asked me to set up some PPTP tunnels for a road warrior usage, but now he complains about the performance. The router is a RB3011 on a symmetric 1Gbps FTTH, the actual bandwith is about 500Mbps symmetric... But when connected to this router via PPTP, if I do a speedtest...
by Zoolander06
Mon Mar 16, 2020 10:27 am
Forum: General
Topic: Packet sniffer : how to stream RTP packets ?
Replies: 5
Views: 2764

Re: Packet sniffer : how to stream RTP packets ?

Hello,

I just filter IP addresses, but no filter on protocol or port.
I will check with tcpdump, that's a good idea :)

Thanks,

Joris
by Zoolander06
Sat Mar 14, 2020 6:57 pm
Forum: General
Topic: Packet sniffer : how to stream RTP packets ?
Replies: 5
Views: 2764

Re: Packet sniffer : how to stream RTP packets ?

Hello, Thanks for answering my topic :) Actually, I do capture everything going out of my IPBX, and send it to a file. But, the issue is not here, if I do the same packet capture directly to a file in the Mikrotik router, it works nice, I have both SIP and RTP packets. But when I stream to Wireshark...
by Zoolander06
Fri Mar 13, 2020 4:22 pm
Forum: General
Topic: Packet sniffer : how to stream RTP packets ?
Replies: 5
Views: 2764

Packet sniffer : how to stream RTP packets ?

Hello, I have to make some SIP debugging, and since the resulting file could be huge, I want to stream it to a server with Wireshark. No problem with that, everything works nice, but, there is a but ! In wireshark, I can see my SIP packets, but not the associated RTP packets, and I need them for a p...
by Zoolander06
Mon Mar 02, 2020 5:00 pm
Forum: General
Topic: Router slows down randomly
Replies: 1
Views: 1538

Router slows down randomly

Hello, So I have a RB2011 with 2 PPPoE DSL WANs. Since today, this router becomes randomly unreachable for a few seconds. At the same time, if I ping any of the WAN interfaces from the outside, I obtain values between 2000 and 3000ms, which is quite high, isn't it ? After a few seconds, everything r...
by Zoolander06
Thu Feb 20, 2020 10:57 am
Forum: General
Topic: GRE Tunnels and Dual Wan on one side
Replies: 4
Views: 4005

Re: GRE Tunnels and Dual Wan on one side

Hello, I dig up this topic because I have a similar issue. For load balancing purpose, I need to establish 2 gre tunnels between 2 routers. On one side I have 1 wan only, with a good bandwith, and on the otherside, I have 2 wan with low bandwith. Everything seems to go well, as both tunnels are runn...
by Zoolander06
Mon Feb 17, 2020 6:51 pm
Forum: General
Topic: How to set priority code on vlan (for pppoe)
Replies: 11
Views: 5934

Re: How to set priority code on vlan (for pppoe)

Hello, Sorry for the late answer. Actually, you can't do that with a mangle, you have to do that with a switch rule : /interface ethernet switch rule add new-vlan-priority=3 ports=switch1-cpu src-mac-address=[interface_mac_address]/FF:FF:FF:FF:FF:FF switch=switch1 The mac address is the one of the i...
by Zoolander06
Tue Jan 28, 2020 12:07 am
Forum: General
Topic: GRE tunnel established, ping ok, but no traffic
Replies: 16
Views: 7503

Re: GRE tunnel established, ping ok, but no traffic

Hello, I still have issues with others GRE tunnels... For now I succeeded to establish a working tunnel between a RB2011 directly connected with PPPoE and another RB2011 behind a NAT router. So tonight I try to establish another tunnel between the same PPPoE connected RB2011 and another PPPoE connec...
by Zoolander06
Tue Jan 21, 2020 4:56 pm
Forum: General
Topic: GRE issues with dual WAN
Replies: 4
Views: 1652

Re: GRE issues with dual WAN

So, I tried with modified src-nat rule and it worked !
The weird thing is that I did another test after rolling back to the previous configuration, and it still worked.
So I'm perplex because I can't explain the issue I had yesterday, but it works now, and I'm happy with that.
Thanks a lot :)

Joris
by Zoolander06
Tue Jan 21, 2020 4:17 pm
Forum: General
Topic: GRE issues with dual WAN
Replies: 4
Views: 1652

Re: GRE issues with dual WAN

Thanks for your answer. I do that by setting src-address in my masquerade rule with my local network subnet, right ? But, even if it is a nat problem, why did the router send packets from the wrong interface, and why did it send it with the bad src-address ??? There is an explicit route for my desti...
by Zoolander06
Mon Jan 20, 2020 6:40 pm
Forum: General
Topic: GRE issues with dual WAN
Replies: 4
Views: 1652

GRE issues with dual WAN

Hello, I have, again, some issues with GRE tunnels. I have an RB2011 at each side. Router A has one WAN,router B has 2 WANs. I set a GRE tunnel between router A and WAN1 of router B, but it didn't work, so I tried to debug it, and found that, if I did "/ip firewall connections print" on ro...
by Zoolander06
Mon Jan 20, 2020 11:40 am
Forum: General
Topic: GRE tunnel established, ping ok, but no traffic
Replies: 16
Views: 7503

Re: GRE tunnel established, ping ok, but no traffic

Actually, it does affect all the traffic.
But since I had enabled the "allow fast track" option, I think that UDP and ICMP didn't pass through the firewall... (I'm not sure how fast track works exactly, so I'm speculating here)

Thanks for your help :)
by Zoolander06
Fri Jan 17, 2020 5:26 pm
Forum: General
Topic: GRE tunnel established, ping ok, but no traffic
Replies: 16
Views: 7503

Re: GRE tunnel established, ping ok, but no traffic

Hello folks, I think I solved my problem ! I had to add a filter rule to accept GRE protocol in the input chain, and I had to add it before the default rule dropping invalid connections. Without this rule, ICMP and UDP works, but only with the "Allow Fast Track" option enabled, with it, I ...
by Zoolander06
Thu Jan 16, 2020 6:45 pm
Forum: General
Topic: GRE tunnel established, ping ok, but no traffic
Replies: 16
Views: 7503

Re: GRE tunnel established, ping ok, but no traffic

I checked what happens in case of an http connection on wan port with packet sniffer : I see the initial packet from my laptop going out the router, and I see the ACK going back to my router, with correct informations inside. But, sometimes after, I see retransmissions of my initial packet, which me...
by Zoolander06
Thu Jan 16, 2020 4:54 pm
Forum: General
Topic: GRE tunnel established, ping ok, but no traffic
Replies: 16
Views: 7503

Re: GRE tunnel established, ping ok, but no traffic

It seems indeed to be tcp related, since UDP works well, and ICMP too. I tried to low MTU value (I tried 1400 and even 1300), but it is not resolving any issues. I tried the mangle rule to clamp mss to pmtu, nothing. If I try a ping with "don't fragment" flag, it works up to the MTU value....
by Zoolander06
Thu Jan 16, 2020 4:29 pm
Forum: General
Topic: GRE tunnel established, ping ok, but no traffic
Replies: 16
Views: 7503

Re: GRE tunnel established, ping ok, but no traffic

Hello, Sorry, I misunderstood the meaning of "include" in my list declaration : /interface list add include=GRE name=LAN But I tried with my gre interface in list LAN (same as my LAN interface) without success... The mangle rule doesn't do anything... And the working tunnel I had yesterday...
by Zoolander06
Thu Jan 16, 2020 11:00 am
Forum: General
Topic: GRE tunnel established, ping ok, but no traffic
Replies: 16
Views: 7503

Re: GRE tunnel established, ping ok, but no traffic

Hi himvas, thanks for answering :) I don't think the issue is in firewall, my gre interface is in a list named GRE, which is included in the LAN interface list. Plus, I tried to put my gre interface directly in the LAN list, and also to add some filter rules to accept anything coming and going throu...
by Zoolander06
Wed Jan 15, 2020 3:36 pm
Forum: General
Topic: GRE tunnel established, ping ok, but no traffic
Replies: 16
Views: 7503

Re: GRE tunnel established, ping ok, but no traffic

Hello, Fun fact : yesterday, I was able to establish a fully fonctionnal tunnel between a Mikrotik 4011 and a Zyxel USG20. Mikrotik was connected via LTE router (NAT on the router + NAT on the provider side), and the Zyxel was connected through the provider's router (with NAT). So I don't understand...
by Zoolander06
Fri Jan 10, 2020 4:04 pm
Forum: General
Topic: GRE tunnel established, ping ok, but no traffic
Replies: 16
Views: 7503

Re: GRE tunnel established, ping ok, but no traffic

Yes it is. There is a route for my destination address using pppoe interface "vdsl-orange-ether1" /ip route add check-gateway=ping distance=1 dst-address=eee.fff.ggg.hhh/32 gateway=vdsl-orange-ether1 There is a src-nat rule for this interface : /ip firewall nat add action=masquerade chain=...
by Zoolander06
Fri Jan 10, 2020 3:59 pm
Forum: General
Topic: IPSEC issues and instability
Replies: 15
Views: 27306

Re: IPSEC issues and instability

So just to make sure I understand : I watch at the MTU automatically chosen (1406 in this case), I substract 20 (so 1386), and I force this value in the GRE settings ?
by Zoolander06
Fri Jan 10, 2020 11:57 am
Forum: General
Topic: GRE tunnel established, ping ok, but no traffic
Replies: 16
Views: 7503

Re: GRE tunnel established, ping ok, but no traffic

Hello, The problems I experience with IPSec are not the same. Actually, I have problems with IPSec, with or without GRE, those are instability problems (tunnel stopping to work without any apparent reason). The fact is that the same GRE tunnel work great with IPSec (except the instability), and does...
by Zoolander06
Fri Jan 10, 2020 11:21 am
Forum: General
Topic: IPSEC issues and instability
Replies: 15
Views: 27306

Re: IPSEC issues and instability

Hello, I sometimes have to use providers-supplied routers, but in this particular case, that's not the case, on both side I have PPPoE interfaces on the Mikrotik. Since davidcx and me are experiencing the same kind of problems, and pe1chl isn't, there maybe is a mistake that we made in our IPSEC con...
by Zoolander06
Thu Jan 09, 2020 7:12 pm
Forum: General
Topic: IPSEC issues and instability
Replies: 15
Views: 27306

Re: IPSEC issues and instability

Hello, I had the same problem again today, on a router with 3 GRE over IPSec tunnels, one of them was disconnected without any reason. The associated IPSec rule was in state "ready to send" on both sides. In the log, I had a message like "phase 1 failed due to time out". I tried ...
by Zoolander06
Thu Jan 09, 2020 7:02 pm
Forum: General
Topic: GRE tunnel established, ping ok, but no traffic
Replies: 16
Views: 7503

GRE tunnel established, ping ok, but no traffic

Hello, I still have a lot of issues with IPSec, getting my GRE over IPSec tunnels down without any reason, with a log message about a phase 1 timeout. So I tried to just disable IPSec encryption on one tunnel, and it instantaneously get up. But, there is a big big "but" ! I can ping any de...
by Zoolander06
Fri Dec 27, 2019 12:20 pm
Forum: General
Topic: IPSEC issues and instability
Replies: 15
Views: 27306

Re: IPSEC issues and instability

Thanks pe1chl :) I have dual tunnel on most of my routers (some have nated backup wan which doesn't support vpn passthrough). So, about preventing packets from living the router from the bad interface, which is the best way to do this ? I thought about adding a blackhole route with priority 2 for th...
by Zoolander06
Thu Dec 26, 2019 4:20 pm
Forum: General
Topic: IPSEC issues and instability
Replies: 15
Views: 27306

Re: IPSEC issues and instability

Thanks for your answers :) @Zacharias : the thing is that the tunnel works most of the time, so the configuration seems to be ok. @pe1chl : That's the kind of thing I thought about, but most of my routers are directly connected via PPPoE interfaces. So the only firewall involved is the one into Rout...
by Zoolander06
Thu Dec 26, 2019 11:49 am
Forum: General
Topic: IPSEC issues and instability
Replies: 15
Views: 27306

IPSEC issues and instability

Hello folks, and merry christmas to you ! I work with Mikrotik routers (mostly rb2011 and rb4011) for a year now, and I have to say they are versatile and powerful devices, but I still struggle with some recurrent issues. The main issue a struggle with is IPSec instability. I explain : Every IPSec t...
by Zoolander06
Thu Nov 14, 2019 3:54 pm
Forum: General
Topic: Switch rule doesn't work
Replies: 18
Views: 5433

Re: Switch rule doesn't work

Thanks a lot for the explanations :)

You're right for the ISP who need priority code 0, it doesn't need a rule to work.
But for the other one, if I don't tag frames, the PPPoE session is established, but the bandwith is very low (something like 2Mbps for a 100Mbps optical fiber).

Joris
by Zoolander06
Wed Nov 13, 2019 6:13 pm
Forum: General
Topic: Switch rule doesn't work
Replies: 18
Views: 5433

Re: Switch rule doesn't work

Thanks a lot Sindy, So, if I use src-mac-address of the ether1 port, it should work ? This is more convenient than the way I use it (with dst-mac-address). But I think I made a huge mistake : I was sniffing packets directly from the Mikrotik and it never worked, but I presume that priority is applie...
by Zoolander06
Tue Nov 12, 2019 11:17 am
Forum: General
Topic: Switch rule doesn't work
Replies: 18
Views: 5433

Re: Switch rule doesn't work

Hi Sindy, You're right I forgot the routerboard model : it's a rb2011, and since I use the ether1 interface, I think the rules should work. Like I said, another provider ask me to tag the packets with priority code 2 (for this one, no mistakes are possible), and I just tried it on another rb2011, it...
by Zoolander06
Fri Nov 08, 2019 5:17 pm
Forum: General
Topic: Switch rule doesn't work
Replies: 18
Views: 5433

Re: Switch rule doesn't work

According to Wikipedia ( https://en.wikipedia.org/wiki/IEEE_P802.1p ), priority code 1, with PCP value 0 is the default. I think my provider need a priority code of 0 (PCP value of 1) since he specifically ask for that. Yet, some providers ask for a priority code 2, and what I did doesn't work with ...
by Zoolander06
Fri Nov 08, 2019 3:21 pm
Forum: General
Topic: Switch rule doesn't work
Replies: 18
Views: 5433

Switch rule doesn't work

Hi, In order to establish a PPPoE connection, my provider ask me two things : - using VLAN4001 - using priority code 0 For the VLAN, no problem, I've created a vlan interface and my pppoe interface over this vlan interface. For the priority code, I've created a switch rule : /interface ethernet swit...
by Zoolander06
Wed Aug 07, 2019 1:25 pm
Forum: General
Topic: How to set priority code on vlan (for pppoe)
Replies: 11
Views: 5934

Re: How to set priority code on vlan (for pppoe)

Yes but some equipements won't process Ethernet frames with 802.1q added bytes, I think... I managed to get it working by matching mac address. Actually, I know mac address cause even without the priority code set, PPPoE works, the only thing is that upstream bandwith is quite limited. So, I have to...
by Zoolander06
Tue Jul 30, 2019 7:00 pm
Forum: General
Topic: How to set priority code on vlan (for pppoe)
Replies: 11
Views: 5934

Re: How to set priority code on vlan (for pppoe)

I will try with src mac address.
If I tag everything with priority code 2, I think it will break my local network too...
by Zoolander06
Tue Jul 30, 2019 5:59 pm
Forum: General
Topic: How to set priority code on vlan (for pppoe)
Replies: 11
Views: 5934

Re: How to set priority code on vlan (for pppoe)

Thank you Sindy for this explanation :)

I don't understand how the MAC address matching work.
Do I have to match on the MAC address of the SDSL modem ?

Joris
by Zoolander06
Tue Jul 30, 2019 3:07 pm
Forum: General
Topic: How to set priority code on vlan (for pppoe)
Replies: 11
Views: 5934

Re: How to set priority code on vlan (for pppoe)

Yes you're right, but my problem is that I have to set a priority code on the VLAN, and I want to be sure I do it the right way.
by Zoolander06
Tue Jul 30, 2019 12:16 pm
Forum: General
Topic: How to set priority code on vlan (for pppoe)
Replies: 11
Views: 5934

Re: How to set priority code on vlan (for pppoe)

I reply myself :)

What if I do that ?
/interface ethernet switch rule
add new-vlan-priority=2 ports=ether1 switch=switch1
/interface ethernet switch vlan
add independent-learning=no ports=ether1 switch=switch1 vlan-id=2900
Is that correct ? I'm not sure how vlan works on switch level...
by Zoolander06
Tue Jul 30, 2019 12:08 pm
Forum: General
Topic: How to set priority code on vlan (for pppoe)
Replies: 11
Views: 5934

How to set priority code on vlan (for pppoe)

Hello folks, I have a SDSL access, and my ISP ask me to set a pppoe session over the vlan2900, with the priority code 2. Before I was working with Zyxel, and I just had to specify priority code in vlan settings. Now I work with Mikrotik (and I love the freedom they offer), and I don't know how to do...
by Zoolander06
Thu Jul 11, 2019 6:49 pm
Forum: General
Topic: No traffic in lan attached queue trees
Replies: 0
Views: 775

No traffic in lan attached queue trees

Hello, I usually use queue trees to prioritize VoIP traffic, and it works well. But I have an issue with a rb2011 : there is absolutely no traffic going through queue trees attached to my lan interfaces. I had this issue in the past because there was a "fast path" default rule, but on this...
by Zoolander06
Mon Apr 29, 2019 12:18 pm
Forum: General
Topic: Routing mangle rule block output traffic
Replies: 2
Views: 1454

Re: Routing mangle rule block output traffic

Hey,

I just solved my problem : I haven't specified a in. interface in my mangle rule, so I assume that incoming packets from the wan were be routed by my output route, and that's why it didn't work...

Joris
by Zoolander06
Mon Apr 29, 2019 12:07 pm
Forum: General
Topic: Routing mangle rule block output traffic
Replies: 2
Views: 1454

Re: Routing mangle rule block output traffic

Plus, I don't know if it's related, but probably, my dst-nat rules don't work at all.

Joris
by Zoolander06
Mon Apr 29, 2019 11:56 am
Forum: General
Topic: Routing mangle rule block output traffic
Replies: 2
Views: 1454

Routing mangle rule block output traffic

Hello folks, I have a weird problem with a RB2011 router : I have two WAN interface, and two LAN interfaces, I wanted to force each LAN interface to go out from a specific WAN interface, as I often do without any problem. So I created mangle rules to mark connections, then to mark routes, and I crea...
by Zoolander06
Fri Mar 22, 2019 3:56 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 304
Views: 157227

Re: v6.45beta [testing] is released!

You can specify DHCP option set per DHCP network. You're right, but I usually need all my phones to be on the same network. I think I could make some subnets, maybe it would work, but it would be easier and more logical to set the options in the vendor class identifier matcher, or in the pool. Than...
by Zoolander06
Wed Mar 20, 2019 4:37 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 304
Views: 157227

Re: v6.45beta [testing] is released!

So I gave a try to the new vendor class identifier matcher feature, it works well but it's quite limited : one can only reserve a pool of IPs to a certain type of devices. It would be nice to be able to send different options to certain devices. Example : I have Yealink and Cisco IP phones on my net...
by Zoolander06
Mon Mar 18, 2019 6:06 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 304
Views: 157227

Re: v6.45beta [testing] is released!


*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
Hi,

Is there a documentation somewhere about this new feature ?

Joris
by Zoolander06
Tue Jan 15, 2019 12:16 pm
Forum: Beginner Basics
Topic: VoIP traffic shaping doesn't works
Replies: 22
Views: 3816

Re: VoIP traffic shaping doesn't works

Yes I figured it out :) So, I will do that : on disconnect (of pppoe-out1) : /queue tree set download max-limit=[/queue tree get MAISON-download max-limit] on connect (of pppoe-out1) : /interfaces pppoe-client monitor pppoe-out2 once do={ if ($status= "connected") do={ /queue tree set down...
by Zoolander06
Mon Jan 14, 2019 6:14 pm
Forum: Beginner Basics
Topic: VoIP traffic shaping doesn't works
Replies: 22
Views: 3816

Re: VoIP traffic shaping doesn't works

Thanks for showing me my mistake.
I understand the problem in case of one link down, maybe I can resolve that particular issue with a few lines of script somewhere...
But I can't find a simple way to execute script on ppp events...
by Zoolander06
Mon Jan 14, 2019 11:09 am
Forum: Beginner Basics
Topic: VoIP traffic shaping doesn't works
Replies: 22
Views: 3816

Re: VoIP traffic shaping doesn't works

Few remarks: * I assume your pppoe's are asymmetric, with download speed >> upload speed? if so max on download doesn't reflect this. Actually, yes, it's asymmetric, 800k upload, and 1600k download on each link. * define priority (>2) on maison-* queues Ok I will. * (unrelated to this thread: that'...
by Zoolander06
Fri Jan 11, 2019 5:52 pm
Forum: Beginner Basics
Topic: VoIP traffic shaping doesn't works
Replies: 22
Views: 3816

Re: VoIP traffic shaping doesn't works

Here is my config, I use protocol and port as criterias to mark connections. # jan/11/2019 09:15:05 by RouterOS 6.43.8 # software id = 3USJ-9ZE1 # # model = 2011UiAS # serial number = 7DD5080FB8A6 /interface bridge add name=bridge /interface pppoe-client add allow=chap disabled=no interface=ether1 k...
by Zoolander06
Fri Jan 11, 2019 4:40 pm
Forum: Beginner Basics
Topic: VoIP traffic shaping doesn't works
Replies: 22
Views: 3816

Re: VoIP traffic shaping doesn't works

That should work. It's a bit after the fact, as it already passed the isp pipe, but by controlling the internal "gate" one can also shape the overall throughput. So you just need to make sure your classification is working. What I do: * connection-mark all VOIP related connection (which a...
by Zoolander06
Fri Jan 11, 2019 4:06 pm
Forum: Beginner Basics
Topic: VoIP traffic shaping doesn't works
Replies: 22
Views: 3816

Re: VoIP traffic shaping doesn't works

Well, it's not, it seems that the mangle rule which mark the connection only see outgoing packets (I only have 80kbps going through it, it should be 160kbps). I think that I must miss something about how RouterOS handle this.
by Zoolander06
Fri Jan 11, 2019 3:32 pm
Forum: Beginner Basics
Topic: VoIP traffic shaping doesn't works
Replies: 22
Views: 3816

Re: VoIP traffic shaping doesn't works

Where is that "downstream queue" attached to? What is it's parent? I have a "download" queue attached to my ethernet bridge (so my LAN), and a "voip_download" queue attached to the "download" queue. I basically copied what is done in the "QoS best practi...
by Zoolander06
Fri Jan 11, 2019 11:40 am
Forum: Beginner Basics
Topic: VoIP traffic shaping doesn't works
Replies: 22
Views: 3816

Re: VoIP traffic shaping doesn't works

Thank you both for helping me ! @pcunite : I carefully read the post, and it seems that this is basically what I've done on my router, but I will check it :) @pe1chl : I understand that I can't control what is going on on the isp side, but I still should see an activity when monitoring my voip downs...
by Zoolander06
Thu Jan 03, 2019 5:44 pm
Forum: Beginner Basics
Topic: VoIP traffic shaping doesn't works
Replies: 22
Views: 3816

VoIP traffic shaping doesn't works

Hello folks, I'm a beginner with Mikrotik, and I try to do VoIP traffic shaping, so I read this document : https://mum.mikrotik.com/presentations/US16/presentation_3004_1462512668.pdf , and I tried to apply that to my configuration. It kinda works, when I make a call, I have about 80kbps flowing thr...