MikroTik

ayufan

download directory as .tar.gz and to upload (and unpack) .tar.gz archive.
The layers being pulled from registry of container images are `.tar.gz` and MikroTik unpacks them.

ayufan

There's a problem with filesystems mounted with `nosuid` preventing usage of `sudo` (and possibly PTY access). This is also present on all mounted disk. # RouterOS /interface veth add address=172.17.0.3/16 gateway=172.17.0.1 name=ssh-veth /container config set registry-url=https://registry-1.docker....

ayufan

That kind of features would always be difficult. How do you want the traffic to be routed? For the static veth interfaces you define that at the RouterOS side during setup of your container, but when the container would be allowed to setup dynamic interfaces (like tunnels), what would they be conne...

ayufan

Does anyone know if the replaceable antenna is ufl or mmcx? It's hard to see from the photos.

In docs is written that this is ufl, but only for third chain of 2GHz and 5GHz.

ayufan

... Interesting. What actual transfer rates do you see with the Archer C7 when doing a transfer over AC? ... I guess it's not great/excellent as some others, but I believe it's well within line as to what is to be expected for what the device is. If you need that, buy a ~500$ consumer router I gues...

ayufan

I got my hAP AC. The results are not that great. I get around 450Mbps on AC (with MacBook Pro 2015) to LAN. I get around 300-350Mbps with NAT (85% of CPU). What is interesting is the CPU usage when the hAP AC is sending: it's then around 20-30% (50% when doing AC+NAT with 300Mbps TCP), on the other ...

ayufan

Nice results from users on social media:
https://twitter.com/darkmanlv/status/702448475196276737

I'm curious what is the AC+NAT performance :) I'll test it tomorrow. My hAP AC will arrive :)

ayufan

Now we have HAP AC released, but I'm still worried reading comments in these thread. So please give me your suggestion or advice how to find my MikroTik device :) Now I have 250 Mbit/s internet, further it may be updated to 500 or 700 Mbit/s. Will these device feet my needs and will it be able to t...

ayufan

with VPN ? this topic is now about VPN, it got very off topic, so we split it. hAP ac wireless tests we have not published, but I could see what we can do. This guy has excellent results, but I am not sure what he tested and how: https://twitter.com/Janamaja/status/698152711896829953 It's nice, may...

ayufan

Exactly, this is underpowered low-end home router that can't fully use the AC that have installed in it. It seems that, if you use the SFP with AC radio and you configure it to use a Routing with NAT I expect that you will get no more than 300Mbps on AC radio :( If Fasttrack is turned on it will be...

ayufan

Shows how slowly the CPU improvements are coming compared to the rest of the hardware and modern broadband speeds. Hopefully MT can come out with a newer series of boards with CPUs that can actually keep up with the hardware! The hAP AC is nice as an access point but if it can easily be overloaded ...

ayufan

I only concern about wireless router with VPN performance (OPVN and IPSEC). Based on these result, WRT1900ACS is better for me ( not hAP ac ) ?? On hAP AC you will get around 10-15Mbps (The OpenVPN performance is limited by CPU), On Turris/1900ACS you will get around 90Mbps. I would wait for Turris...

ayufan

9Mbps TCP UL, OpenVPN on OpenWrt CC, BF-CBC-128bit/SHA1 (one of the fastest combinations), CPU: 75% Which wireless router can provide 50~100 Mbps throughput for OpenVPN ? You should get pretty decent performance with this: https://www.indiegogo.com/projects/turris-omnia-hi-performance-open-source-r...

ayufan

It is interesting too see the CPU% when doing this 500Mbps. Either way the results are not astonishing. @cpliu903 I expect that you will see no more 30Mbps IPsec md5/aes, and no more than 10-15Mbps OpenVPN sha1/aes. http://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-r...

ayufan

It is interesting too see the CPU% when doing this 500Mbps.

Either way the results are not astonishing.

@cpliu903

I expect that you will see no more 30Mbps IPsec md5/aes, and no more than 10-15Mbps OpenVPN sha1/aes.

ayufan

Yeah. I would like to see the wireless performance :) I know how it works on Archer C7 (the same HW) with OpenWrt. It's interesting to see how it works on MikroTik.

ayufan

then just go for tp-link

I got one, and I got a couple of Routerboards too. I can just argue that for SOHO OpenWrt is simply better, and extra RouterOS (like broken OpenVPN) features doesn't justify buying this device at this price.

ayufan

Aerohive and Meraki are far more expensive, and we of course cannot compare RB w/ROS with something like D-Link / Asus / Tp-Link or any other SOHO crap with unusable software. Why? I use TP-Link Archer C7 v2.0 https://wiki.openwrt.org/toh/tp-link/tl-wdr7500 . I'm disappointed. I expected for hAP ac...

ayufan

Right now I have had to use MTIK boxes to create TCP OpenVPN Tunnels to a PFSense box at the HQ for a network because I could not find a suitable router that would run PFSense in a small package for the price point MTik offers.

You can always try OpenWrt. It works great.

ayufan

For SXT though, I don't think you can dismount the HDD, and as such, that's not really possible anyway.

Is possible as long as you have physical access to the device and you can "netinstall" the device.

ayufan

Unfortunately Openwrt not add printer support, using usb printer with OpenWRT not possible now.

Is possible and works, but not in Metarouter. Metarouter doesn't support usb-passthrough.

ayufan

+1
On RB951 "home router" it should be one of the main feature...

Then install OpenWrt :) You'll have printer support.

ayufan

I would love to but I can't get excited. Its basically a year after the posted "Wireless Controller". If MT could really come to the party with this, then I could finally stop buying UNIFI Yeah, you're pretty damn right. Even that we still don't have dual-band access points for office, no...

ayufan

RPi is not 'old', but it is cheap.

In the more generic sense, ARM chipsets could be a good addition for a number of different platforms. RPi is just the first example that came to mind.

If you look at used CPU it is old :)

ayufan

Found this one: http://mum.mikrotik.com/presentations/IT14/starnowski.pdf This presentation is not accurate (or only based on what wiki says), because in reality with the switch chip you can use hybrid ports :) At least it works on RB1100AHx2 and RB951G-2HnD. What I've also discovered that VLAN hea...

ayufan

Hi Forum, This is aimed more so at the employees of Mikrotik - how hard would it be to port the code over to ARM architecture for the purpose of running RouterOS on a Raspberry Pi? To be honest - I understand if you feel its not worth it. THe 951-2n is pretty darn cheap and has a lot of power for i...

ayufan

We recently did wireless installation for conference (around 500 users). We used TP-Link WDR-3600 with OpenWRT. I did great, worked without any problems, stable and very fast. WDR-3600 is pretty cheap and with dual band wireless.

ayufan

16MB flash? is it enough?

ayufan

We need it for HOME AP wifi

What we really need is to have dual-radio SOHO router. I didn't have in years to change once setup wireless.

ayufan

ayufan's one - There's some value in it. I haven't used it, nor have I seen people in the forum use it, so I can't comment on stability. I don't really like most of the approaches from an "elegance" standpoint, but what constitutes "elegant" is always debatable. In fact, that cl...

ayufan

For long time I were using layer 7 filter which pretty nice handles dns-over-udp.

ayufan

We recently bought 3 UniFis with AC support. No problems at all. Works like a charm. It's generally solution to install and forget. MikroTik's solution looks very promising, but when it will be available, how stable will it be, and what will be HW requirements for Controller.

ayufan

do you think there is anyone to do cost for sniffing information like these? what is the reason behind this hack?! :shock:

Maybe not, but what bothers to have SSL anyway.

ayufan

Hey guys,

Do you plan to enable SSL-only access to the community forum? I don't feel good when I know that my password or session tokens fly unencrypted over the Internet.

Kamil

ayufan

> Ubuntu/Mint
NM in ubuntu lacks L2TP/IPsec support.

https://launchpad.net/~seriy-pr/+archiv ... nager-l2tp

ayufan

4) Easy to configure. Not IPSec/L2TP, because installing strong/openswan and writing all configs... doh. IPSec/L2TP is fairly easy to configure. You have built-in (or easily installable) support for all the platforms (ex. Windows Phone). We have users using: OSX, Windows 7 and 8, Ubuntu/Mint, Andro...

ayufan

Do you plan to release SOHO like router (RB951G) with dual-band wireless?
Surely its only a matter of time

Yes, but it takes an unusually long time. Especially when I had to replace my home RB951G with TL-WDR4300 and switch to OpenWrt (i don't want to have two devices working).

ayufan

Do you plan to release SOHO like router (RB951G) with dual-band wireless?

ayufan

IManaging the KVM devices is really unpleasant in our environment.

Use the Proxmox VE. Is Open Source Virtualization Platform with support for almost everything what is needed ;) And it support OpenVZ and KVM and plays very nice with MikroTik.

ayufan

@normis:

When we can expect RB951G with dual band wireless?

ayufan

why not switch to OpenWrt? it should be fairly simple to provision devices.

ayufan

Change IPsec proposal to use md5 with aes. It should boost performance significantly. Default sha1 with 3des is very slow on these devices.

ayufan

The hypervisor hands out shares of CPU time every 3,33ms if I'm not mistaken, the guests can and do yield back if there is nothing to do. So what fact you claim to know exactly makes you think, there is a penalty of 50%? Ok. I will later today or tomorrow put some tests. So it happens that I have s...

ayufan

We are not talking about 50%, we are talking about a factor of 10x or more. BIG DIFFERENCE. If what you say were true, then a task which would normally take about 1 second without a MetaROUTER guest running would take roughly 2 seconds with a MetaROUTER guest. I'm seeing 10-15 seconds! -- Nathan I ...

ayufan

New issue: presence of a MetaROUTER on 5.25 can cause host in certain cases to take much longer to complete tasks than it normally would. Example: I added a new MetaROUTER to a 450G that a customer had. Instantly, CPU on 450G shot up to 100% and stayed there until I disabled the MetaROUTER. Profile...

ayufan

Yeah. We have 6.0rc14 and problem still persist. This is especially visible when you use L2TP/IPsec and try to connect from LAN side to external WAN IP address.

So Mikrotik shame on you for such long lasting and easy to fix bug.

ayufan

You can get RB951G which is twice as fast as RB751G and in the same price range. It should handle fine 20Mbps half-duplex.

Check performance on RB751G on lower traffic mark, check CPU usage. You will get twice as that on RB951G.

ayufan

http://forum.mikrotik.com/viewtopic.php ... lit=ar8327

ayufan

Disable encryption on L2TP interface. It strictly depends on selected profile. You can check that: PPP -> L2TP server -> Default Profile.

Kamil

ayufan

Upgrade to 6.x. It offers much better performance in all areas. And yes, it's pretty much stable. I use it by myself for a few months.

Kamil

ayufan

more people use windows than linux, it's a fact. we have very few requests like this, less than one per month. use Wine, it works perfect. i agree with you, most people use windows, but if RouterOS is linux based, and it support the dude server, how diffucult its to release a Dude server for linux?...

ayufan

Here are some sample inputs and the resulting output/errors: > :put ([/system clock get date]) feb/06/2013 > :put ([/system clock get date]+"2d") Script Error: cannot add string to string > :put ([/system clock get date]+"2") Script Error: cannot add string to string > :put ([/s...

ayufan

RB751G will not ever get 500Mbps with NAT and forwarding.

ayufan

You should try to use virtio devices, not the emulated ones.

ayufan

Nope. No response from support. It is not possible on RouterOS and fairly simple on OpenWrt. So... :)

ayufan

Try replacing PSU. It should at least be 12V/1A. If it doesn't give enough power, router can reboot himself.

ayufan

Why all devices (RB1100AH, RB1100AHx2, RB751G, RB2011) with AR8327 doesn't support port trunking? Just simple case, no hybrid ports: 1. one port as tagged 2. one or more ports as untagged Why there is limitation to one master port per switch group? I'm asking because this is definitely not hardware ...

ayufan

@hedele
It's there.

ayufan

Send supout to support@mikrotik.com. Maybe they can help.

ayufan

Is usb sharing working?

ayufan

I have created WinBox application for Windows Phone 7.5 device. More here: http://www.windowsphone.com/pl-PL/apps/ ... 39c0bd8399.

ayufan

Nope. Everything works as expected since RP. Tried on RP x64 Pro and have it working on latest RTM x64 Pro. All versions are genuine.

Kamil

ayufan

You have to mount:
mount /dev/mtd6block /mnt
or
mount /dev/mtd6 /mnt

ayufan

It will not. Try this instead:
http://ayufan.eu/local/rb751/r31685/ope ... tramfs.elf

ayufan

I found an image that could netboot my RB450G (http://www.practicaltester.com/store/enlil/openwrt-backfire-1003-stock-ar71xx-vmlinux-initramfs.elf) , I am now in the search of voltage.ko . It would be great if you could provide me with its location. You can try to use my patched netinstall with my ...

ayufan

Note that even without an SSH tunnel, the RouterOS password is never sent in plain text. The whole procedure is a CHAP challenge, similarly to the one in hotspot. Without a tunnel, all other data is sent and received without any form of encryption though. Whole process uses md5 and someone may try ...

ayufan

Exactly. SSH allows to forward connections both ways. You can always use following scenario: 1. MikroTik API a. ip service enable api b. ip service set api address=127.0.0.1/32 2. PHP Server a. ssh -L 28728:127.0.0.1:8728 <mt-address> - run in background or on screen b. connect to api on: 127.0.0.1:...

ayufan

Use ssh port forwarding in order to access local (or even remote) API interface. It should help with your security concerns.

ayufan

Could you tell me where i can get images for either of these please? Is there anywhere to install VMtools on the VM?

Use ISO to install on guest system. It is just easy as install on PC.

ayufan

@Sanity: The only problem with Microsoft is: why in the end they only implemented some crappy legacy 100Mbps network adapter? why not some e1000 like any virtualization platform do have? Because they want to addict to you to use only theirs software. Hyper-V is good but not the best in performance/s...

ayufan

If anyone has been able to KVM ROS in any linux distro could you let me know as this is the only way around the issue I can think of but simply don't have the linux knowledge to do this. ROS in KVM works beatifully, because it includes integrated into kernel virtio drivers. These drivers allow to h...

ayufan

Besides not being an answer - but totally useless - will you pay me the about 550 USD MONTHLY that it costs me to rent a second machine (100 USD), the colocation (400 USD) and the backend swtiching (50 USD) that I need to install a second machine in that particular data center? Like "Put your ...

ayufan

Just install some linux box with KVM. You can try Proxmox VE - really amazing virtualization environment. Then you can freely install RouterOS and Windows box. RouterOS already has support for VirtIO drivers. Performance on top of such setup is amazing :)

ayufan

I'm interested in hearing about what problems/limitations people have with Webfig? It's certainly possible that someone could build a better alternative, but it would be a tall order...because Webfig can run natively on top of RouterOS, whereas any other web-based alternative that uses the ROS API ...

ayufan

Did you try webfig?

ayufan

Try http://freedns.afraid.org/ is definietly free and you can find my script for RouterOS on this forum.

ayufan

I think we should get full dns functionality. At least be able to modyfi SOA and add NS, TXT, PTR, CNAME records.

ayufan

I use this simple own script. Just copy and run in command line. Than you have to update System/Scheduler script with your external interface and update key. This script gets ip address from pppoe-client interface. However, you can easily change that. /system scheduler add disabled=no interval=30s n...

ayufan

Howerver, using firewall rules you can simulate behavior of different zones: /ip firewall layer7-protocol add name=home.local regexp="\\x04home\\x05local" /ip firewall nat add action=dst-nat chain=dstnat comment=home.local disabled=no dst-port=53 \ layer7-protocol=home.local protocol=udp t...

ayufan

Such meetings never take place (where one feature is put against another). The reason is simple - our home routerboard models, such as RB751G are ideal for using as home file sharing servers. You keep your files there, for everyone else in the home to be able to use. Many other brand routers in thi...

ayufan

Just for future reference: / interface pppoe-client { :global ExternalIP :local clientip :local clientstatus monitor External once do={:set clientip $"local-address"; :set clientstatus $status} :if ($clientstatus="connected" and $ExternalIP!=$clientip) do={ :log info "Extern...

ayufan

I don't understand why ros sucks? OpenWrt is pretty stable for me, maybe your isp provider needs some special care to get pppoe working? After searching google I found a lot of similar problems to yours, maybe not exactly the same and not on openwrt.

ayufan

RB751G is awesome as hardware and works really well with OpenWrt. At home I run NAS with automatic backups and more ;)

ayufan

Yes. It's still WIP, but each day it gets better and better ;)

https://forum.openwrt.org/viewtopic.php?id=32320&p=2

ayufan

Great. I'll port them to new release. Just wait few days ;)

ayufan

Support Ticket: #2012031266000308 Could you allow to specify limits for automatic policy generation rules for IPsec? The most common case is to limit "main l2tp" mode policies only to point-to-point, udp and port 1701. The reason behind that is when the remote attacker knows PSK or has cer...

ayufan

Hi, I fixed patches to work with latest trunk release and added support for WLAN module. Device automatically creates OpenWrt 802.11ng access point and bridges it with LAN. I started working on RB751G-2HnD. However, still had no time to port new switch chip. At least you can connect through WLAN. RB...

ayufan

Presentation saved. Let's hope that will get selected ;)

ayufan

Maybe I will make presentation? ;)

ayufan

given enough time, any encryption can be cracked. so use also other methods of protection. normis you're funny ;) how can you say that passwords in routeros are encrypted? no they are not, if by encryption you mean simple xor, then it's not very nice... It wonders me who in your company made such f...

ayufan

Yes, we are. Problem was told many times before.

ayufan

anyone has a benchmark of RB1100AH (no IPSec acceleration) IPSEC tunnel thruput?
i would be interested to compare against older (prototype) RB1100AH (with IPSec) - I could make ~400mbps with it.

I can make it for you later. What configuration?

ayufan

You can try making swap file disk. It should help somehow.

ayufan

Unfortunately, if I don't find a stable fix for this in the next couple of weeks, I will be shelving the project or moving on to a different hardware platform. Most probably problem is due to small memory footprint (12MB for openwrt is very small). When I was working with OpenWRT 12MB wasn't suffic...

ayufan

Nice. It's pity that RB751U doesn't have more memory, like 48MB or even 64MB. Also It would be nice to have USB sharing to MR. It would make ideal home router with RouterOS as base and OpenWRT as data storage and usb printer sharing.

ayufan

Which packages do you have enabled on ROS? How much memory did you assign to MR? Did you consider making some tutorial?

ayufan

It is VERY touchy. You will have to make your own image and really work with it. I've been messing with it for a few days on a RB751 with a small web server and PHP. I may have finally gotten a stable version. I have been keeping some notes as I worked on it and may try to contribute to the wiki if...

ayufan

no, and no

ayufan

Clipboard01.gif 1 million writes is too high for 6d uptime. the only reason for writes on this router (I don't believe that graphing with 24h saving period can affect 1 million) is adding/deleting of Address List items. if we can add dynamic entries (so that it won't affect disk), we could decrease...

ayufan

5.7 on 493G is having CPU issues when hotspot server is setup. DHCP takes %40 CPU and overall is reaching %100 all the time.

There was problem with DHCP server on disconnected/disabled interfaces. Ask support and you will get 5.8 prerelase.

ayufan

Please improve the quality of RouterOS he is very unstable in all aspects.

Can You describe why? I have been using 5.x for few months without many major issues.

ayufan

Allow to create through winbox, webfig or api an dynamic firewall rules, dynamic queues, etc. It should work the same way like rules created by connecting ppp client or dhcp lease. We should consider rules like that an non saveable - they should disapper after reboot. Why I need that? For example to...

ayufan

to make life harder :)

ayufan

I've made small patch for backfire and trunk which adds support for new MikroTik RB751. I tested and everything except wireless works. I haven't been playing a lot with wireless, so most likely is just selection of valid drivers. Patches can be found here: http://ayufan.eu/local/rb751/ Also there's ...

ayufan

Will RB751G have USB port? And will have more than 32MB RAM? I need Metarouter.

ayufan

Nice ;)

ayufan

ekhoo: it should be noted that using RB750GL don't expect to have ipsec performance better than 8-10Mbps.

ayufan

Looks good. Try to virtualize two routers, run bandwidth test between them and post results.

ayufan

I try to use "virtio" (not RTL8139) to have gigabit ethernet, but is the same CPU usage.
Is a mistake to use vlan?

Yes. I'm exactly talking about virtio. Show us from virtualized RouterOS:

/ system resource irq print

ayufan

Instead of emulated nics and block devices try to use virt-based. I got about 6 to 8x better network performance.

ayufan

That rules out 1) and 3) (slower but not terribly) and leaves '2) sha-1 hashing algorithm implementation used is badly optimized for mipsbe' ? It may be. I did test on x86 and difference is not that large. [ayufan@neutron ~] $ openssl speed md5 sha1 OpenSSL 0.9.8o 01 Jun 2010 built on: Thu Feb 10 2...

ayufan

It seems that uses some combination of sha1 hmac as key for rc4 encryptor. For more see http://<router-ip>/webfig/engine.js with sth like this: http://jsbeautifier.org/.

ayufan

Please see attached performance comparision of RB450 and RB450G using openssl test:
http://open-wrt.ru/forum/viewtopic.php?id=22323

ayufan

normis when we can expect any of RB751?

ayufan

use radius

ayufan

Find packets with content-type: video by using layer7 processing. Then mark connections as "video" and shape them ;)

ayufan

On my X86 core router after upgrade to 5.2 from 4.17 I see a lot of rx drops and much higher cpu usage (mostly two times larger) so definietly is something wrong...

ayufan

It's the same behaviour as when you specify Netmask as 32. (Netmask 32 - will block all client-to-client connectivity). And yes it does work only on Windows. On Linux and other Unixes an interface addresses have to be configured statically or dhcp-client has to ignore gateway IP taken from server.

ayufan

Oh my good. Your english is worse than mine ;) About "the database" i think is not possible, because RouterOS is just router software. The same reply you'll probably get from support.

ayufan

RB751G
RB1100AHx2

release date?

ayufan

You need processor with hardware virtualization support, eg. VT-X, AMD-V.

ayufan

You can use my PHP API class which is able to perform remote scan and post results:

http://wiki.mikrotik.com/wiki/RouterOS_PHP_class

Search for function: function scan($id, $duration="00:02:00", $callback = FALSE)

Kamil

ayufan

If only there were safe mode support in API and WinBox it would be really great!

ayufan

use mac telnet, you need to have layer 2 access to router

ayufan

Hi,
KVM isnt work with Intel E8400 cpu.

Yes, you are right, because E8400 doesn't support hardware wirtualization (VT-x). Change CPU to VT-x capable and KVM will work.

ayufan

edit: or check your your virtual machine ( as i suspect it could be) try to set other type of interface. I can confirm that 5.0 doesn't work on Hyper-V while 4.x works. Regarding changing interface type. There are only two: - legacy network adapter - emulates network device, uses drivers included i...

ayufan

Yay! Torch fixed!

ayufan

There is no limit in number of tunnels, but from my expirence traffic which can be passed through tunnels (on all RB's excluding 1000 and 1100) is relatively small and this is the main limit.

ayufan

Yep. From my laptop behind NAT.

I did test it a minute ago and it doesn't work. Neither with nat-t enabled nor disabled ;)

ayufan

I just tried it with a PSK and it worked on my Win7 laptop., Dunno about WinXP. But that is a step in the right direction. Gotta try it with multiple clients/certificates next.

Did you try behind NAT?

ayufan

- bug in torch still present
- nat-t not working with windows xp

ayufan

there's also a firmware upgrade ... at least in the mipsbe

because of new device: RB493G.

ayufan

It's done by wireless hardware.

ayufan

http://forum.mikrotik.com/viewtopic.php?t=37097

ayufan

"Small" loss on VoIP is not a problem as long as you have low jitter.

ayufan

3% is safe to work just ok, on wireless links is not that much. Also take in account that you send MTU sized packets, so you check full duplex connectivity ;)

ayufan

Normis, Sergejs can You check my ticket status?
[Ticket#2010092166000418] Broken GRE in RC1

I got no reply for a past few days ;)

Kamil

ayufan

SCAN FREQ USE CHANNEL <0~3% - CQQ-100%!!! Mikrotik it's **it, isn't suited for hardware solution. Because CCQ=100% when link is idle is not valid measurement of link quality. That's why I test it from linux: ping -f -s 1400 <ip_address_of_device_on_the_other_side> Stable and efficient link should h...

ayufan

Maybe setting up a config so that UPnP cannot allocate ports below 1024. Ip tracking on what ports were requested at what time and when they were released. IP mask blocking, etc. From what I see UPnP dynamic rules are placed as last in dstnat chain. So You can insert some accept or drop rule before...

ayufan

Wow, thanks for that. I didn't expect sha1 vs md5 to make such a huge difference. sha1 is generally slower, but not by a factor of 5. Running checksums on 50MB test file with random data with OpenSSL (so disk IO routines etc are probably the same) have sha1 about 50% slower. Not that that's a parti...

ayufan

NAB for my network I'm using my own rosapi. ROSAPI allows to perform configuration synchronization. It mirrors local config stored on main server to devices. ROSAPI allows you to define in script a php function. Function can build a configuration for device using data stored in database. In my setup...

ayufan

Can you clarify this ? Is router OS only Linux based, is it OpenWRT based, or is it fully proprietary ? RouterOS is special linux based operating system, and definietly not OpenWRT. It uses own linux kernel (with external kernel modules) and BusyBox compilation. Rest of applications is written or m...

ayufan

md5,null - 20Mbps md5,des - 12.5Mbps md5,3des - 6Mbps md5,aes-128 - 15Mbps md5,aes-192 - 14Mbps md5,aes-256 - 13Mbps sha1,null - 2.5Mbps sha1,des - 2Mbps sha1,3des - 1.5Mbps sha1,aes-128 - 2Mbps sha1,aes-192 - 2Mbps sha1,aes-256 - 2Mbps null,null - not working null,des - 13Mbps null,3ds - 5Mbps null...

ayufan

I'm suprised, your screenshot shows RB750.
What is your IPSec and Ethernet ports config?

md5, des.

ayufan

It shows your CPU usage is %100
maybe it is the causes
plz retry after reboot

That is not a problem. The time when I made screenshot, through router was going heavy ipsec (15Mbps) traffic :)

Kamil

ayufan

TOTALLY UPD: yes, I can confirm such behaviour on x86. RBs don't repeat that =)

ayufan

Uploaded with ImageShack.us

ayufan

Normis, yes it works on base installation (installed on VMware) but not on production router.

Kamil

ayufan

There is a few bugs. IMHO is to early to deploy this version in production environment. Somehow I'm dissapointed with that RC1 it should be beta7.

ayufan

As did I see on demo.mt.lv there is keepalive support.

normis: When we can expect 5.0beta7?

ayufan

finally... so we waiting for new release ;)

ayufan

Email me with the email address you used before as a beta tester. Tell me what you liked/disliked about the app and Ill send you a promo code. For the crashes... Yes I would like details on how you made the app crash. If I can recreate it I will definitely fix it for ya. PM me on these boards about...

ayufan

EoIP works only between two MikroTik routers.

When we add support for pure GRE, then you will be able to make this.

You will? Oh sh*t ;) ETA?

ayufan

@ayufan: Is it broken only with n cards, or the cost of using it is always that high, no matter what type of cards you use? And, why is the cost so gigh, how does it work, that it is that ineffective?

Only with n. It was pointed by MikroTik some time ago.

ayufan

the source of class has 404 (not found). Where i can find this php class?

M.

Fixed. Try now.

ayufan

WDS is somehow broken with n-cards. Try using ap-bridge with station and in top of that use EoIP or VPLS.

ayufan

If I could get a wireless RB750 for less than $100 US, I would probably end up buying 10 or 12 a year, just in my little corner of the world.
working on it

any ETA? i would like to buy too :)

ayufan

o rely? RB1100?

ayufan

Hi, I have a x86 board running routerOS 3.6 this was taken out of a site where the company who installed it went bust, I don't have the login username or password. Is there any way of getting the password from the CF card when reading it in linux. idealy I would like the configuration and or the li...

ayufan

After fighting more interconnections with GGSN's I had to revert to another CISCO (damn)....

Guys, GRE support (as in direct GRE tunnel compatible with Cisco) would be a life saver....

Most probably they won't add support for pure GRE, because it will confilct with current implementation of EoIP.

ayufan

On RB750 I got about 8Mbps half-duplex using md5 and des for sha and 3des it will be about 4Mbps - CPU usage 100%. On RB450G I got about 10Mbps half-duplex using sha and 3des - CPU usage 100%. On x86 with Celeron M 600Mhz I got about 10Mbps half-duplex using sha and 3des with cpu usage around 50%. ...

ayufan

The main MikroTik problem is that, they make something good, and astonishing but in the end that new thing doesn't have a "final touch", I mean that we can say is "finished" and ready to be used in production environment.

ayufan

My preference would be IPSEC/L2TP and that was my plan all along, but it never worked properly in ROS.

Exactly and it is very dissapointing, because there is none properly implemented and fast remote access solution on RouterOS.

ayufan

Hope it will get fixed soon.

I've written to support about that bug long time ago. Most likely it will not be fixed in any near future. In fact it makes L2TP useless - I had to switch L2TP+IPsec to Windows Server and works without any problem.

Kamil.

ayufan

1) Check that you have the same lifetime on each router.
2) Try to netwach hosts and flush-sa when host is down.

ayufan

Mine is 68oC in server room... :)

ayufan

Reducing down MTU is not good idea it will not get you down cpu usage. You will see connectivity problems - packet drops.

ayufan

any news about GRE?

ayufan

If any of You produce something useful derived from my scripts - please share it with community ;)
I would be very aprreciated.

Kamil

ayufan

I didn't have any problem with my PHP API class. I have been using it for about 1 year with simple features as well as with differencing synchronization.

ayufan

it's turned on by default

check in submenu: / ip ssh

ayufan

I do have the same problem with 3.28. With never versions everything is OK. If you use connection for example in function: function do_sth() { $conn = RotuerOS::connect("192.168.1.1", "admin", ""); $conn->getall("/interface/wireless"); } PHP will automatically...

ayufan

WOW! WebFig is impressive check this out: http://demo2.mt.lv/webfig/#Wireless.Access-List

Kamil :)

ayufan

for now there is no disconnect method, php recycles all sockets when finishes.

ayufan

I know that, I use it to, to manage many routerboards :)
Latest version is always on SVN. Check Logs to see what changed.

Updated my original posts and added doxygen documentation.

Kamil

ayufan

yes, the webfig has an issue, we fixed it in the next build.

Is there a new version with webfig fixed? :0

ayufan

don't forget that ending slash. works for me in same browser

did not forget ;)

Browser got 404 for: http://192.168.88.66/webfig/roteros.jg

ayufan

did you install it :D ?

I'm pretty sure that I did ;)

After entering address in FireFox I see "WebFig Beta" and browser keeps refreshing over and over...

I use FF 3.6

ayufan

Interesting. I got this new pre-release version, but I can't see anything new: like the webbox or ssh forwarding ;)

ayufan

http://ayufan.eu/local/combiner/download there is a script I use to download releases. Script is run from local package directory :)

Integrations with other systems are prohibited. Script should be only available from my server!

ayufan

Hi,

I've made package combiner tool. Allows to create one combined package from custom packages. It doesn't change packages context it simply merges them into one :) Use it at your own risk!

Go there: http://ayufan.eu/local/combiner

Kamil

ayufan

from my expirence RB750 can handle up to 9-10Mbps half duplex ;) it's quite small... :)

ayufan

because he is not the user! :D

ayufan

1) first move srcnat accept rules before masq rule
2) add explicit route with dst-address: 10.10.0.0/16 and your gateway and pref-src of your router from lan side on wan interface, that way i should be able to ping other hosts from your mikrotik

ayufan

michalciza2, are you able to establish the connect, when host is not behind the NAT?

I do have that same problem when client has public IP it works like charm but when client is not it's stuck in trying to connect to L2TP server.

Kamil

ayufan

in Wroclaw you can find without any problem hostel for about 40-50zl for a night without breakfast ;)

ayufan

will it be 3 packets first one with length of command, then command itself and then terminating zero or i am mistaken? it's undefined because socket for tcp connections have receive and send buffer where data is accumulated, so if you invoke 3 times `send` doesn't really mean that there will be 3 p...

ayufan

It's almost as good as it should be :) #define NONE 0 #define DONE 1 #define TRAP 2 #define FATAL 3 - change to enumeration - functions like Print, GetMap, Length - all that don't make object context change should be marked as const std::string operator[](int index) { return strWords[index]; } std::...

ayufan

Better, but have my ideas: - InitializeSentence, ClearSentence should be removed this is done by ctor and dtor of Sentence class - AddWordToSentence should be method of Sentence class - the same applies to InitializeBlock, ClearBlock - Why there is wordCount and sentenceCount? You have vector length...

ayufan

Someone should write using "real" C++. Any use of STL (vector, map and string) and even BOOST (async io) would be appreciated and less error-prone ;)

ayufan

One process can use only one core

one process can use many cores with many threads, but one thread can use only one

ayufan

olmi: You can try using "virtual load balancing". Use kvm to create four virtual RouterOS machines where each terminates your tunnels. Then create firewall nat rule which will load balance connections between virtual machines. That way You will be able to use all four cores because each co...

ayufan

So what about GRE tunnels? It shouldn't be so hard because is already in kernel source as well as ipip.

ayufan

use kernel and initrd distributed with installation image

ayufan

Create page on server that controls router through API ;)

ayufan

No one?

ayufan

Hi, Recently I started working on alghorithm that tries to minimise 2.4GHz channel interference based on signal levels, frequency usage and selected modulations and started looking for materials. Do anyone have any? How alghorithm like that should work? What I've found so far: [1] Effect of adjacent...

ayufan

I've made my http://ayufan.eu/local/src/rosapi/trunk/btest_example.php even more powerful. It's script that can run many simultaneous bandwidth-tests. It's supports only transmit mechanism, because there is a bug with btest that you cant specify different receive and transmit limits. It can be used ...

ayufan

Version 0.2.
- added callbacks
- simple btest example using callbacks to run many simultaneous tests
- updated documentation

ayufan

Created WIKI page: http://wiki.mikrotik.com/wiki/RouterOS_PHP_class

Search found 334 matches