Community discussions

Search found 123 matches

by glucz
Wed Sep 09, 2015 7:14 pm
Forum: Announcements
Topic: v6.32.1 released
Replies: 76
Views: 19044

Re: v6.32.1 released

X86 still shows 1 CPU on a multicore system. The changelog says that this problem had been fixed. Can anyone else see this problem with 6.32.1 ?
by glucz
Thu Jul 17, 2014 1:04 am
Forum: Beginner Basics
Topic: Intel PRO/1000 MT Chipset reboot problem?
Replies: 4
Views: 1094

Re: Intel PRO/1000 MT Chipset reboot problem?

Yes unplug the cable.
by glucz
Wed Jul 16, 2014 8:40 am
Forum: Beginner Basics
Topic: Intel PRO/1000 MT Chipset reboot problem?
Replies: 4
Views: 1094

Intel PRO/1000 MT Chipset reboot problem?

I have been experimenting with these Intel PRO/1000MT PCI cards and I found that if I unplug a card (link goes down) the router would reboot itself in 1-5 minutes. I thought it was some kind of watchdog, but even after turning that off, the same thing happens. I was able to reproduce it on 2 differe...
by glucz
Wed Jul 16, 2014 8:35 am
Forum: Beginner Basics
Topic: OpenVPN setup(server:ROS,client:win7)
Replies: 2
Views: 821

Re: OpenVPN setup(server:ROS,client:win7)

Don't use openVPN in version 6. It works for a while and then locks up - killing all other VPN interfaces, including the non-openVPN ones too. I seem to remember that it worked better in V5, but then there were other problems. So I think you are not getting help because nobody can really use that fe...
by glucz
Fri Apr 18, 2014 8:15 pm
Forum: General
Topic: Mikrotik openvpn server push routes
Replies: 1
Views: 3931

Re: Mikrotik openvpn server push routes

MT doesn't push the routes. You have to set them in the config file. I think you cannot set the default route because of permission problems, but you can create a set of rules that route everything through the vpn interface except the address to the VPN server itself. Usually you can make it with 10...
by glucz
Tue Apr 15, 2014 10:14 pm
Forum: General
Topic: SMB allow windows network sharing
Replies: 6
Views: 2949

Re: SMB allow windows network sharing

SMB is not working in 6.11 and 6.12 ... possibly it is broken since 6.8 . I know that it works in 6.7
by glucz
Wed Jan 15, 2014 9:50 am
Forum: General
Topic: RB 112 and netinstall question
Replies: 2
Views: 875

Re: RB 112 and netinstall question

Thanks for the tip. The board was working an hour ago... I followed the version recommendation on the download page. (3.30 mipsle). The problem is that a new dual wifi board with enclosure and shipping will cost about $150. I thought that the recovery would be cheaper. There are all those jumpers an...
by glucz
Wed Jan 15, 2014 9:18 am
Forum: General
Topic: RB 112 and netinstall question
Replies: 2
Views: 875

RB 112 and netinstall question

I had 5.x on ROS 112 but performance had been horrible, so I decided to downgrade to 3.30 The downgrade went ok and when booting I hear the single and then double beep of normal booting. The blue light comes on as usual. However the router is non-responsive via ethernet and wifi. I cannot put it int...
by glucz
Thu May 16, 2013 11:34 pm
Forum: General
Topic: Is it possible to create a public VPN-service using RB750?
Replies: 3
Views: 1849

Re: Is it possible to create a public VPN-service using RB75

Don't expect high performance. RB750 will be able to give you 8-10mbps total VPN bandwidth due to low CPU resources.
by glucz
Sat Apr 13, 2013 10:44 pm
Forum: General
Topic: How to route public IP to internal network using VPN?
Replies: 1
Views: 659

How to route public IP to internal network using VPN?

I hope someone can help me with this... I want to route public IP's that I have routed to a 1100AHX2 in a datacenter to servers in offices. The range is a /24. I used EOIP, but it was very slow and the different locations could send unwanted traffic to each other (DHCP for example), so I want to cha...
by glucz
Mon Mar 25, 2013 3:03 pm
Forum: General
Topic: 1100AHx2 performance / packet loss question
Replies: 0
Views: 703

1100AHx2 performance / packet loss question

I have an 1100AHx2 with a 1GBps uplink on port 13. Ports 1-10 are in a bridge, serving a /24 subnet. Even though 1 have 4 servers connected to 4 ports, only 1 of those servers are generating any substantial traffic. It is about 110Mbps with 14000 pps . Even at this light load, I'm loosing 2-3% of pa...
by glucz
Fri Jan 25, 2013 12:56 pm
Forum: General
Topic: Mikrotik Syslog Daemon plugins
Replies: 4
Views: 1844

Re: Mikrotik Syslog Daemon plugins

... or if you know perl a little bit, you can download a fully functional syslog server from search.cpan.org (search for syslog server). Since the source is fully open, you can add any processing you like. Not all cpan modules work well on Windows, but most do work under Activestate Perl.
by glucz
Fri Jan 25, 2013 12:47 pm
Forum: General
Topic: VPN between two identical subnets
Replies: 8
Views: 2051

Re: VPN between two identical subnets

If you don't want to mess with routing or NAT, you can put an EOIP tunnel over the VPN. That will join the 2 network segments, however you have to be careful with DHCP because you probably have it on both netowks and now they will conflict with each other ... so you may want to switch to manual conf...
by glucz
Fri Jan 25, 2013 12:36 pm
Forum: General
Topic: My RB951-2n is non-functional
Replies: 17
Views: 5626

Re: My RB951-2n is non-functional

This is slightly off topic.... however I do agree that it is sometimes nearly impossible to put these devices into netinstall mode. I had an incomplete upgrade on a 751 and took me several hours to get it working. I tried with switch, direct connection, cross cable, straight cable, pushing button be...
by glucz
Wed Jan 16, 2013 12:25 pm
Forum: General
Topic: IPSEC tunnel issues - SAs need flushing from time to time
Replies: 23
Views: 5365

Re: IPSEC tunnel issues - SAs need flushing from time to tim

I reported a similar bug to MT a couple of months ago. It was between Windows/MT and MT/MT The main point of the report was that when you get a connection error for any reason (network problem, password problem, etc ...) MT doesn't fully clear the SAs. They disappear from your list but MT still trie...
by glucz
Mon Jan 14, 2013 2:44 pm
Forum: General
Topic: Dropping port scanners issues
Replies: 2
Views: 624

Re: Dropping port scanners issues

This is just a quick idea as opposed to a full though out answer: Some of these rules, especially #9 will have a lot of false hits ... at least false in the sense that they are not portscans. Simple FTP or P2P can trigger them and they could be initiated from inside your network. So you will end up ...
by glucz
Mon Jan 14, 2013 2:37 pm
Forum: General
Topic: How to Block Proxy Software & Proxy Sites
Replies: 2
Views: 1124

Re: How to Block Proxy Software & Proxy Sites

There may be some that you could detect by analysing the traffic, but most you cannot detect. You have to rely on third party security services that give you a list of IPs to ban. The one we use charges us $0.005 for each IP we request from their database (and we have to request specific IPs) and ev...
by glucz
Tue Dec 11, 2012 10:15 pm
Forum: General
Topic: slow l2tp VPN between two MT boxes?
Replies: 5
Views: 1704

Re: slow l2tp VPN between two MT boxes?

VPN performance is terrible on small MT devices. You can turn off encryption to double the speed. Even a 3Ghz P4 on each end will give only 9-15mbps. I was able to fill a full duplex 100mbps line with a quad core 3Ghz i3.

GL
by glucz
Sun Dec 09, 2012 11:30 am
Forum: General
Topic: A very odd problem
Replies: 3
Views: 669

Re: A very odd problem

Hello, I don't pretend to have thought through everything that you wrote, but have a suggestion that I use sometimes. Set up a redirect rule in your RouterOS to redirect any port 53 traffic (tcp+udp) to localhost 53. Then enable the DNS server with 8.8.8.8/8.8.4.4 (you may have to allow remote queri...
by glucz
Wed Nov 28, 2012 3:09 pm
Forum: General
Topic: Data Retention Directive
Replies: 6
Views: 1546

Re: Data Retention Directive

Well .. first of all decide what you want to log. I think the data retention directive talks about a lot of garbage like logging all emails (?) - which as a hotspot provider you will not be able to do for example. The only thing you can directly log are login, logout times and originating IP. Since ...
by glucz
Tue Oct 09, 2012 8:12 am
Forum: General
Topic: IPSEC help (level)
Replies: 2
Views: 792

Re: IPSEC help (level)

The true solution would be to allow us to delete dynamic ipsec policies (if the corresponding SA's are missing for example)

Does enyone know if this is a kernel limitation or a Mikrotik enforced limitation that they could be able to change?

GL
by glucz
Tue Oct 09, 2012 1:55 am
Forum: General
Topic: Multiple L2TP secrets
Replies: 2
Views: 1220

Re: Multiple L2TP secrets

It is possible, but you can only tie it to the originating IP of the connection. So set up 2 PEER's under ipsec. Both should have a non-overlapping address range. One can have one secret and the other another. Whichever peer is triggered based on the originating ip of the connection, that secret wil...
by glucz
Tue Oct 09, 2012 1:50 am
Forum: General
Topic: VMWare ?
Replies: 1
Views: 569

Re: VMWare ?

You can do it without problems. KVM, Virtualbox, VmWare, Xen all work well. If you configure a virtio network driver, that can give you a 10% performance boost compared to other network setups ... but everything else should be the same as the physical installation.
by glucz
Tue Oct 09, 2012 1:47 am
Forum: General
Topic: IPSEC help (level)
Replies: 2
Views: 792

IPSEC help (level)

I have a problem with Ipsec. The generated policies are assigned a "required" level. This is problematic because if a client connects to me with Ipsec, a policy is generated to require all further traffic to be encrypted... but after the SA's time out and the client decides to connect without Ipsec,...
by glucz
Tue Sep 11, 2012 4:04 pm
Forum: General
Topic: support for AR9271 in RC2
Replies: 34
Views: 10879

Re: support for AR9271 in RC2

Just a quick note here: On ROS V5.20 the Atheros 9271 (TPLINK) seems to work 99% . I had the same problem described here on earlier versions. The only thing I could not get to work is to access RouterOS with Winbox through the USB wifi interface. At the same time I could use it as an AP.

GL
by glucz
Wed Jul 11, 2012 9:54 pm
Forum: General
Topic: Problem in installing IOS in dell poweredge r210
Replies: 2
Views: 733

Re: Problem in installing IOS in dell poweredge r210

Hello, It was I whose post you linked here about the r210 . There are 2 issues. 1, Probably there are SATA controller issues. Mine has 00:1f.2 SATA controller: Intel Corporation 5 Series/3400 Series Chipset 6 port SATA AHCI Controller (rev 05) and it is not recognised by ROS, so I'm running it from ...
by glucz
Wed Jul 11, 2012 9:43 pm
Forum: General
Topic: SSTP VPN - Skype sound drops issue
Replies: 16
Views: 2845

Re: SSTP VPN - Skype sound drops issue

Hello,

Instead of SSTP try L2TP with and/or without IPSec.

Geza
by glucz
Wed Jul 11, 2012 9:25 pm
Forum: General
Topic: VMware CPU Load Problem !!! V5.18
Replies: 7
Views: 1797

Re: VMware CPU Load Problem !!! V5.18

Hello,

I confirm the load problem on 5.18
It is because of ppp

Here are the profiles side by side of 5.17 and 5.18. It is the same server handling the same types of jobs.

GL
by glucz
Fri May 11, 2012 11:09 pm
Forum: General
Topic: RB750 hardware reliability
Replies: 10
Views: 2689

Re: RB750 hardware reliability

... I know that this thread is almost a year old, but I came across another broken routerboard. This is the same problem that I saw in a few 750's (that this thread is about) ... this is a 450. I looked into one of the newer 751's and there seems to be only solid-state capacitors inside. So hopefull...
by glucz
Mon Mar 26, 2012 11:46 am
Forum: General
Topic: I can´t Install the ROs on Dell PowerEdge R610.
Replies: 9
Views: 1570

Re: I can´t Install the ROs on Dell PowerEdge R610.

Could you boot 5.14 from the USB like you did with 5.11 . I know that it may not help your problem, but it could help me verify my problem with the dell server.

GL
by glucz
Mon Mar 26, 2012 9:02 am
Forum: General
Topic: I can´t Install the ROs on Dell PowerEdge R610.
Replies: 9
Views: 1570

Re: I can´t Install the ROs on Dell PowerEdge R610.

Another thing you can do is to install KVM / Xen / Virtualbox on your server and emulate a more standard hardware and install ROS inside that. There is a little performace hit (3-5%) ... but your HW seems to be strong enough.

GL
by glucz
Mon Mar 26, 2012 8:58 am
Forum: General
Topic: I can´t Install the ROs on Dell PowerEdge R610.
Replies: 9
Views: 1570

Re: I can´t Install the ROs on Dell PowerEdge R610.

It seems like that ROS has no driver for your SAS controller. Maybe you can put in an additional SATA controller. Just out of curiosity ... can you upgrade the 5.11 to 5.14 on your USB stick? 5.12-5.14 doesn't run at all on my Dell that is similar to yours. I have not been able to determine if that ...
by glucz
Sun Mar 25, 2012 5:32 pm
Forum: General
Topic: I can´t Install the ROs on Dell PowerEdge R610.
Replies: 9
Views: 1570

Re: I can´t Install the ROs on Dell PowerEdge R610.

Hello,

Which version did you try to install? 5.14? I had a similar problem on PowerEdge R210, but possibly from a different reason .. try to install version 5.11. That had been the highest version I could go.

Please let us know your results as it might confirm a suspected bug in ROS.

Thanks
by glucz
Sun Mar 25, 2012 4:49 pm
Forum: General
Topic: 5.12-14 x86 problem on Intel CPU (i3-540)
Replies: 0
Views: 458

5.12-14 x86 problem on Intel CPU (i3-540)

Hello, I had posted some tickets previously that the SSTP service doesn's start on Intel pre-core CPU's (possibly pre-core2). Today I noticed something else. One of our x86 i3-540's running 5.11 locked up. So since I was already on location, I upgraded to 5.14. The server locked up after displaying ...
by glucz
Thu Mar 22, 2012 12:18 pm
Forum: General
Topic: Dynamic firewall rules question
Replies: 2
Views: 559

Re: Dynamic firewall rules question

Yes, that works for a single pair. I have a 1000 pairs that change from time to time. I don't want to have 1000 rules.

The problem with the internal email server is that when clients use the hotspot, they would have to switch their config to it, and switch away when they leave.

GL
by glucz
Thu Mar 22, 2012 11:19 am
Forum: General
Topic: Dynamic firewall rules question
Replies: 2
Views: 559

Dynamic firewall rules question

Hello, I hope someone can help me with this. In my hotspot I want to set up firewall rules that allow specific users to access specific SMTP servers, but otherwise SMTP access would be blocked. Here is an example: If source IP is 192.168.1.1 then access to target IP 88.88.88.1:25 is OK If source IP ...
by glucz
Wed Mar 21, 2012 10:21 pm
Forum: General
Topic: OpenVPN disconnects every single hour
Replies: 3
Views: 831

Re: OpenVPN disconnects every single hour

All I can tell you is that OpenVPN started working around version 5.3 or 5.4 . There is no working OpenVPN in any of the previous versions. You could connect for a while and then had to restart either the OpenVPN service or the router to get it to work again. However since about 5.4 I have had no pr...
by glucz
Wed Mar 21, 2012 3:50 pm
Forum: General
Topic: SSTP and Windows 7 as a client
Replies: 4
Views: 1632

Re: SSTP and Windows 7 as a client

Upgrade to 5.14 and it will work ... assuming that you are not running x86 version on older Intel Pentiums where SSTP on 5.13/5.14 fails alltogether.

GL
by glucz
Tue Mar 06, 2012 11:26 pm
Forum: General
Topic: Block Youtube website on RB750 but want to allow some IP
Replies: 11
Views: 4182

Re: Block Youtube website on RB750 but want to allow some IP

it is just an idea, but you could try 1, enable DNS 2, set up an IP list (ex: youtubeOK) of local IP addresses that you want to allow access to youtube 3, redirect UDP and TCP port 53 traffic to your router where source IP is not on youtubeOK list 4, set up a static IP DNS entry for *.youtube.com 1....
by glucz
Tue Mar 06, 2012 7:28 pm
Forum: General
Topic: X86 version crash Intel Server platform
Replies: 3
Views: 723

Re: X86 version crash Intel Server platform

Hello, I have reported similar problems. 5.13 and 5.14 seem to have problems with older (pre core 2) Intel CPU-s. I see that you also use an older intel platform. For me all dual xeon's and P4's failed while AMDs worked well from Geode to Athlon64. I suggest you try the same and report what you find...
by glucz
Fri Feb 24, 2012 1:51 am
Forum: General
Topic: v5.14 released
Replies: 73
Views: 20665

Re: v5.14 released

Hello I did a whole separate post about this, but I copy the info here as it relates to 5.14 (and 5.13) and in case others want to test it. The X86 SSTP implementation doesn't seem to support the Intel P4 CPU (and possibly others below that). It seems to work well on newer Intels like core 2 and all...
by glucz
Fri Feb 24, 2012 1:43 am
Forum: General
Topic: Automatic queues assigned to VPN interfaces
Replies: 0
Views: 471

Automatic queues assigned to VPN interfaces

Can someone tell me the logic behind interface queue assignment to VPN interfaces? I know that Simple Queues are assigned every time there is a speed limit on the interface. However I sometimes see Interface Queues and I cannot figure out when they appear and what type they would be. For example (th...
by glucz
Thu Feb 23, 2012 11:12 pm
Forum: General
Topic: OpenVPN - opinions?
Replies: 4
Views: 1032

Re: OpenVPN - opinions?

I only use bridged mode. I don't always have performance issues. Some installations work fine and I can use 60 out of 100mbps, sometimes only 5 or 10. I thought it was a bandwidth problem to the server, but the servers can talk to each other 100/100 when I do a bandwidth test. It's not an openvpn is...
by glucz
Thu Feb 23, 2012 4:31 pm
Forum: General
Topic: Virtualbox + 5.13 problems
Replies: 4
Views: 780

Re: Virtualbox + 5.13 problems

Hello again, You guys should start to pay me for the number of hidden bugs I have been finding lately :-> -if not in cash, but in licenses. Anyhow. I tested SSTP on a number of X86 architectures ... and here are the results AMD Geode on a 10 year old WRAP board --> SSTP OK AMD Athlon 64 [several ins...
by glucz
Thu Feb 23, 2012 3:08 pm
Forum: General
Topic: Virtualbox + 5.13 problems
Replies: 4
Views: 780

Re: Virtualbox + 5.13 problems

Thanks.

I tested 5.14 in Virtualbox and got the same error in the logs.

I noticed however that it is not enough to run
/certificate reset-certificate-cache

after the downgrade, but it is required to decrypt the keys again. It was not obvious for me, but might be for others.

GL
by glucz
Thu Feb 23, 2012 12:40 pm
Forum: General
Topic: OpenVPN - opinions?
Replies: 4
Views: 1032

Re: OpenVPN - opinions?

Are you sure that it was not because of the asymmetric nature of the subscriber line that the clients used? All in all I have good experience with MT VPN solutions including openVPN since version 5.x when it became stable for the first time. However under some circumstances vpn seems to become unrea...
by glucz
Wed Feb 22, 2012 5:41 pm
Forum: General
Topic: Virtualbox + 5.13 problems
Replies: 4
Views: 780

Virtualbox + 5.13 problems

Hello, This is probably not RouterOS related, but I thought I would mention it. SSTP in 5.13 doesn't work in Virtualbox. 5.12 works however. 5.13 logs a bad peer version when I try to connect and displays a 619 error on the client screen. I tested the same thing on Xen and it works well there.... bu...
by glucz
Sat Feb 04, 2012 2:40 pm
Forum: General
Topic: Creating VPN tunnel chain
Replies: 4
Views: 1004

Re: Creating VPN tunnel chain

The static route might be a valid way to do this, but it is not the most resource efficient especially if your partner is on a slow Internet line. All traffic between you and the third company goes into their network and comes out causing a double traffic load. If this is just going to be 3 nodes, y...
by glucz
Tue Jan 24, 2012 9:05 pm
Forum: General
Topic: x86 5.5 and 5.7 ssh key problem
Replies: 32
Views: 10883

Re: x86 5.5 and 5.7 ssh key problem

Hello, Seing that this still comes up sometimes even on 5.11 and 5.12 - I'm wondering if this is somehow related to an installation error. I remember that the first time I boot routeros, it generates the server keys. This is not generated when I upgrade or downgrade. So if the initial key generation...
by glucz
Mon Dec 19, 2011 2:49 pm
Forum: General
Topic: vmware -> proxmox
Replies: 1
Views: 801

Re: vmware -> proxmox

I moved some guests from vmware to virtualbox and the same thing happened. I think you will need to invest in a new license.

GL
by glucz
Mon Dec 19, 2011 2:11 pm
Forum: General
Topic: pptp vs l2tp
Replies: 5
Views: 3064

Re: pptp vs l2tp

I think that they are the same as far as resources go, especially if you don't use IPSEC with L2TP. I always suggest people to go with L2TP if possible. It uses UDP transport. If urge you do to a google search regarding the disadvantages of running tcp traffic inside a tcp tunnel.

GL
by glucz
Mon Dec 19, 2011 2:08 pm
Forum: General
Topic: OpenVpn replacement ??
Replies: 1
Views: 448

Re: OpenVpn replacement ??

You don't have to use the same technology among each site ... in general I would say that you need to think about your topoloogy first. Are you setting up a central hub and all others connect to that or you set-up peer to peer connection among each pair of sites? Even in the hub situation you can ha...
by glucz
Tue Dec 13, 2011 2:39 pm
Forum: Beginner Basics
Topic: Dst-limit in Firewall rule
Replies: 10
Views: 8218

Re: Dst-limit in Firewall rule

I think you have the same question as I. How is the rate calculated? You assume that it is based on a per second basis and expiry doesn't affect statistics. I assume that it is calculated over the whole hash table (number_of_active_connections + number_of_not_expired_but_inactive_connections)/(time_...
by glucz
Tue Dec 13, 2011 11:34 am
Forum: Beginner Basics
Topic: Dst-limit in Firewall rule
Replies: 10
Views: 8218

Re: Dst-limit in Firewall rule

There is a difference between 10/5 minutes and 2/1 minute (ie: 5 minute rolling average vs 1 minute rolling average) but I understand your thinking ... Set a true rate in the rate section like 2/minute and set expiration to 5 minutes will make it 10/5 minutes ... but it would be nice to get a confir...
by glucz
Mon Dec 12, 2011 9:06 pm
Forum: Beginner Basics
Topic: Dst-limit in Firewall rule
Replies: 10
Views: 8218

Re: Dst-limit in Firewall rule

We agree on the function of the expire parameter. What is the point of setting a 10/hour rate if I expire my entries after say 5 minutes? And conversely what is the point in setting the expire to be longer than the time rate unit parameter. The first scenario makes the true rate 10/5 minutes, while ...
by glucz
Mon Dec 12, 2011 5:07 pm
Forum: General
Topic: v5.9 upgrade WARNING!!!!
Replies: 8
Views: 1657

Re: v5.9 upgrade WARNING!!!!

Downgrading back to 5.8 from 5.10 will also loose the IP address, but the interface is kept.
by glucz
Mon Dec 12, 2011 3:09 pm
Forum: Beginner Basics
Topic: Dst-limit in Firewall rule
Replies: 10
Views: 8218

Re: Dst-limit in Firewall rule

Thanks. I have seen this example. The problem is that that is mostly a count and drop scenario. For a well written dst-limit you should not need the mark and drop part, just the dst-limit with a return or accept action and then a simple drop afterward. That way you have drops based on the actual rat...
by glucz
Mon Dec 12, 2011 11:37 am
Forum: Beginner Basics
Topic: Dst-limit in Firewall rule
Replies: 10
Views: 8218

Re: Dst-limit in Firewall rule

well ... it seems like that nobody knows exacly how dst-limit works? ... I was able to figure out partly why it doesn't seem to work. The expire time units seem to be off. Counted packets expire quickly. Someone mentioned in the forums that the time units are actually 1/10th seconds. However I still...
by glucz
Sun Dec 11, 2011 11:04 pm
Forum: General
Topic: v5.9 upgrade WARNING!!!!
Replies: 8
Views: 1657

Re: v5.9 upgrade WARNING!!!!

Rename is still present in upgrading to 5.10 . Previous version was 5.8
X86

I also lost the static IP address.

GL
by glucz
Sat Dec 10, 2011 10:36 pm
Forum: Beginner Basics
Topic: Dst-limit in Firewall rule
Replies: 10
Views: 8218

Dst-limit in Firewall rule

Hello, Could you please someone explain to me how the dst-limit works exactly in the firewall rules? I have looked at the wiki and the 1 example available that I found in the forums, as well as my own attempts and I still can't figure out. What I want is this: I want to limit the rate at which hotsp...
by glucz
Mon Nov 14, 2011 11:56 pm
Forum: General
Topic: RouterOS v5.8 released
Replies: 182
Views: 87227

Re: RouterOS v5.8 released

This error has stretches with the third version! With the loss of PPP (pptp, l2tp, openvpn) connections - does not delete the IP address automatically. If it is static, more impossible to establish a connection! https://lh6.googleusercontent.com/-jJ03jOO0V00/Trg08YyoPCI/AAAAAAAAAQE/JUh4oHy8wkU/s144...
by glucz
Sun Nov 06, 2011 10:32 pm
Forum: General
Topic: Boot RouterOS with grub2
Replies: 4
Views: 1572

Re: Boot RouterOS with grub2

To be honest, the question has merit ... I sometimes have to install ROS on remote PC's. I have used Xen, KVM, VMware or Virtualbox (whatever was available) and up to version 4.x this woked well. However 5.x runs very badly in Virtualized environments. VMware seems to be the most stable ... the rest...
by glucz
Sun Oct 16, 2011 11:25 pm
Forum: General
Topic: License question
Replies: 1
Views: 278

License question

I downgraded X86 ROS 5.7 with a L4 license to ROS 4.17 . Now I get a boot error .. something about "license expired", but it disappears quickly. I had a full L4 license and not a L0. Does anyone know why this is happening and how the installation can be restored?

Thanks
GL
by glucz
Fri Oct 07, 2011 4:43 pm
Forum: Virtualization
Topic: Vmware Vitual interfaces
Replies: 3
Views: 2105

Re: Vmware Vitual interfaces

Hello, VmWare is a stable solution. I don't fully understand the rest of your question, but if you have multiple adapters in your server, you can set up a network bridge on each in VmWare Server or Esxi. Then connect the virtualized eth interfaces to one of the bridges. You can have as many virtuali...
by glucz
Thu Sep 15, 2011 1:23 am
Forum: General
Topic: Feature Request: Authentication settings for parent proxy
Replies: 0
Views: 699

Feature Request: Authentication settings for parent proxy

Hello, I saw that there have been earlier discussions regarding web proxy authentiction ... well this is not about that. It would be great if the web proxy could log into a parent proxy using the standard authentication. I think it would be easy to implement, since all you need is 2 new entries for ...
by glucz
Mon Sep 05, 2011 2:30 pm
Forum: General
Topic: Running RouterOS as a Xen DOMU
Replies: 1
Views: 417

Re: Running RouterOS as a Xen DOMU

RouterOS will run fine under XEN in full virtualization mode. It will not work under paravirtualization.

GL
by glucz
Tue Aug 23, 2011 11:12 pm
Forum: General
Topic: ovpn on ros 5.6 not working?
Replies: 4
Views: 1421

Re: ovpn on ros 5.6 not working?

Is it working on 5.5 for you? What happens when you downgrade without changing anything else? I have been complaining about OpenVPN in ROS for years and I'm now running it more or less without problems on 5.5 As far as I can tell only 5.5 and 5.4 can run OpenVPN without internal crashes ... and I ha...
by glucz
Wed Aug 03, 2011 8:40 pm
Forum: General
Topic: v5.6 released
Replies: 91
Views: 20839

Re: v5.6 released

Because nameservers cannot be trusted. That's why windows for example will not accept the server certificate unless it's signed by a trusted signer. So now not only will they have to contaminate the DNS, they will have to generate a valid a signed certificate in your domain name. So now IE/FF/Chrom...
by glucz
Wed Aug 03, 2011 6:40 pm
Forum: General
Topic: v5.6 released
Replies: 91
Views: 20839

Re: v5.6 released

Yes, now you have to set server's IP address (not DNS name) when creating certificate. SSTP is not harder to use, it is just an additional security feature. OK. So let's assume for a moment that I'm running a VPN server and want to connect to it using SSTP. I generate my certificate signing request...
by glucz
Wed Aug 03, 2011 4:00 pm
Forum: General
Topic: v5.6 released
Replies: 91
Views: 20839

Re: v5.6 released

I'm trying to get the meaning of this: *) sstp - when server certificate verification is enabled for sstp client, it will additionally compare IP addresses found in certificate's subjectAltName and subject CN to the real address, DNS names are ignored; What does this mean in simple terms? Do I now h...
by glucz
Wed Aug 03, 2011 10:23 am
Forum: General
Topic: Ros 5.5 on RB 112 and 133: it's possible?
Replies: 3
Views: 605

Re: Ros 5.5 on RB 112 and 133: it's possible?

I use 5.5 on 112. You must be very careful to install only the packages that you need and to turn off all services that you don't use. I think the main limiting factor is the RAM. It seems to start swapping to the flash, causing 100% CPU and lockup in 1-5 minutes.

GL
by glucz
Mon Jul 25, 2011 4:32 pm
Forum: General
Topic: RB750 hardware reliability
Replies: 10
Views: 2689

Re: RB750 hardware reliability

Currently all of them are working, so I won't break one open now. But you have to take it apart anyhow, so just look inside to see if it is really the capacitors that blew. Search for blown capacitor in google to see how they look like. Look on the side of the capacitor for a capacitance and a volta...
by glucz
Sun Jul 24, 2011 1:54 am
Forum: General
Topic: RB750 hardware reliability
Replies: 10
Views: 2689

Re: RB750 hardware reliability

We had a few 750's die too (3 out of 10). If you take them apart, you will see 2 large capacitors in the middle. Most likely they are deformed and the top is blown or split. Replace them with solid state capacitors. They are in the $1 range each, so your total fixing cost is $2. This is a common pro...
by glucz
Sun Jul 17, 2011 8:57 am
Forum: General
Topic: PPtP keeps disconnecting
Replies: 15
Views: 17217

Re: PPtP keeps disconnecting

Hello, This is just a guess, not knowing what kinds of routes actually get set up when you check the PPTP interface to be your default route... check if there is a route remaining to your VPN server through your regular gateway. You are expected to get these kinds of timeouts if the router will try ...
by glucz
Fri Jun 17, 2011 12:35 pm
Forum: General
Topic: ROS 5.x becoming unresponsive. 132 (No buffer space ...
Replies: 15
Views: 5098

Re: ROS 5.x becoming unresponsive. 132 (No buffer space ...

I suggested this to MT earlier to make this a FAQ item or something prominent so that ROS users are aware of this problem: If you use tarpit firewall actions in 5.x, it will fill up your route cache. The more connections run into tarpit, the sooner your cache fill fill up. The error message when tal...
by glucz
Mon May 30, 2011 10:24 pm
Forum: General
Topic: OVPN Server with ROS 4.11
Replies: 5
Views: 1445

Re: OVPN Server with ROS 4.11

My experience is that OpenVPN doesn't work properly on ROS releases up to and including 5.2 . If you read the posts you will see a lot discussions ending with a suggestion to turn off openvpn. Not only is it buggy but causes problems to other services and winbox in certain versions. It may appear to...
by glucz
Sun May 29, 2011 4:11 pm
Forum: General
Topic: IPv4 to IPv6 proxy
Replies: 8
Views: 2297

Re: IPv4 to IPv6 proxy

Yes ... I'm interested in this too. Everyone is talking about transitioning to IPV6. How is a gradual transitioning possible? When my server has only IPV6 address, how can IPV4 clients reach it ... and suppose my ISP switched my residential addressing to IPV6, how will I be able to reach IPV4?

GL
by glucz
Mon May 23, 2011 5:10 pm
Forum: General
Topic: 5.x routing cache bug (?) - dropped packets, lost network
Replies: 28
Views: 9702

Re: 5.x routing cache bug (?) - dropped packets, lost networ

In case the original thread was removed and others experience the route-cache problems, lost pings etc ... change your tarpit actions to drops The problem is possibly due to a diffeerent route cache / tarpit implementation in the new linux kernel used by ROS 5, so this may be present in 5.3 or other...
by glucz
Mon May 23, 2011 4:09 pm
Forum: General
Topic: L2tp problem
Replies: 1
Views: 567

Re: L2tp problem

Yes ... it has been like that for several years, possibly forever. The interesting thing is that if you set up several IP's in the same /24 range and don't pick a primary, but set up all of them with the same /24 mask, the IP for the L2TP server will be random after each reboot. Usually however it s...
by glucz
Tue May 17, 2011 12:56 am
Forum: General
Topic: v5.2 released
Replies: 161
Views: 29747

Re: v5.2 released

I installed 5.2 on a pppoe (bras) mk router. Till now I see a bug. in PPP, active connection you can see new connecting pppoe client uptime starts from 39seconds and starts decreasing till reaching 0, then starts increasing! So funny :) So it's user "yyy" connect. you can see it's alive for 39, 38,...
by glucz
Sun May 15, 2011 7:14 pm
Forum: General
Topic: {HELP}HOW TO GET A ISO OUT OF A (PC) THAT MIKROTIK..help dev
Replies: 8
Views: 750

Re: {HELP}HOW TO GET A ISO OUT OF A (PC) THAT MIKROTIK..help

or .... are you talking about how you can install routeros on a remote PC? Like a server in a datacenter - without involving the datacenter personnel ... or simply because they don't support custom OS's as it is most often the case? Actually I would be interested to hear if someone can do that too. ...
by glucz
Sun May 15, 2011 1:48 pm
Forum: Beginner Basics
Topic: Monitor what pages users are opening
Replies: 3
Views: 1112

Re: Monitor what pages users are opening

If it is enough to monitor the IP addresses visited, you can set info logging to a remote syslog server. Then set up a mange rule ip firewal mangle add chain=prerouting action=log connection-state=new protocol=tcp dst-port=80,443 log-prefix="WEBACCESS" This way you can also monitor SMTP,IRC,P2P acce...
by glucz
Sun May 15, 2011 1:40 pm
Forum: General
Topic: Blocked website
Replies: 6
Views: 799

Re: Blocked website

This doesn't look like a website that an ISP would block. You can try accessing the site through a free proxy or a VPN service (ex: http://usaip.eu) to verify if it is a local problem. If you can access it, then probably your ISP is blocking it and you will be in a better position to ask for an expl...
by glucz
Fri May 13, 2011 8:30 am
Forum: General
Topic: v5.2 released
Replies: 161
Views: 29747

Re: v5.2 released

Yes. I can too confirm after 16 hours that route cache is now stable. So tarpit seems to leak into route cache.

GL
by glucz
Thu May 12, 2011 6:57 pm
Forum: General
Topic: v5.2 released
Replies: 161
Views: 29747

Re: v5.2 released

This is total RAM-shared video ram, so the RAM available might be slighly different for each configuration.

GL
by glucz
Thu May 12, 2011 12:41 pm
Forum: General
Topic: v5.2 released
Replies: 161
Views: 29747

Re: v5.2 released

No. They are all different. Whatever was available at the time.

Whoever else is also having route cache problems: Are you using tarpit actions in firewall rules?
I picked 2 MT750's off the shelf and am tring to build the minimum required rules and services to replicate the problem.

Thanks
GL
by glucz
Thu May 12, 2011 10:11 am
Forum: General
Topic: v5.2 released
Replies: 161
Views: 29747

Re: v5.2 released

It seems like that the max cache size depends on the RAM in the router. The minimum size seems to be 16384 If you have over 128M RAM, the size is 32768 If you have over 256M RAM, the size is 65535 etc ... The point is that it will fill up regardless of the cache size. The added bonus is that 5.2 is ...
by glucz
Thu May 12, 2011 9:43 am
Forum: General
Topic: v5.2 released
Replies: 161
Views: 29747

Re: v5.2 released

Hm. It seems like that my previous post got deleted. I hope it was because of the size and not the content ... so I will just phrase it simply:

Please send me the question you refer to, because I received no questions from support.

Thank you
GL
by glucz
Wed May 11, 2011 3:41 pm
Forum: General
Topic: v5.2 released
Replies: 161
Views: 29747

Re: v5.2 released

Normis ... and when you said that you were looking into my ticket which is about this same issue a few days ago, and forgot about it ... ? Even when others asked about the status - we received no answer. I don't see what the added value is in disregarding a serious problem in ROS 5.X . Not talking a...
by glucz
Wed May 11, 2011 10:14 am
Forum: General
Topic: v5.2 SNMP memory leak
Replies: 20
Views: 1567

Re: Petition to remove ROS 5.2 from stable staus.!! +1

MT. Please acknowledge these problems so we can move on with our lives and stop generating supouts, screenshots, statistics and posts. A rough timeline for a fix would be nice too, so we can decide if we want to downgrade to 4.X for a few months (years) or we should convince our clients to stay on 5...
by glucz
Mon May 09, 2011 11:17 am
Forum: General
Topic: v5.2 SNMP memory leak
Replies: 20
Views: 1567

Re: Petition to remove ROS 5.2 from stable staus.!! +1

[Ticket#2011041766000095] Possible bug report + supout.rif

Thanks
GL
by glucz
Mon May 09, 2011 11:08 am
Forum: General
Topic: v5.2 SNMP memory leak
Replies: 20
Views: 1567

Re: Petition to remove ROS 5.2 from stable staus.!! +1

I myself reported the ping problem maybe 3-5 weeks ago first. It is present in all 5.X versions, including the RC-s that I tested. It is really the filling up of the route cache that materializes as a ping problem first and blackout later. The problem seems to be present not only in x86, but routerb...
by glucz
Sun May 08, 2011 10:35 am
Forum: General
Topic: Question Regarding OVPN server Config On Mikrotik
Replies: 1
Views: 1576

Re: Question Regarding OVPN server Config On Mikrotik

You can use startssl.com to create both the private key and certificate for openVPN ... or you can set up a CA on your computer and generate the certificates yourself (http://openvpn.net/index.php/open-source/documentation/howto.html) Import both key and certificate under system certificates You wil...
by glucz
Sun May 08, 2011 10:09 am
Forum: General
Topic: PPTP real static ip
Replies: 4
Views: 2371

Re: PPTP real static ip

If you don't want to play with NAT, you can just set the remote address in PPTP/L2TP secret to the real static IP. You will also need to enable proxy-arp on the main eth interface of the router.

GL
by glucz
Sun May 08, 2011 1:05 am
Forum: General
Topic: 5.x instability - CPU spikes and lockup (x86?)
Replies: 0
Views: 360

5.x instability - CPU spikes and lockup (x86?)

Others reported 100% CPU spikes with ROS 5.x . What I see is similar. It starts with CPU spikes and goes into 100% CPU utilization and locks up. I was able to catch the spikes once in winbox and since then I just see that it locks up. So I repeated the experiement with ROS in Virtualbox ... and plea...
by glucz
Sat May 07, 2011 9:13 pm
Forum: General
Topic: 5.x routing cache bug (?) - dropped packets, lost network
Replies: 28
Views: 9702

Re: 5.x routing cache bug (?) - dropped packets, lost networ

The problem is still present in 5.2 I have been sending supouts to support to help their work .. maybe things will improve in 5.3? I unfortunately need SSTP, so I must keep 5.2 on a few servers. This also gave me the opportunity to test a few scenarios and found the following: I have a demo PPTP/L2T...
by glucz
Fri May 06, 2011 8:18 am
Forum: General
Topic: v5.2 released
Replies: 161
Views: 29747

Re: v5.2 released

I have a somewhat similar situation on 5.2. Can you check
ip route cache print
Maybe your route cache is full? That's what is happening to me.

GL
by glucz
Fri May 06, 2011 12:32 am
Forum: General
Topic: Can't Connect To My PPTP Server (LCP Lowerdown)
Replies: 1
Views: 4454

Re: Can't Connect To My PPTP Server (LCP Lowerdown)

What is the 3 digit error code you/your client gets when trying to connect? (619, 809 etc ...)

Usually L2TP gets through firewalls better as it is UDP. PPTP uses GRE packets. Older routers might not support GRE NAT at all, and some ISP's block GRE alltogether.

GL
by glucz
Thu May 05, 2011 12:58 pm
Forum: General
Topic: [SOLVED] Certificate Issues with Hotspot HTTPS Login
Replies: 5
Views: 3060

Re: Certificate Issues with Hotspot HTTPS Login

Rapidssl will require you to also add rapidssl intermediate certificate to the server https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO6252 I never tried this with Mikrotik, but in apache I have to use different configuration directives for the in...
by glucz
Thu May 05, 2011 10:37 am
Forum: General
Topic: PPTP performance problems with Outlook/Exchange
Replies: 5
Views: 1299

Re: PPTP performance problems with Outlook/Exchange

This may not be your solution ... but I try to avoid TCP tunnels (PPTP) whenever possible. TCP traffic (like SMTP) inside a TCP tunnel goes through double congestion control and one can affect the other. http://www.docstoc.com/docs/37194256/Understanding-TCP-over-TCP-Effects-of-TCP-Tunneling-on So y...
by glucz
Wed May 04, 2011 3:36 pm
Forum: General
Topic: hotspot problem plz help
Replies: 6
Views: 1067

Re: hotspot problem plz help

Hello.

Which version of routeros do you use?
by glucz
Mon May 02, 2011 11:06 am
Forum: General
Topic: v5.2 released
Replies: 161
Views: 29747

Re: v5.2 released

I had 3 high CPU usage related crashes on 5.2 within the past 2 days on 2 different x86 routers. I couldn't do a supout in the first 2 cases and forgot in the 3rd case, but I did make a profile screenshot. A reboot was required in all cases. There were about 30 users logged in with 3mbps traffic. No...
by glucz
Sat Apr 30, 2011 5:41 pm
Forum: General
Topic: v5.2 released
Replies: 161
Views: 29747

spurious interfaces

I reported a problem previously that interfaces disappear in winbox, but can be seen through the terminal http://forum.mikrotik.com/viewtopic.php?f=1&t=50994 Now I noticed a few spurious interfaces that cannot be removed through the terminal and since the interfaces are missing in winbox, they are v...
by glucz
Thu Apr 28, 2011 12:39 pm
Forum: General
Topic: 5.x routing cache bug (?) - dropped packets, lost network
Replies: 28
Views: 9702

Re: 5.x routing cache bug (?) - dropped packets, lost networ

[admin@MikroTik] > ip route cache print
cache-size: 15239
max-cache-size: 65536
by glucz
Thu Apr 28, 2011 10:24 am
Forum: General
Topic: 5.x routing cache bug (?) - dropped packets, lost network
Replies: 28
Views: 9702

Re: 5.x routing cache bug (?) - dropped packets, lost networ

There is a route fix in 5.2 . I hope that it was in response to this bug report. I upgraded 4 routers yesterday

So far I'm up to here:

[admin@MikroTik] > ip route cache print
cache-size: 2596
max-cache-size: 65536


I'll just wait and see what happens.
by glucz
Fri Apr 22, 2011 9:51 am
Forum: General
Topic: 5.x routing cache bug (?) - dropped packets, lost network
Replies: 28
Views: 9702

5.x routing cache bug (?) - dropped packets, lost network

I reported a problem to mikrotik earlier in which routeros 5.x looses network connectivity every day or so - depending on load. Support told me that the reason for this was that my routing cache filled up. They suggested that my users were running p2p or the router is DDOS-ed. However my suspicion i...
by glucz
Tue Apr 19, 2011 3:08 pm
Forum: General
Topic: Possible bug on 5.1 (memory leak, network or kernel?)
Replies: 9
Views: 2160

Re: Possible bug on 5.1 (memory leak, network or kernel?)

Hello,

I was able to send the supouts to support today. I also found an actual error that could be related to this problem. Please see screenshot below ... there could be many other factors involved, but my money is on memory leak now.
by glucz
Mon Apr 18, 2011 1:11 pm
Forum: General
Topic: Possible bug on 5.1 (memory leak, network or kernel?)
Replies: 9
Views: 2160

Re: Possible bug on 5.1 (memory leak, network or kernel?)

Hello, There are no problems with the counters. The actual problem is that unless the load is light, routeros will start loosing packets at an increasing rate. It will eventually loose all network connectivity. This happened to me on all 5.x based x86 servers, both RC and final, but never on 4.X or ...
by glucz
Sun Apr 17, 2011 7:53 pm
Forum: General
Topic: Possible bug on 5.1 (memory leak, network or kernel?)
Replies: 9
Views: 2160

Re: Possible bug on 5.1 (memory leak, network or kernel?)

Hello,

I already rebooted, so I don't have an actual answer, but if my memory serves right, it goes to 0%. So it doesn't look like a deadlock.

GL
by glucz
Sun Apr 17, 2011 7:50 pm
Forum: General
Topic: Winbox bug
Replies: 2
Views: 872

Winbox bug

Hello, I have been seing this problem for a very long time, so I don't know if this is winbox or routeros related. I mostly saw this on virtualised systems, but that doesn't mean that it can't happen anywhere else . The problem is that Winbox forgets about the network interfaces, both ethernet and t...
by glucz
Sun Apr 17, 2011 6:59 pm
Forum: General
Topic: Possible bug on 5.1 (memory leak, network or kernel?)
Replies: 9
Views: 2160

Re: Possible bug on 5.1 (memory leak, network or kernel?)

Hello, I imagine that it is related to a specific service or task, so the most common features won't bring out this problem. I noticed this very early with the RC 5.x versions - but there were so many other problems that got fixed quickly that I didn't pay much attention to this. I however started t...
by glucz
Sat Apr 16, 2011 10:39 pm
Forum: General
Topic: Possible bug on 5.1 (memory leak, network or kernel?)
Replies: 9
Views: 2160

Possible bug on 5.1 (memory leak, network or kernel?)

Hello, Actually I have this problem since the 5.xRC versions: I have a few x86 installations running as VPN servers serving PPTP and L2TP. The 5.x versions will start loosing packets after a while. It all seems to depend on load / traffic. The heavier the load is, the sooner the packet loss will sta...
by glucz
Thu Apr 07, 2011 12:41 am
Forum: General
Topic: SSTP bug on multi-core x86 systems - ROS 5.0
Replies: 1
Views: 990

SSTP bug on multi-core x86 systems - ROS 5.0

I upgraded half of our servers to 5.0 for the SSTP functionality. I noticed that on multicore x86 systems SSTP always restarts when there is a connection attempt. It would also log an SSTP :- internal error message, but no further details. The client computer would see an 809, 631 or 619 error and a...
by glucz
Wed Dec 22, 2010 10:59 pm
Forum: General
Topic: 5.0rc5 100% CPU
Replies: 36
Views: 34755

Re: 5.0rc5 100% CPU

I can confirm that rc5 is eating up 100% of the CPU ... it doesn't always happen, but when it does, it stays like that for hours. This is a new rc5 installation on dual core x86 (2x1.8Ghz) with no traffic at all. The idle process shows 50% utilization, but that's only because of the dual core ... on...
by glucz
Mon Mar 29, 2010 1:11 pm
Forum: General
Topic: outgoing DOS protection for hotspots
Replies: 1
Views: 586

outgoing DOS protection for hotspots

I have a hotspot that has recently been used to DOS others. Thus I want to limit the maximum number of connections to the same destination IP's. I have seen incoming DOS protection in this forum where someone set up a filter with connection limiting like 10,32 where 10 is the number of connections a...
by glucz
Mon Aug 31, 2009 10:59 pm
Forum: General
Topic: openvpn 3.27
Replies: 5
Views: 1601

Re: openvpn 3.27

This problem came up for me too. OpenVPN is just unusable. It just stops. It is not possible to restart. Only reboot will fix it, but of course that is not an option on a live system. We can't keep rebooting the server every day.
by glucz
Sun Aug 30, 2009 11:28 pm
Forum: General
Topic: V4 feature request / suggestion: SSTP VPN
Replies: 0
Views: 662

V4 feature request / suggestion: SSTP VPN

SSTP VPN besides the existing PPTP, L2TP, openVPN .

GL
by glucz
Mon May 04, 2009 2:18 pm
Forum: General
Topic: tcp connection limit.
Replies: 62
Views: 31911

Re: tcp connection limit.

What does the limit mask (connection-limit=71,32) of 32 mean in this case? You allow 71 connections per individual source IP to a /32 range (individual IP)? So you allow 71 connections from any source to any destination? Shouldn't this be connection-limit=71,0 ? So you limit the global total connect...
by glucz
Mon Feb 18, 2008 5:29 pm
Forum: General
Topic: Why does preferred source not work in routing for Routeros 3
Replies: 7
Views: 4245

Re: Why does preferred source not work in routing for Routeros 3

What I have here is PPTP and L2TP users from different locations. Some are single computers, some are complete networks. A specific group of these connections get their routing marked as EV2 I was masquerading the connections to 193.239.149.97 via 87.229.53.253. Note that the base IP of the router i...
by glucz
Sun Feb 17, 2008 5:11 pm
Forum: General
Topic: Preferred source ignored?
Replies: 10
Views: 4368

Re: Preferred source ignored?

has anyone found a solution? This is still a problem in routeros 3?

Thanks
by glucz
Sun Feb 17, 2008 4:47 pm
Forum: General
Topic: Why does preferred source not work in routing for Routeros 3
Replies: 7
Views: 4245

Why does preferred source not work in routing for Routeros 3

I used to have a system where I had different groups of users masqerading on different public IP addresses. I was routing them to the proper IP using simple routing with routing marks and rules with preferred sources. In 3.x now everyone sees the outside world on the same IP, which is the base route...
by glucz
Thu Jan 17, 2008 12:47 pm
Forum: General
Topic: Finally l2tp/ipsec is compatible with windows ... or almost
Replies: 6
Views: 8014

Re: Finally l2tp/ipsec is compatible with windows ... or almost

I also read maybe 1 more post like yours that it's working, but there are no details regarding the setup or the server hardware type - not to mention the client type. This is why I tried to give a clear description of what I'm doing, so there would be a thread that can help set up a working system f...
by glucz
Mon Jan 14, 2008 5:34 pm
Forum: General
Topic: Finally l2tp/ipsec is compatible with windows ... or almost
Replies: 6
Views: 8014

Finally l2tp/ipsec is compatible with windows ... or almost

I have been trying to find a solution to connect to a MT router from Windows using the built in l2tp client. From XP it was possible via turning off ipsec. This is not posible in VISTA however. I have tried every possible scenario with routeros 2.9 but I think that it's not possible to connect the n...