MikroTik

hapoo

Thanks for the info k6ccc For simplicity’s sake I’d like to use switchos, but I have very little experience with it compared to the years I’ve used routeros. I’m sure I can figure out most of what you wrote, but how would I restrict management to one port in switchos? Or I guess how would I limit ma...

hapoo

Hello everyone. I'm planning on placing a CRS317 on the WAN side of things so that I can distribute the incoming connection to several routers. We have 16 static ips and plan on assigning some to a CCR2004 and a few to a couple CHRs. I've never put a switch on the WAN side and want to make sure I se...

hapoo

Doesn't matter how passwords are generated. For ISP routers it is the biggest BS ever. Imagine that you have to configure 20+ new routers for clients or technician connects new router to the network or resets configuration of existing router and admin has to configure it via MAC telnet form the nei...

hapoo

For anyone else who may have issues in the future... the ikev2 implementation in macOS/iOS/iPadOS is actually more flexible than what you see in your system settings. You can actually chose your own encryption algorithm, integrity algorithm and dh group along with a ton of other settings. In order t...

hapoo

I manage dozens of mikrotiks and on occasion have multiple browser windows open to different routers. We already have a "design skin" option. Could we have the option of changing the background color, menu color or something else to differentiate them so that we don't mistakenly modify set...

hapoo

paging @anav or anyone else who can help I'm sure this has been asked before but I'm having trouble finding the answer for this particular set up. I want to set up a wireguard server on my mikrotik solely for passing through road warrior traffic. The remote device should pass all traffic intended fo...

hapoo

Works great for me but I've also got a data center to send it to and my own IPv4 / IPv6 space. It's also going over a gig symmetric pipe in both locations. I use an RB5009 as a ZeroTier gw at home and a CCR2004-1G-12S+2XS in the data center so i can typically get several hundred meg between the two...

hapoo

That was the original plan, but I’d have to pay way too much for a low quality unmanaged switch with sfp ports when I already have a fully capable switch. Going the VLAN route makes sense. I’ll have to play with it and figure things out.

hapoo

Hi everyone, I have an incoming internet connection with 16 ip addresses I can use. Previously I had this going directly into one router, but I've decided to set up another independent LAN for several of the ips. Since I only have one incoming connection, I plan on using a portion of a CRS317 switch...

hapoo

He said it was an issue with the queue. Can someone explain how that is tested for and how it is resolved? I’m pretty certain I’m running into a similar issue. I get about 400mbps in iperf3 on a symmetrical gigabit connection with <50% cpu usage.

hapoo

I have a rb4011 (ROS 7.5) and crs309 (ROS 7.7) connected via two S+RJ10 modules. I can't seem to set them to anything other than 10gbps though. I tried doing this by disabling auto negotiate and selecting any other speed, but the connection would break. On a side note, why isn't 5gbps on that list?

hapoo

I have an IPSEC connection set up to a single peer but with 3 policies. Remote Router IP: 10.40.0.101/30 192.168.40.101/30 Policies: src: 10.40.0.100/30 dst: 10.40.0.0/24 src: 192.168.40.100/30 dst: 192.168.40.0/24 src: 10.40.0.101/30 dst: 10.0.0.0/8 I have many similarly configured routers all func...

hapoo

Another vote here for the feature.

If I'm away from my network and I VPN in, services that rely on mDNS are unavailable. It would be nice to be able to have mDNS requests go across from the VPN subnet to my main subnet. If anyone knows how to do this without an mDNS repeater feature, let me know.

hapoo

My #1 requirement for routers is ipsec performance (or failing that, wireguard). I'm struggling with ipsec performance on the existing hardware as it is, so every time a new router is announced my ears perk up. Is there a reason why the webpages for the newer hardware (5009, 2116, 2216) no longer co...

hapoo

I have a CCR2004 with 200+ days of uptime running on 6.48.3. Either I lucked out on the hardware or my configuration doesn't trigger reboots.

hapoo

*) ipsec - added hardware acceleration support for CCR2116;

Does this mean you'll start listing ipsec benchmarks on the "test results" page for the CCR2116?

hapoo

I'm testing out CHR as a VPN Concentrator for up to 500 concurrent connections with maybe 50 actively using it at any one time. Up until now i've only used actual mikrotik hardware, so its possible I don't know how to optimize the setup but I'm hitting hard caps and want to know if anyone has any ex...

hapoo

I don't think there are any plans for it, but I believe you can get the windows version running with wine. I do wish there was a native version though. I used to use a VM to run it, but with the M1 transition, that's no longer an option. How difficult would it be considering at least some of the cod...

hapoo

I manage a bunch of remote mikrotiks that have multiple Ipsec connections. Having an on-up, on-down, script options in policies would make managing and monitoring these connections so much easier. As another request (or maybe I'm just doing it wrong)... Some of these connections must always be up, a...

hapoo

Thanks, I was having the same issue (on a 4011 with a regular DHCP isp connection), and that rule fixed it. Is it secure though?

hapoo

I've successfully setup a road warrior IPsec vpn (not ikev2 or l2tp) in transport mode with mode-config (multiple subnets) on my mikrotik to use with macOS, iOS and android (haven't tried client mikrotiks or windows yet, but it would be nice to have). My primary reason for this setup is because I ne...

hapoo

Zome619kUkdB3H5CIPRsvaDatyNSMHaR1dNWf4xv4kMaUryCIhGsQTyRuZwY7akE YkP4DKog7Uk6Dp2wi8Lz0bidrOrh7/veo7SyAoXeDp5NZwAQUk5+vuUTzeMdQnOF L5F7rRrmm9OcPIOhf9L5o5CHDqIhSUI5WDxhQl80C0ZUfcqpPf4vZMlsoG7PM6dH +W1Ub8clX52pC9LoJy7389VmbDFJEu1o4jbMBv0DZgBc1Jeasb2F6VInacDJ+Z6T L8SkhjwN3aZKURb5crOhnK8dg6JLujGikPBUjDQ...

hapoo

So if there is no chance that they cooperate, you can give up on this part and only concentrate on the management access to the client devices. I obviously don't understand enough to know why that is. If I have an IPsec tunnel from my management router to the business, and all the clients are conne...

hapoo

sindy, Every single time I have a question, you're quick to respond with thorough and accurate responses. Thank you. Your answer was helpful, but as you may have guessed, I have no control over the business sides chosen setup, so I can't switch them to IPIP, so I might be stuck with a mixed network ...

hapoo

I'm struggling a bit with my setup and need some help. I manage a group of clients who all have a IPSEC tunnel to a business. They're all given a /30 range and connect to 10.0.0.0/8. I've set them all up with a Hex S and are all behind their ISP routers. I have no control on the business side of thi...

hapoo

So I'm setting up a site-to-site VPN for someone. I previously had them on a Hex S as their VPN box AND main router, but now their main router is a Unifi Dream Machine Pro (which has been dumbed down so much that for the life of me I can't figure out how to setup the vpn on, but I digress) Anyway. I...

hapoo

Figured it out. It had nothing to do with Mikrotik and everything to do with windows. The motherboard I was using was an Asus with an integrated Intel l211-AT NIC. The default drivers that come for windows don't actually enable WOL so the the NIC was turning off after shutting down from Windows (It ...

hapoo

So I modified every suggested setting in Windows, but still couldn't get it to work. Pulling up the stats for ether5, when the machine is on and I send a WOL packet, I can clearly see the Tx Broadcast increment. When the machine is off though there are no packets sent and no stats increment. So I'm ...

hapoo

I did as you suggested and the WOL packets are in fact getting through, at least while the system is powered on. I guess it may not be a router issue, but something due to the software/hardware on the computer. Its very frustrating since these machines are obviously remote and I don't have physical ...

hapoo

It’s actually not a VLAN. And I’ve tried bridge, VPN-bridge and ether5.

hapoo

I have more than 15 of these exact systems setup. I’ve tested 4 systems so far but have only been able to get WOL working on one of them. The one that it worked on had a slightly different setup wherein ether2-ether5 are all on the standard 192.168.50.0 bridge, the computer got a 192.168.50.x addres...

hapoo

I have a rather strange setup and suspect that it may contribute to the fact that I can't get WOL to turn on a computer. (I have confirmed its turned on in the computers bios) On a Hex S I have ether1 connected to Wan, ether2-ether4 connected to the standard bridge on the 192.168.50.0/24 subnet (wit...

hapoo

I want to clarify with some information provided to me. The ATT Residential RG sends all outgoing packets as 802.1p (tagged with VLAN 0). Their Commercial gateways sends all outgoing packets as 802.1q PVID 2 (tagged with VLAN 2). These are not always enforced, as I understand it. My residential 1G ...

hapoo

Once again you’ve fixed it Sindy. Thank you so much!

hapoo

I'm sure I'm doing something stupid, but no matter what I do I can't fix this issue. I have two networks connected via ipsec vpn with the following setup: /ip ipsec policy add disabled=yes dst-address=10.39.26.0/24 peer=VPN-peer proposal=VPN-proposal src-address=192.168.88.0/24 tunnel=yes /ip ipsec ...

hapoo

Same here. All the ones I found with 30m timeout issues were RW installations so I don’t think it was two mikrotiks.

hapoo

sindy... you are AMAZING! That fixed it.

Thank you SO much for walking through that with me so patiently! That solved it. And now I know why there's a groups option in ipsec that I always skipped over : )

hapoo

Server: # apr/07/2020 15:45:46 by RouterOS 6.45.8 # software id = # # model = RB760iGS # serial number = /ip ipsec profile add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=MGMT /ip ipsec peer add exchange-mode=ike2 name=MGMT passive=yes profile=MGMT send-initial-contact=no /ip ...

hapoo

I'll have to test one from the very second it establishes, but looking at the "uptime" on "active peers" I tested 6 of them over 20min old and without exception all pings cut out anywhere from 24m 2s to 24m 30s. Looking at their SA's, their soft lifetimes all seem to be in the sa...

hapoo

Thank you for the detailed response sindy. I don't understand ipsec quite well enough to figure this out myself, so I appreciate your help. The setup is a little messy, but I'll try to explain it. The "Server" Router is currently running v6.45.8 (It was running the latest, but I just downg...

hapoo

Set both sides to none, same thing. It's still set to expire in 30 min on the server side

hapoo

I had them matching and still had the issue. When googling the issue I ran across other people with similar problems with the suggestion to set the pfs-group to none on the client. Here is one such link: https://forum.mikrotik.com/viewtopic.php?t=125617 Honestly it makes no difference. The client se...

hapoo

I've read a lot of pages with people talking about this, but none of the suggestions have worked. The tunnel connects fine, but after about 25 min the connection stops working and after 30 min I get "IPsec-SA expired before finishing rekey" in the logs. The SA Typically has this: Add Lifet...

hapoo

Sorry if I have trouble explaining this, bear with me. I'm attempting to setup a site-site ipsec tunnel. I only have the ability to control my end of things. I've been assigned a /30 ip range but that's within the remote sites range of /8. So for example, my side is 10.1.1.8/30 10.1.1.9 intended for...

hapoo

The quote talks about client side support coming next, so that should be what you need. If you're not in a big hurry, give it few days and you'll see. Thanks Sob, I saw your post after I wrote mine. Thankfully I'm at least a month away from actually needing it since they haven't actually rolled out...

hapoo

Is that the dot1x they just added? That seemed to me to be a 802.1x server not a client. Although as I said, I have little knowledge about networking and even less so about mikrotik. Is there any hope of it being supported any time soon? Basically should I get the rb4011 or just go for the inferior ...

hapoo

Hello everyone. I have a bunch of questions and I'm quite new to all this so please forgive me. I'm planning on switching to a gigabit AT&T Fiber connection in the near future. Unfortunately they force customers to use AT&T modems/routers which are quite horrible, the reason being that the m...

Search found 47 matches