Community discussions

MikroTik App

Search found 84 matches

by JordanReich
Thu Feb 13, 2020 6:55 pm
Forum: General
Topic: Setup Multiple ISPs [SOLVED]
Replies: 19
Views: 3489

Re: Setup Multiple ISPs [SOLVED]

Thank you for that ... So I appear to be having an issue with the prerouting passthrough. On a random computer on the internet if I go to https://johndoe.com:8083 ... That hits my MikroTik primary router. Then a NAT pushes that port to 10.0.3.40 which is located at another site location that is thro...
by JordanReich
Thu Feb 06, 2020 11:35 pm
Forum: General
Topic: Setup Multiple ISPs [SOLVED]
Replies: 19
Views: 3489

Re: Setup Multiple ISPs [SOLVED]

You're solving all my problems! I went with a route rule and that worked perfectly. Every time I think I have it all wrapped up I run into another one. Hopefully this will be the last one... So I have an external DNS name lets call it johndoe.com. I am calling from an external IP address will call i...
by JordanReich
Tue Feb 04, 2020 10:58 pm
Forum: General
Topic: Setup Multiple ISPs [SOLVED]
Replies: 19
Views: 3489

Re: Setup Multiple ISPs [SOLVED]

Brilliant! Source IP solved the problem, thank you. The questions are never ending ... When the L2TP/IPSEC connection occurs I noticed on my primary hub that the multi-site router is connecting to me via DSL. How can I force the VPN connection to use LTE as its connection ISP rather then using DSL?
by JordanReich
Tue Feb 04, 2020 7:39 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

For those of you experiencing this issue please add your feedback here as well: https://issuetracker.google.com/issues/148526915 At this point based upon additional research this is happening across enough systems to lead to a conclusion that it appears to be a defect on Androids end. We set up the...
by JordanReich
Thu Jan 30, 2020 5:20 pm
Forum: General
Topic: Setup Multiple ISPs [SOLVED]
Replies: 19
Views: 3489

Re: Setup Multiple ISPs [SOLVED]

I do have one additional curiosity that I am having a problem figuring out. It is ongoing! All traffic from the site with all the route tables above is working perfectly. I can contact anything anywhere no problems. However from the HUB that hosts the L2TP server I cannot ping any devices within 10....
by JordanReich
Mon Jan 27, 2020 7:45 pm
Forum: General
Topic: Setup Multiple ISPs [SOLVED]
Replies: 19
Views: 3489

Re: Setup Multiple ISPs [SOLVED]

Chose one and play with this.
Good Luck.
Thank you! This resolved my problem completely and everything is now functioning as it should be. Your help has been very much appreciated.

Final Result:
RoutesResolved.png
by JordanReich
Sun Jan 26, 2020 12:05 am
Forum: General
Topic: Setup Multiple ISPs [SOLVED]
Replies: 19
Views: 3489

Re: Setup Multiple ISPs [SOLVED]

You have been amazing thank you again for all your help. I need your services for one additional effort and then I think I have all of this wrapped up. Right now ... this is my current routing table for the residence ... ISP_Routes.png The multiple ISP setup works perfectly. The problem I am now fac...
by JordanReich
Wed Jan 22, 2020 5:06 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

No worries. I completely understand thank you for the time zone.
Would you like me to compile and provide the logging now so you have it, or wait and catch up with you in a week or so?
by JordanReich
Wed Jan 22, 2020 7:45 am
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

Alright ...
Sindy let me know when your on tomorrow and I should be able to send you what you requested above - and will be available most of the morning starting at around 07:30 AM PST.
by JordanReich
Wed Jan 22, 2020 2:28 am
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

PSEC/L2TP discconect after one minuteSorry

Sorry guys I've been buried the last couple months dealing with a mountain of other things that became a higher priority. Can't guarantee that I'll for sure get to it but I'll try to finally get you an output Sindy so we can move forward on this. As I would still like to find a correction if possibl...
by JordanReich
Mon Dec 30, 2019 7:14 pm
Forum: General
Topic: Setup Multiple ISPs [SOLVED]
Replies: 19
Views: 3489

Re: Setup Multiple ISPs [SOLVED]

Thank you the above steps worked perfectly and solves the original problem. I do have one complication you may be able to help with. I have been able to split the internet between DSL and LTE, no problem. I can even swap the DSL and LTE adapters in the route table and I can flip what side of the hou...
by JordanReich
Sat Dec 21, 2019 3:14 am
Forum: General
Topic: Setup Multiple ISPs [SOLVED]
Replies: 19
Views: 3489

Re: Setup Multiple ISPs [SOLVED]

Finally was able to get a test lab setup at home where I could work on this configuration. I attempted to follow the general information provided to the best of my ability. I do seem to be able to get DHCP ranges set appropriately whether I am on the LTE or DSL network. But I still do not have any i...
by JordanReich
Tue Dec 10, 2019 5:40 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

OK, so we've definitely found something, as in my case, I can see both the LCP echo request/response (every 30 seconds) and the L2TP Hello message and the zero-length-body response to it: 1 0.000000 0.000000 192.168.5.1 → 192.168.5.100 PPP LCP 107 Echo Request 2 0.000002 0.000002 192.168.5.1 → 192....
by JordanReich
Sat Dec 07, 2019 1:25 am
Forum: General
Topic: Setup Multiple ISPs [SOLVED]
Replies: 19
Views: 3489

Setup Multiple ISPs [SOLVED]

I have done a number of advanced things with MikroTik routers in the past but I have never had any experience in this area. Really looking for a conceptual place to start and perhaps some knowledge documents or examples of other people doing something similar that can I can follow. We are not lookin...
by JordanReich
Fri Dec 06, 2019 8:12 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

Hi Sindy ...

Sorry between the holidays and the last week experiencing the flu I haven't been able to put in the work I've wanted to do on this. If you're willing to proceed I'll dive into this in the next thirty minutes or so and see if we cannot get you some more information.

Thanks!
by JordanReich
Mon Nov 25, 2019 5:18 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

Sorry for the delay in my response celebrating our two-year anniversary this weekend and the issue had to wait for a bit. Still consider this a high priority. I will review your message shortly including any questions I have so we can continue to move this forward. Thank you again for all your help ...
by JordanReich
Thu Nov 21, 2019 7:43 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

Hm. So the log clearly shows the 08:21:12 l2tp,debug,packet sent control message to PHONE-IP:39007 from ROUTER-IP:1701 08:21:12 l2tp,debug,packet tunnel-id=24958, session-id=0, ns=2, nr=4 08:21:12 l2tp,debug,packet (M) Message-Type=HELLO but the sniff doesn't. But there are more weird things about ...
by JordanReich
Thu Nov 21, 2019 6:27 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

Better redo, as the log is definitely too small to match. And I could not see the expected message in it. Take 110 ... L2TP Log... # nov/21/2019 8:20: 8 by RouterOS 6.44.5 # software id = 1SBQ-KUIK # 08:20:09 l2tp,debug,packet rcvd control message (ack) from 75.107.121.2:1701 to ROUTER-IP:1701 08:2...
by JordanReich
Thu Nov 21, 2019 6:11 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

Not a problem! I have adjusted my logging rules with the following turned on. I will rerun and provide the results shortly. @JordanReich, I was also writing the following in some other thread, so I better repeat it here: To get all of the log, before the connection attempt, run the following: /log ...
by JordanReich
Thu Nov 21, 2019 6:10 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

sheeeet... the first log in this topic is with l2tp debug on ( /system logging add topics=l2tp ) but it comes from @076Lucas, and I've missed that. There, we can see Nov/15/2019 22:49:52 l2tp,ppp,debug,packet L2TPDBG===>: <X.X.X.X>: sent LCP EchoReq id=0x7 ... Nov/15/2019 22:49:52 l2tp,ppp,debug,pa...
by JordanReich
Thu Nov 21, 2019 6:07 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

Did you try to lets say create the vpn client on your computer and see if the behavior is the same ? If i understood right mikrotik is used as vpn client right ? Yes, the router is the L2TP/IPSEC VPN server. The VPN clients have no issues on any other device other than Android mobile communication ...
by JordanReich
Thu Nov 21, 2019 5:59 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

sheeeet... the first log in this topic is with l2tp debug on ( /system logging add topics=l2tp ) but it comes from @076Lucas, and I've missed that. There, we can see Nov/15/2019 22:49:52 l2tp,ppp,debug,packet L2TPDBG===>: <X.X.X.X>: sent LCP EchoReq id=0x7 ... Nov/15/2019 22:49:52 l2tp,ppp,debug,pa...
by JordanReich
Thu Nov 21, 2019 5:39 pm
Forum: General
Topic: L2TP/IPSEC on mobile drops connection [SOLVED]
Replies: 7
Views: 888

Re: L2TP/IPSEC on mobile drops connection [SOLVED]

For the record please follow this issue here:
viewtopic.php?f=2&t=153955&p=761562#p761562

I will mark this as the correct answer for this post.
by JordanReich
Thu Nov 21, 2019 5:35 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

Downloaded, opens, you may remove it.
Done! Thanks again.
by JordanReich
Thu Nov 21, 2019 5:17 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

Alright ... L2TP Log: # nov/21/2019 7: 8:45 by RouterOS 6.44.5 # software id = 1SBQ-KUIK # 07:08:49 ipsec,info respond new phase 1 (Identity Protection): ROUTER-IP[500]<=>PHONE-IP[25781] 07:08:49 ipsec,info ISAKMP-SA established ROUTER-IP[4500]-PHONE-IP[13642] spi:fdbc3ec801e5d071:cad20757f6b7721a 0...
by JordanReich
Thu Nov 21, 2019 5:04 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

@JordanReich, while taking the new .pcap, please take the log in parallel. In the last (unidirectional) .pcap, I could not find even the first response to the PPP HELLO keepalive, although other PPP control packets were there, whereas in the log taken during another connection attempt the response ...
by JordanReich
Wed Nov 20, 2019 11:25 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

Got it, you can remove it.
Done! Thanks Sindy. As a reference ...

159.* - Public IP of the phone
198.* - Public IP of the router
172.32.0.100 - Subnet LAN for the phone
10.* - Default LAN of the router
10.0.0.9 - Storage NAS (which is what I was accessing from the phone VPN)
by JordanReich
Wed Nov 20, 2019 11:02 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

No idea what you did, but the packets are truncated to some 60 bytes so totally useless for the purpose. Did you run tcpdump with -s 0 ?
Might know what happened. Try it now.

New Link - *LINK REMOVED*
by JordanReich
Wed Nov 20, 2019 10:51 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

Let's just make life easy! :)

*OLD LINK REMOVED*

Let me know when you have a copy of the file.

Thanks.
by JordanReich
Wed Nov 20, 2019 9:59 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

Got the log!
I can send it to you do you have a preferred place you'd like to receive it?
by JordanReich
Wed Nov 20, 2019 8:25 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

OK then. Assume p.p.p.p is the remote IP from (behind) which the phone establishes the L2TP/IPsec connection Working on this now. But quick clarification. The s.s.s.s would refer to the server such as 10.0.0.53 in this case. The p.p.p.p do you mean the public IP address facing the internet or the I...
by JordanReich
Tue Nov 19, 2019 11:49 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

I have an accessible server farm. So we can run whatever tests you need to run. Not a problem. OK then. Assume p.p.p.p is the remote IP from (behind) which the phone establishes the L2TP/IPsec connection, and s.s.s.s is the address of the server which will do the sniffing. So place the following fo...
by JordanReich
Tue Nov 19, 2019 11:47 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

So I just created a hotspot with my Android and connected a laptop to it. Configured the VPN connection on the laptop and connected to the hotspot. And wonder well the VPN just stays connected! So I think it is maybe a buggy Android implementation. What kind of Android device do you use JordanReich...
by JordanReich
Tue Nov 19, 2019 10:16 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

Hopefully this helps! It's actually not the result I've expected - things must have changed since I tried last time. Now I've checked it on my setup running 6.45.7, and the packets decapsulated from IPsec are not shown by the embedded sniffer even in the receiving direction any more, which isn't he...
by JordanReich
Tue Nov 19, 2019 1:17 am
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

Got it, I think. I ran the following command [ tool sniffer quick ip-address=PHONE.IP port=4500,1701 ] Got a lot of traffic moving back and forth router side and mobile side upon initial connection. Once the connection stalled on the phone the traffic changes to this... Yes OutToWAN is the interface...
by JordanReich
Tue Nov 19, 2019 12:48 am
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

If I can provide anything additional from my end to help with this please let me know! @JordanReich, can you run the /tool sniffer command I've given above while watching the dynamically created l2tp interface in another window? I'm interested in whether the IPsec transport packet carrying the seco...
by JordanReich
Tue Nov 19, 2019 12:37 am
Forum: General
Topic: L2TP/IPSEC on mobile drops connection [SOLVED]
Replies: 7
Views: 888

Re: L2TP/IPSEC on mobile drops connection [SOLVED]

That was highly helpful - thank you! # nov/18/2019 14:33:51 by RouterOS 6.44.5 # software id = 1SBQ-KUIK # 14:33:55 ipsec,info respond new phase 1 (Identity Protection): REMOVED-PRIVATE[500]<=>REMOVED-PRIVATE[16186] 14:33:55 ipsec,info ISAKMP-SA established REMOVED-PRIVATE[4500]-REMOVED-PRIVATE[5429...
by JordanReich
Tue Nov 19, 2019 12:19 am
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 64
Views: 4889

Re: IPSEC/L2TP discconect after one minute

I am having the exact same issue to my best understanding ...
viewtopic.php?f=2&t=154014&p=761060#p761060

Just dropping this here for reference.

If I can provide anything additional from my end to help with this please let me know!
by JordanReich
Tue Nov 19, 2019 12:11 am
Forum: General
Topic: L2TP/IPSEC on mobile drops connection [SOLVED]
Replies: 7
Views: 888

Re: L2TP/IPSEC on mobile drops connection [SOLVED]

Sounds real familiar to this ... https://forum.mikrotik.com/viewtopic.php?f=2&t=153955 But I cannot confirm that it is the same. In terms of logging do you have a recommendation on how to isolate logging for one individual device? The standard logging is passing details from multiple site locations ...
by JordanReich
Mon Nov 18, 2019 8:23 pm
Forum: General
Topic: L2TP/IPSEC on mobile drops connection [SOLVED]
Replies: 7
Views: 888

L2TP/IPSEC on mobile drops connection [SOLVED]

I am experiencing an odd set of circumstances. I have an L2TP/IPSEC that I use for Site-To-Site connections, general windows VPN, as well as mobile VPN connections. I have absolutely no issues when it comes to the windows VPN or the Site-To-Site connections. They establish and everything works corre...
by JordanReich
Wed Oct 30, 2019 3:55 am
Forum: General
Topic: Multiple ISP w/ Bandwidth Sensitivity
Replies: 2
Views: 528

Re: Multiple ISP w/ Bandwidth Sensitivity

Hi Joe, Thanks for the quick breakdown. We already run fairly complex setups with MikroTik for Site-To-Site connections. So conceptually don't think it'll be too much of a problem just needed the bare bone concepts which you have helped to provide. My general assumption is to create a WAN on Eth-1 a...
by JordanReich
Wed Oct 30, 2019 2:17 am
Forum: General
Topic: Multiple ISP w/ Bandwidth Sensitivity
Replies: 2
Views: 528

Multiple ISP w/ Bandwidth Sensitivity

This is more a theoretical discussion to determine if it's first possible but secondly worth whatever effort it may require to setup. Scenario is that our primary internet provider is an ATT cellular connection (100Mbps) with a 100GB limit per month. The secondary internet is a DSL connection (10Mbp...
by JordanReich
Fri Oct 18, 2019 1:06 am
Forum: General
Topic: L2TP/IPSec Android Cannot Connect
Replies: 9
Views: 1047

Re: L2TP/IPSec Android Cannot Connect

Have had some development in this area ... I have confirmed that the VPN connection is working from a public WIFI hotspot. But it is coming back as unsuccessful when the connection is attempted over the cellular network. I am currently using AT&T on this particular device. Any idea why this would be...
by JordanReich
Wed Oct 16, 2019 6:56 pm
Forum: General
Topic: L2TP/IPSec Android Cannot Connect
Replies: 9
Views: 1047

Re: L2TP/IPSec Android Cannot Connect

Finally been able to get some error logging on the mobile phone connection attempt ... 08:53:12 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds 08:53:12 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800 08:53:12 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 08:53:12 ip...
by JordanReich
Wed Oct 16, 2019 1:00 am
Forum: General
Topic: L2TP/IPSec Android Cannot Connect
Replies: 9
Views: 1047

Re: L2TP/IPSec Android Cannot Connect

On the phone I get the following: Public IPv6: 2600:387:*:* IPv4 IP: 107.77.*.* Local IP: 10.227.*.* IP address coming into the home router is from 166.*.*.* I am not connected to anything else that I am aware of on the device that should cause that. The phone is connected through an MDM but that is...
by JordanReich
Wed Oct 16, 2019 12:28 am
Forum: General
Topic: L2TP/IPSec Android Cannot Connect
Replies: 9
Views: 1047

Re: L2TP/IPSec Android Cannot Connect

I do not appear to be getting anything useful in the logging. I am capturing IPSEC/L2TP data and I do not see anything. I have plenty of both data coming into the logs from the sites that are already connected to the box. But I don't see any calls from the public IP address of the phone itself. Any ...
by JordanReich
Tue Oct 15, 2019 11:44 pm
Forum: General
Topic: L2TP/IPSec Android Cannot Connect
Replies: 9
Views: 1047

L2TP/IPSec Android Cannot Connect

I have an L2TP/IPSec VPN setup on RB3011UiAS with a windows radius server. I can connect from anywhere to this system as long as I am on a windows machine, no problem. But for whatever reason I cannot make this work from an Android device. Android Settings: L2TP/IPSec PSK Server Address: *Set-To-My-...
by JordanReich
Tue Oct 15, 2019 10:06 pm
Forum: Beginner Basics
Topic: Using AD DNS via Site-To-Site w/ Use-Peer-DNS OFF [SOLVED]
Replies: 4
Views: 638

Re: Using AD DNS via Site-To-Site w/ Use-Peer-DNS OFF [SOLVED]

I verbalized a very loud "duh" after reading your comment, thank you. The google DNS worked perfectly.
by JordanReich
Tue Oct 15, 2019 9:16 pm
Forum: Beginner Basics
Topic: Using AD DNS via Site-To-Site w/ Use-Peer-DNS OFF [SOLVED]
Replies: 4
Views: 638

Re: Using AD DNS via Site-To-Site w/ Use-Peer-DNS OFF [SOLVED]

Did this on the fly let me know if it helps? I can clarify further. diagram.png Because the site 3978 and 8794 are dynamic. I have to disable use-peer-dns to allow the manually set DNS records to take effect. This gets me the desired outcome of having the system check my DNS servers for the appropri...
by JordanReich
Tue Oct 15, 2019 8:20 pm
Forum: Beginner Basics
Topic: Using AD DNS via Site-To-Site w/ Use-Peer-DNS OFF [SOLVED]
Replies: 4
Views: 638

Using AD DNS via Site-To-Site w/ Use-Peer-DNS OFF [SOLVED]

I have a network setup where I have multiple sites connected into a primary hub location for a Site-To-Site. This works great. All network functionality works great. The need is to be able to set the remote site DNS servers to my internal subnet that is providing the DNS records for lookup. In this ...
by JordanReich
Fri Aug 09, 2019 10:06 pm
Forum: General
Topic: Theoretical: Using multiple MikroTik boxes to create virtual line
Replies: 2
Views: 622

Theoretical: Using multiple MikroTik boxes to create virtual line

Wasn't sure how to explain this in the title. But essentially we are dealing with the following scenario. The main house is located up on the hill. Inside of the house is a wiring cabinet with a HEX router. Approximately 350-475 feet down the road is a gate controller with an intercom box. This inte...
by JordanReich
Fri Aug 09, 2019 5:30 pm
Forum: General
Topic: Slow transfer speeds on LAN
Replies: 4
Views: 798

Re: Slow transfer speeds on LAN

From first sight I'd say that it's bridge-related. You have two bridges on the same physical switch chip (which covers sfp and ether1-5). And hw-offload is only available for one bridge per switch chip. So I guess that your link-local traffic is going through the CPU. It looks that you don't really...
by JordanReich
Fri Aug 09, 2019 9:55 am
Forum: General
Topic: Slow transfer speeds on LAN
Replies: 4
Views: 798

Re: Slow transfer speeds on LAN

Try to watch the resources like Cpu usage!!! In profile you can see with resource is used to cpu. it's a good start to investigate. Totally agree. But even with everything going on the max usage that I've been able to record has been about 17%. So I don't think that's directly the problem. @Chris -...
by JordanReich
Fri Aug 09, 2019 2:04 am
Forum: General
Topic: Slow transfer speeds on LAN
Replies: 4
Views: 798

Slow transfer speeds on LAN

I am currently running a RB3011UiAS that is connected into a CSS326-24G-2S+ for some of the switching. I have a semi complicated environment running a number of different subnets and VLANs. But in this case I am simply trying to transfer a file from 10.0.0.11 into 10.0.0.9. The transfer rate starts ...
by JordanReich
Thu Aug 08, 2019 7:52 pm
Forum: General
Topic: Issues with SSTP connection [SOLVED]
Replies: 14
Views: 2867

Re: Issues with SSTP connection [SOLVED]

Just to update this post and outline what I implemented as a solution. Allowing the default gateway was not an acceptable solution for our implementation. But we had to allow RDP connections to pass from one subnet range to the next without being able to set the routes or allow the gateway. The solu...
by JordanReich
Sat Aug 03, 2019 11:54 pm
Forum: General
Topic: Issues with SSTP connection [SOLVED]
Replies: 14
Views: 2867

Re: Issues with SSTP connection [SOLVED]

If I enable default gateway it works fine.

I have tried this in the past. But I do not want to allow VPN connections the ability to use my internet connection if possible.

Which is where that limitation came into play but maybe there is no way around this scenario?

Thanks again!
by JordanReich
Sat Aug 03, 2019 7:17 pm
Forum: General
Topic: Issues with SSTP connection [SOLVED]
Replies: 14
Views: 2867

Re: Issues with SSTP connection [SOLVED]

I dont know if you are trying to setup L2TP manually over IPSec, but I don't see " ipsec-secret="My-Preshared-Secret" one-session-per-host=yes use-ipsec=required " in config line as per export: /interface l2tp-server server set authentication=mschap2 default-profile=VPN-L2TP enabled=yes \ keepalive...
by JordanReich
Sat Aug 03, 2019 3:32 am
Forum: General
Topic: Issues with SSTP connection [SOLVED]
Replies: 14
Views: 2867

Re: Issues with SSTP connection [SOLVED]

Not at laptop at the moment, will have deeper look into config tomorrow morning. Off the bat I will change the 172.0.0.0/x IPs, these are outside the private IP range scope, use 172.16.x.x - 172.31.x.x instead I have adjusted the ranges as you have suggested ( I believe ). I have also updated the a...
by JordanReich
Fri Aug 02, 2019 6:23 am
Forum: General
Topic: Firewall rules based upon PPP userid
Replies: 1
Views: 411

Firewall rules based upon PPP userid

I am not sure this is at all within the realm of possible but figured this may be a great place to ask. I have a number of different PPP users. Each of those users have different needs/requirements. While I can apply firewall rules to just there subnet I really don't want to create a bunch of differ...
by JordanReich
Fri Aug 02, 2019 1:08 am
Forum: General
Topic: Issues with SSTP connection [SOLVED]
Replies: 14
Views: 2867

Re: Issues with SSTP connection [SOLVED]

It is on different subnets so that is not a resolve that works. Though I did switch the L2TP to the same subnet as the router and enabled proxy-arp. That worked brilliantly. But unfortunately I have a need to keep these subnets separate to meet the overall need. Full export provided below. ReichNet ...
by JordanReich
Thu Aug 01, 2019 11:41 pm
Forum: General
Topic: Elevate permissions for RADIUS via freeradius [SOLVED]
Replies: 1
Views: 411

Re: Elevate permissions for RADIUS via freeradius [SOLVED]

Self resolved. Thanks.
by JordanReich
Thu Aug 01, 2019 11:40 pm
Forum: General
Topic: Issues with SSTP connection [SOLVED]
Replies: 14
Views: 2867

Re: Issues with SSTP connection [SOLVED]

Progress has been made ... of sorts ... I went ahead and abandoned SSTP for L2TP/IPSEC and got it up and running no problem. I was already using L2TP/IPSEC anyways for connecting multiple sites together. These connections are all MikroTik routers to router connections. I went ahead and setup freera...
by JordanReich
Thu Aug 01, 2019 8:46 pm
Forum: General
Topic: WinBox not accepting username/password [SOLVED]
Replies: 2
Views: 630

Re: WinBox not accepting username/password [SOLVED]

Not a stupid question at all. I apparently missed that requirement.
That fixed it and something I will keep in mind for the future. Thank you.
by JordanReich
Thu Aug 01, 2019 7:00 pm
Forum: General
Topic: Issues with SSTP connection [SOLVED]
Replies: 14
Views: 2867

Re: Issues with SSTP connection [SOLVED]

Attempted to follow this tutorial: https://www.youtube.com/watch?v=9fIbLI59nPM Still no luck on establishing SSTP connection. The tutorial fails to mention the firewall rule requirement. In addition I created: [input, tcp, 443, accept] Using Torch I can see that the VPN attempt on the machine hits t...
by JordanReich
Thu Aug 01, 2019 6:20 pm
Forum: General
Topic: WinBox not accepting username/password [SOLVED]
Replies: 2
Views: 630

WinBox not accepting username/password [SOLVED]

Experiencing a sudden issue where two of my locations will not accept a login through WinBox. I am receiving the following error: ERROR: wrong username or password However, I can login to the system without any issue through the web console. I have verified that the WinBox service is enabled on the ...
by JordanReich
Thu Aug 01, 2019 12:02 am
Forum: General
Topic: Issues with SSTP connection [SOLVED]
Replies: 14
Views: 2867

Re: Issues with SSTP connection [SOLVED]

Firstly, why incoming firewall rules for port 53? You are going to become a target for DNS amplification attacks. Then read through below for SSTP config: https://wiki.mikrotik.com/wiki/SSTP_step-by-step https://wiki.mikrotik.com/wiki/Manual:Interface/SSTP At this point there have been numerous con...
by JordanReich
Wed Jul 31, 2019 11:13 pm
Forum: General
Topic: Issues with SSTP connection [SOLVED]
Replies: 14
Views: 2867

Issues with SSTP connection [SOLVED]

I am working to switch my VPN connectivity off of windows (due to other limitations) and move it over to SSTP through MIkroTIk. Setup: 1. Certificate chain has been created - and appears - to validate fine upon attempted connection 2. SSTP server binding created [PPP-Interface] 3. Secret created for...
by JordanReich
Wed Jul 31, 2019 10:29 pm
Forum: General
Topic: Elevate permissions for RADIUS via freeradius [SOLVED]
Replies: 1
Views: 411

Elevate permissions for RADIUS via freeradius [SOLVED]

I recently got freeradius installed on ubuntu and have successfully integrated in with windows active directory. I can login through the web interface for MikroTik with no problem. Right now all of my users are being set to the 'default' value that is set within the AAA options. What would be the be...
by JordanReich
Wed Jul 31, 2019 12:27 am
Forum: General
Topic: Getting response from secondary IP ranges
Replies: 6
Views: 883

Re: Getting response from secondary IP ranges

Abandoning this method of creating the connection to opt for MikroTik being the connection point for the VPN. Likely will have a new forum topic on this soon as I walk through these steps.
Thanks!
by JordanReich
Tue Jul 30, 2019 12:08 am
Forum: General
Topic: Getting response from secondary IP ranges
Replies: 6
Views: 883

Re: Getting response from secondary IP ranges

Thanks! I will keep digging. In the mean time if anyone else has any ideas it would be appreciated.
by JordanReich
Mon Jul 29, 2019 10:19 pm
Forum: General
Topic: Getting response from secondary IP ranges
Replies: 6
Views: 883

Re: Getting response from secondary IP ranges

Went ahead and installed routing through the server manager on the environment. Following some other instructions for solving this problem. But when enabling NAT on any of my interface devices I immediately kill my ability to RDP into the server. So not sure that is an appropriate solution either.
by JordanReich
Mon Jul 29, 2019 9:33 pm
Forum: General
Topic: Getting response from secondary IP ranges
Replies: 6
Views: 883

Re: Getting response from secondary IP ranges

Your remote PC is likely set to not use the VPN as the default gateway, in which case you require static routes so traffic to your other internal networks are sent via the VPN tunnel, not out of the LAN gateway. Apparently the Windows VPN client will pick up additional routes from DHCP option 121 i...
by JordanReich
Mon Jul 29, 2019 7:38 pm
Forum: General
Topic: Getting response from secondary IP ranges
Replies: 6
Views: 883

Getting response from secondary IP ranges

So in my network for the point of this argument I have a number of networks setup (all functioning correctly). 10.0.0.0/24 - Primary network (bridge) 10.0.1.0/24 - Network for third party location (l2tp binding) 10.0.2.0/24 - Network for third party location (l2tp binding) 20.0.0.0/24 - Secondary ne...
by JordanReich
Mon Jul 29, 2019 7:28 pm
Forum: Beginner Basics
Topic: Significant Speed Issues with MikroTik [SOLVED]
Replies: 18
Views: 2666

Re: Significant Speed Issues with MikroTik [SOLVED]

Sorry for the delay in updating this post ... The issue has been discovered. I worked this issue from this end as well as working with our local ISP (we are a small community makes it easier). Apparently the FIBER boxes that we have in the house do not recognize new routers correctly without being r...
by JordanReich
Fri Jul 26, 2019 6:47 pm
Forum: Beginner Basics
Topic: Significant Speed Issues with MikroTik [SOLVED]
Replies: 18
Views: 2666

Re: Significant Speed Issues with MikroTik [SOLVED]

Just to keep the progress of this up to date. Been working in tangent on this with the MikroTik support team. They requested the same CPU monitoring in screenshots sent them.

This testing was in line with the original testing done above. Resource usage during test:
duringtest-results.png
by JordanReich
Fri Jul 26, 2019 12:00 am
Forum: Beginner Basics
Topic: Significant Speed Issues with MikroTik [SOLVED]
Replies: 18
Views: 2666

Re: Significant Speed Issues with MikroTik [SOLVED]

Just to post verification that the lines appear to be in working order. Test w/ ROUTER hooked up and computer hooked directly into router ROUTER-SPEED.jpg ROUTER-TEST.jpg Test w/o ROUTER and internet line hooked directly into the computer NOROUTER-SPEED.jpg NOROUTER-TEST.jpg Side thought ... Is ther...
by JordanReich
Thu Jul 25, 2019 10:51 pm
Forum: Beginner Basics
Topic: Significant Speed Issues with MikroTik [SOLVED]
Replies: 18
Views: 2666

Re: Significant Speed Issues with MikroTik [SOLVED]

LAN IP address is bound to ether2 which is slave device of bridge ... and that's wrong. Move it to bridge interface. Where would I change this setting? I found the WAN ethernet but according to winbox it is already linked to the bridge. Perhaps I am looking in the wrong spot? That would be in /ip a...
by JordanReich
Thu Jul 25, 2019 9:32 pm
Forum: Beginner Basics
Topic: Significant Speed Issues with MikroTik [SOLVED]
Replies: 18
Views: 2666

Re: Significant Speed Issues with MikroTik [SOLVED]

LAN IP address is bound to ether2 which is slave device of bridge ... and that's wrong. Move it to bridge interface. Where would I change this setting? I found the WAN ethernet but according to winbox it is already linked to the bridge. Perhaps I am looking in the wrong spot? Any good reason to lim...
by JordanReich
Thu Jul 25, 2019 9:19 pm
Forum: Beginner Basics
Topic: Significant Speed Issues with MikroTik [SOLVED]
Replies: 18
Views: 2666

Re: Significant Speed Issues with MikroTik [SOLVED]

No need to profile anything: it's the hardware! Look at the routing results: -> https://mikrotik.com/product/CRS326-24G-2SplusRM#fndtn-testresults CRS is a switch not a router. Your last hex had more power... Yes. That is why we switched back to the HEX (sorry first post is confusing I explained in...
by JordanReich
Thu Jul 25, 2019 8:38 pm
Forum: Beginner Basics
Topic: Significant Speed Issues with MikroTik [SOLVED]
Replies: 18
Views: 2666

Re: Significant Speed Issues with MikroTik [SOLVED]

First thing is to profile CPUs to get idea whether CPU is bottleneck ... and which subsystem is hit most. Just ran a test the results have been attached below. CPU ran up to 6% as a max during the speed test for about 0.02 of a second. Then held fairly steadily between 1-3% until the test was compl...
by JordanReich
Thu Jul 25, 2019 8:21 pm
Forum: Beginner Basics
Topic: Significant Speed Issues with MikroTik [SOLVED]
Replies: 18
Views: 2666

Re: Significant Speed Issues with MikroTik [SOLVED]

Yes I do believe so. My configuration settings are: [admin@ReichHub] > /export compact # jul/25/2019 10:19:56 by RouterOS 6.45.2 # software id = WD8P-ZQPL # # model = RB750Gr3 # serial number = 8B000A2ABF57 /interface bridge add admin-mac=74:4D:28:11:B1:D0 auto-mac=no comment=defconf mtu=1500 name=\...
by JordanReich
Thu Jul 25, 2019 7:22 pm
Forum: Beginner Basics
Topic: Significant Speed Issues with MikroTik [SOLVED]
Replies: 18
Views: 2666

Re: Significant Speed Issues with MikroTik [SOLVED]

So as an update I am not sure what is going on with the system. I abandoned the CRS as the support team said that it was not a good item to use for routing. Purchase a newer HEX box figuring that something must of went wrong with my old box. I have tested the wiring from the fiber optic box, to the ...
by JordanReich
Tue Jul 23, 2019 6:52 pm
Forum: Beginner Basics
Topic: RB2011 slow internet even with fasttrack
Replies: 99
Views: 19098

Re: RB2011 slow internet even with fasttrack

Same issue experienced as those above. Except I upgraded the firmware on HEX to the newest release. I dropped from 983/875 to 120/6.

Where do we go to get older firmware packages? The links I have found do not appear to work any longer.
by JordanReich
Sat Jul 20, 2019 7:37 am
Forum: Beginner Basics
Topic: Significant Speed Issues with MikroTik [SOLVED]
Replies: 18
Views: 2666

Significant Speed Issues with MikroTik [SOLVED]

I have been using a MikroTik Hex for quite awhile without any difficulties. I recently swapped systems over to CRS326-24G-2S+ . Current Version: v6.45.2 Current Firmware: 6.45.2 Since the switch over to the new system I have been getting horrible speeds. I have a 1000/1000 connection at my house. Al...