Community discussions

MikroTik App

Search found 14 matches

by maaathieu
Wed Apr 06, 2022 1:24 pm
Forum: Forwarding Protocols
Topic: bgp filter problem
Replies: 1
Views: 2308

bgp filter problem

Hi Since ros v7.1, I have a problem with a bgp filter concerning the bogon list that I receive from team cymru. My filter looks like this: 1 chain=cymru-in rule="if ( bgp-communities includes 65332:888 ) { set blackhole yes; accept;} else { reject;}" but the routes are not blackholed, for ...
by maaathieu
Wed Feb 23, 2022 11:20 am
Forum: Announcements
Topic: v7.1.3 is released!
Replies: 251
Views: 55662

Re: v7.1.3 is released!

Are you sure you applied the chain to the input.filter on the connection to the peer? I already tried that, but that does not work either. I also tried to remove all the rules and recreate them, it does not work. It's only the "bgp-communities includes 65332:888" part that does not work. ...
by maaathieu
Tue Feb 22, 2022 6:11 pm
Forum: Announcements
Topic: v7.1.3 is released!
Replies: 251
Views: 55662

Re: v7.1.3 is released!

Hi pe1chl, There's definitely something weird. I added a rule in the first place that adds the same community: 0 chain=cymru-in rule="if (gw == a.b.c.d ) { append bgp-communities 65332:888 }" and now the other rule works for this peer, but not the other one: In that case the 65332:888 com...
by maaathieu
Tue Feb 22, 2022 12:55 pm
Forum: Announcements
Topic: v7.1.3 is released!
Replies: 251
Views: 55662

Re: v7.1.3 is released!

Hi pe1chl, There's definitely something weird. I added a rule in the first place that adds the same community: 0 chain=cymru-in rule="if (gw == a.b.c.d ) { append bgp-communities 65332:888 }" and now the other rule works for this peer, but not the other one: Ab B afi=ip4 contribution=activ...
by maaathieu
Tue Feb 22, 2022 10:47 am
Forum: Announcements
Topic: v7.1.3 is released!
Replies: 251
Views: 55662

Re: v7.1.3 is released!

I already tried that, but that does not work either. I also tried to remove all the rules and recreate them, it does not work. It's only the "bgp-communities includes 65332:888" part that does not work. If I change that for "gw == a.b.c.d", then the rule works. Mathieu this simpl...
by maaathieu
Mon Feb 21, 2022 6:13 pm
Forum: Announcements
Topic: v7.1.3 is released!
Replies: 251
Views: 55662

Re: v7.1.3 is released!

this simple routing rule still does not work: 0 chain=cymru-in rule="if ( bgp-communities includes 65332:888 ) { accept } else { reject }" all routes are rejected although they contain the right community: Fb afi=ip4 contribution=filtered dst-address=23.151.160.0/24 routing-table=main gate...
by maaathieu
Tue Jan 18, 2022 5:25 pm
Forum: Announcements
Topic: v7.1.1 is released!
Replies: 443
Views: 223455

Re: v7.1.1 is released!

forget my previous message: a script couldn't run without this rule, then believed internet was down and disabled the lan port. my bad.
by maaathieu
Tue Jan 18, 2022 4:59 pm
Forum: Announcements
Topic: v7.1.1 is released!
Replies: 443
Views: 223455

Re: v7.1.1 is released!

I found something weird on my RB750Gr3 running v7.1.1: when this rule is enabled: 0 ;;; defconf: masquerade chain=srcnat action=masquerade out-interface-list=internet ipsec-policy=out,none my pppoe client are stable. as soon as I disable this rule, that I don't need, my ppp clients are disconnected ...
by maaathieu
Tue Jan 04, 2022 3:19 pm
Forum: Announcements
Topic: v7.1.1 is released!
Replies: 443
Views: 223455

Re: v7.1.1 is released!

is there a way to see what announces are received ? i'd like to check if it detects the right communities, but I can find it anywhere Thanks, Mathieu routing route print detail Will show all BGP attributes after input filters. ok, so the community is correct: Fb afi=ip4 contribution=filtered dst-ad...
by maaathieu
Tue Jan 04, 2022 12:57 pm
Forum: Announcements
Topic: v7.1.1 is released!
Replies: 443
Views: 223455

Re: v7.1.1 is released!

I use rules like this:
"if (bgp-communities includes 44137:10050) { set bgp-local-pref 50; }"
and they work OK.
is there a way to see what announces are received ?
i'd like to check if it detects the right communities, but I can find it anywhere

Thanks,

Mathieu
by maaathieu
Tue Jan 04, 2022 11:54 am
Forum: Announcements
Topic: v7.1.1 is released!
Replies: 443
Views: 223455

Re: v7.1.1 is released!

That kind of condition "if (bgp-communities includes 11111:111 )" works for me. Or do you mean the action "set blackhole yes" does not work? (I did not test that) actually, I have two rules, like this: 0 chain=filter-in rule="if (bgp-communities includes 11111:111 ) { set b...
by maaathieu
Tue Jan 04, 2022 10:54 am
Forum: Announcements
Topic: v7.1.1 is released!
Replies: 443
Views: 223455

Re: v7.1.1 is released!

hi are route filters by bgp-communities supposed to work in this release ? I had a filter that used to work in v6, that has been converted like this: rule="if (bgp-communities includes 11111:111 ) { set blackhole yes; accept; }" but it does not work. I tried with a different condition and ...
by maaathieu
Tue Jun 16, 2020 12:05 pm
Forum: General
Topic: ipip with psk
Replies: 0
Views: 612

ipip with psk

Hi,

I'm trying to secure an ipip tunnel beetween my mikrotik and a linux server by using an ipsec secret. On the mikrotik I juste have to add the "ipsec secret", but I can't find the correct setup for the linux host. Has anyone already done that and has a sample config ?

Thanks,
by maaathieu
Mon Aug 12, 2019 5:35 pm
Forum: General
Topic: basic ipsec server config
Replies: 5
Views: 6348

basic ipsec server config

Hi, I'm trying to setup a basic ipsec responder with my mikrotik, running on v6.45.3. The mikrotik router is the responder, and the initiators will be linux PCs with strongswan. The have to get a dynamic address from the responder. First, I set up an ip pool: /ip pool add name=23-2 ranges=172.23.2.1...