Community discussions

MikroTik App

Search found 165 matches

by Tonda
Mon Oct 31, 2022 12:10 pm
Forum: RouterBOARD hardware
Topic: CRS112-8P-4S-IN and PoE limits using both power inputs
Replies: 1
Views: 464

CRS112-8P-4S-IN and PoE limits using both power inputs

Hello, I would like to ask about the PoE limits of CRS112-8P-4S-IN when both power inputs are used and a mix of Low PoE and High PoE devices is used. In the specification there is: Max total out (A): 2.8A (18V-28V) & 1.4A (48V-57V) A If I would use both power inputs simultaneously and would conn...
by Tonda
Fri Oct 25, 2019 9:30 am
Forum: RouterOS beta
Topic: RouterOS v7 beta 3 - no interface for USB dongles
Replies: 0
Views: 2828

RouterOS v7 beta 3 - no interface for USB dongles

Hello, has anybody tried USB modems with RouterOS v7? We have tried latest beta 3 and standard E3372 dongles (E3372S and E3372H), which we use without any problems with RouterOS v6 in RB750Gr3. Modem is visible as USB device, but no interface is created for it.
by Tonda
Tue Sep 24, 2019 1:07 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 100
Views: 84429

Re: v6.44.5 [long-term] is released!

I am unable to disable package DHCP, I am able to mark it for disable, but after reboot it does not get disabled with warning: can not disable dhcp-6.44.5: security depends on it.
by Tonda
Tue Oct 16, 2018 6:53 pm
Forum: General
Topic: Missing packages from Netinstall
Replies: 0
Views: 758

Missing packages from Netinstall

Could you check whether my steps are OK please? - I run Netinstall application, set up Net booting. I can see various packages for MIPSBE architecture in Packages list - I connect RB953GS (it should be MIPSBE architecture) through LAN1 port, I let it boot using Etherboot. i connect RB953GS also thro...
by Tonda
Fri Aug 03, 2018 7:49 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 176145

Re: Winbox vulnerability: please upgrade

So what about version 6.40.8, is vulnerable or not? Could somebody from Mikrotik finally confirm it?
by Tonda
Wed Nov 22, 2017 10:55 pm
Forum: General
Topic: Phones on UDP over OpenVPN
Replies: 3
Views: 1074

Re: Phones on UDP over OpenVPN

We have solved similar problem with UDP packets going through VPN over 3G. If VPN was disconnected, UDP packets went through public internet but as soon as VPN was up, UDP did not return to VPN. It behaved the same way as you describe. We have solved it by setting UDP stream timeout to 1s in connect...
by Tonda
Tue Jun 20, 2017 12:12 pm
Forum: Announcements
Topic: v6.40rc [release candidate] is released!
Replies: 231
Views: 76975

Re: v6.40rc [release candidate] is released!

rb750gr3 - fixed USB power;
What exactly does this mean?
by Tonda
Fri Jan 27, 2017 11:40 am
Forum: Announcements
Topic: Winbox 3.10 released!
Replies: 69
Views: 58096

Re: Winbox 3.10 released!

Normis, it seems from screenshots, that conrad uses other than default text size setting (which in fact works with font DPI). So if application is not able to use current text DPI in text width calculations, results are not correct. This setting can be changed here: https://technet.microsoft.com/en-...
by Tonda
Sat Dec 03, 2016 9:37 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 255343

Re: RouterOS v7.0 beta1 - when?

I fully agree with AndreaTIK. Normis, please do not play with customer's patience. For me personally delays with RouterOS v7 means, that I will not buy another bunch (around 50) of Mikrotiks, because I have to use 3G dongles with promised support in RouterOS v7, so I currently have to evaluate anoth...
by Tonda
Fri Nov 18, 2016 2:55 pm
Forum: General
Topic: Decline of Mikrotik?
Replies: 102
Views: 42461

Re: Decline of Mikrotik?

I also personally do not understand some (for me) non-logical things like power options in CCR models. Why some CCRs can be powered by 230V/PoE combination, some by 2x230V and current flagship CCR1036 has only one 230V plug? Power input redundancy is not important for their flagship device? Other si...
by Tonda
Mon Nov 07, 2016 4:55 pm
Forum: General
Topic: L2TP VPN client interface parameters lost
Replies: 2
Views: 1190

L2TP VPN client interface parameters lost

Hello, we use hex PoE lite in combination with 3G USB dongle as VPN client. During last two weeks it happened twice, that two different Mikrotiks (6.37.1 and 6.36.3) disconnected itself from VPN server and did not reconnect anymore. When diagnosing it locally, we have found, that L2TP client interfa...
by Tonda
Tue Sep 13, 2016 6:11 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 320
Views: 102014

Re: v6.37rc [release candidate] is released, only one wireless package!

I have the same problem with disabling wireless package at RB750UP. To be honest - I do not understand, why it is even possible to install or enable/disable wireless package on device, which never had and will never have any kind of WiFi device inside? I think more examples can be found among Router...
by Tonda
Thu May 12, 2016 10:45 am
Forum: RouterBOARD hardware
Topic: CCR-1016-12S-1S+ power supply replacement
Replies: 12
Views: 3375

Re: CCR-1016-12S-1S+ power supply replacement

Our distributor told me that they have no power sources and do not know whether it is sold separately. So Mikrotik what is supported way of power supply replacement of CCR-1016-12S-1S+? It was very glad to have redundant power supplies but this advantage is immediately lost if I am not able to easil...
by Tonda
Tue May 03, 2016 1:32 pm
Forum: RouterBOARD hardware
Topic: CCR-1016-12S-1S+ power supply replacement
Replies: 12
Views: 3375

CCR-1016-12S-1S+ power supply replacement

Has anybody exchanged failed power supply in CCR-1016-12S-1S+ router? Is it possible to buy this power supply independently?
by Tonda
Tue Apr 19, 2016 5:45 pm
Forum: RouterBOARD hardware
Topic: CRS212-1G-10S-1S+ port flapping with 6.34.4
Replies: 2
Views: 1577

Re: CRS212-1G-10S-1S+ port flapping with 6.34.4

Still no answer from support...
by Tonda
Wed Apr 13, 2016 10:04 am
Forum: RouterBOARD hardware
Topic: CRS212-1G-10S-1S+ port flapping with 6.34.4
Replies: 2
Views: 1577

Re: CRS212-1G-10S-1S+ port flapping with 6.34.4

As usual - still no answer from support...Email to support sent 7.4.2016...
by Tonda
Thu Apr 07, 2016 11:09 am
Forum: Announcements
Topic: v6.34.4 [current] is released!
Replies: 30
Views: 22857

Re: v6.34.4 [current] is released!

I have noticed port flapping of CRS212-1G-10S-1S+ in 6.34.4 (see http://forum.mikrotik.com/viewtopic.php?f=3&t=107000)
by Tonda
Thu Apr 07, 2016 11:04 am
Forum: RouterBOARD hardware
Topic: CRS212-1G-10S-1S+ port flapping with 6.34.4
Replies: 2
Views: 1577

CRS212-1G-10S-1S+ port flapping with 6.34.4

Today I have noticed port flapping of CRS212-1G-10S-1S+ with firmware 6.34.4, info sent to support
by Tonda
Sat Mar 26, 2016 10:33 am
Forum: Announcements
Topic: Winbox3.4 released!
Replies: 53
Views: 33809

Re: Winbox3.4 released!

It happens to me, that Winbox 3.4 disconnects from Mikrotik when any from following conditions is true: - Window Interface list is opened during Winbox start - Window Bridge is opened during Winbox start I use several VLAN interfaces and bridges but in standard configuration, nothing special. When I...
by Tonda
Wed Dec 02, 2015 11:33 am
Forum: RouterBOARD hardware
Topic: RB750UP and USB power during reset
Replies: 5
Views: 2394

Re: RB750UP and USB power during reset

Please, try to use it. What message do you see?? It really means nothing that this command is listed in terminal.
by Tonda
Tue Dec 01, 2015 5:37 pm
Forum: RouterBOARD hardware
Topic: RB750UP and USB power during reset
Replies: 5
Views: 2394

Re: RB750UP and USB power during reset

Thank you for your script, but it is something different I have asked for. RB750UP does not have USB reset implemented, so I hoped that full RouterOS restart will also reset USB dongle, but it seems it does not.
by Tonda
Mon Nov 30, 2015 4:51 pm
Forum: RouterBOARD hardware
Topic: RB750UP and USB power during reset
Replies: 5
Views: 2394

RB750UP and USB power during reset

Hello, I would like to ask you how would you solve following problem with 3G dongle and RB750UP. We have RB750UP with 3G dongle configured together and use watchdog with some ping IP configured. In situation when 3G dongle hangs, watchdog resets Mikrotik, but it seems that there is no outage of USB ...
by Tonda
Wed Sep 16, 2015 4:00 pm
Forum: General
Topic: UDP connection and NAT
Replies: 4
Views: 2406

UDP connection and NAT

Hi, we have found strange? behaviour of Mikrotik handling UDP packets. We have Mikrotik with L2TP VPN connected to VPN server. There are more servers behind VPN server, processing data. Behind Mikrotik there is device, which sends UDP packets through VPN to server. Server sends back to device UDP pa...
by Tonda
Wed Sep 02, 2015 11:10 am
Forum: Announcements
Topic: v6.32 released [version temporarily removed]
Replies: 116
Views: 47197

Re: v6.32 released

Discussion regarding this topis was in thread regarding bugfix version 6.30.4 One post from strods: That is why rc versions are released. When they are absolutely tested and we are sure that fix helps and does not break anything else in common configurations, then fix is included in bugfix version. ...
by Tonda
Wed Sep 02, 2015 10:56 am
Forum: Announcements
Topic: v6.32 released [version temporarily removed]
Replies: 116
Views: 47197

Re: v6.32 released

but as you know, sometimes adding new stuff, can introduce unknown issues. this is why you can stay on 6.30.4 if you don't need any particular thing from the above changelog What should I do in this situation, I would like to upgrade firmware with resolved bug regarding port flapping in CRS switche...
by Tonda
Wed Aug 26, 2015 5:21 pm
Forum: Announcements
Topic: v6.30.4 bugfix release
Replies: 103
Views: 40281

Re: v6.30.4 bugfix release

Now i am confused, why the crs port flapping bugfixes are in current and not in bugfix? This version includes only approved fixes which are already tested and actually work without breaking anything else. So you - developers - even do not know whether your bugfix (CRS port flapping) is working with...
by Tonda
Sun Aug 23, 2015 12:57 am
Forum: Announcements
Topic: 6.31 released
Replies: 227
Views: 77675

Re: 6.31 released

jarda wrote: Also, please, do not fool us that 6.32rcXX is something that would be converted in 6.30.X. Please, keep the versioning, so, if you maintain 6.30 for bugfixes, make the 6.30rcXX and then the correct 6.30.X but keep it distinct from 6.31rcXX and from 6.32rcXX. Do not mix the bugfixing wi...
by Tonda
Sun Mar 15, 2009 7:34 pm
Forum: General
Topic: RB44GV or RB44G
Replies: 14
Views: 5130

Re: RB44GV or RB44G

I was able to simulate this problem (mentioned above in my first post) in this way: I use older Dell GX desktops for my routers with Mikrotik on DOM. I configured router so, that I was able to connect two PC's to two ports of RB44G and run bandwidth test between them, so Mikrotik only passed packets...
by Tonda
Fri Mar 06, 2009 4:32 pm
Forum: General
Topic: RB44GV or RB44G
Replies: 14
Views: 5130

Re: RB44GV or RB44G

I had to replace all my RB44G in routers based on Intel chipset by Intel network cards. I think problem with RB44G is somehow related to interrupt sharing. Problem appeared on two PC routers - identical hardware configuration, one of them used Mikrotik 2.9.51, another Mikrotik 3.X. The same problem ...
by Tonda
Thu Jan 29, 2009 9:11 pm
Forum: General
Topic: IPSec VPN stops external communication
Replies: 11
Views: 2907

Re: IPSec VPN stops external communication

How exactly do you want your VPN tunnel to behave? Should it connect two internal subnets? Why parameter generate-policy is set to yes? Why both src-address and dst-address are set to 0.0.0.0/0:any?
by Tonda
Sun Nov 23, 2008 1:55 am
Forum: General
Topic: Is (( PRIORITY )) Really working ???
Replies: 188
Views: 51711

Re: Is (( PRIORITY )) Really working ???

Dear samsoft08, I think your shouts are not about Mikrotik and possibility/impossibility of incoming traffic shaping but about understanding/misunderstnading basic network principless. Can you please explain here, which criteria you would like to use when distinguishing between large file download a...
by Tonda
Sun Oct 12, 2008 7:33 pm
Forum: General
Topic: VPN agains Cisco 3000
Replies: 8
Views: 2683

Re: VPN agains Cisco 3000

I suppose this is about IPSec VPN. Try to set Level of IPSec policy to "unique", this solved my problem with IPSec configuration, transferred from Mikrotik 2.9.51 where I have had two policies and only one working. Level "unique" was not part of version 2.9.X.
by Tonda
Mon Sep 22, 2008 6:49 pm
Forum: General
Topic: Mikrotik 3.14 and IPSec problem - SOLVED
Replies: 1
Views: 3505

Re: Mikrotik 3.14 and IPSec problem - SOLVED

Problem was in differecies of configuration options between version 2.9.X and 3.X. When using more SA policies applying to the same remote peer it is necessary to change level of all IPSec policies from "require" (as used in versions 2.9.X) to "unique". I think that this is cause...
by Tonda
Sun Sep 21, 2008 6:48 pm
Forum: General
Topic: Mikrotik 3.14 and IPSec problem - SOLVED
Replies: 1
Views: 3505

Mikrotik 3.14 and IPSec problem - SOLVED

I have one Mikrotik on DOM module version 2.9.51 and working IPSec configuration. Configuration consists of two IPSec policies. Policies differs only in destination addresses, that point to two remote subnets. Both policies create tunnels to one remote peer (Cisco) in order to gain access to two rem...
by Tonda
Tue Dec 12, 2006 11:33 am
Forum: The Dude
Topic: Feature request - SMTP timeout
Replies: 3
Views: 2514

I just edited topic in order to propose a new feature request.
by Tonda
Sat Dec 09, 2006 12:37 pm
Forum: The Dude
Topic: Feature request - SMTP timeout
Replies: 3
Views: 2514

Yes, it is not problem, but... I feel it to be a problem of Dude SMTP client, not of my antispam solution, so I do not want to make additional configuration exceptions. The same problem occurs also without antispam check when Dude tries to send mail and SMTP server is highly utilized in the same mom...
by Tonda
Fri Dec 08, 2006 11:05 am
Forum: The Dude
Topic: Feature request - SMTP timeout
Replies: 3
Views: 2514

Feature request - SMTP timeout

Can this be please added to feature requests? Is it possible somehow to adjust timeout for waiting to response from my SMTP server, that is used for e-mail notification sending? Dude connects correctly to my SMTP server, but because of antispam checks implemented it takes some time to verify sender ...
by Tonda
Sat Jul 01, 2006 10:54 am
Forum: General
Topic: Need some guidance in Mikrotik configuration
Replies: 4
Views: 1813

by Tonda
Mon Jun 26, 2006 2:13 pm
Forum: General
Topic: I dont know how to upgrade? :(
Replies: 11
Views: 2704

Did you try to find something about updates in manual?
http://www.mikrotik.com/docs/ros/2.9/system/upgrade
by Tonda
Wed Jun 21, 2006 2:15 pm
Forum: General
Topic: IP Firewall Connections in Winbox
Replies: 1
Views: 1013

use tools->torch...
by Tonda
Fri Apr 14, 2006 10:45 am
Forum: General
Topic: Problems with connecting to Public interface from Local one
Replies: 4
Views: 1649

Look here:
http://forum.mikrotik.com//viewtopic.ph ... highlight=

Try to write down packet path through router when you are trying to access your internal web server through public IP...
by Tonda
Mon Mar 20, 2006 1:55 pm
Forum: General
Topic: Regular expressions in web-proxy module
Replies: 1
Views: 1610

Regular expressions in web-proxy module

Hi,
where can I find detailed description of web-proxy regular expressions usage? There are only few lines in manual.
For example:
1. Can I use range in []? For example \[0-9\] for numbers?
2. What about other characters? Is it possible to use \[a-g\]?
by Tonda
Wed Mar 08, 2006 5:11 pm
Forum: General
Topic: IPsec and Freeswan
Replies: 14
Views: 4387

Have you tried to look into manual? There is an example http://www.mikrotik.com/docs/ros/2.9/ip/ipsec
by Tonda
Wed Mar 08, 2006 1:38 pm
Forum: General
Topic: Determine - "Who is using the bandwidth?"
Replies: 5
Views: 2077

torch
by Tonda
Fri Mar 03, 2006 2:18 pm
Forum: General
Topic: the good and bad re: routing-test 2.9.12
Replies: 26
Views: 4398

My post from another thread. In my opinion, Mikrotik should little bit revise its testing procedures and give more information to users about changes between versions. I think nothing serious happens, when some minor errors are found in new releases, but it is not possible to release version with se...
by Tonda
Wed Mar 01, 2006 1:34 pm
Forum: General
Topic: 2.9.12 software anyone?
Replies: 13
Views: 3166

In my opinion, Mikrotik should little bit revise its testing procedures and give more information to users about changes between versions. I think nothing serious happens, when some minor errors are found in new releases, but it is not possible to release version with here described errors. I am pro...
by Tonda
Fri Feb 10, 2006 4:26 pm
Forum: General
Topic: Problems with Outlook Service
Replies: 9
Views: 2653

Anybody, who is able to look at Mikrotik web pages.
by Tonda
Mon Jan 16, 2006 11:59 am
Forum: General
Topic: queue tree with mangle
Replies: 1
Views: 1359

Mangle only HTTP and HTTPS connections and use this packet mark in queue.
by Tonda
Mon Jan 16, 2006 9:16 am
Forum: General
Topic: Help needed in configuring Mikrotik router
Replies: 14
Views: 3489

When I look to basic setup guide from link that I have sent to you, I am not able to find commands that you describe in your post (ip firewall dst-nat). Have you succeeded with installation?
by Tonda
Sun Jan 15, 2006 11:03 am
Forum: General
Topic: Cannot complete basic MT router setup
Replies: 5
Views: 2174

by Tonda
Sun Jan 15, 2006 11:00 am
Forum: General
Topic: Help needed in configuring Mikrotik router
Replies: 14
Views: 3489

What website did you use for configuration? Try this: http://www.mikrotik.com/docs/ros/2.9/guide/basic
by Tonda
Mon Jan 09, 2006 11:41 am
Forum: General
Topic: Issues with NAT
Replies: 25
Views: 12662

Tinus, can you please describe your problem once more? I tried to understand your previous post but i need more information about your configuration and about what you want to solve.
by Tonda
Fri Jan 06, 2006 8:57 am
Forum: General
Topic: IPsec between 2.9.8 and 2.9.10?
Replies: 2
Views: 1387

Yes, problem with IPSec was confirmed by Mikrotik support, will be fixed in next version.
by Tonda
Thu Jan 05, 2006 9:23 am
Forum: General
Topic: Problems with NAT and Firewall Filters
Replies: 5
Views: 2692

andrewluck is right, your SMTP rules seem to be OK, so please post also rest of filter and nat rules, there can be another rule that has some side effect..
by Tonda
Wed Jan 04, 2006 9:43 am
Forum: General
Topic: Problems with NAT and Firewall Filters
Replies: 5
Views: 2692

Here you find description of packet flow through Mikrotik, so it will be clean in which order filter and nat rules are applied: http://www.mikrotik.com/docs/ros/2.9/ip/flow

Can you please post also rest of your firewall and nat rules?
by Tonda
Wed Dec 28, 2005 9:32 pm
Forum: General
Topic: Redirect All Trafic To Proxy Server in one LAN
Replies: 19
Views: 10716

To kujtos:
You haven't answered what operating system do you use. I am not able to recognize what answer is best for you.
by Tonda
Wed Dec 28, 2005 9:26 pm
Forum: General
Topic: restrict access by session
Replies: 2
Views: 1287

I tried to explain you are not able to deny access to these services BY SESSION...Do you understand what I mean by this? You are able to handle number of connections but this number has nothing to do with number of sessions in context in which you understand it.
by Tonda
Wed Dec 28, 2005 9:20 pm
Forum: General
Topic: can we restrict session for host ?
Replies: 3
Views: 1382

Yes, but you are not able to take care of what number of connections every web page takes...One web page can take three, another twenty and you are not able to recognize, what Explorer window handles which connection...
by Tonda
Wed Dec 28, 2005 9:23 am
Forum: General
Topic: can we restrict session for host ?
Replies: 3
Views: 1382

You want to apply those restrictions on application level and this is not task for Mikrotik. With Mikrotik you can allow or deny access to selected services (generally ICQ, MSN, HTTP, SMTP and so on), but Mikrotik is not able to handle, how many Explorer windows user can open at his workstation.
by Tonda
Wed Dec 28, 2005 9:05 am
Forum: General
Topic: securing the Mikrotik router
Replies: 4
Views: 2596

Look at demo.mt.lv (username demo, no password), there is demo router, configured by boys from Mikrotik, so you can use Winbox and review its configuration.
by Tonda
Tue Dec 27, 2005 2:22 pm
Forum: General
Topic: Redirect All Trafic To Proxy Server in one LAN
Replies: 19
Views: 10716

What operating system do you use in your client workstations? I think primary goal in this case is to prevent your customers to modify your workstation configuration...
by Tonda
Tue Dec 27, 2005 1:48 pm
Forum: General
Topic: Help with DSBL.ORG
Replies: 11
Views: 2444

Are incoming SMTP connections dst-natted to mail server in your internal network?
by Tonda
Tue Dec 27, 2005 1:26 pm
Forum: General
Topic: Redirect All Trafic To Proxy Server in one LAN
Replies: 19
Views: 10716

Important question: why do you try to redirect client connections when http proxy and also FTP proxy is reachable directly in your internal network?
by Tonda
Tue Dec 27, 2005 12:41 pm
Forum: General
Topic: Help with DSBL.ORG
Replies: 11
Views: 2444

Do you have mail server in your network?
by Tonda
Tue Dec 27, 2005 11:11 am
Forum: General
Topic: Proxy Access Problem...
Replies: 5
Views: 2337

If you use parent proxy, it is not necessary to redirect incoming traffic to your MT to external proxy, this is automatically handled by webproxy in your MT.
by Tonda
Tue Dec 27, 2005 11:05 am
Forum: General
Topic: EoIP over IPsec problem
Replies: 6
Views: 7586

I will try to setup IPSec by way how you describe it and will test it.
Have you tried to add IPSec policy, that encrypts everything between both ends (=addresses) of your EoIP tunnel?
by Tonda
Tue Dec 27, 2005 10:34 am
Forum: General
Topic: P2P Blocking not working at all, and many other things
Replies: 35
Views: 10626

One note to previous posts: My mother would say to you: Do not cry and try to improve your networking skills. I try to help in this forum the best I can, but lot of my posts MUST contain explanation of networking basics, simply because people without appropriate knowledge are trying to do things, th...
by Tonda
Tue Dec 27, 2005 12:26 am
Forum: General
Topic: port 443 not routing through
Replies: 5
Views: 3294

Why there are no dst-port values? Are you trying to redirect all connections regerdless of port to single port 80 and 443? Can you explain exactly what do you want to achieve by these rules? Do you use webproxy?
by Tonda
Mon Dec 26, 2005 11:44 pm
Forum: General
Topic: Redirect All Trafic To Proxy Server in one LAN
Replies: 19
Views: 10716

I suppose at 192.168.0.2:8080 is some kind of webproxy running. What service is running at 192.168.0.2:2121? Imagine that soembody from your internal network tries to connect to FTP server X.X.X.X:21. First SYN packet comes to your Mikrotik, there you have some kind of dst-nat rule, which changes de...
by Tonda
Mon Dec 26, 2005 11:30 pm
Forum: General
Topic: Redirect All Trafic To Proxy Server in one LAN
Replies: 19
Views: 10716

I agree with MAG but I think you should also try to correctly set up firewall rules in order to allow incoming established and related connections, this should be some kind of substitute for application proxy. I am not sure about this, but you can try..
by Tonda
Mon Dec 26, 2005 11:03 pm
Forum: General
Topic: Bandwidth Shaper
Replies: 2
Views: 1413

Basic answer to your question is: YES. It requires basic networking knowledge and carefull reading of Mikrotik manual, where you find lot of examples. Universal answer to your unconcrete question does not exist. I tried to help you but it is very hard to help when you are not able to post your actua...
by Tonda
Mon Dec 26, 2005 10:56 pm
Forum: General
Topic: EoIP over IPsec problem
Replies: 6
Views: 7586

What is the problem to have more IPSec policies? Why do you try to use EoIP through IPSec? It seems to me like problem in your network "design." What do you want to achieve exactly by using EoIP?
by Tonda
Sun Dec 25, 2005 8:29 pm
Forum: General
Topic: Firewall rules not working ??
Replies: 9
Views: 3517

Log in to demo.mt.lv by Winbox (user name demo, password none), it is demo router, configured by boys from Mikrotik, so you can find some example configuration of firewall filter rules there. Also consult Mikrotik manual here (http://www.mikrotik.com/docs/ros/2.9/ip/flow), you can find exact informa...
by Tonda
Sun Dec 25, 2005 8:18 pm
Forum: General
Topic: 2 ISP providers (WAN) - one LAN with MikroTik in Game Centre
Replies: 10
Views: 6101

Hold on for few days, I will be preparing one of my Mikrotiks to configuration simillar to yours, so I will drop here some info...
by Tonda
Sun Dec 25, 2005 8:12 pm
Forum: General
Topic: basic IPsec configuration not working in 2.9.10
Replies: 3
Views: 1519

Support answered:
Thank you for the bug report. This problem has been confirmed and will be fixed in future releases.
by Tonda
Fri Dec 23, 2005 1:10 pm
Forum: General
Topic: basic IPsec configuration not working in 2.9.10
Replies: 3
Views: 1519

I have the same problem, I have already written to Mikrotik support...
by Tonda
Fri Dec 23, 2005 12:26 am
Forum: General
Topic: 2 ISP providers (WAN) - one LAN with MikroTik in Game Centre
Replies: 10
Views: 6101

There are no trials: Mikrotik will do anything you tell him to do and nothing more. You must be sure in what you are doing...Try to log FTP connections, you will see what path these connections take.
by Tonda
Thu Dec 22, 2005 1:20 pm
Forum: General
Topic: Problems to configure my router
Replies: 3
Views: 1394

I think first of all you should read Mikrotik manual and especially this part: http://www.mikrotik.com/docs/ros/2.9/ip/hotspot
by Tonda
Thu Dec 22, 2005 11:40 am
Forum: General
Topic: Problems to configure my router
Replies: 3
Views: 1394

Why do you use PPPoE on your local network?
Why do you use PPPoE client when you have SDSL modem for this purpose? I suppose SDSL modem contains ethernet port and your mikrotik is connected to this port.
Can you ping from mikrotik to servers in internet?
by Tonda
Thu Dec 22, 2005 11:12 am
Forum: General
Topic: What am i doing wrong with logging?
Replies: 5
Views: 1750

Hm, where do you expect log file to be created? I think the only possibility how to store log to file is to use command system log print file. I think you do not have direct access to mikrotik log file. Consider usage of syslog in this case...
by Tonda
Thu Dec 22, 2005 10:02 am
Forum: General
Topic: What am i doing wrong with logging?
Replies: 5
Views: 1750

And the logging rule?
by Tonda
Thu Dec 22, 2005 9:05 am
Forum: General
Topic: 2 ISP providers (WAN) - one LAN with MikroTik in Game Centre
Replies: 10
Views: 6101

How did you try to mangle other kind of traffic? Can you post your mangle rules?
Do not be angry when nobody replies with perfect solution within 1 hour after you post your problem, this forum is not 24/7 support.
by Tonda
Thu Dec 22, 2005 8:52 am
Forum: General
Topic: Issues with NAT
Replies: 25
Views: 12662

Can you please describe your problem once more?
by Tonda
Wed Dec 21, 2005 9:49 am
Forum: General
Topic: view WORKGROUP computers
Replies: 5
Views: 2181

Link to Mikrotik manual: http://www.mikrotik.com/docs/ros/2.9/ip/ipsec
Yes, sending VPN packets "unmodified" directly to public interface is little bit unusual, but it works :)
by Tonda
Wed Dec 21, 2005 8:46 am
Forum: General
Topic: view WORKGROUP computers
Replies: 5
Views: 2181

First of all: read Mikrotik manual and try to use examples, described here. IPSec setup is simple and straightforward but requires some basic networking knowledge.
by Tonda
Tue Dec 20, 2005 1:55 pm
Forum: General
Topic: Mark routing locally generated traffic (like web-proxy)
Replies: 8
Views: 6031

Hm, I think that mangle rule should contain src-address of public Mikrotik interface and dst-port 80. If you use proxy server, everything works like this: client from private network connects to proxy server and transfer his HTTP request (connection is destined to private proxy server address). Then...
by Tonda
Tue Dec 20, 2005 1:14 pm
Forum: General
Topic: HTTP Traffic question
Replies: 6
Views: 2374

By what parameters do you want to distinguish browsing and downloading?
by Tonda
Tue Dec 20, 2005 1:08 pm
Forum: General
Topic: Mark routing locally generated traffic (like web-proxy)
Replies: 8
Views: 6031

Why prerouting? Look into manual to schema that describes packet flow through Mikrotik (http://www.mikrotik.com/docs/ros/2.9/ip/flow).
by Tonda
Tue Dec 20, 2005 11:22 am
Forum: General
Topic: view WORKGROUP computers
Replies: 5
Views: 2181

Yes.
by Tonda
Tue Dec 20, 2005 9:04 am
Forum: General
Topic: Mark routing locally generated traffic (like web-proxy)
Replies: 8
Views: 6031

What chain do you use in mangle? What Mikrotik version?
by Tonda
Mon Dec 19, 2005 8:40 am
Forum: General
Topic: PPTP is much smarter than I am
Replies: 6
Views: 2133

Can you please post your Mikrotik configuration? (routes, interfaces and filter rules)?
by Tonda
Sun Dec 18, 2005 9:42 pm
Forum: General
Topic: PPTP is much smarter than I am
Replies: 6
Views: 2133

All I want to say is that without appropriate routes you will not ping anything. Have you read Mikrotik manual and especially part "PPTP Application Examples"?
by Tonda
Sun Dec 18, 2005 4:06 pm
Forum: General
Topic: After Load-balancing no ping!!!
Replies: 6
Views: 2994

Can you post your Mikrotik configuration?
by Tonda
Sun Dec 18, 2005 4:01 pm
Forum: General
Topic: DST-NAT Weirdness
Replies: 2
Views: 1355

Can you post please also routes from MT1 and MT2 and also all other src- and dst-nat rules from your routers? I do not understand what do you want to achieve with your mail server, can you describe it more precisely?
by Tonda
Sun Dec 18, 2005 3:51 pm
Forum: General
Topic: How to set time?
Replies: 16
Views: 11198

Can you try another public NTP server? (List of NTP servers you can find for example here: http://ntp.isc.org/bin/view/Servers/WebHome).
by Tonda
Sun Dec 18, 2005 3:31 pm
Forum: General
Topic: Still With My Problem and i need your Help PLZZ
Replies: 4
Views: 1632

Use export command and copy and paste command from terminal console.
by Tonda
Sun Dec 18, 2005 3:27 pm
Forum: General
Topic: PPTP is much smarter than I am
Replies: 6
Views: 2133

What about routes on your client?
by Tonda
Wed Dec 14, 2005 8:53 am
Forum: General
Topic: How to set time?
Replies: 16
Views: 11198

Can you please post result of this command: system ntp client print?[/list]
by Tonda
Tue Dec 13, 2005 9:47 am
Forum: General
Topic: packet logging
Replies: 1
Views: 1008

1. RTFM - http://www.mikrotik.com/docs/ros/2.9/ip/filter
2. Create appropriate firewall filter rule with action=log
by Tonda
Mon Dec 12, 2005 11:43 am
Forum: General
Topic: How to set time?
Replies: 16
Views: 11198

Can you be more specific? It is very hard to solve problems decribed by words "it does not work". I use several RB500 and have no problem with NTP. Can you please post status information of your NTP client? (system ntp client print)?
by Tonda
Mon Dec 12, 2005 9:24 am
Forum: General
Topic: port forwarding on v.2.9.8
Replies: 12
Views: 3840

Can you also post your routes?It is necessary because you have two external interfaces.
by Tonda
Sun Dec 11, 2005 3:49 pm
Forum: General
Topic: Still With My Problem and i need your Help PLZZ
Replies: 4
Views: 1632

My answer is all the time the same: Can you please post your actual configuration from Mikrotik (not from manual)? Problem can be caused by some error in your actual configuration so it is necessary to have it posted. I am afraid without knowing your actual configuration nobody will be able to help ...
by Tonda
Sun Dec 11, 2005 3:08 pm
Forum: General
Topic: port forwarding on v.2.9.8
Replies: 12
Views: 3840

Can you please post also your routes and explain a little bit purpose of these all interfaces?
by Tonda
Sat Dec 10, 2005 12:30 pm
Forum: General
Topic: port forwarding on v.2.9.8
Replies: 12
Views: 3840

Post your actual configuration..
by Tonda
Fri Dec 09, 2005 8:53 pm
Forum: General
Topic: port forwarding on v.2.9.8
Replies: 12
Views: 3840

What address do you use for ftp access from public internet?
by Tonda
Fri Dec 09, 2005 8:49 pm
Forum: General
Topic: Issues with NAT
Replies: 25
Views: 12662

Dst-nat is part of prerouting, src-nat is part of postrouting.
I think it is necessary to log packet flow to find out difference between your port 80 and port 90 usage. Can you log packet exchange between client and your web server in both cases? We must find the difference..
by Tonda
Thu Dec 08, 2005 4:25 pm
Forum: General
Topic: Feature? Logging L2TP debug packet
Replies: 0
Views: 2485

Feature? Logging L2TP debug packet

When I want use L2TP connection and I also want to log packets, packet log contains also this:
l2tp debug packet: rcvd control message (ack) from X.X.X.X

I think these two categories should be separated and l2tp debug packets should be part of l2tp logging.
by Tonda
Thu Dec 08, 2005 10:14 am
Forum: General
Topic: port forwarding on v.2.9.8
Replies: 12
Views: 3840

You can find all necessary information here:
http://www.mikrotik.com/docs/ros/2.9/ip/nat
you can use examples from this chapter, only add apropriate ports to dst-nat rules.
by Tonda
Tue Dec 06, 2005 5:15 pm
Forum: General
Topic: Independent Log action in rules
Replies: 4
Views: 3365

Independent Log action in rules

When I need to log some firewall rule, I must create new similar rule with action set to log, insert it before rule I want to check and only then I can watch log.
Would it be possible to implement same behavior in 2.9 as it was in 2.8? I mean independent Log action regardless of action actually set?
by Tonda
Tue Dec 06, 2005 4:03 pm
Forum: General
Topic: Port Forwarding
Replies: 16
Views: 4059

You wrote: "when I put dst-address=public_ip which is IP address of Mikrotik outside interface and it isn't working" What does it exactly mean "it isn't working"? Packets do not arrive to your public interface? Packets arrive to public interface and Mikrotik handles them incorrec...
by Tonda
Fri Dec 02, 2005 10:36 pm
Forum: General
Topic: VPN & Routing
Replies: 9
Views: 3150

How to manually add routes, that are pushed to client when connecting to PPTP server (from manual): On the PPTP server it can alternatively be done using routes parameter of the user configuration: [admin@HomeOffice] ppp secret> print detail Flags: X - disabled 0 name="ex" service=pptp cal...
by Tonda
Fri Dec 02, 2005 5:46 pm
Forum: General
Topic: VPN & Routing
Replies: 9
Views: 3150

So you need to push some routes to client, need not you? This is why I asked you to read manual, there is example how to add routes to client.. (parameter route in PPP config).
by Tonda
Fri Dec 02, 2005 4:35 pm
Forum: General
Topic: VPN & Routing
Replies: 9
Views: 3150

Can you be more specific? What changes in PPP configuration did you performed? What does not work?
by Tonda
Thu Dec 01, 2005 10:58 pm
Forum: General
Topic: Issues with NAT
Replies: 25
Views: 12662

Hm, I try to draw what is going on when accessing internal web server from internal network using public address according your src and dst nat rules where: X.X.X.X is client from internal network 55.55.55.55 is public IP of Mikrotik 192.168.1.1 is internal IP of Mikrotik 192.168.1.103 is address of...
by Tonda
Thu Dec 01, 2005 1:26 pm
Forum: General
Topic: Port Forwarding
Replies: 16
Views: 4059

Could you please answer my previous questions?
by Tonda
Thu Dec 01, 2005 1:09 pm
Forum: General
Topic: Port Forwarding
Replies: 16
Views: 4059

Could you please answer my previous questions?
by Tonda
Thu Dec 01, 2005 10:03 am
Forum: General
Topic: L2TP /IPsec over NAT
Replies: 3
Views: 1610

yes
by Tonda
Thu Dec 01, 2005 8:20 am
Forum: General
Topic: L2TP /IPsec over NAT
Replies: 3
Views: 1610

What do you mean by this exactly? L2TP/IPSec connection between two Mikrotiks or Mikrotik as L2TP/IPSec server or Mikrotik as L2TP/IPSec passthrough?
by Tonda
Wed Nov 30, 2005 10:00 pm
Forum: General
Topic: Issues with NAT
Replies: 25
Views: 12662

Just imagine packet flow: CLIENT X tries to connect to your INTERNAL WEB SERVER from internet. He uses PUBLIC IP and PORT 90 of your Mikrotik as destination address and port. Mikrotik must change destination IP address of this request to your INTERNAL WEB SERVER IP address and port 90. Then this req...
by Tonda
Wed Nov 30, 2005 9:25 pm
Forum: General
Topic: Port Forwarding
Replies: 16
Views: 4059

Maybe stupid questions, but for sure:
1. what address do you type in to RDP client window?
2. Can you log incoming packets to your Mikrotik? Are packets really accepted and forwarded by Mikrotik?
by Tonda
Wed Nov 30, 2005 9:10 pm
Forum: General
Topic: VPN & Routing
Replies: 9
Views: 3150

Hey you competent, have you carefully read the Mikrotik manual (PPTP Application Examples)? I think there are some examples how to add routes to client configuration of PPTP server in Mikrotik...
by Tonda
Wed Nov 30, 2005 9:00 pm
Forum: General
Topic: IPSEC VPN TUNNEL DON'T WORK
Replies: 2
Views: 1707

Masquerade in src-nat rules should be on the second place, accept rule should be the first.
by Tonda
Tue Nov 29, 2005 3:22 pm
Forum: General
Topic: traceroute doesnt work
Replies: 1
Views: 973

Principle of traceroute: The principle of any trace route program is based on the ICMP protocol. It uses the TTL field in the IP header of the packet. The main goal of the TTL field is to avoid infinite loop. By increasing the TTL by one each time the program send a packet each hops on the path are ...
by Tonda
Tue Nov 29, 2005 8:33 am
Forum: General
Topic: Plz i need Example about Equal Sharing Bandwidth
Replies: 6
Views: 1921

Post your Mikrotik configuration: mangle rules and queue configuration.
by Tonda
Mon Nov 28, 2005 2:30 pm
Forum: General
Topic: vpn problem
Replies: 7
Views: 2359

You wrote that users could not access internet. What do you mean by this exactly? They cannot browse web pages?
What happens if you try to ping or tracert some internet server from client that is connected to VPN and use default gateway?
by Tonda
Mon Nov 28, 2005 9:24 am
Forum: General
Topic: vpn problem
Replies: 7
Views: 2359

What about users proxy server configuration?
by Tonda
Mon Nov 28, 2005 9:15 am
Forum: General
Topic: Plz i need Example about Equal Sharing Bandwidth
Replies: 6
Views: 1921

Dear Woody,
you can find example of Equal sharing here:

http://www.mikrotik.com/docs/ros/2.9/root/queue
by Tonda
Fri Nov 25, 2005 4:40 pm
Forum: General
Topic: DST-NAT redirect action: To-dst-address dont work
Replies: 3
Views: 6386

What hardware do you use for Mikrotik?
by Tonda
Thu Nov 24, 2005 9:50 pm
Forum: General
Topic: Another NAT question
Replies: 11
Views: 2881

Yes, you are right with 1:1 NAT but there is a question why to do it by this way. What are the advantages of this solution comparing to my solution with natting only web connections? In my opinion it is better to have only certain connections explicitly allowed to internal network because you can ex...
by Tonda
Thu Nov 24, 2005 8:38 am
Forum: General
Topic: Another NAT question
Replies: 11
Views: 2881

1. Rule number 1 is useless because this natting is performed by masquerading in rule number 4. 2. RDP uses only TCP connection so rule number 3 is useless 3. It is not necessary to change any default RDP port. You can use for example this: chain=dstnat dst-address=70.x.x.9 protocol=tcp dst-port=353...
by Tonda
Wed Nov 23, 2005 7:30 pm
Forum: General
Topic: Another NAT question
Replies: 11
Views: 2881

When you want to redirect only web connections to your internal web server, it is of course necessary to specify port 80 for both dst-port and to-ports parameters in your dstnat rule.
by Tonda
Wed Nov 23, 2005 5:06 pm
Forum: General
Topic: Routing from mark_routing to internal IP
Replies: 4
Views: 1741

When you would use DNS server in your network it would be simple to change real mail server IP without need to reconfigure mail client software.
by Tonda
Wed Nov 23, 2005 1:27 pm
Forum: General
Topic: ftp problem
Replies: 4
Views: 1834

Try to add also rule chain=forward connection-state=related action=accept.
by Tonda
Wed Nov 23, 2005 10:58 am
Forum: General
Topic: Another NAT question
Replies: 11
Views: 2881

My message was not for you (jaytcsd) but for Bert5150...
by Tonda
Wed Nov 23, 2005 10:06 am
Forum: General
Topic: Another NAT question
Replies: 11
Views: 2881

To Bert5150:
rule number 0 is useless because this natting is performed by masquerading in rule number 2.
by Tonda
Tue Nov 22, 2005 4:25 pm
Forum: General
Topic: NAT routing to internal webserver
Replies: 30
Views: 8736

Why do you have in your address table item 3 broadcast address set to 192.168.1.1? I think there should be 192.168.1.255...
Can you (only for testing purposes) disable all other addresses of interface ether1?
by Tonda
Mon Nov 21, 2005 10:49 pm
Forum: General
Topic: Cisco VPN (IPSEC)
Replies: 4
Views: 1617

Look here: http://www.mikrotik.com/docs/ros/2.9/ip/ipsec
find part MikroTik Router to CISCO Router
by Tonda
Mon Nov 21, 2005 9:56 am
Forum: General
Topic: Plz i need help about equal bandwidth plzz
Replies: 8
Views: 2349

I would prefer current configuration from your Mikrotik, there can be some error in it or something that is not visible at first sight.
by Tonda
Mon Nov 21, 2005 9:11 am
Forum: General
Topic: Plz i need help about equal bandwidth plzz
Replies: 8
Views: 2349

I do not want to see config from manual, I would like to see your config from your Mikrotik.
by Tonda
Mon Nov 21, 2005 8:21 am
Forum: General
Topic: Plz i need help about equal bandwidth plzz
Replies: 8
Views: 2349

What exactly do you not understand in this example from manual? Did you create all mangle rules and also all queues as described in this example?
by Tonda
Sun Nov 20, 2005 4:37 pm
Forum: General
Topic: NAT routing to internal webserver
Replies: 30
Views: 8736

How did you find it? Try to add two filter rules in forward chain: one logs everything with destination address of your internal web server and second that logs everything with source address of your internal server. Then you will be able to see packet exchange between Mikrotik and web server..
by Tonda
Sun Nov 20, 2005 3:11 pm
Forum: General
Topic: Plz i need help about equal bandwidth plzz
Replies: 8
Views: 2349

See Mikrotik manual, chapter "Bandwidth control", part "Equal bandwidth sharing among users" and apply it to your current configuration.
by Tonda
Sun Nov 20, 2005 3:08 pm
Forum: General
Topic: NAT routing to internal webserver
Replies: 30
Views: 8736

Are your internal web servers correctly configured? I exactly mean default gateway..
Have you tried to log packets to your internal web server and especially packets from your internal web server to internet in Mikrotik? There must be some stupid error or misconfiguration...
by Tonda
Sun Nov 20, 2005 2:58 pm
Forum: General
Topic: Cisco VPN (IPSEC)
Replies: 4
Views: 1617

There is example of this configuration in Mikrotik manual.
by Tonda
Sat Nov 19, 2005 10:32 pm
Forum: General
Topic: NAT routing to internal webserver
Replies: 30
Views: 8736

2 believewireless:
I think rule number 11 in your config seen above is useless, because this srcnat is already handled by rule 1. What about other nat rules 2-9?
by Tonda
Sat Nov 19, 2005 7:41 pm
Forum: General
Topic: NAT routing to internal webserver
Replies: 30
Views: 8736

Of course it depends on actual router configuration and this is why I asked for these rules..
by Tonda
Sat Nov 19, 2005 7:23 pm
Forum: General
Topic: NAT routing to internal webserver
Replies: 30
Views: 8736

When I assume your forward rules allow only outgoing connections from internal network and established and related connections from internet to internal network, it is necessary to add appropriate rules.
by Tonda
Sat Nov 19, 2005 7:05 pm
Forum: General
Topic: NAT routing to internal webserver
Replies: 30
Views: 8736

What about your firewall rules? In order to perform correct mapping it is not only necessary to use src-nat correctly, but also have appropriate firewall filter rules.
by Tonda
Fri Nov 18, 2005 8:47 am
Forum: General
Topic: Issues with NAT
Replies: 25
Views: 12662

I think, that best solution, that does not need any rules on router, is to properly use internal DNS server and access internal web server by it's name, not by IP address. External requests to let's say webserver.domain.com are resolved by public DNS servers (DNS response is in this case 55.155.155....
by Tonda
Thu Nov 17, 2005 5:50 pm
Forum: General
Topic: Issues with NAT
Replies: 25
Views: 12662

Can you post here also all of your firewall filter rules?

ad 2. Why do you want to access your internal web server through your WAN address from inside network?
by Tonda
Mon Nov 14, 2005 1:34 am
Forum: General
Topic: IPSEC MT and NETGEAR
Replies: 16
Views: 6468

I am afraid both devices are not able to negotiate IPSec connection together..I am not able to tell you exactly what is wrong. I think you can try to use second MT instead of Netgear with same configuration as your first MT. It helps suspend the possibility of wrong MT configuration. When you will b...
by Tonda
Mon Nov 14, 2005 1:08 am
Forum: General
Topic: P2P Blocking not working at all, and many other things
Replies: 35
Views: 10626

Hm, I am afraid you are right. Several posts here are based on same schema: 1. Somebody tries to use MT 2. He founds it is not so straightforward to configure MT without basic knowledge of networks, TCP/IP etc. 3. He even does not try to understand what MT can do for him. 4. He writes post to this f...
by Tonda
Sun Nov 13, 2005 11:20 pm
Forum: General
Topic: IPSEC MT and NETGEAR
Replies: 16
Views: 6468

And log from Mikrotik?
by Tonda
Sun Nov 13, 2005 9:19 pm
Forum: General
Topic: generic ipsec tunnels
Replies: 6
Views: 2135

What is the problem? If you are able to create one point to point IPSec tunnel, then you are able to create more simillar tunnels by adding appropriate IPSec policies, NAT and routing rules.. I think there are also some examples of how to connect MT with other devices (Cisco) in manual.. What do you...
by Tonda
Fri Nov 11, 2005 11:41 am
Forum: General
Topic: IPSEC MT and NETGEAR
Replies: 16
Views: 6468

Can you please post actual content of MT and Netgear log files after all changes we have made?

Do you think that MT will accept incoming ESP connection automatically without any filter rule? There are no exceptions, MT will do precisely what you tell him to do and nothing more.
by Tonda
Fri Nov 11, 2005 8:30 am
Forum: General
Topic: IPSEC MT and NETGEAR
Replies: 16
Views: 6468

What is this? > The missing part was > add chain=srcnat out-interface=Wan src-address=192.168.100.0/24 dst-> address=192.168.1.0/24 \ > action=masquerade comment=" TEST IPSEC" disabled=no action should be ACCEPT, not masquerade (see my previous posts) Why do you think it is not necessary t...
by Tonda
Fri Nov 11, 2005 12:40 am
Forum: General
Topic: PPTP, EOIP, Bridge
Replies: 7
Views: 2312

Have you changed default route?
by Tonda
Fri Nov 11, 2005 12:22 am
Forum: General
Topic: IPSEC MT and NETGEAR
Replies: 16
Views: 6468

Three questions:
1. Why do you have generate-policy in ipsec peer set to YES?
2. What exactly happens, when you set your ipsec policy src-address=192.168.100.0/24?
3. Have you tried to add rules, that allow access of ISAKMP and IPSec packets to your input chain?
by Tonda
Wed Nov 09, 2005 11:36 pm
Forum: General
Topic: IPSEC MT and NETGEAR
Replies: 16
Views: 6468

I think you are not right. Try to enable it and use action=accept. It is necessary not to modify outgoing packets, that are subject of IPSec encryption, addresses using masquerade. IPSec encrypted packet must have source and destination addresses unmodified. Look at Mikrotik manual part IPSec betwee...
by Tonda
Wed Nov 09, 2005 10:44 pm
Forum: General
Topic: IPSEC MT and NETGEAR
Replies: 16
Views: 6468

Andrewluck, can you please explain your post? My post is based on Mikrotik manual part IPSec between two masquerading MT Routers..Action in first nat rule causes no natting (masquerading) to occur..
by Tonda
Wed Nov 09, 2005 4:01 pm
Forum: General
Topic: IPSEC MT and NETGEAR
Replies: 16
Views: 6468

First nat rule should have action=accept, not masquerade. I am also not sure whether to accept established connection is enough or it is necessary to allow incoming ISAKMP and IPSec packet explicitly.
by Tonda
Wed Nov 09, 2005 3:47 pm
Forum: General
Topic: VPN error 619
Replies: 11
Views: 6547

Is L2TP server enabled?What about firewall filter rules?Are incoming connections to L2TP server enabled?
by Tonda
Sat Oct 15, 2005 2:02 pm
Forum: General
Topic: IPSec - problem reestablish tunnel after reboot
Replies: 4
Views: 1958

Sure, you are right but I feel this solution to be only substitute. The main goal is to create as reliable VPN as possible and I think MT should provide this without additional aids.
by Tonda
Sat Oct 15, 2005 1:26 pm
Forum: General
Topic: IPSec - problem reestablish tunnel after reboot
Replies: 4
Views: 1958

I am afraid it is not possible to issue this command every time when something goes wrong in large VPN. What type of VPN should I use instead of IPSec?
by Tonda
Sat Oct 15, 2005 12:04 am
Forum: General
Topic: IPSec - problem reestablish tunnel after reboot
Replies: 4
Views: 1958

IPSec - problem reestablish tunnel after reboot

I have 2 RB523 MT 2.9.6 and I configure IPSec tunnel between them (using example from page 278 of Mikrotik's manual). When tunnel is successfully created (ping from both tunnel sides to both remote networks is OK), I perform reboot of one MT but after reboot IPSec tunnel is not reestablished. In ord...