Community discussions

Search found 236 matches

by TKITFrank
Mon Sep 23, 2013 7:23 am
Forum: Forwarding Protocols
Topic: Limit Local Routing
Replies: 2
Views: 951

Re: Limit Local Routing

Hi,

VRF worked as intended :)

However I can ping other router interfaces from inside the VRF?
It looks like the VRF is isolating everything except router interfaces?

Best Regards,
Frank
by TKITFrank
Fri Sep 20, 2013 8:03 am
Forum: Forwarding Protocols
Topic: Limit Local Routing
Replies: 2
Views: 951

Limit Local Routing

Hi, I want to try to disable local routing between interfaces on my router. And force all routing to go to my upstream router for the routing decision. Lets say router have 3 interfaces. Interface 1 (192.168.1.0/24) Interface 2 (192.168.2.0/24) Interface 3 (10.1.2.1/31) "Uplink to core" What I want ...
by TKITFrank
Wed Aug 28, 2013 8:11 am
Forum: General
Topic: v6.2 released
Replies: 247
Views: 89832

Re: v6.2 released

I think I found a bug in version 6.2 I added a NAT rule in the dst-nat chain to port forward to an internal device. When I did that I immediately got disconnected via Winbox (winbox crashed). Lucky for me I still could get connection via ssh. By connecting to ssh I found out that the order of the f...
by TKITFrank
Mon Aug 12, 2013 2:29 pm
Forum: General
Topic: v6.2 released
Replies: 247
Views: 89832

Re: v6.2 released

Hi Normis,

Any news on when a prebuild of 6.3 with the ip proxy access is fixed? :)

/Frank
by TKITFrank
Sat Aug 03, 2013 1:31 pm
Forum: General
Topic: v6.2 released
Replies: 247
Views: 89832

Re: v6.2 released

new routing stuff is going into v7, which contains the long promised "new routing engine"
:( I was hoping for v6 release of this.
So there is no hope for it to be a test release for v6? Or better a backport to v6?
by TKITFrank
Sat Aug 03, 2013 12:38 pm
Forum: General
Topic: v6.2 released
Replies: 247
Views: 89832

Re: v6.2 released

Maybe it has something to do with this change:
*) proxy - allow multiple src-address for ipv4 and ipv6;
Yep sounds like the cause :)
by TKITFrank
Sat Aug 03, 2013 12:29 pm
Forum: General
Topic: v6.2 released
Replies: 247
Views: 89832

Re: v6.2 released

Hi, "ip proxy access" seems messed up. As soon as you enter src-address to a rule it stops working. This is from my setup. 48 allows my internal network and 49 drops the rest. But 48 never gets hit. Worked prior to upgrade to 6.2 I removed the dst-port also but to no avail. If i disable 49 everythin...
by TKITFrank
Thu Jul 18, 2013 11:55 am
Forum: General
Topic: Mikrotik RB1000 to Sophos UTM (Astaro) IPSec
Replies: 0
Views: 1767

Mikrotik RB1000 to Sophos UTM (Astaro) IPSec

Hi, The other day I was transferring some files over my IPSec VPN. Normal traffic is 10-13Mbit (My internet capacity is at max 14Mbit). Now it was only 4,5Mbit and at max 6Mbit. I checked the connections on both ends and got 100 Mbit down and 20Mbit up on the remote end. My connection was delivering...
by TKITFrank
Wed Jan 09, 2013 7:36 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi dboillot, I block more than just bittorrent but just adjust the following in mangle rules. add action=jump chain=prerouting comment="Common P2P-Blocking" disabled=no dst-address-list=!dns-externt jump-target=p2p-service p2p=bit-torrent add action=jump chain=prerouting comment="" disabled=no dst-a...
by TKITFrank
Tue Dec 18, 2012 11:20 am
Forum: General
Topic: v6rc3 released
Replies: 92
Views: 27702

Re: v6rc3 released

It's another known issue with RouterOS. Try to set Preamble mode to long in the Advanced mode of your WLAN card. Hi YazzY My colleague tried this and it did not help unfortunately. So perhaps this only works on MacBooks or specific iOS devices. But his iPhone and iPad did not see any increase in ra...
by TKITFrank
Wed Dec 12, 2012 7:54 am
Forum: General
Topic: v6rc3 released
Replies: 92
Views: 27702

Re: v6rc3 released

It's another known issue with RouterOS. Try to set Preamble mode to long in the Advanced mode of your WLAN card. Hi YazzY My colleague tried this and it did not help unfortunately. So perhaps this only works on MacBooks or specific iOS devices. But his iPhone and iPad did not see any increase in ra...
by TKITFrank
Fri Dec 07, 2012 2:52 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

@vpritiskovic

Hi,

Looks fine. If i'm not mistaken the tracker at The Piratebay is not used any more so I guess that this is why it will not get tagged by the rules. I think they use magnetic links.

Try some more times but I guess that it is working. Let me know if not :)
by TKITFrank
Thu Dec 06, 2012 9:21 am
Forum: General
Topic: 6.0rc4 released!
Replies: 101
Views: 18341

Re: 6.0rc4 released!

After upgrade to 6.0rc5 (from 5.22) my 6to4 tunnel stops working anymore - HE.net's IPv6 gateway was unreachable. I downgrade back to 5.22 and it works like a charm! 6to4 tunnel between two routers works. We need more information. Hi, I run ROS 6 RC5 Build 29/11 at 11am and I have a 6to4 tunnel to ...
by TKITFrank
Tue Nov 27, 2012 7:44 am
Forum: General
Topic: all-p2p
Replies: 5
Views: 1720

Re: all-p2p

Hi,

I run RC4 but I have not tested the all-p2p in that release.
1) What packets does it miss? Or does it miss all types?
2) What P2P programs have you tested?

Regards,
Frank
by TKITFrank
Mon Nov 26, 2012 1:28 pm
Forum: General
Topic: uTP protocol matching
Replies: 1
Views: 796

Re: uTP protocol matching

Hi,

No it will not. You will have to make your own.
I block Bittorrent using this http://forum.mikrotik.com/viewtopic.php ... 00#p303639

Perhaps you can use some of the settings there.

Regards,
Frank
by TKITFrank
Thu Nov 22, 2012 3:22 pm
Forum: General
Topic: v6rc3 released
Replies: 92
Views: 27702

Re: v6rc3 released

Sounds like an combination of hardware and software combined then. Have you seen this on any other unit beside the 751? No. We only have 751's. Okay does any one else here at the forum have this issue on another device? If it would have been a global ROS problem I guess I would have seen it as well...
by TKITFrank
Thu Nov 22, 2012 8:02 am
Forum: General
Topic: v6rc3 released
Replies: 92
Views: 27702

Re: v6rc3 released

Perhaps this is hardware related (Mikrotik or Phone/Tab) I doubt that it is ROS in it's whole. You must be new to mikrotik ;) The phone could not connect to the router at all before, when used with encryption. Now it can. Mikrotik has partially fixed it but still no cigar. The same phone works grea...
by TKITFrank
Wed Nov 21, 2012 1:54 pm
Forum: General
Topic: v6rc3 released
Replies: 92
Views: 27702

Re: v6rc3 released

The fix for Android based devices mentioned in this thread http://forum.mikrotik.com/viewtopic.php?f=7&t=65270 is still far from optimal. Android can now connect to the access point but the connection is very flaky with frequent hiccups, timeouts and disconnects. I have a RB800 with 2 R52n cards ru...
by TKITFrank
Fri Nov 16, 2012 7:17 am
Forum: Wireless Networking
Topic: Mikrotik band steering
Replies: 5
Views: 3229

Re: Mikrotik band steering

I posted this as a request as well...
http://forum.mikrotik.com/viewtopic.php?f=1&t=66663
by TKITFrank
Tue Nov 13, 2012 2:56 pm
Forum: General
Topic: New Routing packet?
Replies: 1
Views: 1284

Re: New Routing packet?

Staff any comments on this?
by TKITFrank
Wed Nov 07, 2012 2:08 pm
Forum: General
Topic: New Routing packet?
Replies: 1
Views: 1284

New Routing packet?

Hi staff,

Any timeframe on the new Routing Packet? Will there be a prereleased available?

Regards,
Frank
by TKITFrank
Tue Oct 30, 2012 9:29 am
Forum: General
Topic: Development version testing "all_packages"
Replies: 6
Views: 2490

Re: Development version testing "all_packages"

Hi Staff,

Would it be possible to include the all_packets in the daily builds?

Regards,
Frank
Any news if this would be possible? or is it to much work to do all the time?

Regards,
Frank
by TKITFrank
Fri Oct 26, 2012 7:51 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Do you use the build in DNS server to forward requests? I use google DNS Servers /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 servers=\ 8.8.8.8,8.8.4.4 Then add them here. /ip firewall address-list add address=xxx.xxx.xxx.xxx comment=DNS-servers ...
by TKITFrank
Thu Oct 25, 2012 6:28 am
Forum: General
Topic: v6 RC2 released
Replies: 98
Views: 30420

Re: v6 RC2 released

Is [Ticket#2012092466000445] fixed?
by TKITFrank
Wed Oct 24, 2012 8:13 am
Forum: General
Topic: [Feature request] Client Band Select
Replies: 1
Views: 1609

[Feature request] Client Band Select

Hi, A nice feature would be to have the option on the AP to set a preferred band. Like if I have 2 radios one on 2.4Ghz and one on 5Ghz that I can advertise that clients should prefer 5Ghz. It can be done today with access lists but it is a bit difficult. A simple setting that would always tell clie...
by TKITFrank
Wed Oct 24, 2012 7:23 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi how do I ad all this to my router? by script? Its alot of code =) since the code is rewritten and some has been quoted, where can I find the most updated code? Hi, The code in this post is exported an should be okay to import. Read the post and adapt it to your settings. http://forum.mikrotik.co...
by TKITFrank
Tue Oct 23, 2012 8:04 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Do you use the build in DNS server to forward requests?
by TKITFrank
Tue Oct 16, 2012 10:24 am
Forum: General
Topic: Development version testing "all_packages"
Replies: 6
Views: 2490

Re: Development version testing "all_packages"

BTW the change log is a bit outdated perhaps?
Has there been any changes since 5 of October?

I'm interested in the IPv6 firewall issues.
by TKITFrank
Tue Oct 16, 2012 10:16 am
Forum: General
Topic: Development version testing "all_packages"
Replies: 6
Views: 2490

Re: Development version testing "all_packages"

Hi Janisk,

I am interested in Multicast and NTP for powerpc (RB800). But it would help to have the updated automatically and not have to request for them ;)
Just like the .npk files
by TKITFrank
Tue Oct 16, 2012 10:10 am
Forum: General
Topic: Development version testing "all_packages"
Replies: 6
Views: 2490

Development version testing "all_packages"

Hi Staff,

Would it be possible to include the all_packets in the daily builds?

Regards,
Frank
by TKITFrank
Tue Oct 09, 2012 12:02 pm
Forum: Forwarding Protocols
Topic: BGP and routing filter improvement suggestions
Replies: 58
Views: 16817

Re: BGP and routing filter improvement suggestions

Hi, Just out of curiosity.. Is BGP Route Flap Damping (RFC 2439) implemented? And also I'm in the process of stating a project with Anycast based BGP for our external services. I have not done any deeper studies right now on the requirements in BGP but it stands between Cisco vs Mikrotik right now. ...
by TKITFrank
Mon Oct 08, 2012 12:24 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

@TKITFrank

Hi, can you please export the settings for blocking the p2p traffic and post it here?
- under the required folder 'export compact filename=myrules'

Tnx in advance.
See post
http://forum.mikrotik.com/viewtopic.php ... 00#p303639
by TKITFrank
Tue Oct 02, 2012 10:46 am
Forum: General
Topic: RouterOS v6 release candidate 1
Replies: 96
Views: 30015

Re: RouterOS v6 release candidate 1

Hi,

Any progress on Ticket#2012092466000445 ? :)
by TKITFrank
Mon Sep 24, 2012 1:10 pm
Forum: General
Topic: RouterOS v6 release candidate 1
Replies: 96
Views: 30015

Re: RouterOS v6 release candidate 1

Todays buglist. 1) IPv6 Firewall filter not working again. 2) IPv6 Firewall statistics not working. Show thousends of Gigabyte of data on the rules. Please send us a supout.rif file with your rules For God sake go fix your old issues before coming up with something new ! Please clarify which old is...
by TKITFrank
Sat Sep 22, 2012 12:43 pm
Forum: General
Topic: RouterOS v6 release candidate 1
Replies: 96
Views: 30015

Re: RouterOS v6 release candidate 1

Todays buglist.

1) IPv6 Firewall filter not working again.
2) IPv6 Firewall statistics not working. Show thousends of Gigabyte of data on the rules.
by TKITFrank
Tue Sep 11, 2012 8:45 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Correct it times out in 10min.
by TKITFrank
Mon Sep 10, 2012 4:55 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi jasgot Sorry to hear about that gram from them. Never nice... The most simple thing to do is to try to download something your self's. The thing is that you will see the connections but they will be dropped in the filter and then they will die out. The other that have no mark should be killed by...
by TKITFrank
Mon Sep 10, 2012 4:11 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Thank you very much for all of your effort on this code. We got a nasty gram from the Recording Industry Association of America (RIAA) yesterday and are trying to prevent all P2P. (we offer free WiFi to guests) I have installed the scripts from this post in this thread: http://forum.mikrotik.com/vi...
by TKITFrank
Mon Sep 10, 2012 2:20 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Thank you very much for all of your effort on this code. We got a nasty gram from the Recording Industry Association of America (RIAA) yesterday and are trying to prevent all P2P. (we offer free WiFi to guests) I have installed the scripts from this post in this thread: http://forum.mikrotik.com/vi...
by TKITFrank
Wed Aug 29, 2012 9:43 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

@TKITFrank Info about the software Xunlei is a chinese p2p software using http port The software fake the header and signature of IE and Firefox There are 2 versions of xunlei. One is the web xunlei, the web xunlei download the file into the web. Then make the file as an php?attachment, so it allow...
by TKITFrank
Tue Aug 28, 2012 9:07 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

@TKITFrank your setting are perfect for blocking P2p. but i have a problem with chinese program Xunlei. With your firewall it not be able to block it at all. I am currently setup internet for a guesthouse. Everything work find , but when those chinese guest open up Xunlei the internet are just dead...
by TKITFrank
Sun Aug 26, 2012 3:19 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

What happens if you use the rules like I posted them?
by TKITFrank
Fri Aug 24, 2012 7:55 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

@n21roadie Does any traffic get cough? Does the prerouting rules work? Perhaps you can post your complete config and we can look at it :) Also please in more detail tell us about you finding where it is not working. @karina I think this topic is only about blocking and beyond the whether to block or...
by TKITFrank
Thu Aug 02, 2012 3:13 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Is it only ping / icmp or all other traffic as well?

Regardless I think you should start a new thread about this and we can continue there :)
Also try the basic to add a new connection mark that is simple at the top in mangle. If it works or not.
by TKITFrank
Tue Jul 31, 2012 10:07 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hummm... and you ping from a computer behind the router and not from the router it selves?
by TKITFrank
Mon Jul 30, 2012 12:30 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, Well short answer yes. My firewall system is based on http://wiki.mikrotik.com/wiki/Dmitry_on_firewalling but I have modified it to be based on screens like the Juniper Netscreen/SRX models. This allows for faster processing of rules and correct rules on correct security screen. Making my 309 ru...
by TKITFrank
Sun Jul 22, 2012 1:04 pm
Forum: General
Topic: Can not downgrade after updating RB1200 to 6.02 beta
Replies: 2
Views: 1016

Re: Can not downgrade after updating RB1200 to 6.02 beta

use netinstall. There is a bug in beta2 that cases the router to kernel panic on reboot. Thats why it will not downgrade. Netinstall will help.
by TKITFrank
Thu Jul 19, 2012 6:42 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Excellent! If you find out a way to bypass the filter let us know. And we can all work together to write a new rule to block :)
by TKITFrank
Wed Jul 18, 2012 1:41 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

@dreamrider did it work as intended?
by TKITFrank
Tue Jul 17, 2012 3:37 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, With the drop rule you deny all traffic from your clients to DNS servers except the router it selves. Then they can only use the RouterOS dns and that one we have blocked access to the torrent masters. With the bypass you can tell you client to go directly to the Google servers and the also to c...
by TKITFrank
Tue Jul 17, 2012 1:22 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

@ TKITFrank Will your filter work on a CPE using PPPoE where it gets it's DNS from AP and the AP DNS entries are using a private IP address pointing back to load balancer and this in turn is getting it's DNS from ISP Have not tried. I use it @ my main firewall. But if the AP has the DNS entries it ...
by TKITFrank
Tue Jul 17, 2012 12:29 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Add an address in "DMZ" is no good idea, right? Or it is not possible for those complicated rules? EDITED: Your rules works like a charm! Down/Up speed=ZERO! P.S. But adding one IP to exclusions after two hours headacke - w/o success... Google hide answer for me. (I mean - your firewall rules is ve...
by TKITFrank
Tue Jul 17, 2012 7:47 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

It is a mangle, i think? And other simple question - how I can add an exception for 1 IP address? 8) That should be possible but a little more difficult since the DNS server as no ACL for records. If you allow an ip to use DNS forward (opposite to the rule least posted) and also excludes it in the ...
by TKITFrank
Tue Jul 17, 2012 7:43 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

nopp
/ip firewall filter
by TKITFrank
Tue Jul 17, 2012 7:33 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi,

Add this to the top.
add action=drop chain=forward comment="Drop DNS" connection-mark=dns disabled=no

NOTE that you have to use the dns proxy/server in the RouterOS.
by TKITFrank
Mon Jul 16, 2012 7:47 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi,

I have a setup that blocks about 700 students on 2 different sites. I have not seen that behavior.. :? Can you give me your setup? Sounds like something is missing or a rule out of order...
by TKITFrank
Mon Jul 16, 2012 9:43 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, Here is your setup :) /ip firewall address-list add address=80.233.238.254 comment=DNS-servers disabled=no list=dns-externt add address=8.8.8.8 disabled=no list=dns-externt add address=172.16.10.1/27 disabled=no list=local-addr The 78 address was included by mistake... I use that for trafficshap...
by TKITFrank
Thu Jun 21, 2012 2:50 pm
Forum: General
Topic: p2p traffic
Replies: 3
Views: 674

Re: p2p traffic

Hi,

Have a look at this thread... :)
http://forum.mikrotik.com/viewtopic.php?t=21178
by TKITFrank
Sun Jun 17, 2012 2:40 pm
Forum: General
Topic: Strange Error / Problem getting in Mikrotik!!
Replies: 5
Views: 793

Re: Strange Error / Problem getting in Mikrotik!!

If you need assistance contact MikroTik support at support@mikrotik.com, this is just a user forum not a official support channel in that manner.
And you will have to wait until Monday to get an answer I guess.
by TKITFrank
Fri Jun 15, 2012 7:43 am
Forum: General
Topic: ETA on Beta3?
Replies: 54
Views: 14455

Re: ETA on Beta3?

it will take a while. So no ETA.
Any progress on the beta 3 release?
by TKITFrank
Thu Jun 07, 2012 4:32 pm
Forum: General
Topic: ETA on Beta3?
Replies: 54
Views: 14455

Re: ETA on Beta3?

Multicast och NTP.
I guess they are the reason why my router will not upgrade?
The file is located where It should be but It only reboots.

I will do a test today or tomorrow as well with serial port connected...
by TKITFrank
Thu Jun 07, 2012 1:38 pm
Forum: General
Topic: ETA on Beta3?
Replies: 54
Views: 14455

Re: ETA on Beta3?

Hi, Got a hold of the test release of beta3 but my RB800 will not upgrade, I have not connected to the CLI on boot, but my guess is that I have packets that are beside the normal npk file. Like NTP and Multicast. And the zip file with all packets is not located on the same place as the npk file. Whe...
by TKITFrank
Tue Jun 05, 2012 4:19 pm
Forum: General
Topic: ETA on Beta3?
Replies: 54
Views: 14455

Re: ETA on Beta3?

Is there a Beta of the beta3? :)
And if so where can I get it to try? I have an RB800...
by TKITFrank
Fri Jun 01, 2012 3:16 pm
Forum: General
Topic: ETA on Beta3?
Replies: 54
Views: 14455

Re: ETA on Beta3?

Okay no new features ? :)
by TKITFrank
Fri Jun 01, 2012 3:04 pm
Forum: General
Topic: ETA on Beta3?
Replies: 54
Views: 14455

Re: ETA on Beta3?

Some hints on whats to come in beta3? :)
by TKITFrank
Fri Jun 01, 2012 12:42 pm
Forum: General
Topic: ETA on Beta3?
Replies: 54
Views: 14455

Re: ETA on Beta3?

Any news Normis on beta3? :)
by TKITFrank
Tue May 22, 2012 4:02 pm
Forum: General
Topic: Mikrotik Router DDoS attack
Replies: 32
Views: 8607

Re: Mikrotik Router DDoS attack

As it was said multiple times before, we are working on a fix for this. Hi Normis, As said before this is getting out of hand. As a measurement can you do the following? 1) Create a new forum entry called security or what you find appropriate. 2) Add this security issue as a sticky and attach all i...
by TKITFrank
Mon May 21, 2012 10:55 am
Forum: General
Topic: Mikrotik Router DDoS attack
Replies: 32
Views: 8607

Re: Mikrotik Router DDoS attack

if you don't configure a password, somebody can log into your router. do you want us to "notify" you of that too? it's the same type of issue. I think this discussion has gotten out of hand. We can all conclude that you should have security measurements in place to protect your router. This is not ...
by TKITFrank
Thu May 17, 2012 2:11 pm
Forum: General
Topic: ETA on Beta3?
Replies: 54
Views: 14455

Re: ETA on Beta3?

Hi Normis,

Sounds promising :) looking forward to it.
Keep up the good work!
by TKITFrank
Thu May 17, 2012 1:36 pm
Forum: General
Topic: ETA on Beta3?
Replies: 54
Views: 14455

ETA on Beta3?

Mikrotik Staff do you have an ETA on the Beta3?
1-3weeks? :)
by TKITFrank
Tue May 15, 2012 9:05 am
Forum: General
Topic: Comments on 6.0b2
Replies: 15
Views: 5644

Re: Comments on 6.0b2

Any update when new version of v6 will be released and when the new routing will be implemented?
by TKITFrank
Wed May 02, 2012 2:45 pm
Forum: General
Topic: v6.0beta2 released!
Replies: 53
Views: 19314

Re: v6.0beta2 released!

BUG? OpenVPN When I try to connect to my OpenVPN server it will not work. I can connect but the interface will drop. This is the log from the client, The server will not show anything even with debug. Wed May 02 13:37:14 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011 Wed ...
by TKITFrank
Mon Apr 30, 2012 10:06 am
Forum: General
Topic: v6.0beta2 released!
Replies: 53
Views: 19314

Re: v6.0beta2 released!

TKITFrank , that is the way how BCP should work. BCP should be configured on both sides, protocol does not work, when configured on one side only. Thanks for the clarification. This will be off topic but can I have a PPTP interface in a bridge without BCP? OpenVPN seems to be the only interface I c...
by TKITFrank
Fri Apr 27, 2012 5:15 pm
Forum: General
Topic: v6.0beta2 released!
Replies: 53
Views: 19314

Re: v6.0beta2 released!

Bridge in pptp-profiles does not seem to work or I am doing to wrong. I have added it but it will still look like the out interface is the pptp-connection. Not the bridge interface. I saw this in v5 - probably, both sides should support BCP and negotiate it... So this feature is ROS to ROS only? Or...
by TKITFrank
Fri Apr 27, 2012 1:59 pm
Forum: General
Topic: v6.0beta2 released!
Replies: 53
Views: 19314

Re: v6.0beta2 released!

Bridge in pptp-profiles does not seem to work or I am doing to wrong. I have added it but it will still look like the out interface is the pptp-connection. Not the bridge interface. [xxxxxx@xxxx.xxxxx.org] > ppp profile print 1 name="PPTP-VPN" local-address=192.168.255.254 remote-address=dhcp_pool3 ...
by TKITFrank
Wed Apr 25, 2012 7:47 pm
Forum: General
Topic: v6.0beta2 released!
Replies: 53
Views: 19314

Re: v6.0beta2 released!

Hi Sergejs, Suffered a kernel panic, see Ticket#2012042566000631 Some things I noticed after this... 1) After that the system would not let me enter New Terminal in winbox. It will show me the Mikrotik logo but I will not get to the CLI. 2) After this kernel panic my CPU went from 1200Mhz to 799Mhz ...
by TKITFrank
Tue Apr 24, 2012 7:34 am
Forum: General
Topic: v6.0beta2 released!
Replies: 53
Views: 19314

Re: v6.0beta2 released!

Positive Feedback 1) The HTTP proxy seems a lot faster in v6b2 then in V5.14 2) Wireless speeds have increased. Did a test yesterday (only UDP from my computer to the router) and I got 70-80Mbit. Before I had a maximum of 50-60Mbit. This was on the 2.4Ghz band. Good Work! Some wishes... and I know y...
by TKITFrank
Mon Apr 23, 2012 8:01 pm
Forum: General
Topic: v6.0beta2 released!
Replies: 53
Views: 19314

Re: v6.0beta2 released!

One more GUI bug.
When I use the PPTP client connection interface in the system I get a 4096MB increase on the statistics...
The Peak you can see made the TX bytes go from 4096MB to the 8.0GB
v6b2_gui_bug_3.JPG
This is after i did a disable and enable again.
v6b2_gui_bug_3_1.JPG
by TKITFrank
Mon Apr 23, 2012 6:13 pm
Forum: General
Topic: v6.0beta2 released!
Replies: 53
Views: 19314

Re: v6.0beta2 released!

TKITFrank , thank you for the both reports! About IPv6, what do you mean that firewall missing its functions? Which of the rule does not work? Have a look at Ticket#2012042366000607 I have a support out file now. If that will help beside the firewall rules. Let me know if I should send it also. Any...
by TKITFrank
Sun Apr 22, 2012 12:03 pm
Forum: General
Topic: v6.0beta2 released!
Replies: 53
Views: 19314

Re: v6.0beta2 released!

IPv6 Firewall seems to be missing its functions... I did a firewall test against http://ipv6.chappell-family.com/ipv6tcptest/ and my normal stealth just went refused and they found port 135 as open. And my computer responded to ping.
by TKITFrank
Sun Apr 22, 2012 11:55 am
Forum: General
Topic: v6.0beta2 released!
Replies: 53
Views: 19314

Re: v6.0beta2 released!

One more GUI bug...
Seems to be more than just the extreme numbers. Many standard rules does not have anything...
MikroTik do you want a supout? or is this enough?
System is RB800 v6b2 with 2 Radios and the system clocked to 1200Mhz.

edit: IPv4 is not affected... from what I can see.
by TKITFrank
Fri Apr 20, 2012 7:56 pm
Forum: General
Topic: v6.0beta2 released!
Replies: 53
Views: 19314

Re: v6.0beta2 released!

Fund a GUI Bug... See picture...
by TKITFrank
Mon Apr 16, 2012 6:42 pm
Forum: General
Topic: v6.0beta1 released!
Replies: 35
Views: 13740

Re: v6.0beta1 released!

paoloaga, you are right, thank you very much for the report! Connection-state matcher in IPv6 firewall is the reason for reboot, other IPv6 firewall rules work fine.
We will fix the particular problem in the next 6.0 version.
When will a fix (new beta) be available? :)
by TKITFrank
Thu Feb 23, 2012 6:55 pm
Forum: General
Topic: IPv6 DHCP Server
Replies: 16
Views: 3744

Re: IPv6 DHCP Server

It is in our TODO list and will be ready when it is done. :)
This year or next? :)
by TKITFrank
Thu Feb 23, 2012 3:53 pm
Forum: General
Topic: IPv6 DHCP Server
Replies: 16
Views: 3744

Re: IPv6 DHCP Server

You are right. Any time frame on full DHCPv6? ND does not hand out DNS so Windows PC still require manual configuration without full DHCPv6.
ND does hand out DNS. Windows simly does not support this feature.
Any news on when a Full DHCP IPv6 server will be implemented mrz?
by TKITFrank
Thu Feb 23, 2012 3:49 pm
Forum: General
Topic: SHA2 256/512bit
Replies: 1
Views: 567

Re: SHA2 256/512bit

MikroTik staff? any info?
by TKITFrank
Tue Feb 21, 2012 4:40 pm
Forum: General
Topic: SHA2 256/512bit
Replies: 1
Views: 567

SHA2 256/512bit

Any chance of this being implemented in the current release series for IPSEC as an option?
SHA/MD5 is quite old and most vendors aim for SHA2.

Should not be to difficult to do or?? :)
by TKITFrank
Tue Feb 21, 2012 4:37 pm
Forum: General
Topic: IPv6 DHCP Server
Replies: 16
Views: 3744

Re: IPv6 DHCP Server

I want this to :)
by TKITFrank
Thu Feb 16, 2012 8:01 am
Forum: General
Topic: v5.13 released
Replies: 64
Views: 8261

Re: v5.13 released

In Winbox, 'IP/Firewall/Connections' Max Entries is 0, CLI shows correct value.
Checked on RB433AH, RB751U-2HnD and x86.

Regards,
Confirmed on RB800 and RB1100AHx2
by TKITFrank
Thu Feb 16, 2012 7:36 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, CCDKP describers it well. This is because bittorrent tends to try the obvious methods of connection before getting "sneaky" about getting out. That is the same technique I use and it was his Idea (Thanks CCDKP), I just took it one step further ;) I can not punish my users like he can. I have to ...
by TKITFrank
Wed Feb 15, 2012 8:14 am
Forum: General
Topic: v5.13 released
Replies: 64
Views: 8261

Re: v5.13 released

@Normis
*) bridge - fixed problem where arp reply-only or disabled mode didn't work anddisabled bridge interfaces didn't have X flag;
IPv6 and IPv4 now works excellent with bridge in reply-only!
Great work! :)

Regards,
Frank
by TKITFrank
Wed Feb 15, 2012 7:53 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi Belyache, To make a long story short this has been an ongoing battle.. I will try to summery it for you. I also included CCDKP's note about IPv6. As he stats is it VITAL for the blocking. 1) Are either of these posts complete? I have made them below. 2) Is the second post an addition to the previ...
by TKITFrank
Fri Feb 10, 2012 4:53 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

TKITFrank, While testing out some of the new rules, I hit a very interesting discovery. uTorrent 3.0 will try to established UTP connections over Teredo IPv6 tunnels, which are on by default on Windows Vista & Windows 7. If you fire up a decent sized torrent on a Windows 7 machine and look under "p...
by TKITFrank
Fri Feb 10, 2012 3:53 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, Here is the new setup... This will perhaps beside blocking allows for traffic-shaping of encrypted torrent traffic. What will happen is that only users that use P2P programs will be subject to the rules that contain some false positive ("UDP-Bittorrent blocking" and "TCP-Tracker blocking"). They...
by TKITFrank
Sun Feb 05, 2012 11:33 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

/ip firewall layer7-protocol add name=HTTPS regexp="^(.\?.\?\\x16\\x03.*\\x16\\x03|.\?.\?\\x01\\x03\\x01\?.*\\x0b)" add name=GNUTELLA regexp="^(gnd[\\x01\\x02]\?.\?.\?\\x01|gnutella connect/[012]\\.[0-9]\\x0d\\x0a|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnu...
by TKITFrank
Tue Jan 31, 2012 10:02 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, This is my new config, I have been testing to some time and I have had issues with false positive. The config below seems to eliminate those false positive I have found. However there might be more... I you find it please let me know. And also how so I can replicate it and correct it. I will try...
by TKITFrank
Mon Jan 23, 2012 6:39 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, This is a draft will add more info later this week. Did some testing today and found out that you can bypass my filter by starting the connection on one site and then resume them behind my firewall. To block them you have to use a series of things. This is what I have found. By marking udp packe...
by TKITFrank
Sat Jan 21, 2012 12:07 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi,

Not knowing how your network is built I would guess you have to to it at the client switches or CPE's. Do you use Multicast? if not block it.
I can post my DNS entries on Monday when I am at work. But to mee yours looks fine. They should kill DHT.
by TKITFrank
Sat Jan 21, 2012 12:03 pm
Forum: General
Topic: v5.12 released
Replies: 144
Views: 25200

Re: v5.12 released

Hi,

IPv6 works fine with reply-only on the bridge interface but now IPv4 don't work. Seems like it does not reply to ARP requests. I have not done a wireshark yet...
by TKITFrank
Fri Jan 20, 2012 2:25 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

TKITFrank , did you try your rules with the last version of utorrent client(3.0 and above).Asking about it, because you rules, posted earlier in this topic, seems to work for me. But now, with the last version of utorrent, they don't. Neither with ssl encryption turned on or off. Hi, This week I ha...
by TKITFrank
Tue Jan 03, 2012 11:50 am
Forum: General
Topic: BTest.exe IPv6 Support?
Replies: 10
Views: 1221

Re: BTest.exe IPv6 Support?

Hi Janisk, Okay those are my current options I understand. But in our government environment that will probably not be an option. :( Perhaps we are talking of the same thing here or misunderstand each other. Sorry about that, My question is when it will be able to use DHCPv6 in Mikrotik with Windows...
by TKITFrank
Mon Jan 02, 2012 3:14 pm
Forum: General
Topic: BTest.exe IPv6 Support?
Replies: 10
Views: 1221

Re: BTest.exe IPv6 Support?

Hi Janisk, That is true on small amounts of computer and for me at home. But take the example of our student network. 350-450 computers that I have no control over. And I don't think that I can rely on the students to configure this by them selves. The question still stands... How far ahead is the D...
by TKITFrank
Mon Jan 02, 2012 1:23 pm
Forum: General
Topic: BTest.exe IPv6 Support?
Replies: 10
Views: 1221

Re: BTest.exe IPv6 Support?

you can try to set up PPPoE client on windows. That should work. Since windows only support DHCPv6 for auto configuration Sounds like the reason why it's not working. ;) Will have a look at the PPPoE, but static works fine as well :) Do you have any news on then the DHCPv6 implementation will be do...
by TKITFrank
Mon Jan 02, 2012 12:22 pm
Forum: General
Topic: BTest.exe IPv6 Support?
Replies: 10
Views: 1221

Re: BTest.exe IPv6 Support?

better do not use WindowsXP and IPv6. AFAIK XP got experimental and not full implementation of IPv6 protocol.Vista and 7 have quite decent implementation. So the problem you have might be connected more to problems within the OS rather than network. Hi, Most likely so... Thats why a good test tool ...
by TKITFrank
Thu Dec 29, 2011 9:27 pm
Forum: General
Topic: BTest.exe IPv6 Support?
Replies: 10
Views: 1221

Re: BTest.exe IPv6 Support?

Hi, Okay then I know :) No at all basically... the reason why I was looking for the support is that my IPv4 traffic on a Windows XP machine is great but the ipv6 is maxed out @ 6mbit :shock: . I was interested if it would apply on UDP as well. And also if I would get a different value on the btest f...
by TKITFrank
Thu Dec 29, 2011 12:09 pm
Forum: General
Topic: BTest.exe IPv6 Support?
Replies: 10
Views: 1221

BTest.exe IPv6 Support?

Hi,

Any plans for a new version of the BTest.exe tool with IPv6 support?
by TKITFrank
Fri Dec 23, 2011 1:37 pm
Forum: General
Topic: Ipv6 issue with MT OS ver: 5.11 still
Replies: 7
Views: 901

Re: Ipv6 issue with MT OS ver: 5.11 still

Others and I have seen this issue before, I made this discovery too when I started using IPv6 in late October. http://forum.mikrotik.com/viewtopic.php?f=2&t=56252&p=287716 In this topic http://forum.mikrotik.com/viewtopic.php?f=2&t=56374&p=288255 for IPv6 to work use arp=enabled or it can fail. edit...
by TKITFrank
Fri Dec 09, 2011 5:53 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi,

No I did not, Will see if I can get a test during next week at work.
Have a nice weekend!
by TKITFrank
Tue Dec 06, 2011 10:52 pm
Forum: Wireless Networking
Topic: 802.11n Slow
Replies: 126
Views: 48010

Re: 802.11n Slow

Hi, Seems fine :) Saw a couple of things that can be adjusted... preamble-mode=both >Try short, It should choose that by default but in many cases it does not, This made a big difference for me. hw-protection-threshold=2340 >Verify this against the settings of your wifi card. I use 2347. security-pr...
by TKITFrank
Tue Dec 06, 2011 6:32 pm
Forum: Wireless Networking
Topic: 802.11n Slow
Replies: 126
Views: 48010

Re: 802.11n Slow

MB/s is megabyte per second, I think that 7.xMB/s, about 60-65mbit/s is way too low for one stream, and thats about 1/3 of consumer equipment on the market. I too use the RB800@1066 and a 52nm dual chain card. I think that I can not get more by tweeking settings/cards/antennas than this, I think ro...
by TKITFrank
Tue Dec 06, 2011 4:33 pm
Forum: Wireless Networking
Topic: 802.11n Slow
Replies: 126
Views: 48010

Re: 802.11n Slow

I have to disagree, See my post and this is a (my) home router! :) http://forum.mikrotik.com/viewtopic.php?f=7&t=56161 is there any configuration difference between your 5ghz and 2,4ghz cards in your mikrotik? No there are non, They are configured the same. Your test is with 10 streams? At least it...
by TKITFrank
Tue Dec 06, 2011 3:29 pm
Forum: Wireless Networking
Topic: 802.11n Slow
Replies: 126
Views: 48010

Re: 802.11n Slow

I have to disagree, See my post and this is a (my) home router! :)
http://forum.mikrotik.com/viewtopic.php?f=7&t=56161
by TKITFrank
Tue Nov 22, 2011 5:28 pm
Forum: General
Topic: CITY FOR NEXT EUROPEAN MUM 2012
Replies: 49
Views: 6999

Re: CITY FOR NEXT EUROPEAN MUM 2012

Why not Gothenburg in Sweden ? ;)
by TKITFrank
Wed Nov 16, 2011 4:00 pm
Forum: General
Topic: IPv6 TODO
Replies: 54
Views: 10112

Re: IPv6 TODO

Hi Normis, @home where I currently do this to experiment and learn IPv6. Well the thing I was trying to do right now is to create ACL's in the webproxy and to get that to work properly. I can not add IPv6 addresses in the ACL in winbox. I have in IPv4 also used the webproxy in transparent mode. Seem...
by TKITFrank
Tue Nov 15, 2011 4:35 pm
Forum: General
Topic: Transparent proxy with IPv6
Replies: 1
Views: 592

Transparent proxy with IPv6

Hi,

Is this mission impossible? If not how?

p.s IPv6 ACL in webproxy is not working or is this a feature to be made? ;) d.s
by TKITFrank
Tue Nov 15, 2011 4:32 pm
Forum: General
Topic: IPv6 TODO
Replies: 54
Views: 10112

Re: IPv6 TODO

Mr Normis what is the current status? how many % finished? :) - IPsec IPv6 support with IKE v2 IKE v3 (probably in v6 beta) - DONE - IP Pool support; for PPP and DHCP (to manage networks instead of addresses) - DONE - IPv6 Address auto-configuration from other routers - hopefully next week - IPv6 DH...
by TKITFrank
Tue Nov 01, 2011 7:31 am
Forum: General
Topic: Problems with IPv6 on bridge interface
Replies: 2
Views: 1871

[SOLVED] Problems with IPv6 on bridge interface

Hi jandafields, Thanks for your advice. However to my knowledge the beta of 5.8 is only standard package. I use NTP and Multicast as well. So I have to stick to the official releases. :( Anyhow last night I found out what the problem was. The issue was that the bridge interfaces needed to have ARP e...
by TKITFrank
Sun Oct 30, 2011 1:44 pm
Forum: General
Topic: Problems with IPv6 on bridge interface
Replies: 2
Views: 1871

Problems with IPv6 on bridge interface

Hi all, This weekend I was trying for the first time to get IPv6 working. I got an HE tunnel with the usual /64 and a /48 for my other networks. All seems fine and not as horrifying as first looked upon ;) Then I ran in to trouble... I must have done something wrong but I can not figure out what... ...
by TKITFrank
Wed Oct 26, 2011 5:54 pm
Forum: Wireless Networking
Topic: Success story 802.11n Home AP
Replies: 3
Views: 11236

Re: Success story 802.11n Home AP

100mbit_nstreme_tab.jpg
100mbit_NV2_tab.jpg
100mbit_TX_Power_tab.jpg
by TKITFrank
Wed Oct 26, 2011 5:53 pm
Forum: Wireless Networking
Topic: Success story 802.11n Home AP
Replies: 3
Views: 11236

Re: Success story 802.11n Home AP

100mbit_HT_tab.jpg
100mbit_HT_MCS_tab.jpg
100mbit_WDS_tab.jpg
by TKITFrank
Wed Oct 26, 2011 5:52 pm
Forum: Wireless Networking
Topic: Success story 802.11n Home AP
Replies: 3
Views: 11236

Re: Success story 802.11n Home AP

100mbit_Wireless_tab.jpg
100mbit_Data_Rates_tab.jpg
100mbit_Advanced_tab.jpg
by TKITFrank
Wed Oct 26, 2011 5:51 pm
Forum: Wireless Networking
Topic: Success story 802.11n Home AP
Replies: 3
Views: 11236

Success story 802.11n Home AP

Hi all, Today I wanted to write an post that is not regarding a problem or a bug. Instead a success story :) I have seen many people having issues with 802.11n and Mikrotik. I can not say much about the PTP setups of (N) since I do not use them my selfs. I use Mikrotik @work in the form of standard ...
by TKITFrank
Sun Oct 23, 2011 1:24 pm
Forum: General
Topic: socks5 on mikrotik
Replies: 3
Views: 7685

Re: socks5 on mikrotik

Hi,

No you can not. :(
I the current release of RouterOS you are limited to only socks v4.
by TKITFrank
Mon Oct 10, 2011 7:26 am
Forum: General
Topic: limit all torrent downloads
Replies: 5
Views: 5035

Re: limit all torrent downloads

Hi,

Have a look at this thread.
http://forum.mikrotik.com/viewtopic.php?t=21178
by TKITFrank
Fri Sep 30, 2011 8:19 am
Forum: General
Topic: [Possible bug] Memory lekage jumboframes on RB800 ROS5.7?
Replies: 0
Views: 317

[Possible bug] Memory lekage jumboframes on RB800 ROS5.7?

Hi, I tried today to increase the L2MTU and the MTU on my RB800 ROS 5.7 (current-firmware: 2.30) /interface ethernet> print detail Flags: X - disabled, R - running, S - slave 0 name="Dmz" mtu=1500 l2mtu=1600 arp=enabled auto-negotiation=yes full-duplex=yes speed=100Mbps 1 R name="External" mtu=1500 ...
by TKITFrank
Wed Aug 03, 2011 10:27 am
Forum: General
Topic: v5.6 released
Replies: 91
Views: 20835

Re: v5.6 released

Hi Normis,

Is ticket #2011062866000285 fixed in this release?
by TKITFrank
Wed Jul 20, 2011 12:26 pm
Forum: RouterBOARD hardware
Topic: IPSec Hardware Acceleration on RB800?
Replies: 2
Views: 877

Re: IPSec Hardware Acceleration on RB800?

Hi Normis,

I did never see the model without the (E) on there webpage, perhaps not listed either :?
But that will explain the lack support. 8)

Thanks for the explanation.

Have a nice summer!
by TKITFrank
Wed Jul 20, 2011 8:04 am
Forum: RouterBOARD hardware
Topic: IPSec Hardware Acceleration on RB800?
Replies: 2
Views: 877

IPSec Hardware Acceleration on RB800?

Hi, I wrote this in the RouterOS Community Support [General] section but I guess it is more appropriate here. I was unable to move the thread so I reposted it here and removed the old one. I was going through the specs on the RB800 and on the CPU in it (MPC8544E) To my surprise the Freescale site re...
by TKITFrank
Mon Jul 11, 2011 3:52 pm
Forum: General
Topic: graphs deleted after reboot on v.5.0 / slow NTP sync
Replies: 52
Views: 15012

Re: graphs deleted after reboot on v.5.0 / slow NTP sync

I have ROS 5.5 with ntp packet installed and it takes about 5-7min for the timesync to complete. I am going to the ip of ntp1.sp.se and ntp2.sp.se (62.119.40.98 and 193.10.7.246) This was fast on ROS 4.xx seems to be something with ROS 5 [xxxxxxx@hades.xxxxxxx.org] /system ntp> export # jul/11/2011 ...
by TKITFrank
Fri Jul 08, 2011 8:10 am
Forum: General
Topic: [SOLVED] Strip IPv4 Options not working?
Replies: 5
Views: 1788

[SOLVED] Strip IPv4 Options not working?

Hi, After a mail conversation with Janis I got the repose that the timestamps I was trying to remove did not have anything to do with this. I was trying to remove TCP timestamps and they do not have anything to do with IPV4 Option "Timestamps". After some digging on google I found this. The only way...
by TKITFrank
Tue Jul 05, 2011 11:54 am
Forum: Wireless Networking
Topic: p2p is killing my head
Replies: 4
Views: 734

Re: p2p is killing my head

Hi,

Try to use QoS to prioritize the "normal" traffic and then let all else go in low priority. If you want to block p2p then have a look at this thread.
http://forum.mikrotik.com/viewtopic.php?t=21178
In that thread you will find some useful information both on blocking and QoS thoughts.

/Frank
by TKITFrank
Mon Jun 27, 2011 12:43 pm
Forum: General
Topic: [SOLVED] Strip IPv4 Options not working?
Replies: 5
Views: 1788

Re: Strip IPv4 Options not working?

Hi, Upgraded to 5.5 but that did not help, Can anyone confirm this function working? I can see the rule triggering packets now when the rule looks like this. It did the same when I set TCP as protocol. Now the rules look like this. 0 chain=prerouting action=strip-ipv4-options 1 chain=postrouting act...
by TKITFrank
Mon Jun 20, 2011 7:03 pm
Forum: General
Topic: [SOLVED] Strip IPv4 Options not working?
Replies: 5
Views: 1788

Re: Strip IPv4 Options not working?

Hi again,

Removing protocol tcp did not help :( Do you have any more ideas?

Update, It works or at least counting packets on the rule when I removed the "ipv4-options=any" but still nessus reports timestamp also the link posted above. So from what I can see the action is not applied. Or am I wrong?
by TKITFrank
Mon Jun 20, 2011 6:49 pm
Forum: General
Topic: [SOLVED] Strip IPv4 Options not working?
Replies: 5
Views: 1788

Re: Strip IPv4 Options not working?

Hi Fewi, I will try without TCP but from what I get by the nessus scan it is all about TCP timestamp. Nope non of the rules are counting anything. :( That is one of the things that made me wonder if it is working as it should be. But maybe it is as you pointed out that it is the TCP that messes arou...
by TKITFrank
Mon Jun 20, 2011 4:27 pm
Forum: General
Topic: [SOLVED] Strip IPv4 Options not working?
Replies: 5
Views: 1788

[SOLVED] Strip IPv4 Options not working?

Hi, I was trying to block IPv4 options on my firewall @home for test and I seem to get the rule to work but it does not remove any thing? I have had a nessus scan from the outside and it still reports that my system sends timestamp. I can confirm this at this site as well http://lcamtuf.coredump.cx/...
by TKITFrank
Fri Jun 10, 2011 8:15 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, I think the only thing to do at the moment in MikroTik is to mark all OK traffic and place them in queues and then have a rest of whats left queue for p2p and well the rest ;) This approach has been said before in this thread if i am not mistaken. But that is a bit off topic since the thread is ...
by TKITFrank
Thu Jun 09, 2011 10:53 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, Just a note... don't use the DNS entries if you just want to traffic shape. They will ONLY block. Dear Guys! I have just tried to configure mikrotik transparent traffic shaping for limit P2P traffic but without success. I have used TKITFrank configuration to mark P2P traffic then I have created ...
by TKITFrank
Thu Jun 09, 2011 10:51 am
Forum: RouterBOARD hardware
Topic: Block p2p traffic
Replies: 11
Views: 2661

Re: Block p2p traffic

Hi, Here they are. add comment="" name=EMULE regexp="^[\\xc5\\xd4\\xe3-\\xe5].\?.\?.\?.\?([\\x01\\x02\\x05\\x14\\x15\\x16\\x18\\x19\\x1a\\x1b\\x1c\\x20\\x21\\x32\\x33\\x34\\x35\\x36\\x38\\x40\\x41\\x42\\x43\\x46\\x47\\x48\\x49\\x4a\\\ x4b\\x4c\\x4d\\x4e\\x4f\\x50\\x51\\x52\\x53\\x54\\x55\\x56\\x57\\...
by TKITFrank
Wed Jun 01, 2011 10:14 am
Forum: RouterBOARD hardware
Topic: Block p2p traffic
Replies: 11
Views: 2661

Re: Block p2p traffic

Hi, You can just type it in the terminal, But I would recommend you to use this as a guide only . All configurations are different so you will have to adjust it to your setup. The thing I would recommend is that is high up in the mangle and filter rules to make sure no other rules interfere with it....
by TKITFrank
Mon May 30, 2011 1:50 pm
Forum: RouterBOARD hardware
Topic: Block p2p traffic
Replies: 11
Views: 2661

Re: Block p2p traffic

Hi, Hope this helps... [xxxxxx@xxx.xxx.xx] /ip firewall mangle> print Flags: X - disabled, I - invalid, D - dynamic 2 chain=prerouting action=jump jump-target=p2p-service layer7-protocol=DIRECTCONNECT 3 chain=prerouting action=jump jump-target=p2p-service p2p=all-p2p dst-address-list=!dns-servers 4 ...
by TKITFrank
Thu May 26, 2011 3:54 pm
Forum: RouterBOARD hardware
Topic: Block p2p traffic
Replies: 11
Views: 2661

Re: Block p2p traffic

That is my config yes, Or to be more accurate the basics of the setup. You will have to adjust it to your setup.
Can you be more specific about what confuses you?
by TKITFrank
Wed May 25, 2011 12:02 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Do you only use the built in p2p matcher? and if so do you use encrypted p2p in the torrent client?
If so it can not catch it. You will have to try to follow the posts in this thread :)
by TKITFrank
Tue May 24, 2011 11:07 am
Forum: RouterBOARD hardware
Topic: Block p2p traffic
Replies: 11
Views: 2661

Re: Block p2p traffic

Hi,

I use these in my firewall
http://forum.mikrotik.com/viewtopic.php ... 66#p176066
http://forum.mikrotik.com/viewtopic.php ... 08#p204108

Remember that these rules use L7 so it uses quite some CPU depending on traffic.
by TKITFrank
Mon May 23, 2011 2:01 pm
Forum: RouterBOARD hardware
Topic: Block p2p traffic
Replies: 11
Views: 2661

Re: Block p2p traffic

by TKITFrank
Tue Apr 26, 2011 1:42 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx2
Replies: 26
Views: 8121

Re: RB1100AHx2

@normis

Do you have any performance info on the X2? I saw that the RB1200 was added to the performance sheet.
by TKITFrank
Tue Apr 26, 2011 7:30 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Why would it affect other users if you have normal QoS set up? If one guy has 1Mbit, let him use it however he wants, even if it's all 1Mbit with P2P other users will not be affected. There are legal problems here in Germany for prof. services "tolerating" violation of copyrights. Or, in other word...
by TKITFrank
Fri Apr 08, 2011 6:20 pm
Forum: General
Topic: RouterOS 5.1 is out!
Replies: 93
Views: 13492

RouterOS 5.1 is out!

What's new in 5.1 (2011-Apr-08 12:55): *) ipsec - fix SA lifetime display when timezone offset does not equal 0; *) ipsec - now default DPD interval is 2 min for new configurations; *) webfig - make bandwidth-test work; *) fixed problem - wireless package got disabled after upgrading from v4; *) sst...
by TKITFrank
Thu Mar 24, 2011 4:39 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

I have not found a good working UDP L7 for that yet. :(
If anyone can find it please do post that info :)
by TKITFrank
Mon Mar 21, 2011 10:32 pm
Forum: General
Topic: mikrotik.com down ths weekend?
Replies: 2
Views: 419

Re: mikrotik.com down ths weekend?

Looks like a routing loop 8)
Anyhow thought it was a "funny" error... was more expecting a timeout when I did the traceroute ;)
Would bet on LatNET... Mikrotik just out of curiosity do you know what the issue was?
by TKITFrank
Mon Mar 21, 2011 7:36 pm
Forum: General
Topic: mikrotik.com down ths weekend?
Replies: 2
Views: 419

mikrotik.com down ths weekend?

Was unable to access any of mikrotik's sites some time during this weekend. Got this interesting traceroute... any info about why? :) address: forum.mikrotik.com # ADDRESS RT1 RT2 RT3 STATUS 1 85.229.64.1 198ms 213ms 0ms 2 146.172.93.85 29ms 29ms 48ms <MPLS:L=389174,E=0> 3 146.172.99.205 29ms 29ms 3...
by TKITFrank
Tue Mar 08, 2011 12:35 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

@mves EDIT: DHT: Waiting to log in The beast is killed... but I'm not cleared with what... is this DNS kill? Yes it is DNS that will kill this. Also, this is overkill for me... it's blocking access to those sites completely :lol: Yes that is why you want to keep it to a minimum. Also L7 DNS rules wi...
by TKITFrank
Mon Mar 07, 2011 10:10 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, @mves Well I don't say you missed the point completely but somewhat ;) Those DNS entries are only for blocking DHT and magnetic links only. You have a different approach but if it works it is good enough. Any way we can do it is fair game as far as I am concerned. @HowYesNo 1; Activate allow rem...
by TKITFrank
Wed Mar 02, 2011 3:37 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, Add this to your DNS /ip dns static add address=127.0.0.1 disabled=no name=router.utorrent.com ttl=1d add address=127.0.0.1 disabled=no name=dht.vuze.com ttl=1d add address=127.0.0.1 disabled=no name=vrpc.vuze.com ttl=1d add address=127.0.0.1 disabled=no name=vzrpx020.vuze.com ttl=1d add address...
by TKITFrank
Mon Feb 28, 2011 8:20 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Thx for answer! Ok, here what I have done: 1) Made 2 L7 protocols that I copied from this thread (called them BITTORRENT and BITTORRENT_ANNOUNCE). OK 2) In mangle made 4 rules: 3 of them have same configurations... Chain - prerouting, action - jump, jump target - p2p-traffic. The first one has L7 -...
by TKITFrank
Mon Feb 28, 2011 8:21 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

@HowYesNo Port you config so we can see if there is something wrong. Beside... If I understand you correct the mangle rules work fine right? Some things too look for. 1; Mark the packets in prerouting chain. Using L7 and the builtin p2p rulesets. 2; Set action to jump to p2p-chain 3; create a chain ...
by TKITFrank
Fri Feb 25, 2011 3:24 pm
Forum: General
Topic: Almost historic :-)
Replies: 4
Views: 565

Re: Almost historic :-)

Is that 6000+days???? :shock:
by TKITFrank
Tue Feb 22, 2011 2:10 pm
Forum: RouterBOARD hardware
Topic: RB1100AH - new product
Replies: 101
Views: 28993

Re: RB1100AH - new product

It was just out of curiosity ;)
Not intended to be an official statement from you / MikroTik.

If it is okay?
by TKITFrank
Tue Feb 22, 2011 12:33 pm
Forum: RouterBOARD hardware
Topic: RB1100AH - new product
Replies: 101
Views: 28993

Re: RB1100AH - new product

@normis

Can you just in this forum post the same with 1500Mhz? :)
by TKITFrank
Fri Feb 18, 2011 4:09 pm
Forum: RouterBOARD hardware
Topic: RB1100AH - new product
Replies: 101
Views: 28993

Re: RB1100AH - new product

Nice,

But a question...
How can the B1100AH @1066MHz be faster then the B1100AH @1333MHz on 1500 packets?
by TKITFrank
Fri Feb 18, 2011 2:53 pm
Forum: RouterBOARD hardware
Topic: RB1100AH - new product
Replies: 101
Views: 28993

Re: RB1100AH - new product

1066Mhz is the base speed? What other speeds will be supported and stable?
1500MHz seems stable so far.
What is the maximum for that CPU?
by TKITFrank
Tue Feb 08, 2011 5:16 pm
Forum: General
Topic: [BUG/FEATURE] Show all routes ROS5 RC8
Replies: 4
Views: 920

Re: [BUG/FEATURE] Show all routes ROS5 RC8

Okay that explains it :)
Thanks for sorting out this issue for me
by TKITFrank
Tue Feb 08, 2011 4:51 pm
Forum: General
Topic: [BUG/FEATURE] Show all routes ROS5 RC8
Replies: 4
Views: 920

Re: [BUG/FEATURE] Show all routes ROS5 RC8

Okay that was the only place I saw them as well. :( Would it be possible in the future to add them to the routing table so you would have them all in one place. It is easier to troubleshoot then :) It will be enough to see them in ip route print. Modify I can agree that it is restricted to ip ipsec ...
by TKITFrank
Tue Feb 08, 2011 4:11 pm
Forum: General
Topic: [BUG/FEATURE] Show all routes ROS5 RC8
Replies: 4
Views: 920

[BUG/FEATURE] Show all routes ROS5 RC8

Hi,

I was wondering where you can show all routes in the routeros. It seems like the ip route print don't show ipsec routes.
But if I check a linux firewall the tun0 interfaces show in the global routing list.

Bug or feature? or perhaps I don't just know how to do it ;)
by TKITFrank
Tue Feb 08, 2011 2:47 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Why block if they are paying ? Upgrade your network and let them download :) its counted as an abuse for our ip addresses, so we have to prevent that. Are you a cop and government in same time? Don't be please. Invest in network, not in stupidity to make a client to leave your service. But for admi...
by TKITFrank
Sat Feb 05, 2011 9:58 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi Bax, The TCP port 80 will not work in my setup but using a GSM stick and policy redirect DNS traffic to them would work. I guess a work around would be to block the IP of those DNS entries in the firewall as well. If unless they will use the GSM/3G for the DHT and other UDP traffic. I will look i...
by TKITFrank
Sat Feb 05, 2011 9:07 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

happy to fight windmills :D
My Windmills have been loosing for more then a year 8)
As I have stated before it's a ongoing battle but right now I am winning it! :D
by TKITFrank
Thu Feb 03, 2011 8:00 pm
Forum: General
Topic: RouterOS v5rc8
Replies: 110
Views: 19728

Re: RouterOS v5rc8

Hi,

IPSec seems to work but I saw that it took 5-7min for my NTP to sync.
Btw have a look at that CCQ... bug or feature? ;)
by TKITFrank
Tue Feb 01, 2011 12:57 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

I am currently working on implementing a P2P throttling implementation for a school's open Wifi. Reading mves's posts got me thinking and I wanted to bounce the idea off some people while I am getting it working. I am starting with a blacklist similar to what mves suggested. If I detect p2p traffic...
by TKITFrank
Wed Jan 26, 2011 10:27 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

mves,

How about using the setup I said and create a script that enables static dns and so on at the mornings and then deactivates them things at night?
by TKITFrank
Sun Jan 23, 2011 8:06 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, No worries I know all about it ;) Okay why can you not use it? Can you be more specific? And if you have found another way to get the same results? From what I can tell those DNS entries will not harm o disturb anything else then the creation of new torrent sessions. You will still be able to su...
by TKITFrank
Mon Jan 17, 2011 6:38 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, Use the DNS entries below... IMPORTANT! If you don't use the dns there is no way to block magnetic links and so on. Try this and I am sure it will work. And a tip... skip all form of port blocking since they change port all the time. It just consumes resources and this config is resource demandi...
by TKITFrank
Mon Jan 17, 2011 9:35 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi,

I have tried with utorrent 2.2 using the 2 first top100 torrent on thepiratebay.org but it is still blocked.
Have you done all the dns blocking and L7 blocking?
by TKITFrank
Fri Jan 14, 2011 8:18 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

I will check on Monday.
Have you seen traffic not being blocked?
by TKITFrank
Fri Jan 07, 2011 11:59 pm
Forum: RouterBOARD hardware
Topic: RB1100 - Overclocking results
Replies: 32
Views: 11661

Re: RB1100 - Overclocking results

One year working fine rb800 to full heat outdoor cabinet ,processor overclock to 1333mhz. Amazing speed and great performance the network.
What is your temperature and settings + radio interface kapulan?
by TKITFrank
Fri Jan 07, 2011 6:23 pm
Forum: RouterBOARD hardware
Topic: RB1100 - Overclocking results
Replies: 32
Views: 11661

Re: RB1100 - Overclocking results

I am running 2.29
by TKITFrank
Fri Jan 07, 2011 12:25 pm
Forum: RouterBOARD hardware
Topic: RB1100 - Overclocking results
Replies: 32
Views: 11661

Re: RB1100 - Overclocking results

Hi, My test RB800 @home with 2 R52n + noname CF and running ROS 5.0rc7 Normal settings /system routerboard settings print baud-rate: 115200 boot-delay: 2s enter-setup-on: any-key boot-device: nand-if-fail-then-ethernet cpu-frequency: 800MHz memory-data-rate: 400DDR boot-protocol: bootp enable-jumper...
by TKITFrank
Mon Jan 03, 2011 7:11 pm
Forum: General
Topic: Feature request for 5.0 final.
Replies: 40
Views: 6647

Re: Feature request for 5.0 final.

Support ECMP routes with MPLS/LDP: In current state, a network with a lot of ecmp routes via ospf ( with multiple links) when LDP is enabled, only one of the multiple routes gets a label, so all traffic goes only to one path and doing bonding and another work arrounds like create vpls and bonding t...
by TKITFrank
Fri Dec 31, 2010 10:24 am
Forum: Beginner Basics
Topic: Block
Replies: 2
Views: 466

Re: Block

Hi,

Use the webproxy it is far more effective. Just put it in transparent mode so you don't have to run around and change all users settings 8)
by TKITFrank
Fri Dec 31, 2010 10:22 am
Forum: Beginner Basics
Topic: Blocking Torrent Activity
Replies: 4
Views: 2859

Re: Blocking Torrent Activity

Hi,

I did this in an school environment. Works well as far as I know.
I posted some short howto's in this thread.

http://forum.mikrotik.com/viewtopic.php?t=21178
by TKITFrank
Thu Dec 30, 2010 2:09 pm
Forum: General
Topic: IPv6 TODO
Replies: 54
Views: 10112

Re: IPv6 TODO

- IPsec IPv6 support with IKE v2 IKE v3 (probably in v6 beta) Will it include new things except just IPv6 support? Like ciphers, PFS Group 14-16 and authentication algorithms? - Webproxy Is it possible for you to add a remove button to remove all the "Mikrotik HttpProxy" headers while you guys are ...
by TKITFrank
Mon Dec 13, 2010 2:09 pm
Forum: General
Topic: Blocking some kind of attack
Replies: 15
Views: 2783

Re: Blocking some kind of attack

Can you please show us your rules and also point out where the packets hit.
That way we might be able to construct a rule in the right order that will help.

Also is there any known similarity between the attacks? The same dest-ip or just https?
by TKITFrank
Mon Dec 13, 2010 12:57 pm
Forum: General
Topic: Blocking some kind of attack
Replies: 15
Views: 2783

Re: Blocking some kind of attack

How about adding a rule in the hs-unauth chain?
by TKITFrank
Mon Dec 13, 2010 12:08 pm
Forum: Wireless Networking
Topic: 802.11n
Replies: 939
Views: 287110

Re: 802.11n

If I'm not mistaken on some centrino laptops that is the max TX rate. They only use N for RX. Why i don't know... :(
by TKITFrank
Mon Dec 13, 2010 12:04 pm
Forum: General
Topic: Blocking some kind of attack
Replies: 15
Views: 2783

Re: Blocking some kind of attack

Hi,

If you have found the right chain then try to restricting all https traffic from one host to say about 20 connections?
Skip adding them to a list just drop them.

Try that and see if it helps?
by TKITFrank
Thu Dec 09, 2010 12:09 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 207665

Re: Feature requests

IPSec Improvements I would like to see in final RouterOS 5.0

Most wanted =)
1; SHA-256, SHA-512
2; PFS Group 14,15,16
3; Winbox support for twofish and camellia ciphers.

Optional
1; Twofish-256 (The most secure publicly available cipher?)
2; IPv6 (it's coming so better to be ready ;) )
by TKITFrank
Wed Dec 08, 2010 11:03 pm
Forum: General
Topic: NAT-T & IPSec Issues still exist
Replies: 25
Views: 12041

Re: NAT-T & IPSec Issues still exist

I would be happy not only to see this problem being fixed, but also IPSec having DH groups going above 5.
Amen to that...

And also SHA2 256/512 would be nice :)
by TKITFrank
Mon Dec 06, 2010 4:22 pm
Forum: General
Topic: Webproxy HTTP header
Replies: 3
Views: 790

Re: Webproxy HTTP header

Hi,

This topic has been addressed before by many people myself included. And yes I still want it ;)
by TKITFrank
Mon Dec 06, 2010 1:06 pm
Forum: Beginner Basics
Topic: can't drag files to file folder
Replies: 13
Views: 2169

Re: can't drag files to file folder

Hade varit kul för oss som inte kan lettiska att förstå också ;)
by TKITFrank
Sun Dec 05, 2010 12:14 pm
Forum: Wireless Networking
Topic: not in local ACL, by default accept
Replies: 2
Views: 4670

Re: not in local ACL, by default accept

Hi,

You might want to change 0 to the right value of the interface.

/interface wireless set 0 default-authentication=no
by TKITFrank
Thu Dec 02, 2010 5:48 pm
Forum: General
Topic: RouterOS v5.0 RC5
Replies: 41
Views: 7586

RouterOS v5.0 RC5

What's new in 5.0rc5 (2010-Dec-01 07:47): *) logging - added email-starttls option for email target; *) pcq - added burst settings, like in "/queue tree" and "/queue simple"; *) pcq - can specify address masks for pcq; *) pcq - added ipv6 support; *) wireless - fixed WPA; *) radius - fixed encryptio...
by TKITFrank
Sat Oct 30, 2010 7:06 pm
Forum: General
Topic: RouterOS v5 RC3
Replies: 39
Views: 7972

Re: RouterOS v5 RC3

WARNING!!! Do not use this version in production system, at least not in x86 systems. It breakes your firewall settings. /Paul Can you be more specific? I have about 200 rules on my RB800 with L7 connection-mark and jump rules and so on. No problems like RC1. To my knowledge all works. But it might...
by TKITFrank
Fri Oct 29, 2010 9:00 pm
Forum: General
Topic: RouterOS v5 RC3
Replies: 39
Views: 7972

Re: RouterOS v5 RC3

http://download.mikrotik.com/all_packag ... 5.0rc3.zip

404 Not Found at 10.34am PST on 10/29
Works from Sweden...
by TKITFrank
Fri Oct 29, 2010 8:30 pm
Forum: General
Topic: RouterOS v5 RC3
Replies: 39
Views: 7972

RouterOS v5 RC3

What's new in 5.0rc3 (2010-Oct-29 09:02):

*) wireless nv2 - fix stalls on encrypted 11n links using high rates;
*) wireless nv2 - fix encryption related kernel crash;
*) sstp - fixed memory leak;
*) fixed problem - bad boot/kernel crc was reported on powerpc boards
when in fact it was good;
by TKITFrank
Wed Oct 27, 2010 8:58 pm
Forum: General
Topic: RouterOS v5 RC2
Replies: 91
Views: 14913

Re: RouterOS v5 RC2

The connection-mark / Mangle passthrough bug is gone as well.

Looks like the cpu on my RB800 can now be set to 1200MHz it was 1000Mhz as max before. 8)
by TKITFrank
Wed Oct 27, 2010 5:58 pm
Forum: General
Topic: RouterOS v5 RC2
Replies: 91
Views: 14913

RouterOS v5 RC2

What's new in 5.0rc2 (2010-Oct-27 16:20): *) wireless nv2 - encryption support; *) tool fetch - support ftp STOR; *) ospf - fixed crash when working with external LSA that contain forwarding addess; *) ipsec - supports NAT-T drafts; *) ipsec - added debug logging, to maintain same log verbosity as b...
by TKITFrank
Tue Oct 12, 2010 8:31 am
Forum: General
Topic: How to block torrents
Replies: 4
Views: 1967

Re: How to block torrents

Hi,

Have a look at this topic...
http://forum.mikrotik.com/viewtopic.php?f=2&t=21178

To the best of my knowledge it still works.
by TKITFrank
Mon Sep 20, 2010 5:16 pm
Forum: General
Topic: Connection mark bug in RC1
Replies: 3
Views: 1317

Connection mark bug in RC1

Hi, I upgraded my home/test RB800 today and found that the system was unresponsive. After some checks from serial port I found out that my connection marks that I do under Mangle did not work under firewall filter. They trigged under mangle but the rules under filter that previously worked didn't. I...
by TKITFrank
Thu Sep 02, 2010 3:39 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, Trying to block p2p is really a waste of time. Best thing it prioritize traffic this way you can throttle any traffic you don't want through. There is no 'answer' to P2P. You might as well say "i want to block Internet". The *only* solution is to control the user's bandwidth. If they use it all ...
by TKITFrank
Wed Sep 01, 2010 7:41 pm
Forum: Beginner Basics
Topic: Is it possible to detect encrypted BitTorrent?
Replies: 6
Views: 1938

Re: Is it possible to detect encrypted BitTorrent?

If you want to block it have a look at this thread
http://forum.mikrotik.com/viewtopic.php?t=21178
by TKITFrank
Tue Jun 29, 2010 11:30 am
Forum: RouterBOARD hardware
Topic: RB800 big problem
Replies: 133
Views: 22164

Re: RB800 big problem

Normis, Can you please describe more detailed what the cause of the issue is? Is it just software related or when you combine it with a specific radio card?
by TKITFrank
Tue Jun 29, 2010 11:24 am
Forum: RouterBOARD hardware
Topic: RB800 big problem
Replies: 133
Views: 22164

Re: RB800 big problem

Hi, I have followed this thread for some time now, I don't have the whole fact here (Please bare with me) but I wonder if anyone has tried to place a RB800 in the same box without the radio cards? Then run some load tests against it. Does the problem persist then? From personal experiences I have se...
by TKITFrank
Fri Jun 18, 2010 3:53 pm
Forum: RouterBOARD hardware
Topic: 533Mhz memory speed on the RB800
Replies: 0
Views: 529

533Mhz memory speed on the RB800

Hi, Has anyone tried to change the memory frequency on the RB800 to 533Mhz? "/system routerboard settings set memory-frequency=533Mhz" And to Mikrotik is this supported? I have heard that if the function is available it is also OK from Mikrotik? I have a RB800 with R52H and R52n @home running ROS v5...
by TKITFrank
Fri Jun 18, 2010 1:02 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Correct me if I am wrong but in this case there is no need for postrouting since we only want to block it. So we need to use prerouting to catch it before all else. The setup is to catch it not to throttle or something like that. I use mangel to mark them and to combined many rules to one. That you ...
by TKITFrank
Fri Jun 11, 2010 8:33 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, Try to put a prerouting rule first in the mangel chain that specifics your server and then jump to a rule below these rules. Then it should bypass but I never intended to have a bypass when I did the initial setup. The DNS settings are required to make the full function of my blocking. If you do...
by TKITFrank
Fri Jun 04, 2010 10:57 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi,

You still need DNS due to encryption and magnetic links.
Do the rules in the order I posted.

Make sure they are on top so no other rule bypasses the control filter.
by TKITFrank
Thu Jun 03, 2010 1:52 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi,

Just tired the new version and it is still blocked phuuuu :)
by TKITFrank
Thu Jun 03, 2010 1:02 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, Sorry for my late reply I am involved in a large project right now. Here is a little how to. You have to have defined your L7 before. Go to the Firewall Mangle. Create a new rule Set it as a prerouting chain and set L7 accordingly. Set Action Jump and Jump to target lets say p2p-traffic Do this ...
by TKITFrank
Wed Apr 28, 2010 12:21 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hehehe he is on the way to become Buddah!
Done ;)
by TKITFrank
Wed Apr 28, 2010 12:09 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, This schools policy is to allow all ports outbound except P2P and SMTP/NETBIOS(Due to virus and spam) I have also blocked DNS outbound due to P2P so they can only access DNS from the RB1000. My current setup for this network is a different firewall from the government firewall so they are alone ...
by TKITFrank
Wed Apr 28, 2010 7:55 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Correct that is the only way I have found to filter out / block DHT or magnetic links.
by TKITFrank
Tue Apr 27, 2010 7:50 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

The above post is about protecting a school network (internal) from using P2P.
by TKITFrank
Wed Apr 21, 2010 7:57 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Here is the config DNS /ip dns static add address=127.0.0.1 disabled=no name=router.utorrent.com ttl=1d add address=127.0.0.1 disabled=no name=dht.vuze.com ttl=1d add address=127.0.0.1 disabled=no name=vrpc.vuze.com ttl=1d add address=127.0.0.1 disabled=no name=vzrpx020.vuze.com ttl=1d add address=1...
by TKITFrank
Tue Apr 20, 2010 1:00 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, I found out the other day that the new utorrent can bypass my rules. My new approach is to block the "announce" and normal Bittorrent traffic by L7 and disable DHT/peer sharing via DNS and filter rules. This results in the impossibility to connect and by that matter removes the ability to initia...
by TKITFrank
Thu Mar 11, 2010 7:40 am
Forum: Beginner Basics
Topic: How to block encrypted p2p.
Replies: 26
Views: 10622

Re: How to block encrypted p2p.

http://forum.mikrotik.com/viewtopic.php?t=21178

I drop unencrypted and encrypted. Works like a charm.
Only flaw right now is that if a P2P program uses ONLY 443 for all its traffic and it is encrypted it will bypass my rules.
by TKITFrank
Tue Mar 09, 2010 8:37 am
Forum: RouterBOARD hardware
Topic: RB1100
Replies: 185
Views: 64325

Re: RB1100

Okay that is interesting but the fact remains that the new CPU is not as fast as the old one en definitely not faster. When you test port to port I can understand that the throughput is the same but what about then you use other system resources like complex firewall filtering(Mangel, L7), Queues, M...
by TKITFrank
Thu Mar 04, 2010 5:28 pm
Forum: RouterBOARD hardware
Topic: RB1100
Replies: 185
Views: 64325

Re: RB1100

This was not the good news I was hoping for. My network setup needs RB1000 power or more. I truly hoped that the RB1100 would be a better RB1000 but I can conclude that it is not the case. The RB1100 looks more like a downgrade to me. :( So my day today was to contact my distributor to try to alloca...
by TKITFrank
Fri Feb 12, 2010 7:48 am
Forum: RouterBOARD hardware
Topic: RB1000U EOL?
Replies: 10
Views: 2363

Re: RB1000U EOL?

I saw the other day that the forum admins (I presume) removed the thread. I guess because it got off topic somewhat or maybe because it did not lead anywhere.
Let's hope the new product that replaces the RB1000 meets our expectations! :D
by TKITFrank
Fri Jan 29, 2010 8:16 am
Forum: The Dude
Topic: The Dude 64bit version?
Replies: 3
Views: 2386

Re: The Dude 64bit version?

Hi,

Thanks for your answer sergejs, Does MikroTik have any plans for a 64bit version in the future or will you be able to recompile the existing in an 64bit edition?
by TKITFrank
Tue Jan 26, 2010 8:08 am
Forum: The Dude
Topic: The Dude 64bit version?
Replies: 3
Views: 2386

The Dude 64bit version?

Hi, We have a Windows Server 2008 R2 64bit and I would like to keep it running 64bit applications if possible. So my question is will there be a 64bit version available? I know the X86 version works but as stated before I would like to avoid using 32bit applications on my server. Thanks in advance :)
by TKITFrank
Mon Oct 19, 2009 4:56 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Yes they can still use "Internet" my "address-list" is for my monitoring only.
Is that port not only for incoming connections?
by TKITFrank
Mon Oct 19, 2009 3:35 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

I just did on the test machine (Netbook) It was a clean install from the factory and a new install of uTorrent.
My previous setup was an old test laptop but the results seem to be the same :)
by TKITFrank
Mon Oct 19, 2009 2:28 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

It can list how many seeders there is. But non get connected.
I can't open it to try to get some connections becourse it's in production environment.

So I think it still works. :)
Feel free to test the rules if it works for you.
by TKITFrank
Mon Oct 19, 2009 12:38 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Nope no joy, I am currently downloading the complete RouterOS torrent but it is all red... And I have encryption to Forced. I have waited 7,30min at the moment. Any ideas how to bypass? Or a link to a torrent that will work perhaps? Most VPN will not work with my current setup. SSL-VPN will work how...
by TKITFrank
Mon Oct 19, 2009 12:23 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

If I am not mistaken I did just that. Can you have encrypted otherwise? :S
I will try it in an hour or two to confirm this.
by TKITFrank
Mon Oct 19, 2009 12:17 pm
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Tried uTorrent (Encrypted and non encrypted) and the PriateBay, Also tired to download RouterOS from mikrotik torrent. No luck :) Did a test in June this year. I have not tested if the new client drops as well. But i drop a load of packages so i guess it is still working. :) I want to use the Web-Pr...
by TKITFrank
Mon Oct 19, 2009 11:21 am
Forum: General
Topic: how block connection of p2p?
Replies: 291
Views: 153593

Re: how block connection of p2p?

Hi, I did need to block all P2P and did sort of like Chupaka said. My basic setup i based on http://wiki.mikrotik.com/wiki/Dmitry_on_firewalling But I have made some modifications. My setup tagges also encrypted packages (SSL) on non SSL ports. This will however not block P2P that uses 443. But ther...
by TKITFrank
Thu Aug 20, 2009 1:13 pm
Forum: General
Topic: How can I hide proxy headers?
Replies: 27
Views: 6650

Re: How can I hide proxy headers?

That is also true, There are definitely more things that the proxy provide beside security. It's just in my case more interesting to do security when we don't have a capacity issue. That's all... I think if it is possible to have a separate package that implements more advanced proxy features would ...
by TKITFrank
Mon Aug 17, 2009 5:10 pm
Forum: General
Topic: How can I hide proxy headers?
Replies: 27
Views: 6650

Re: How can I hide proxy headers?

Okay :( My primary concern was more security related. Not to give off to much info. I agree it's not intended as a UTM box ;) My thoughts was perhaps something to test in the v4 beta... if it was not to much afford to make it. I personally use it as a transparent proxy without caching... Just for th...
by TKITFrank
Mon Aug 17, 2009 2:40 pm
Forum: General
Topic: How can I hide proxy headers?
Replies: 27
Views: 6650

Re: How can I hide proxy headers?

Normis is this something MikroTik will look into or is it case closed? ;)
by TKITFrank
Wed Aug 05, 2009 12:09 am
Forum: General
Topic: Identify/Block ISA server (or any proxy) behind Hotspot
Replies: 5
Views: 852

Re: Identify/Block ISA server (or any proxy) behind Hotspot

Well thats the deal, I want to make sure that no one is able to install one behind my Mikrotik.
We have some schools that have computer classes and if they do install it I will loose our ability to monitor them. :(
by TKITFrank
Tue Aug 04, 2009 6:13 pm
Forum: General
Topic: Identify/Block ISA server (or any proxy) behind Hotspot
Replies: 5
Views: 852

Re: Identify/Block ISA server (or any proxy) behind Hotspot

No one that have a clue how to identify that proxy? :(
by TKITFrank
Tue Aug 04, 2009 6:10 pm
Forum: General
Topic: How can I hide proxy headers?
Replies: 27
Views: 6650

Re: How can I hide proxy headers?

I think that the "hiding/breaking thing" would be a great thing :) There is no need to advertise what system you have. If you can't remove all then at least remove... HTTP_VIA=1.1 192.168.1xx.2xx (Mikrotik HttpProxy) HTTP_VIA=1.1 192.168.1xx.2xx Then people can't check sites like http://www.lagado.c...
by TKITFrank
Fri Jul 24, 2009 1:05 pm
Forum: General
Topic: Identify/Block ISA server (or any proxy) behind Hotspot
Replies: 5
Views: 852

Re: Identify/Block ISA server (or any proxy) behind Hotspot

Hi! Well we have 2 setups roughly speaking... The "normal" network and the "isolated" network. The isolated network is protected by a RB1000 handling a "unsecure" wireless network and also a wired hostspot network (This is due to we have implemented 802.1x on all ports on our switches to prevent non...
by TKITFrank
Tue Jul 07, 2009 4:06 pm
Forum: General
Topic: Identify/Block ISA server (or any proxy) behind Hotspot
Replies: 5
Views: 852

Identify/Block ISA server (or any proxy) behind Hotspot

Hi, Is there any way to block users from using a ISA server behind the hotspot? The issue is that if the ISA server is allowed by one user login then all clients behind is also allowed. Since all users share the same IP and MAC address. We have a school with a computer class that might possibly use ...