Community discussions

MikroTik App

Search found 98 matches

by kenyloveg
Thu Jun 22, 2023 6:57 am
Forum: Announcements
Topic: v7.10, 7.10.1 and more [stable] are released!
Replies: 369
Views: 129413

Re: v7.10 [stable] is released!

previous (7.9.x) ikev2 site to site is not working on 7.10 (upgraded from 7.9.x)
already reported through support, still no feedback
by kenyloveg
Thu Jun 15, 2023 10:40 pm
Forum: RouterOS beta
Topic: some quick comments on configuring cake
Replies: 285
Views: 102296

Re: some quick comments on configuring cake

Just curious, @kenyloveg, but do you have 1gb up and down, or do you have 1.5gb up and down? /queue type add cake-memlimit=64.0MiB cake-rtt=60ms kind=cake name=cake_rx add cake-memlimit=64.0MiB cake-rtt=60ms kind=cake name=cake_tx /queue tree add bucket-size=0 max-limit=1550M name=cake_download pac...
by kenyloveg
Thu Jun 15, 2023 7:20 pm
Forum: Announcements
Topic: v7.10, 7.10.1 and more [stable] are released!
Replies: 369
Views: 129413

Re: v7.10 [stable] is released!

*) bridge - fixed HW offloaded STP state on port disable; *) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8 ); *) bridge - fixed incorrect host moving between ports with enabled FastPath; setup before upgrade too 7.10 (before is 7.8) STP ...
by kenyloveg
Tue Jun 13, 2023 9:24 pm
Forum: RouterOS beta
Topic: some quick comments on configuring cake
Replies: 285
Views: 102296

Re: some quick comments on configuring cake

After some tunings (keep settings as simple as possible), Bell 1Gbps results are here PS:with fasttrack on (RB5009, total CPU around 50% when testing) /queue type add cake-memlimit=64.0MiB cake-rtt=60ms kind=cake name=cake_rx add cake-memlimit=64.0MiB cake-rtt=60ms kind=cake name=cake_tx /queue tree...
by kenyloveg
Thu Jun 01, 2023 6:24 am
Forum: RouterOS beta
Topic: some quick comments on configuring cake
Replies: 285
Views: 102296

Re: some quick comments on configuring cake

Hey, guys Here is my config, Rogers 1.5Gbps/50Mbps (docsis based, real speed dropped to 650Mbps/30Mbps these days), fast track enabled, modem set to bridge mode linked with 2.5G (2.5G port on Rogers modem to 2.5G port on hap ax3) /queue type add cake-diffserv=besteffort cake-memlimit=254.0MiB cake-m...
by kenyloveg
Sat Feb 04, 2023 7:54 am
Forum: Wireless Networking
Topic: MikroTik hAP ax3 poor WiFi performance
Replies: 258
Views: 47506

Re: MikroTik hAP ax3 poor WiFi performance

I had poor speed (35MB/s files copy from lan NAS) when 2.5Gbps was bridged with wireless. Speed did go up to download=85MB/S upload=35MB/s after remove 2.5G port from bridge. I suspect this may be about default TX RX flow control (all off on interface). My laptop wireless card is AX200, 1 wall betwe...
by kenyloveg
Tue Oct 25, 2022 9:02 pm
Forum: Announcements
Topic: v7.6 [stable] is released!
Replies: 279
Views: 142542

Re: v7.6 [stable] is released!

or better, removing all useless parts, if you put this on ppp profile / scripts / on up:
/ip firewall nat set [find where comment="src-nat"] to-addresses=$"local-address"
If "local-address" would never be broken, this should be the best way.
Thank you.
by kenyloveg
Tue Oct 25, 2022 9:01 pm
Forum: Announcements
Topic: v7.6 [stable] is released!
Replies: 279
Views: 142542

Re: v7.6 [stable] is released!

or better, removing all useless parts, if you put this on ppp profile / scripts / on up:
/ip firewall nat set [find where comment="src-nat"] to-addresses=$"local-address"
If "local-address" would never be broken, this should be the best way.
Thank you.
by kenyloveg
Tue Oct 25, 2022 5:36 pm
Forum: Announcements
Topic: v7.6 [stable] is released!
Replies: 279
Views: 142542

Re: v7.6 [stable] is released!

My scripts in /ppp/profile is randomly not working anymore after upgraded to 7.6 :global new :global old :global status :set status [/interface get [/interface find name=("pppoe-out1")] running] :if ($status=true) do={ :set new [/ip address get [/ip address find dynamic=yes interface=(&quo...
by kenyloveg
Thu Oct 20, 2022 8:43 am
Forum: Announcements
Topic: v7.6 [stable] is released!
Replies: 279
Views: 142542

Re: v7.6 [stable] is released!

The ugly premission denied issue seems still exist in 7.6 I'm able to run adguardhome without errors, until I edit AdguardHome.yaml to set upstream_dns_file: disk1/adguardhome/conf/greatfire.txt Then log report permission denied error. No more issues by uploading file through sftp, instead of ftp.
by kenyloveg
Wed Oct 19, 2022 8:03 pm
Forum: Announcements
Topic: v7.6 [stable] is released!
Replies: 279
Views: 142542

Re: v7.6 [stable] is released!

The ugly premission denied issue seems still exist in 7.6
I'm able to run adguardhome without errors, until I edit AdguardHome.yaml to set upstream_dns_file: disk1/adguardhome/conf/greatfire.txt
Then log report permission denied error.
by kenyloveg
Tue Sep 06, 2022 6:35 pm
Forum: Announcements
Topic: v7.5 [stable] is released!
Replies: 219
Views: 68956

Re: v7.5 [stable] is released!

According the help page
https://help.mikrotik.com/docs/display/ROS/Container
/container/set 0 start-on-boot=yes
while i get bad command
by kenyloveg
Thu Mar 31, 2022 5:49 pm
Forum: Announcements
Topic: v7.1.4 and v7.1.5 is released!
Replies: 202
Views: 39493

Re: v7.1.4 and v7.1.5 is released!

Forward in dns static still doesn't work when only DoH server is enabled.
by kenyloveg
Tue Dec 21, 2021 8:56 am
Forum: RouterOS beta
Topic: DNS issues v7.1
Replies: 10
Views: 4544

Re: DNS issues v7.1

So if your Setup Is correct from the client side of DOH there are 3 things to check. 1 - Certificate 2 - NTP 3- DOH Server address If none of the above then I don't think it's on your end. For #3 Make sure your server address (/ip/dns/static) matches the fastest address searched your SSL by https:/...
by kenyloveg
Mon Nov 22, 2021 4:12 am
Forum: RouterOS beta
Topic: v7.1rc6 [development] is released!
Replies: 145
Views: 56334

Re: v7.1rc6 [development] is released!

I've been running 7.1rc6 on RB5009 and HAP AC2, with simple preshared key ikev2 site to site setup.
Everything is fine except hardware acceleration did not work, or downgraded (20-40% CPU compared to 15% CPU on previous stabled build)
by kenyloveg
Fri Sep 10, 2021 6:06 am
Forum: Containers
Topic: v7.1rc3 adds container support
Replies: 493
Views: 161666

Re: v7.1rc3 adds Docker (TM) compatible container support

For me, if Mikrotik implemented competitve DNS module to pihole/adguardhome/or any dns forwarders with DOH/DOT... support, I would not lay my hands on docker.
It may not be the right direction, just my 2 cents.
by kenyloveg
Thu Nov 19, 2020 2:14 pm
Forum: Scripting
Topic: Need help to modify a script
Replies: 3
Views: 1053

Re: Need help to modify a script

BTW, I've already setup my email settings.
/tool e-mail
set address=smtp.xxxx.net from=sender@smtpserver.net password=xxxxx port=465 start-tls=tls-only user=receiver@receivermail.net
by kenyloveg
Thu Nov 19, 2020 2:08 pm
Forum: Scripting
Topic: Need help to modify a script
Replies: 3
Views: 1053

Need help to modify a script

Hi guys, Recently I'm having problems with my ISP, they are deploying NAT to save IPV4 address instead of moving to IPV6. I used to have a script in /system/schedule to change NAT address ip. :global new :global old :global status :set status [/interface get [/interface find name=("pppoe-out1&q...
by kenyloveg
Sun May 10, 2020 6:19 pm
Forum: Useful user articles
Topic: Using RouterOS to QoS your network - 2020 Edition
Replies: 275
Views: 504227

Re: Using RouterOS to QoS your network - 2020 Edition

My network only have two devices connect to one HAP AC2 through 2 RJ45 cable.(one is an openwrt router, and other is windows 7 computer) What is the most effecient way to make windows 7 computer the higher priority than the other? Maybe something like mac/ether port based QoS can be easily set up? ...
by kenyloveg
Sat May 09, 2020 4:48 pm
Forum: Useful user articles
Topic: Using RouterOS to QoS your network - 2020 Edition
Replies: 275
Views: 504227

Re: Using RouterOS to QoS your network - 2020 Edition

My network only have two devices connect to one HAP AC2 through 2 RJ45 cable.(one is an openwrt router, and other is windows 7 computer) What is the most effecient way to make windows 7 computer the higher priority than the other? Maybe something like mac/ether port based QoS can be easily set up? (...
by kenyloveg
Sun Mar 29, 2020 10:29 am
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 179754

Re: v6.47beta [testing] is released!

DoH is a nightmare and I don't understand why it is supported by Mikrotik. After HTTS become standard, your ISP did not anymore see what you was surfing on, but up until DoH or other solution are in place, then they can always look at your DNS request on port 53. They will not see what your read, b...
by kenyloveg
Thu Oct 17, 2019 5:20 am
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 173
Views: 80906

Re: Feature request - DNSCrypt support...

Nothing I can see. But it's early beta and the main goal is to have new kernel, not so much new features, even though there are some (not for DNS).
Thank you.
by kenyloveg
Mon Oct 14, 2019 7:02 am
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 173
Views: 80906

Re: Feature request - DNSCrypt support...

Never tried V7 beta, something new in the DNS section?
by kenyloveg
Mon Apr 15, 2019 7:39 am
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 173
Views: 80906

Re: Feature request - DNSCrypt support...

Can we just holding back these advanced fancy DNS standards, but support setting up non-standard tcp/udp port in /ip dns? Just a little update in 6.45, or maybe 6.46... DNS pollution(intercept plain text like google from udp 53 port then return 127.0.0.1) is very easy way for a ISP to do if mikroti...
by kenyloveg
Thu Mar 14, 2019 3:50 pm
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 173
Views: 80906

Re: Feature request - DNSCrypt support...

Can we just holding back these advanced fancy DNS standards, but support setting up non-standard tcp/udp port in /ip dns? Just a little update in 6.45, or maybe 6.46... DNS pollution(intercept plain text like google from udp 53 port then return 127.0.0.1) is very easy way for a ISP to do if mikrotik...
by kenyloveg
Sat Feb 09, 2019 9:31 am
Forum: General
Topic: L2TP reconnection problem after Internet disruption
Replies: 9
Views: 4916

Re: L2TP reconnection problem after Internet disruption

Exact same issue here.
RouterOS 6.43.11
by kenyloveg
Tue Jan 29, 2019 10:54 am
Forum: General
Topic: L2TP in mangle not working after changed PCC rules
Replies: 3
Views: 1484

Re: L2TP in mangle not working after changed PCC rules

Ok, I've managed it to work now. modified rules are below, hope this will help others having the same problem. add action=mark-connection chain=prerouting new-connection-mark=l2tptolan passthrough=yes add action=mark-routing chain=prerouting connection-mark=l2tptolan dst-address-list=!cnlist dst-add...
by kenyloveg
Tue Jan 29, 2019 3:20 am
Forum: General
Topic: L2TP in mangle not working after changed PCC rules
Replies: 3
Views: 1484

Re: L2TP in mangle not working after changed PCC rules

Ok, it's not working.
Can someone take a look and help me out?
Thanks.
by kenyloveg
Mon Jan 28, 2019 3:27 pm
Forum: General
Topic: IKEv2 site to site between 2 Mikrotik
Replies: 10
Views: 3630

Re: IKEv2 site to site between 2 Mikrotik

After rebuild my PCC rules, I've managed to fix the problem.
viewtopic.php?f=2&t=144626

Thanks.
by kenyloveg
Mon Jan 28, 2019 3:20 pm
Forum: General
Topic: L2TP in mangle not working after changed PCC rules
Replies: 3
Views: 1484

Re: L2TP in mangle not working after changed PCC rules

ok, I replaced this l2tp rule add action=mark-routing chain=prerouting dst-address-list=!cnlist dst-address-type=!local new-routing-mark=l2tp passthrough=yes src-address-list=local with below add action=mark-connection chain=forward connection-mark=no-mark dst-address-list=!cnlist dst-address-type=!...
by kenyloveg
Mon Jan 28, 2019 10:30 am
Forum: General
Topic: L2TP in mangle not working after changed PCC rules
Replies: 3
Views: 1484

L2TP in mangle not working after changed PCC rules

Hi, Guys I've rebuild my PCC rules according to https://mum.mikrotik.com/2019/VN/agenda, the problem is l2tp routing is not working anymore. Here is my old config, l2tp routing is working without any problems. /ip firewall mangle add action=mark-connection chain=prerouting in-interface=ether2-wan1 n...
by kenyloveg
Wed Jan 23, 2019 5:06 pm
Forum: General
Topic: IKEv2 site to site between 2 Mikrotik
Replies: 10
Views: 3630

Re: IKEv2 site to site between 2 Mikrotik

Hi, @sindy Thanks for you reply. 1. I've searched out the forum, I've noticed the fasttrack problem related to IPsec. You need place accept IPsec protocal rule before fasttrack. But, I'm not using fasttrack and I don't need to use it (HAP A2 or RB4011 can handle far more than 500Mbps NAT). 2. The ex...
by kenyloveg
Wed Jan 23, 2019 1:52 pm
Forum: General
Topic: Strange IPsec problem [SOLVED]
Replies: 9
Views: 2639

Re: Strange IPsec problem [SOLVED]

Hi, @sindy
I think my problem is related to what you mentioned. Woule you tell me what exactly I should do to solve this?
viewtopic.php?f=2&t=144242
Thanks.
by kenyloveg
Wed Jan 23, 2019 2:28 am
Forum: General
Topic: IKEv2 site to site between 2 Mikrotik
Replies: 10
Views: 3630

Re: IKEv2 site to site between 2 Mikrotik

Hi, @JohnTRIVOLTA Thanks for your replay. But I still think you are missing the point, I can ping lan devices under responder from lan device under initiator without any lose, which means PCC setting should be fine (it is, for the last 5 year.) Well, I changed "both address and ports" to &...
by kenyloveg
Tue Jan 22, 2019 4:56 pm
Forum: General
Topic: IKEv2 site to site between 2 Mikrotik
Replies: 10
Views: 3630

Re: IKEv2 site to site between 2 Mikrotik

Hi, @JohnTRIVOLTA Please read my first post. My problem is access smb share from initiator side (Router 2 RB4011) is very slow, I can barely browse folder but can't open any folder or file, ping is fine no lost. I did same test today, this time from responder side (Router 2 HAP AC2), smb share is fi...
by kenyloveg
Tue Jan 22, 2019 5:19 am
Forum: General
Topic: IKEv2 site to site between 2 Mikrotik
Replies: 10
Views: 3630

Re: IKEv2 site to site between 2 Mikrotik

Hi, @JohnTRIVOLTA Did you ever looked in my config? Router 1 (HAP AC2 as responder) /ip firewall filter add action=accept chain=forward ipsec-policy=in,ipsec add action=accept chain=forward ipsec-policy=out,ipsec /ip firewall nat add action=accept chain=srcnat dst-address=192.168.100.0/24 src-addres...
by kenyloveg
Mon Jan 21, 2019 4:45 pm
Forum: General
Topic: IKEv2 site to site between 2 Mikrotik
Replies: 10
Views: 3630

Re: IKEv2 site to site between 2 Mikrotik

really hoping someone can point out what I'm doing wrong :(
by kenyloveg
Fri Jan 18, 2019 3:46 pm
Forum: General
Topic: IKEv2 site to site between 2 Mikrotik
Replies: 10
Views: 3630

IKEv2 site to site between 2 Mikrotik

Hi, Guys I've managed to create a site to site IPsec/IKEv2 connection between 2 Mikrotik device (HAP AC2 and RB4011). Here is Router 1 (HAP AC2) config: /interface bridge add name=bridge1 protocol-mode=none /interface ethernet set [ find default-name=ether2 ] loop-protect=off name=ether2-wan1 set [ ...
by kenyloveg
Sat Jan 12, 2019 6:28 pm
Forum: General
Topic: L2TP/IPSEC as a client to VPN providers
Replies: 12
Views: 2345

Re: L2TP/IPSEC as a client to VPN providers

Hi, @pcunite Thanks for your reply again. But you are still missing my point, there is no such L2TP server stuff in my configuration. I'm talking about create a L2TP client over IPsec to a VPN provider (which means I'm on client side). I'm doing this by: /ip ipsec peer add address=l2tpipsecsrv1ipadd...
by kenyloveg
Sat Jan 12, 2019 9:43 am
Forum: General
Topic: L2TP/IPSEC as a client to VPN providers
Replies: 12
Views: 2345

Re: L2TP/IPSEC as a client to VPN providers

Hi, @pcunite I'd like to thanks for your replay first :) If you guys ever read my first post, you can see: I can establisha IPSEC connection to VPN service provider, and get a dynamic address (192.168.10.21) from server: /ip ipsec remote-peers> print Flags: R - responder, N - natt-peer # ID STATE RE...
by kenyloveg
Fri Jan 11, 2019 3:26 am
Forum: General
Topic: L2TP/IPSEC as a client to VPN providers
Replies: 12
Views: 2345

Re: L2TP/IPSEC as a client to VPN providers

1. I set 1 hr because I know exactly the server side had the same 1 hr set.
2 Do not mess with L2TP-out1 interface stuff, It’s IPSec peer setting, please read my config again
Thanks for your reply.
by kenyloveg
Thu Jan 10, 2019 6:01 pm
Forum: General
Topic: L2TP/IPSEC as a client to VPN providers
Replies: 12
Views: 2345

Re: L2TP/IPSEC as a client to VPN providers

I'm trying to switch to L2TP over IPsec from L2TP (without IPsec, currently working but drops every hour)
by kenyloveg
Thu Jan 10, 2019 5:40 pm
Forum: General
Topic: L2TP/IPSEC as a client to VPN providers
Replies: 12
Views: 2345

Re: L2TP/IPSEC as a client to VPN providers

@pe1chl
Please understand I'm not talking about "/interface L2TP client", It's not working when i check "use IPsec". L2TP (without IPsec) is not stable, usually drop connection every hour in my place.
by kenyloveg
Thu Jan 10, 2019 5:26 pm
Forum: General
Topic: L2TP/IPSEC as a client to VPN providers
Replies: 12
Views: 2345

L2TP/IPSEC as a client to VPN providers

Hi, Guys I'm having problems with RouterOS connecting to VPN providers with IPSEC as a client. Here is my config: /interface bridge add name=bridge1 protocol-mode=none /interface ethernet set [ find default-name=ether1 ] disabled=yes set [ find default-name=ether2 ] loop-protect=off name=ether2-wan ...
by kenyloveg
Tue Jan 08, 2019 6:19 pm
Forum: Wireless Networking
Topic: rb4011 wireless version setting / reboot automatically
Replies: 29
Views: 9396

Re: rb4011 wireless version setting / reboot automatically

i have the exact same random reboot problem, now changed logging into disk see what happened. will repoart back here.
by kenyloveg
Sat Jan 05, 2019 2:47 pm
Forum: General
Topic: l2tp client keep getting errors
Replies: 0
Views: 814

l2tp client keep getting errors

Hi, Guys Need some help to make my l2tp client routing works. Here is my config (most related part) /interface bridge add name=bridge1 protocol-mode=none /interface ethernet set [ find default-name=ether1 ] disabled=yes set [ find default-name=ether2 ] loop-protect=off name=ether2-wan set [ find def...
by kenyloveg
Tue Jan 01, 2019 3:21 pm
Forum: General
Topic: Route Certain website through IPSEC tunnel
Replies: 3
Views: 1290

Re: Route Certain website through IPSEC tunnel

managed to seprate traffice to pppoe-out1 and l2tp-out1 based on geoIPs.
Thanks guys.
by kenyloveg
Tue Jan 01, 2019 3:19 pm
Forum: General
Topic: ROS as a IKEV2 client support EAP-MSChAPv2?
Replies: 3
Views: 2379

Re: ROS as a IKEV2 client support EAP-MSChAPv2?

Thanks.
Confirmed EAP authentication as initiator is not possible for IKEv2. Not untill V7. plz lock this thread up.
by kenyloveg
Sun Dec 30, 2018 6:09 am
Forum: General
Topic: ROS as a IKEV2 client support EAP-MSChAPv2?
Replies: 3
Views: 2379

Re: ROS as a IKEV2 client support EAP-MSChAPv2?

Hi, guys
I've been searching around both google and wiki pages. Can someone tell me Router support EAP-Mschapv2(no certificate but username and pass only) as a IPSEC client?
Thanks.
by kenyloveg
Sat Dec 15, 2018 3:26 pm
Forum: General
Topic: ROS as a IKEV2 client support EAP-MSChAPv2?
Replies: 3
Views: 2379

ROS as a IKEV2 client support EAP-MSChAPv2?

Hi, guys I've bee testing IPSEC with IKEV2. One of VPN provider has IKEV2 service with user name and password only (also indicated MSCHAPv2 only, and remote id xxxxx for IOS). I could fina a way to setup IPSEC user in RouterOS as client (no such EAP-MSChapV2 option), log shows authentication fail. I...
by kenyloveg
Sun Dec 09, 2018 5:50 pm
Forum: General
Topic: Route Certain website through IPSEC tunnel
Replies: 3
Views: 1290

Re: Route Certain website through IPSEC tunnel

or even no need to play with CHR image, but use VPC endpoint (AWS private link)?
viewtopic.php?t=87844

Edit, this way need static IP address for my router (to set client gateway IP in AWS VPN setting)
So still go back to CHR
by kenyloveg
Sun Dec 09, 2018 4:16 pm
Forum: General
Topic: Route Certain website through IPSEC tunnel
Replies: 3
Views: 1290

Route Certain website through IPSEC tunnel

Hi, Guys I've done some research this weekend, but still have no idea how to do with this case. I've hosted a CHR image on AWS (with static IPV4 and /ip cloud enabled), and turned all traffic on (inbound and outboud in AWS control pannel) CHR (can pin test 8.8.8.8, also winbox access from my home). ...
by kenyloveg
Sun Jun 03, 2018 3:17 pm
Forum: RouterBOARD hardware
Topic: RB951G-2HnD - boot loop after upgrade
Replies: 2
Views: 1279

Re: RB951G-2HnD - boot loop after upgrade

I had the same situation like you, netinstall will fix it.
by kenyloveg
Sat Dec 09, 2017 10:55 am
Forum: RouterBOARD hardware
Topic: RB962UiGS-5HacT2HnT (hAP ac) + UAP-AC-LR: PoE??? [SOLVED]
Replies: 8
Views: 3273

Re: RB962UiGS-5HacT2HnT (hAP ac) + UAP-AC-LR: PoE??? [SOLVED]

@Steveocee, you did mean Wireless devices under AC-LR to WAN speed, and i was talking about LAN to LAN (wireless device under AC-LR talking to other LAN devices connected to HAP AC) For example, playback bluray moveis by using KODI app on a iPad (connected to AC-LR, NFS file server is connected to a...
by kenyloveg
Fri Dec 08, 2017 2:20 pm
Forum: RouterBOARD hardware
Topic: RB962UiGS-5HacT2HnT (hAP ac) + UAP-AC-LR: PoE??? [SOLVED]
Replies: 8
Views: 3273

Re: RB962UiGS-5HacT2HnT (hAP ac) + UAP-AC-LR: PoE??? [SOLVED]

simply answer your question, AC-LR works with HAP AC port 5.
But, the bandwith of this kind of connection is lower compared to attach LR to a gigabyte port switch.(if you don't have other gigabyte switch connected to HAP AC, then never mind)
by kenyloveg
Tue Mar 07, 2017 2:48 pm
Forum: RouterBOARD hardware
Topic: PPPoE performance issue on RB750Gr3/RB951G/RB962...
Replies: 3
Views: 3829

Re: PPPoE performance issue on RB750Gr3/RB951G/RB962...

After upgrading RB750Gr3 to 6.39rc41,finally speedtest results hit 228Mbps, CPU load is about 38%-40%.
Now I'm going to seeding 500 more torrents for about 1 week see if the device can handle, then go to upgrade HAP AC/RB951G to check the same.
Thanks mikrotik for fixing this issue.
by kenyloveg
Sun Nov 27, 2016 8:02 am
Forum: RouterBOARD hardware
Topic: PPPoE performance issue on RB750Gr3/RB951G/RB962...
Replies: 3
Views: 3829

Re: PPPoE performance issue on RB750Gr3/RB951G/RB962...

By the way, I've check MSS with my laptop dialup, exact the 1414+28=1442, MRU is 1480.
2 ethernet cable speed are all 1Gbs (lan and wan ether)
by kenyloveg
Sun Nov 27, 2016 8:00 am
Forum: RouterBOARD hardware
Topic: PPPoE performance issue on RB750Gr3/RB951G/RB962...
Replies: 3
Views: 3829

PPPoE performance issue on RB750Gr3/RB951G/RB962...

Hi, I'm reporting this cuz i've already tried same configuration on RB750Gr3, RB951G, HAP AC and get same fail results. [admin@MikroTik] > export hide-sensitive # nov/27/2016 13:21:11 by RouterOS 6.38rc37 # software id = XXXX-XXXX # /interface ethernet set [ find default-name=ether1 ] disabled=yes s...
by kenyloveg
Thu Nov 24, 2016 2:44 pm
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 98034

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

Any one get more than 140 Mbps over PPPoE client (simple NAT without other rules)? I can't, like HAP AC
Strange thing is CPU load can't exceed 35%. I doubt ROS has pppoe client performance issue. (tried same config on RB951G. HAP AC, RB750Gr3)
by kenyloveg
Mon Jul 11, 2016 6:29 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 538
Views: 196645

Re: HAP AC

Hi, guys  The NAT performance reaches 220Mbps (which is my FTTH) finally, after i attached HAP AC to my old netgear R7000's lan port, use quickset to automatic get DHCP IP address from R7000. That proves the NAT performance isn't limited to 120Mbps. CPU hit around 75% when fast track disabled, and a...
by kenyloveg
Mon Jul 11, 2016 3:52 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 538
Views: 196645

Re: HAP AC

Hi, macgaiver
 What encryption you mean? Those mschap/pap/... under pppoe client settings?
Security profile need to be without encryption.
Would you post your exported configuration? I go check these settings soon.
Thanks
by kenyloveg
Mon Jul 11, 2016 3:31 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 538
Views: 196645

Re: HAP AC

Even fast track is chekced, the NAT speed are exactly the same when it is not enabled. If a performance feature has no improve on performance, what's the meaning of enabled or not?  Did your HAP AC can exceed 200Mbps NAT? Thanks. 1) with pppoe you need RouterOS version at least 6.35, and make sure ...
by kenyloveg
Mon Jul 11, 2016 3:02 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 538
Views: 196645

Re: HAP AC

Most likely, the root cause should be fast track/path was broken on HAP AC. Any comment? Thanks Mine is working just fine. 1) what interfaces are involved in testing? Ip pppoe make sure that you have version that have pppoe fastpath support added, if wireless make sure that you are running proper w...
by kenyloveg
Mon Jul 11, 2016 1:53 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 538
Views: 196645

Re: HAP AC

Well, i did some verifying and report back here. 1. Replaced another HAP AC(when temp indicates 36C) with same configuration, still the same results 2. Replaced HAP AC with RB951G, NAT speed down to 106Mbps, but after manually enable fast track, it goes up to 130Mbps /ip firewall filter add chain=fo...
by kenyloveg
Fri Jul 08, 2016 5:08 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 538
Views: 196645

Re: HAP AC

Hi, guys  I received my 2 HAP AC few days ago, did some test. I have 200Mbps/20Mbps at home, which was supported by netgear R7000(uTorrent download get around 25MB) But after everything i tried, my new HAP AC still can't exceed 125 Mbps, which is not acceptable for me. Everytime I test on speedtest,...
by kenyloveg
Tue Apr 26, 2016 4:24 am
Forum: RouterBOARD hardware
Topic: HAP AC faulty seriers - very poor LAN performance? (switch problem)
Replies: 77
Views: 35956

Re: HAP AC faulty seriers - very poor LAN performance? (switch problem)

Thanks @TaurusThree for your test.
Can anybody else own a HAP AC confirm this issue?
How long would it take Mikrotik guys to confirm this and release a firmware/software fix? I'm holding to buy some HAP AC while this faulty is not acceptable for me.
by kenyloveg
Tue Feb 23, 2016 4:27 am
Forum: General
Topic: my PCC dual wan initial setup won't work
Replies: 15
Views: 4708

Re: my PCC dual wan initial setup won't work

Reworked the mangle rules, according to "Steve Discher presentation at MUM US 12" pdf, removed DNS 53 port filter cuz i don't "Allow remote DNS requests". Here are the exported configs, for those newbies like me to start a ROS from scratch. [admin@MikroTik] > export compact hide-...
by kenyloveg
Sat Feb 06, 2016 3:10 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 538
Views: 196645

Re: HAP AC

For my personal choice only, I would pick up a SOHO router from ASUS AC-68U/Netgear R7000/RouterBoard with high power AC protocol. Serving a 200 Mbps EPON in China...
by kenyloveg
Fri Feb 05, 2016 6:35 pm
Forum: General
Topic: my PCC dual wan initial setup won't work
Replies: 15
Views: 4708

Re: my PCC dual wan initial setup won't work

Hi, Caci99
just one question, anyway to test PCC works or not? I mean i need to know traffic are both going through WAN1 and WAN2 equally, or most are. Thanks
by kenyloveg
Thu Feb 04, 2016 6:35 pm
Forum: General
Topic: my PCC dual wan initial setup won't work
Replies: 15
Views: 4708

Re: my PCC dual wan initial setup won't work

Hi, @Caci99 The router runs well today, i may do more configuration test tomorrow. 1. add both port forwarding and uPnP to this router, then VPNs (OpenVPN, PPTP, IKEV2...) on both WANs. 2. Stick clients (or certain inside lan IP, ports, mac) to use dedicated output WAN route. 3. Automatic block IP b...
by kenyloveg
Wed Feb 03, 2016 1:15 pm
Forum: General
Topic: my PCC dual wan initial setup won't work
Replies: 15
Views: 4708

Re: my PCC dual wan initial setup won't work

It works! I re-worked the mangle rules as you typed. Then, rechecked the masquerade rule, modified it from /ip firewall mangle add chain=prerouting out-interface=ether7-wan1 action=masquerade add chain=prerouting out-interface=ether8-wan2 action=masquerade to /ip firewall mangle add chain=srcnat out...
by kenyloveg
Wed Feb 03, 2016 12:29 pm
Forum: General
Topic: my PCC dual wan initial setup won't work
Replies: 15
Views: 4708

Re: my PCC dual wan initial setup won't work

ok, i removed the pcc part fo first 2 mangle rules as you mentioned.
But I still can't ping 8.8.4.4 from my laptop, while passed from router, there must be something wrong on ether the route rule, or the mangle rules.
Thanks.
by kenyloveg
Wed Feb 03, 2016 11:14 am
Forum: General
Topic: my PCC dual wan initial setup won't work
Replies: 15
Views: 4708

Re: my PCC dual wan initial setup won't work

Hi, @Caci99 It's not working, below is exported commands: [admin@MikroTik] > export hide-sensitive # feb/03/2016 16:54:16 by RouterOS 6.34 # software id = XXXX-XXXX # /interface bridge add name=bridge1 /interface wireless set [ find default-name=wlan1 ] antenna-gain=2 antenna-mode=rxa-txb disabled=n...
by kenyloveg
Tue Feb 02, 2016 3:32 pm
Forum: General
Topic: my PCC dual wan initial setup won't work
Replies: 15
Views: 4708

Re: my PCC dual wan initial setup won't work

Nah, home now, will try it tomorrow. I'll let you know if it works or not.
Thank you.
by kenyloveg
Tue Feb 02, 2016 3:07 pm
Forum: General
Topic: my PCC dual wan initial setup won't work
Replies: 15
Views: 4708

Re: my PCC dual wan initial setup won't work

Hi, @Caci99 Thanks for your quick reply. My 2 WANs come from same ISP with exact same bandwidth and latency. For the masquerade, i do intend to use src-nat method cuz i have static wan ip, hope it should be better than masquerade. I've getting some confusion about interface stuff, like if i set dhcp...
by kenyloveg
Tue Feb 02, 2016 1:35 pm
Forum: General
Topic: my PCC dual wan initial setup won't work
Replies: 15
Views: 4708

my PCC dual wan initial setup won't work

Hi, guys I'm considering changing my router from "Tomato" to Routerboard 493AH with R52H installed, below is my configurations.. Would you help me to take a look at my configs, thanks. WAN1 IP address "112.65.129.178/30", gateway is "112.65.129.177", WAN2 IP address &qu...
by kenyloveg
Tue Aug 31, 2010 7:51 am
Forum: Beginner Basics
Topic: 2 WAN port forwarding
Replies: 27
Views: 62078

Re: 2 WAN port forwarding

Here is my configuration, the different is WAN connection type is PPPoE # aug/31/2010 12:41:07 by RouterOS 4.11 /ip firewall connection tracking set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s \ tcp-established-timeout=1d tcp-fin-wait-timeout=10s...
by kenyloveg
Tue Aug 31, 2010 6:09 am
Forum: Beginner Basics
Topic: 2 WAN port forwarding
Replies: 27
Views: 62078

Re: 2 WAN port forwarding

Hi, Guys
This solution looke really great, can anybody make a conclusion with description in WIKI?
Thanks Fewi.
by kenyloveg
Tue Aug 24, 2010 5:02 pm
Forum: General
Topic: Multiple wan with Service Port in IP firewall
Replies: 15
Views: 3354

Re: Multiple wan with Service Port in IP firewall

here you go again /ip address add address=112.65.176.174/30 broadcast=112.65.176.175 comment="" disabled=no interface=ether2 network=\ 112.65.176.172 add address=192.168.10.1/24 broadcast=192.168.10.255 comment="" disabled=no interface=ether1 network=\ 192.168.10.0 add address=19...
by kenyloveg
Tue Aug 24, 2010 10:20 am
Forum: General
Topic: Multiple wan with Service Port in IP firewall
Replies: 15
Views: 3354

Re: Multiple wan with Service Port in IP firewall

[admin@MikroTik] /ip firewall> export # jan/02/2002 02:01:52 by RouterOS 4.11 /ip firewall connection tracking set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=\ 10s tcp-syn-...
by kenyloveg
Tue Aug 24, 2010 6:03 am
Forum: General
Topic: Multiple wan with Service Port in IP firewall
Replies: 15
Views: 3354

Re: Multiple wan with Service Port in IP firewall

Thank you guys. Now I'm able to setup PCC with default load balancing policy, leave it for a while anyway. The problem is any connections trying to access service port on my ROS 4.11 seems be dropped. I can't log into ROS from winbox which I'm sure it's ok before the PCC rules implemented. I've trie...
by kenyloveg
Mon Aug 23, 2010 10:24 am
Forum: General
Topic: Multiple wan with Service Port in IP firewall
Replies: 15
Views: 3354

Re: Multiple wan with Service Port in IP firewall

The service port is for inspection so that the data tunnel can be associated with the control channel. It is irrelevant for your purposes. Look at the PCC wiki to learn how to make connections stick to a WAN circuit (mark connection in input chain, use connection marks to set routing marks, install...
by kenyloveg
Sun Aug 22, 2010 6:44 am
Forum: General
Topic: Multiple wan with Service Port in IP firewall
Replies: 15
Views: 3354

Re: Multiple wan with Service Port in IP firewall

Do i have to send email to technical support?
I'm quite sure somebody seeing this post know how to make it happens
by kenyloveg
Sat Aug 21, 2010 4:52 am
Forum: General
Topic: Multiple wan with Service Port in IP firewall
Replies: 15
Views: 3354

Re: Multiple wan with Service Port in IP firewall

The easiest thing would be to brigde PPtP with ISP B. You can Mangle packets that come from ISP A just to see if it goes at the right place.

Best Regards,
tehknox
ISP A to ISP B speed is really poor, ping latency is very high, I have to separate PPTP clients. Bridge is not useful anyway.
Thanks.
by kenyloveg
Fri Aug 20, 2010 6:59 pm
Forum: General
Topic: Multiple wan with Service Port in IP firewall
Replies: 15
Views: 3354

Re: Multiple wan with Service Port in IP firewall

Sorry kenyloveg I thought you wanted to do load balancing with the PPtP. I'll take a look at your setup and I'll give you the keys to get started. Best Regards, tehknox Hi, tehknox Thanks for your replay. With single wan port, I've already set up a Tomato PPTP client/ROS PPTP server site to site tu...
by kenyloveg
Fri Aug 20, 2010 5:45 pm
Forum: General
Topic: Multiple wan with Service Port in IP firewall
Replies: 15
Views: 3354

Re: Multiple wan with Service Port in IP firewall

Thank you tehknox
I'm not going to make load balancing thing, all devices behind ROS PPTP server should surf web from ISP A line
btw, here is my network structure
by kenyloveg
Fri Aug 20, 2010 5:15 pm
Forum: General
Topic: Multiple wan with Service Port in IP firewall
Replies: 15
Views: 3354

Multiple wan with Service Port in IP firewall

Hi, Mikrotik staff or fellows I'd like to connect my ROS PPTP server with PPTP client on Tomato. I've tested the scenario with single wan and single client, all works fine except netbios naming resolve (most likely i didn't config WINS/DNS) The real thing is I have 2 static IP line from different IS...
by kenyloveg
Thu Aug 19, 2010 4:47 pm
Forum: General
Topic: OpenVPN with Tomato VPN MOD as client
Replies: 4
Views: 3502

Re: OpenVPN with Tomato VPN MOD as client

Hi, mrz
Thanks for your reply.
The successful log file i showed to you is a Client to Server log which is between 2 Tomato routers. As i mentioned, no ROS involved.
Now you confirmed that static key (tls-auth) is not supported by RouterOS, which should be added to the Mikrotik OpenVPN wiki.
by kenyloveg
Wed Aug 18, 2010 3:10 pm
Forum: General
Topic: OpenVPN with Tomato VPN MOD as client
Replies: 4
Views: 3502

Re: OpenVPN with Tomato VPN MOD as client

To connect to Mikrotik OVPN server, you need client that supports username & password authentication. hi, mrz I'm quite sure I've already get username/password worked. Would you take a look at my post and give me some advise? http://forum.mikrotik.com/viewtopic.php?f=2&t=44289&p=223086#...
by kenyloveg
Wed Aug 18, 2010 12:28 pm
Forum: General
Topic: I know why "TLS handshake failed" happens
Replies: 2
Views: 9224

Re: I know why "TLS handshake failed" happens

here is a normal log without any problem, but no ROS involved. Just planning to replace OpenVPN server with ROS 4.11 Aug 18 08:08:07 ? daemon.warn openvpn[325]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Aug 18 08:08:07 ...
by kenyloveg
Wed Aug 18, 2010 12:20 pm
Forum: General
Topic: I know why "TLS handshake failed" happens
Replies: 2
Views: 9224

I know why "TLS handshake failed" happens

The problem is, ROS does not recognize static.key generated by openvpn --genkey --secret static.key which is required on most openvpn client side (tls-auth static.key) Below is enabled "tls-auth static.key" on client side Aug 18 17:09:48 ? user.info kernel: Universal TUN/TAP device driver ...
by kenyloveg
Tue Aug 17, 2010 11:27 am
Forum: General
Topic: OpenVPN and subnet 255.255.255.252
Replies: 2
Views: 4620

Re: OpenVPN and subnet 255.255.255.252

well, here is my network structure
This is also my approach, while I'm currently testing the way start from point to point (windows client)
by kenyloveg
Mon Aug 16, 2010 6:31 pm
Forum: General
Topic: OpenVPN and subnet 255.255.255.252
Replies: 2
Views: 4620

OpenVPN and subnet 255.255.255.252

Well, this is the very classic problem from OpenVPN. And I'm experiencing it right now. Here is my ROS 4.11 configuration: [admin@MikroTik] /ip address> print # ADDRESS NETWORK BROADCAST INTERFACE 0 D 192.168.1.108/24 192.168.1.0 192.168.1.255 ether2 1 192.168.10.1/24 192.168.10.0 192.168.10.255 eth...
by kenyloveg
Mon Aug 16, 2010 4:48 pm
Forum: General
Topic: OpenVPN with Tomato VPN MOD as client
Replies: 4
Views: 3502

OpenVPN with Tomato VPN MOD as client

Hi, Guys Just purchased my RB493 few days ago. The RB493 is planned to replace one of my Tomato (total 4) as a OpenVPN server. Now the problem is I'm keeping getting "unknown auth-alg" or "TLS handshake fail" from ROS 4.11 Few guys noticed that ROS does require authentication wit...
by kenyloveg
Sun Aug 15, 2010 2:03 pm
Forum: Beginner Basics
Topic: Basic Mikrotik Training Videos - FREE - *Update 03/15/2010*
Replies: 62
Views: 45214

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Hi, gregsowell
People like me behind the great firewall would appreciate if you can upload your videos to somewhere else for us to download.
Thank you.
by kenyloveg
Sun Mar 14, 2010 7:30 am
Forum: RouterBOARD hardware
Topic: Need professional comment to build up a set of ROS system
Replies: 6
Views: 2234

Need professional comment to build up a set of ROS system

I, guys I'm a newbie to RouterOS, but used to run Tomato firmware. Here is my purpose: RB433/RB433AH plus 2.4GHz wireless (802.11BG to mobile devices) and 5GHz wireless (Mobile PC etc). Plan is: Buy a R52N and set up dual band/SSID (1 for 2.4GHz, another for 5GHz), is it possible? Since there is onl...
by kenyloveg
Tue Jul 14, 2009 3:47 pm
Forum: RouterBOARD hardware
Topic: ROS on RouterBoard/X86 with 8 WAN port load balanced?
Replies: 1
Views: 1611

ROS on RouterBoard/X86 with 8 WAN port load balanced?

Hi, Gurus I'm totally newbie to ROS, but probably not linux. I used to run Tomato firmware on BCOM based devices as a Router, and got a lof of benefit from VPN/QoS/DDNS/Script. One of my friend is launch a office with 80 network client, which i'm not sure Tomato could handle or not (especially perfo...