Community discussions

MUM Europe 2020

Search found 85 matches

by Rockyboa
Thu Nov 28, 2019 5:20 pm
Forum: Wireless Networking
Topic: Wireless bridge hardware recommendation
Replies: 4
Views: 568

Re: Wireless bridge hardware recommendation

Thank you both for taking the time to explain. After looking at different vendor, I understand I do they achieve to configure more than one sector antenna on the same mast. obviously they synchronised the radio and make sure they listen and talk together on the same channel. Since I have been using ...
by Rockyboa
Mon Nov 25, 2019 3:42 am
Forum: Wireless Networking
Topic: Wireless bridge hardware recommendation
Replies: 4
Views: 568

Wireless bridge hardware recommendation

Hi,

I always wonder if two back to back radios such as the mAntbos24 on the same pole, should share the same channel or use different one

Martin
by Rockyboa
Wed Nov 13, 2019 8:31 pm
Forum: SwOS
Topic: Switch stack
Replies: 5
Views: 2189

Re: Switch stack

oh... yes!

We have been waiting to much for such feature. LAG across more than one switch is the feature I need the most to migrate to Mikrotik switch product.

Rock
by Rockyboa
Wed Oct 09, 2019 6:20 pm
Forum: RouterBOARD hardware
Topic: Mikrotik VDSL / DSL Modem?
Replies: 314
Views: 94732

Re: Mikrotik VDSL / DSL Modem?

Anybody tested any of those SFP modem in north america?

Rock
by Rockyboa
Tue Oct 01, 2019 4:46 pm
Forum: General
Topic: NordVPN IpSEC fragmentation issue
Replies: 7
Views: 911

Re: NordVPN IpSEC fragmentation issue

Thank you both, so I would guess that marking the connection based on the source adress list of the devices I want to be behing this VPN is my best bet. I guess a could be even more granular by actually connection marking protocol and ports! MSS. If the IP header (20 bytes) and ICMP (8Bytes) making ...
by Rockyboa
Mon Sep 30, 2019 10:51 pm
Forum: General
Topic: NordVPN IpSEC fragmentation issue
Replies: 7
Views: 911

Re: NordVPN IpSEC fragmentation issue

Zacharias, thank you for this super fast reply. I'm using IPSec mode config with a source address list, thus not having an interface. This is where I get stuck. Should I mangle against the same source address-list? There is also a parameter to set a connection mark in this mode config dialog box, mi...
by Rockyboa
Mon Sep 30, 2019 8:47 pm
Forum: General
Topic: NordVPN IpSEC fragmentation issue
Replies: 7
Views: 911

NordVPN IpSEC fragmentation issue

I have setup NordVPN accordingly to this guide https://support.nordvpn.com/Connectivity/Router/1360295132/Mikrotik-IKEv2-setup-with-NordVPN.htm Works great. But have an issue with multiple links.. I lowered the MTU on my windows10 to 1438 and since then I have no issues. I would like to use a mangle...
by Rockyboa
Thu Jun 20, 2019 8:09 am
Forum: General
Topic: Hardware VLAN [SOLVED]
Replies: 7
Views: 817

Re: Hardware VLAN [SOLVED]

Sindy, thank you for the detail information. Running through you explanation I think I do understand most of it, and indeed, if I disabled vlan filtering on the single brigde setup but leave the virtual wifi interface to tag on VLAN ID 2, it works as expected. So this single bridge configuration on ...
by Rockyboa
Wed Jun 19, 2019 4:25 pm
Forum: General
Topic: Hardware VLAN [SOLVED]
Replies: 7
Views: 817

Re: Hardware VLAN [SOLVED]

I think it will help if I post my cAP ac configureation /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \ country=canada disabled=no distance=indoors frequency=auto mode=ap-bridge \ name=wlan-2GHz ssid=AEPONYX-2GHz wireless-protocol=802.11 set [ find def...
by Rockyboa
Tue Jun 18, 2019 9:21 pm
Forum: General
Topic: Hardware VLAN [SOLVED]
Replies: 7
Views: 817

Re: Hardware VLAN [SOLVED]

At the other end of this trunk port (now with an interface VLAN and DHCP serving some IPs to my new guest VLAN), I have a hAP ac. After struggling with the first implementation of this wiki ( https://wiki.mikrotik.com/wiki/Manual:VLANs_on_Wireless I'm still unable to get this bridge vlan working cor...
by Rockyboa
Mon Jun 17, 2019 6:44 am
Forum: General
Topic: Hardware VLAN [SOLVED]
Replies: 7
Views: 817

Re: Hardware VLAN [SOLVED]

CZFan,

Thank you for this reply. So then, it will no be possible to run a dhcp server from a switch vlan nor a bridge vlan?

Rock.
by Rockyboa
Sun Jun 16, 2019 8:08 pm
Forum: General
Topic: Hardware VLAN [SOLVED]
Replies: 7
Views: 817

Hardware VLAN [SOLVED]

I'm trying to configure a simple setup using the hardware offloading feature of VLAN table inside the Atheros 8327 switch chip. First question: I have a RB1100AH router where a configure the ether5 in trunk port with untagged traffic on VLAN ID 1 and Tagged traffic on VLAN ID 2. Can I add an IP addr...
by Rockyboa
Fri May 17, 2019 7:04 pm
Forum: General
Topic: Winbox Simple Queue display change
Replies: 1
Views: 283

Winbox Simple Queue display change

Hi, recently playing with simple queues and reading / listening on different turorial I see that when a parent simple queue is added to another queue if get indent below. This is not my case and was wondering if this is a change that was made recently in winbox. Mine are shown without this indentati...
by Rockyboa
Thu Sep 06, 2018 8:48 pm
Forum: General
Topic: Radius to Microsoft IAS for VPN password characters issue
Replies: 0
Views: 302

Radius to Microsoft IAS for VPN password characters issue

Strange but would like to know if someone came across such situation After setting up PPP VPN with my internal AD using IAS service, some user were able to log some were not. After investigating a bit we believe that password containing the $ character were not able to sign in. Are they any other sp...
by Rockyboa
Fri Jul 20, 2018 6:48 pm
Forum: General
Topic: Ethernet ring protocol
Replies: 4
Views: 1129

Re: Ethernet ring protocol

+1 On MC-LAG feature!
by Rockyboa
Sun Jun 24, 2018 8:28 pm
Forum: Beginner Basics
Topic: Problem with VLANs and VLAN filtering on the Bridge [SOLVED]
Replies: 16
Views: 3768

Re: Problem with VLANs and VLAN filtering on the Bridge [SOLVED]

I'm trying to achieve the same. Starting from a defualt congif on hAP ac lite Add an ip address 192.168.89.4 to my ether4 port I have set my bridge port ether4 to pvid 10 Added the brige as a tag port on this Bridge VLAN I plug my pc into ether4 as soon as I turn on the VLAN filtering, I can no long...
by Rockyboa
Thu Mar 28, 2013 3:40 am
Forum: General
Topic: Prefered source
Replies: 3
Views: 1971

Re: Prefered source

Thank you omega for helping out. I might not be clear but I'm located on the main office router with a single WAN but with two public IP assigned to it. I'm not tying to mangle on two interfaces but trying to build a rule that will make sure that my traffic coming in my router (and ending there sinc...
by Rockyboa
Tue Mar 26, 2013 10:56 pm
Forum: General
Topic: Prefered source
Replies: 3
Views: 1971

Prefered source

I have two public IP on my WAN interface. I'm trying to build two tunnels to this interface originating from the same remote router. I think I have good chances to make this work but there is a little captcha I need to solve. on the main office WAN interface when I disable one of the IP thus changin...
by Rockyboa
Tue Mar 26, 2013 3:53 pm
Forum: General
Topic: two wan, l2tp on wan2 (routing problem)
Replies: 5
Views: 1933

Re: two wan, l2tp on wan2 (routing problem)

Same issue here, even building a route for the remote IP doesn't solve, tunnel will always instantiate from the default route. Whatever routing mark is goes over the WAN with the lowest metric and no mark
by Rockyboa
Thu Nov 08, 2012 6:39 pm
Forum: General
Topic: PPPoE Load balancing
Replies: 2
Views: 647

Re: PPPoE Load balancing

I think I should clarify that I run multiple vlan, thus multiple PPPoE, maximum connections globally I wish to limit and wish not to manage them per running instance in each VLAN.
by Rockyboa
Tue Nov 06, 2012 4:39 pm
Forum: General
Topic: PPPoE Load balancing
Replies: 2
Views: 647

Re: PPPoE Load balancing

I tought about it last night,

It would be a nice feature to add if it doesn't exist, a max-connection limit. Where can we propose such a thing as a feature request.

Martin
by Rockyboa
Mon Nov 05, 2012 11:47 pm
Forum: General
Topic: PPPoE Load balancing
Replies: 2
Views: 647

PPPoE Load balancing

We have trouble scaling up our PPPoE service. We have setup some dedicated PPPoE Mikrotik to serve our PPPoE requests, we have disabled everything else on those RB1100AH. After 800 or so we see some connection being dropped. We have put together more than one box but we usually sees on one RB1100 ge...
by Rockyboa
Wed Oct 17, 2012 10:16 pm
Forum: Beginner Basics
Topic: Star topolgy using EoIP
Replies: 0
Views: 481

Star topolgy using EoIP

I would like to configure a simple network for VoIP using EoIP tunnels. Since my primary office will bridge all connection from remote office reading in the wiki http://wiki.mikrotik.com/wiki/Manual:Interface/EoIP we can read: When bridging EoIP tunnels, it is highly recommended to set unique MAC ad...
by Rockyboa
Fri Sep 14, 2012 9:22 pm
Forum: General
Topic: Feature requests
Replies: 1185
Views: 226618

Re: Feature requests

+1 for better IPSec support.

Would like to get mode-config push pull for road warrior

http://forum.mikrotik.com/viewtopic.php?f=2&t=45516
by Rockyboa
Mon Sep 10, 2012 10:56 pm
Forum: General
Topic: One to Many NAT?
Replies: 11
Views: 3562

Re: One to Many NAT?

This is an interresting topc on Natting. I'm trying to achieve basiacally the same and just to make sure I understand clearly here is what I understand on this subject; masquerade, is a src-nat rule that will automatically use the assigned destination IP of the outgoing interface src-nat: 1:1 Nat fr...
by Rockyboa
Thu Aug 30, 2012 5:16 am
Forum: General
Topic: 2 WAN - 1 LAN no PCC
Replies: 0
Views: 488

2 WAN - 1 LAN no PCC

Very simple setup for my configuration of 2 WAN. What I'm trying to do is par of one of my LAN vlan (vlan5-dmz LAN01) I wish to send an address list (iDigit Private Subnet) to WAN02 iDigit. When I activate the following mangle rule, tracert to external IP from iDigit Private Subnet still goes throug...
by Rockyboa
Fri Apr 20, 2012 5:23 pm
Forum: RouterBOARD hardware
Topic: serial1 on RB1100
Replies: 4
Views: 1036

serial1 on RB1100

I understyand that the RB1100 has one physiccal port witch is serial0, but is it possible to use serial1? Is there a pin out on the board to add an extra DB9?
by Rockyboa
Mon Oct 24, 2011 10:08 pm
Forum: Beginner Basics
Topic: HTB wiki missing figure 8.6
Replies: 1
Views: 430

HTB wiki missing figure 8.6

Looking at the example in the HTP wiki http://wiki.mikrotik.com/index.php?title=Manual:HTB&printable=yes . The refer to figure 8.6, which suppose to include a network diagram. I would like to know what they refer has the outgoing interface for upload and download lets take the same example would the...
by Rockyboa
Mon Oct 17, 2011 6:01 pm
Forum: Virtualization
Topic: RouterOS over Citrix XenServer
Replies: 1
Views: 2881

RouterOS over Citrix XenServer

Anyone running RouterOS v5 on XenServer? hvm? I know that RouterOS 5 is no longer having a Xen aware kernel but would like some feedback about performance even though this PV support has been removed.
by Rockyboa
Thu Oct 06, 2011 9:41 pm
Forum: General
Topic: Radius backup accounting
Replies: 4
Views: 4724

Re: Radius backup accounting

Same issue here, so if an account is not recognized in the on-site radius, our central radius is also getting this request, even if we set-ip up has an accouning backup. We are getting thousand of request from all of our sites into our central radius. Is this normal behaviour or should I filled a bu...
by Rockyboa
Wed Sep 28, 2011 4:53 am
Forum: General
Topic: PPPoE Server
Replies: 5
Views: 1673

Re: PPPoE Server

Good point, how could I contact DNS without first establishing the PPPoE connection. I guess the best I could do is still use VRRP in a n+1 fashion and distributing manually those subnet across many RB1100 for example 2x /24 subnet per router and havin a hot standby in case of a unit break down. Wou...
by Rockyboa
Mon Sep 26, 2011 11:51 pm
Forum: General
Topic: PPPoE Server
Replies: 5
Views: 1673

Re: PPPoE Server

For load balancing I tought about using DNS round-robin and for redundancy VRRP (sorry.) The ISP just wish to get a gross figure of how many RB1100 or RB1200 (since just dicovered that RB1100 is eol and can't wait till RB1000AHx2 You are right about the broacast domain, but can the PPPoE server many...
by Rockyboa
Mon Sep 26, 2011 9:41 pm
Forum: General
Topic: PPPoE Server
Replies: 5
Views: 1673

PPPoE Server

Question from a customer running a small ISP of 5000 users. Is the RB1100 will handle PPPoE services correctly for this number of user, if not can someone tell me best practice or average we are looking at? Also can we use a combination of RB1100 for clustering the PPPoE server in a way that we have...
by Rockyboa
Mon Sep 26, 2011 5:38 pm
Forum: Beginner Basics
Topic: DMZ in transparent firewall using a bridge
Replies: 3
Views: 1970

Re: DMZ in transparent firewall using a bridge

Thank you very much for your valuable opinion fewi. I will then use a private subnet for my DMZ and make use of the IP firewall rules has I always did and avoid going into bridging. I would be nice from you if you can answer my remaining question about bridge interface (even though I wont use it) wi...
by Rockyboa
Sat Sep 24, 2011 5:26 am
Forum: Beginner Basics
Topic: DMZ in transparent firewall using a bridge
Replies: 3
Views: 1970

DMZ in transparent firewall using a bridge

I an attempt to save some ressources on my router, we decided to look at using, for our DMZ, a bridge. So instead of using a private subnet and do some connection tracking and natting, we bridge our WAN01 interface with our DMZ interface, we use the default name bridge1. I would like to know first, ...
by Rockyboa
Tue Aug 30, 2011 12:27 am
Forum: RouterBOARD hardware
Topic: Indoor Housing Doesn't Fit MMCX Cards Right
Replies: 13
Views: 2612

Re: Indoor Housing Doesn't Fit MMCX Cards Right

I hate to reopened such old thread, but I'm also still wainting for this USB cable pass-through cable. I haven't found a MFM indoor chasis that will let us use USB. I tought that this square hole would eventually get a USB external connector, did someone found a decent way to hook up USB devices usi...
by Rockyboa
Thu Aug 25, 2011 12:19 am
Forum: Wireless Networking
Topic: Virtual AP in defferent VLAN assigment to SSID
Replies: 1
Views: 493

Virtual AP in defferent VLAN assigment to SSID

I don't have a Mikrotik equipped with a radio card handy and I had this request today. Will it be possible from an AP to create 3 Wireless network in three diferent VLAN using three SSID.

Thank You
by Rockyboa
Tue Jul 12, 2011 4:17 am
Forum: General
Topic: Statefull Packet Inspection best practice
Replies: 1
Views: 920

Statefull Packet Inspection best practice

I just passed my MTCNA and during the training we saw how to use statefull packet inspection in the firewall to only filter new connection to unload the filter. I do understand the benefit of doing so, but my question is, can a hacker spoof the state of a packet to make the router believe it is an e...
by Rockyboa
Fri Jul 01, 2011 5:15 am
Forum: Beginner Basics
Topic: Multiple public IP NATing
Replies: 2
Views: 10525

Multiple public IP NATing

I have a setup where I use NAT with masquerade that redirect different Public IP to my internal Private IP. Working fine but when a trace route from a internal server, they all go out using the same Public IP (the first IP that was assign to my WAN interface). Is there a way to control this outgoing...
by Rockyboa
Tue May 17, 2011 2:36 am
Forum: Beginner Basics
Topic: System reset renaming interface
Replies: 1
Views: 461

System reset renaming interface

Hum, just updated my new RB493G to 5.2, type /system reset-configuration and a strange thing happend. All my interfaces were rename starting at eher10 to ether18.

Do I have to rename them manually or this is normal behaviour?

Martin
by Rockyboa
Sun May 15, 2011 10:23 pm
Forum: Wireless Networking
Topic: Just a FYI, Rogers Cable 3G ZTE MF668 Modem
Replies: 4
Views: 2649

Re: Just a FYI, Rogers Cable 3G ZTE MF668 Modem and Nokia CS

I would lika also to confirm that Nokia CS-18 is working.

There is no mention on the wiki about this 3G key, it has been working for 24 hours without issue...

Martin
by Rockyboa
Mon Mar 14, 2011 7:54 pm
Forum: General
Topic: Stopping excessive retries
Replies: 0
Views: 296

Stopping excessive retries

We tend to use Tunnel for most of our external traffic. But we have to leave a RDP server dst-nat for some users.

We can see a lot of retries of people that fails the RDP autherntication. Is there a simple way to block those new connections after 5 retries for a day using a filter rule?

Martin
by Rockyboa
Wed Mar 02, 2011 10:05 pm
Forum: Beginner Basics
Topic: Open VPN on 5.0rc10
Replies: 2
Views: 676

Re: Open VPN on 5.0rc10

Can someone, that use openVPN, on a windows or linux client,tell me if I really need to recompile the openVPN software --auth-user-pass. If someone has recompile 2.1.3 or 2.1.4 (if it works with openVPN in the routerOS 5.0rc10) for windows and would like to send it to me, I would really appreciate. ...
by Rockyboa
Mon Feb 28, 2011 10:57 pm
Forum: RouterBOARD hardware
Topic: New RB1100 Hardware acceleraion
Replies: 10
Views: 2502

Re: New RB1100 Hardware acceleraion

Fewi,

Yes, that will be great if Mikrotik eng., could at least give more info on what would be accelerated using this hardware.

MB
by Rockyboa
Mon Feb 28, 2011 5:27 am
Forum: RouterBOARD hardware
Topic: New RB1100 Hardware acceleraion
Replies: 10
Views: 2502

New RB1100 Hardware acceleraion

I always wonder whcih part of the RouterOS uses Hardware Acceleration. I'm pretty sure IPSec does but Profile Encryption also does? What about /interface ovpn-server server?

Thank you

MB
by Rockyboa
Mon Feb 28, 2011 1:38 am
Forum: Beginner Basics
Topic: Open VPN on 5.0rc10
Replies: 2
Views: 676

Open VPN on 5.0rc10

Hi all, This is my first try at openVPN, many places stop allowing PPtP and wish to try ovpn. I would like to use a routed setup and Win32 clients. After struggling with this stuff all afternoon, I get some connection reset on my client. My question is, do we still need to create an authfile? If yes...
by Rockyboa
Wed Aug 25, 2010 4:27 am
Forum: SwOS
Topic: Switch product line
Replies: 1
Views: 2518

Switch product line

This is more a general vendor question than related to SwOS but think it would be great to ask this community for some input. I'm struggling to fing a good vendor switch solution that will offer a nice lineup of product but more competitive than Cisco such as Mikrotik does with their router. I need ...
by Rockyboa
Wed Aug 11, 2010 5:05 pm
Forum: RouterBOARD hardware
Topic: IPSec dedicated hardware
Replies: 3
Views: 810

Re: IPSec dedicated hardware

Fewi,

But when I use a PPP-Profile associated to this L2TP with default-encryption set to yes, I guess it is encryted and somewhat secure? Would that default-encryption setting benefits from the hardware assisted chip in the RB1000?

Martin
by Rockyboa
Sat Aug 07, 2010 5:57 pm
Forum: Beginner Basics
Topic: Queue tree vs simple
Replies: 4
Views: 7150

Re: Queue tree vs simple

Thanks guys,

I don't have a lot of rule so I think I will strart with simple queues. I guess when they grow in numbers, then, I will rethink all of this but for now I wont use more than 8 to 10 rules for now.
by Rockyboa
Tue Aug 03, 2010 6:12 am
Forum: General
Topic: Multiple WAN remote access
Replies: 5
Views: 6600

Re: Multiple WAN remote access

Fewi, should he also take care of traffic in the forward chain? I use to mark this chain the same way as the input chain to make sure dst-nat is also working. I also saw you in another similar topic using the prerouting chain to mark the traffic, in this case no need to mark the forward chain since ...
by Rockyboa
Sun Aug 01, 2010 11:24 pm
Forum: Beginner Basics
Topic: Queue tree vs simple
Replies: 4
Views: 7150

Queue tree vs simple

Ok I'm convinced, I need to setup queues for better traffic management. I read a lot of post and wiki and certainly would like to keep it up to a fairly simple environment. I tought using priorization without queues at first but, I do understand that this is relatively not efficient. So I would like...
by Rockyboa
Wed Jul 28, 2010 4:40 pm
Forum: RouterBOARD hardware
Topic: IPSec dedicated hardware
Replies: 3
Views: 810

IPSec dedicated hardware

As I understand RB1100 does not have the RB1000 capability of hardware accelerated IPSec cryp/decrype engine.

IS this dedicated hardware only use in IPsec or L2TP would also benefits from that?
by Rockyboa
Wed Jul 28, 2010 3:33 am
Forum: General
Topic: PPTP VPN Bridge and PCC
Replies: 10
Views: 4241

Re: PPTP VPN Bridge and PCC

I knew you would send me to that DFD! :) I manage to get all my subnet talking between them! Your help is very appreciated. I even created a rule that work for relaying my email by marking the route from any LAN with dstport 25 and unchecking passthrough. Two last questions: 1) When using !local in ...
by Rockyboa
Wed Jul 28, 2010 12:01 am
Forum: General
Topic: PPTP VPN Bridge and PCC
Replies: 10
Views: 4241

Re: PPTP VPN Bridge and PCC

Chupaka,

Will try this after operation hour. My IPSec tunnels are also no longer working. Are Mangle rules have priority over firewall rules?
by Rockyboa
Tue Jul 27, 2010 4:48 am
Forum: General
Topic: PPTP VPN Bridge and PCC
Replies: 10
Views: 4241

PPTP VPN Bridge and PCC

People, I have been trying to make the PCC Wiki working in my setup. It does work but break my PPTP VPN. My VPN is using a subnet range that is not in the same LAN subnet, since I have few LAN addresses available. Since I never was able to make the appropriate route to make the PPTP subnet work with...
by Rockyboa
Tue Jul 27, 2010 12:52 am
Forum: Beginner Basics
Topic: 2 WAN port forwarding
Replies: 27
Views: 49663

Re: 2 WAN port forwarding

Fewi, I have been wondering why would you mark connection in the prerouting chain instead of input and forward. I understand that you save mangle rules by doing so, but if you follow the PCC wiki, they mark input chain only. If you do dst-nat without adding any other rules than the one in this wiki,...
by Rockyboa
Wed Jun 16, 2010 8:14 pm
Forum: Beginner Basics
Topic: 2WAN 2LAN PCC and Mangle
Replies: 0
Views: 554

2WAN 2LAN PCC and Mangle

Trying to figure out why as soon as I activate my rule #8 both LAN100 and Bridge110 don't see each other anymore. This is taken directly from the PCC example. 0 ;;; from Telus mark conn_telus chain=input action=mark-connection new-connection-mark=telus_conn passthrough=yes in-interface=Telus 1 ;;; f...
by Rockyboa
Wed May 19, 2010 5:29 pm
Forum: Beginner Basics
Topic: PCC and dst-nat
Replies: 4
Views: 1781

Re: PCC and dst-nat

Humm, I don't see any mangle in this NAT rule. I disabled PCC alltogether just want to make thing simple to start. So I'm trying to resend all traffic from a NAT rule (like yours) to the WAN link that has a higher distance to the same interface. Using the same NAT rule on the WAN with the lower dist...
by Rockyboa
Mon May 17, 2010 7:22 pm
Forum: Beginner Basics
Topic: PCC and dst-nat
Replies: 4
Views: 1781

PCC and dst-nat

Hi all, I read the following wiki http://wiki.mikrotik.com/wiki/Manual:PCC but since implementation I'm unable to dst-nat some service inside my Local subnet such as: chain=dstnat action=dst-nat to-addresses=192.168.0.50 to-ports=80 protocol=tcp in-interface=WAN2 dst-port=80 Should it still work aft...
by Rockyboa
Fri May 07, 2010 11:31 pm
Forum: Beginner Basics
Topic: remote Dynamic IP tunnel using EoIP
Replies: 5
Views: 9015

remote Dynamic IP tunnel using EoIP

We currently have RB1000 and wish to leverage the IPSec offload processor. Since we have particular need we would like to use EoIP as our VPN tunnel architechture. So we started thinking about building a EoIP tunnel and use IPSec in transport mode over this tunnel. Problem is that remote sites are m...
by Rockyboa
Thu Apr 29, 2010 4:43 pm
Forum: Beginner Basics
Topic: Tunnel differences EoIP vs IPIP
Replies: 8
Views: 13779

Re: Tunnel differences EoIP vs IPIP

So no more MTU problems?! This is huge

And in terms of ressources used, is one more demanding than the other?

Martin
by Rockyboa
Wed Apr 28, 2010 4:47 pm
Forum: Beginner Basics
Topic: Tunnel differences EoIP vs IPIP
Replies: 8
Views: 13779

Tunnel differences EoIP vs IPIP

HI all, Since I'm pretty new to Mikrotik I would like to know the difference between EoIP and IPIP tunnel and in which situation examples should I use one or the other . I read the Wiki and here are some differences I figured out. IPIP: - Layer 3 routed type traffic - Inter operability with other ve...
by Rockyboa
Mon Apr 26, 2010 8:57 pm
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 7910

Re: DHCP Realy over IPSec tunnel

Sob,

I got the desired result with your mangle rule. Thank you very much for all your help.

Martin
by Rockyboa
Fri Apr 23, 2010 8:35 pm
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 7910

Re: DHCP Realy over IPSec tunnel

I'm trying real hard to create a rule in the remote site in the output chain that every request to UDP 67 going to 192.168.110.0/24 to be catch and forward to my IpSec tunnel instead on public interface. If any NAT expert can help me. I have almost a solution. On my main router I can see the followi...
by Rockyboa
Fri Apr 23, 2010 6:06 pm
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 7910

Re: DHCP Realy over IPSec tunnel

Sob, Very interresting. IPSec always worked but I use as as the sa-src on my Remote Site 0.0.0.0. Would you think I should script something to push the address for the sa-src? Some other weirdo: On my IpSec main site a total of three policies are generated dynamically. I was expecting only one. Also...
by Rockyboa
Thu Apr 22, 2010 7:09 pm
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 7910

Re: DHCP Realy over IPSec tunnel

Sob, Thank you for not letting me down, I really appreciate your help. Yes I forgot the giaddr which is 192.168.181.1 (remote router). Since I put created an new environment with 2x RB750, I creted the DHCP server on the test-main 192.168.110.1 router. That is why I was expecting some DHCP-server lo...
by Rockyboa
Wed Apr 21, 2010 8:59 pm
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 7910

Re: DHCP Realy over IPSec tunnel

No traffic increase on my IPSec policies statistic.

But even a Ping does not increase the counters, is this normal?

Martin
by Rockyboa
Wed Apr 21, 2010 12:34 am
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 7910

Re: DHCP Realy over IPSec tunnel

I just tried with two RB750G I had. Updated both to v4.6 like my production environment. on the remote site, I can see in dhcp-debug: dhcp-relay-181 sendind discover with id 2443951115 to 192.168.110.1 hops = 1 secs = 7424 flags = broadcast ciaddr = 0.0.0.0 chaddr = 00:26:9E:CA:D6:CE Msg-Type = disc...
by Rockyboa
Tue Apr 20, 2010 6:09 pm
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 7910

Re: DHCP Realy over IPSec tunnel

Humm, maybe I need to add something in my main site RB1000.. do I if I use my Windows Clustered DHCP? On my remote site I do ping my Windows DHCP over my IPSec Tunnel, but still unable to received lease. And yes I use IPSec in tunnel mode. I did provide on my RB450G a relay local address. (192.168.1...
by Rockyboa
Mon Apr 19, 2010 6:40 pm
Forum: Beginner Basics
Topic: DHCP Realy over IPSec tunnel
Replies: 17
Views: 7910

DHCP Realy over IPSec tunnel

I build an IPSec tunnel between two Mikrotik Router. I'm running a DHCP server behing my main site and would like to hand out addresses from a single point (since I have clustered DHCP server on my main site). Should DHCP relay work over a IPSec tunnel, because it doesn't.

Thanks

Martin
by Rockyboa
Fri Mar 19, 2010 5:49 pm
Forum: General
Topic: strange problem on RouterOs
Replies: 10
Views: 924

Re: strange problem on RouterOs

Ok great. Would modify both of my wan interface to the max !frag packets. Leaving my PPPoE interface to 1492. And both MRU / MTU. So I should not need to modify some MSS?

Will try this and get back.

TY again.

Martin
by Rockyboa
Fri Mar 19, 2010 5:34 pm
Forum: General
Topic: strange problem on RouterOs
Replies: 10
Views: 924

Re: strange problem on RouterOs

TY for this fast reply,

On the PPPoE side do I modify both the PPPoE client value and WAN value. Also should I lowered the MRU to the same value of the MTU? I guess to find the optimal value, to find the biggest not frag packet using the ping -l size -f?

Again thank you

Martin
by Rockyboa
Fri Mar 19, 2010 4:38 pm
Forum: General
Topic: strange problem on RouterOs
Replies: 10
Views: 924

Re: strange problem on RouterOs

I have a similar problem. on two sites. using a IpSEC VPN connection. One DSL PPoE and one Broadband connection. 1) On the site using PPoE, should I change the MTU to 1492 on the WAN and PPoE interface or just the PPoE? 2) As soon as I lower one site the packets get framented to a least value when I...
by Rockyboa
Thu Oct 15, 2009 5:33 pm
Forum: General
Topic: Static DNS in MT - Round Robin
Replies: 5
Views: 2052

Re: Static DNS in MT - Round Robin

Argh... I tought I will get away using this little dns server, it would have been fine if it was going to round robin my clustered storage for my virtual host. I guess I would need to install two dns server just to accomodate my virtual hosts, yikes! I would have preffer my two RB1000. Mikrotik plea...
by Rockyboa
Thu Oct 15, 2009 4:25 am
Forum: General
Topic: Static DNS in MT - Round Robin
Replies: 5
Views: 2052

Re: Static DNS in MT - Round Robin

Thank for this quick reply, Yes thats what I did, in terms of adding static host record RR: Round Robin. So each time I interrogate the host name I would like to get the first IP, next time I would like to get the next IP, etc... What would be the use of setting three IP for the same host name if I ...
by Rockyboa
Wed Oct 14, 2009 11:28 pm
Forum: General
Topic: Static DNS in MT - Round Robin
Replies: 5
Views: 2052

Static DNS in MT - Round Robin

Hi,

We use the DNS in the Mikrotik and we are building a clustered SAN. We need to RR a host so we had 3 time the host record with the three different IPs in the static entry. MT doesnt seem to RR the host. Is there a way to do it?

Martin
by Rockyboa
Tue Sep 08, 2009 5:19 pm
Forum: Beginner Basics
Topic: Dynamic IPSec interoperability
Replies: 3
Views: 1061

Re: Dynamic IPSec interoperability

David,

no, what I meant was an IPSec tunel from a dynamic, not reserved IP site to a fixed IP. But strangely I would also need to do multiple tunnel scenario, but can you just prioritized the routing table using metrics?

Sabrina
by Rockyboa
Wed Sep 02, 2009 5:08 pm
Forum: Beginner Basics
Topic: Dynamic IPSec interoperability
Replies: 3
Views: 1061

Dynamic IPSec interoperability

Hi all, Since I have finally established dynamic IPSec tunnel between two Mikrotik, I would like to know if anyone had any success doing dynamic IPSec tunnel with other vendor. We are in the process of replacing a lot of RV042 but would like to do so without replacing them all at once. Also bigger c...
by Rockyboa
Thu Aug 27, 2009 10:37 pm
Forum: Beginner Basics
Topic: RB1000 VPN offloading feature
Replies: 9
Views: 1429

Re: RB1000 VPN offloading feature

Solved it, my mistake, peer needs to be 0.0.0.0/0 not 0.0.0.0/32 to all accept connections. Hope this will help others.

But still need explanation why it creates 3 dynamic policies (noticed that 2 are identical - src: remote ste dst: primary site)

Sabrina
by Rockyboa
Thu Aug 27, 2009 10:29 pm
Forum: Beginner Basics
Topic: RB1000 VPN offloading feature
Replies: 9
Views: 1429

Re: RB1000 VPN offloading feature

ahrg, usually I'm pretty good without needing to ask spoon feeding me the procedure. But again I'll need help and hopefully this will be helpfull for some other people. I deleted the policy on the remote site and check the generate policy, that works, but strangely it created not one, nor two but th...
by Rockyboa
Thu Aug 27, 2009 12:40 am
Forum: Beginner Basics
Topic: RB1000 VPN offloading feature
Replies: 9
Views: 1429

Re: RB1000 VPN offloading feature

IPSec is working fine, but unable to make it work with dynamic IP at remote site. Remote Site: /ip ipsec export /ip ipsec proposal set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \ name=default pfs-group=modp1024 /ip ipsec peer add address=69.x.x.122/32:500 auth-method=...
by Rockyboa
Wed Aug 26, 2009 4:53 pm
Forum: Beginner Basics
Topic: Packages
Replies: 1
Views: 460

Packages

Hi, I netinstall routeros-mipsbe-4.0beta4.npk on my RB450 and noticed that I had a NTP client but no NTP server, I configured the client using the RM but their was more info and options available, like active server, next update time, etc... I tought it was related the the newer version 4. I decided...
by Rockyboa
Tue Aug 11, 2009 2:18 pm
Forum: Beginner Basics
Topic: RB1000 VPN offloading feature
Replies: 9
Views: 1429

Re: RB1000 VPN offloading feature

Those are very good info and pointers I will try as soon as my vacation are over. Again, can someone with good knowledge in tunnelling technology using Mikrotik router would be able to give me a very easy to understand pros and cons of each of them, like I said we plan to use a pure Mikrotik solutio...
by Rockyboa
Wed Aug 05, 2009 5:02 am
Forum: Beginner Basics
Topic: RB1000 VPN offloading feature
Replies: 9
Views: 1429

Re: RB1000 VPN offloading feature

Thanks for the reply. Will experiment with pptp, but some says it is less secure than Ipsec, would I achieve higher perfomrance using pptp on my RB1000? But like I said would like prefer using IPSec hardware offloading feature of the RB1000. So is dynamic IP supported at the remote location, using R...
by Rockyboa
Fri Jul 31, 2009 4:07 am
Forum: Beginner Basics
Topic: RB1000 VPN offloading feature
Replies: 9
Views: 1429

RB1000 VPN offloading feature

Hi, We just bought some Mikrotik hardware and I just read that the RB1000 is having IPSec tunnel dedicated hardware, thats pretty cool and would really benefit from that. I would like to know which tunnel are supported by this feature, is PPTP, OVPN, L2TP and IPsec use the offloading engine? Also, w...