Community discussions

MUM Europe 2020

Search found 37 matches

by Sitron
Fri Jun 16, 2017 7:27 pm
Forum: General
Topic: IPv6 and IPSec: Established, but no traffic
Replies: 7
Views: 1879

Re: IPv6 and IPSec: Established, but no traffic

I have run "Packet Sniffer" on both sides, streaming to a Linux-box running trafr, and I discovered the following: - All IPv6 packets from Mikrotik on Site1 to Mikrotik on Site2 are seen on both sides. isakmp, icmpv6, ssh and so on. - All IPv6 ESP or IPv6 AH packets are sent from my Mikrotik on Sit...
by Sitron
Tue Jun 13, 2017 3:09 pm
Forum: General
Topic: How to Preference IPv4 over IPv6 on dual stack router on Mikrotik RouterOS?
Replies: 20
Views: 2697

Re: How to Preference IPv4 over IPv6 on dual stack router on Mikrotik RouterOS?

If IPv6 is so problematic in your environment, why even have it enabled? Do you have IPv6-only sites you have to connect to? it's just my research sir.. i wanna deep learning about IPv6 in Mikrotik RouterOS .. Well, that is a problem with IPv6 not being available native from your ISP: You can run i...
by Sitron
Mon Jun 12, 2017 11:00 pm
Forum: General
Topic: IPv6 and IPSec: Established, but no traffic
Replies: 7
Views: 1879

Re: IPv6 and IPSec: Established, but no traffic

I have run "Packet Sniffer" on both sides, streaming to a Linux-box running trafr, and I discovered the following: - All IPv6 packets from Mikrotik on Site1 to Mikrotik on Site2 are seen on both sides. isakmp, icmpv6, ssh and so on. - All IPv6 ESP or IPv6 AH packets are sent from my Mikrotik on Site...
by Sitron
Mon Jun 12, 2017 8:02 am
Forum: General
Topic: IPv6 and IPSec: Established, but no traffic
Replies: 7
Views: 1879

Re: IPv6 and IPSec: Established, but no traffic

Are you able to ping ipv6 addresses at all ? (ipv6.google.com)
Yes, IPv6 works from both sites. My only issue is that the sites can not communicate with each other via IPv6. If I remove the configuration for the IPSec tunnel, the sites can communicate over IPv6.
by Sitron
Wed Jun 07, 2017 7:39 pm
Forum: General
Topic: IPv6 and IPSec: Established, but no traffic
Replies: 7
Views: 1879

IPv6 and IPSec: Established, but no traffic

I have two Mikrotik's with IPv6 and IPv4. IPsec with IPv4 works great, but I can not get IPv6 to work - that is, the IPsec it established, but when I try to send data from one end to the other, the traffic is dropped somewhere (but not at the firewall). Site 1: /ip ipsec peer print Flags: X - disabl...
by Sitron
Fri May 13, 2016 1:23 pm
Forum: General
Topic: My Mikrotik ignores(?) RA from my ISP
Replies: 4
Views: 1194

Re: My Mikrotik ignores(?) RA from my ISP

As a followup, according to the manual DHCPv6 client in RouterOS is not currently capable of stateful address configuration, but can only be used for prefix delegation. Summary ------------ Currently DHCPv6 client can receive only delegated prefix from DHCPv6-PD server. So, you seem to be out of lu...
by Sitron
Tue Oct 13, 2015 10:45 am
Forum: General
Topic: firmware version numbering confusion
Replies: 9
Views: 966

Re: firmware version numbering confusion

6.32 is newer than 6.5. The first firmware is 6.0, five version after that is 6.5, five version later it's 6.10. Then 6.11, and so on to 6.19, 6.20 .... 6.29, 6.30, 6.31 and so on. 6.32 is number 32 in the v6 series, while 6.5 is number 5. I have never had any problems with upgrading firmware. I alw...
by Sitron
Tue Oct 13, 2015 9:32 am
Forum: General
Topic: IPSEC routing all traffic for one single computer
Replies: 3
Views: 557

Re: IPSEC routing all traffic for one single computer

I believe this should not be solved via a new IPSec policy. Use a Policy Base Routing on the Mikrotik instead: If the source is 10.2.1.200, then it route should be to 10.1.0.0/16 / it's gateway should be 10.1.0.1(?).
by Sitron
Mon Oct 12, 2015 2:24 pm
Forum: General
Topic: Mangled traffic not picked up by queue
Replies: 4
Views: 887

Re: Mangled traffic not picked up by queue

When comparing to my own firewall-mangle rules, I see one difference: I only use prerouting, but you use postrouting? http://www.mikrotik-routeros.com/2014/05/the-mother-of-all-qos-trees-v6-0/ I still think that's wrong. No other examples on wiki.mikrotik.com uses postrouting, and why would you? Yo...
by Sitron
Mon Oct 12, 2015 12:40 pm
Forum: General
Topic: Sonos across VLANs?
Replies: 21
Views: 5805

Re: Sonos across VLANs?

I do not think this is possible, unless you are able to forward whatever Sonos needs between your VLAN's. Sonos assumes that all devices, including the controller is on the same IP-network. If I understand correctly, that is their security to not let anyone access your Sonos: You have to be connecte...
by Sitron
Mon Oct 12, 2015 12:35 pm
Forum: General
Topic: Mangled traffic not picked up by queue
Replies: 4
Views: 887

Re: Mangled traffic not picked up by queue

When comparing to my own firewall-mangle rules, I see one difference: I only use prerouting, but you use postrouting?
by Sitron
Thu Oct 08, 2015 9:16 pm
Forum: General
Topic: IPSec over IPv6 not working?
Replies: 2
Views: 521

Re: IPSec over IPv6 not working?

A follow-up: After turning on some IPSec debugging, I got this in the log: 09:03:33 ipsec,debug,packet 3613be9d 7e31a9da 1659bd49 65854b99 d44880cf 09:03:33 ipsec,debug,packet get a src address from ID payload 2001:16d8:ee00:yyyy::[0] prefixlen=64 ul_proto=255 09:03:33 ipsec,debug,packet get dst ad...
by Sitron
Thu Oct 08, 2015 12:29 pm
Forum: General
Topic: Half speed in a PPPoE over bridged ADSL modem
Replies: 11
Views: 2203

Re: Half speed in a PPPoE over bridged ADSL modem

Can you post some details about how you measure this? From the MikroTik itself, or from a client behind?
If it's a client behind the MikroTik, is it wired or wireless? If it's wireless, can you try connecting directly to the MikroTik via wire, just to rule out a possible bad wlan?
by Sitron
Thu Oct 08, 2015 10:11 am
Forum: General
Topic: IPSec over IPv6 not working?
Replies: 2
Views: 521

Re: IPSec over IPv6 not working?

A follow-up: After turning on some IPSec debugging, I got this in the log: 09:03:33 ipsec,debug,packet 3613be9d 7e31a9da 1659bd49 65854b99 d44880cf 09:03:33 ipsec,debug,packet get a src address from ID payload 2001:16d8:ee00:yyyy::[0] prefixlen=64 ul_proto=255 09:03:33 ipsec,debug,packet get dst add...
by Sitron
Wed Oct 07, 2015 10:36 am
Forum: General
Topic: IPSec over IPv6 not working?
Replies: 2
Views: 521

IPSec over IPv6 not working?

I have two Mikrotiks, both running RouterOS 6.32.2. They both have a public IPv4 address, a private IPv4-net, a public IPv6 address and a public IPv6 net: MikroTik1: Public IPv4: 88.91.209.xxx - Private LAN: 192.168.10.1/24 Public IPv6 2001:14b8:100:xxxx::2 - LAN: 2001:14b8:xxxx::/64 MikroTik2: Publ...
by Sitron
Mon Nov 03, 2014 2:47 pm
Forum: General
Topic: My Mikrotik ignores(?) RA from my ISP
Replies: 4
Views: 1194

My Mikrotik ignores(?) RA from my ISP

I have a Mikrotik as a router, and my ISP is now offering IPv6. My MikroTik accepts my assigned IPv6-prefix via dhcp-client, but does not accept the RA. Via logging, I see the RA/icmpv6: icmpv6-ra input: in:ether1-gateway out:(none), src-mac 5c:5e:ab:43:21:bc, proto ICMP (type 134, code 0), fe80::2a...
by Sitron
Thu Jun 02, 2011 8:30 pm
Forum: General
Topic: Netflow V9 IPv6 not send byte count
Replies: 5
Views: 2049

Re: Netflow V9 IPv6 not send byte count

have you written to support@?
I have now. But they autoreply said I have to contact support where I bought the Mikrotik, which was r0c-n0c.com, and they don't seem to do support.

However, I have not been rejected yet, so there is still hope :-)
by Sitron
Wed Jun 01, 2011 10:18 pm
Forum: General
Topic: Netflow V9 IPv6 not send byte count
Replies: 5
Views: 2049

Re: Netflow V9 IPv6 not send byte count

Confirmed!

I tested both nfdump and pmacct/nfacct, and they both receive Netflow v9 traffic from my Mikrotik where everything is correct, except the byte-field, which is 0 when it's IPv6. However, the byte-field for IPv4 is correct.

My version is 5.4 on RB433UAH.
by Sitron
Tue Mar 15, 2011 6:21 pm
Forum: General
Topic: Logwatch-filter for Mikrotik-entries
Replies: 0
Views: 486

Logwatch-filter for Mikrotik-entries

Hi, I run a Linux-based syslog-server, and my Mikrotik sends it's log to this server. I have also installed logwatch on the server, and that works great for all entries in the syslog from Linux-boxes. However, every entry from the Mikrotik is ignored. My question is therefor: Has someone made some L...
by Sitron
Sun Dec 20, 2009 4:39 pm
Forum: RouterBOARD hardware
Topic: ethernet problem on 433H
Replies: 9
Views: 1650

Re: ethernet problem on 433H

I can confirm that this problem exist in v4.3, but downgrading to v4.2 made it work again. You can get it by modifying the download-url for the 4.3-version.
by Sitron
Sun Dec 20, 2009 4:32 pm
Forum: RouterBOARD hardware
Topic: on ROS 4.0 and 4.1 eth2 and eth3 not working on RB433UAH
Replies: 11
Views: 1647

Re: on ROS 4.0 and 4.1 eth2 and eth3 not working on RB433UAH

I can confirm that v4.3 has this problem too, but downgrading to v4.2 fixed it!
by Sitron
Sat Dec 19, 2009 12:28 pm
Forum: Beginner Basics
Topic: phone wifi cannot access mikrotik hotspot
Replies: 1
Views: 680

Re: PHONE WIFI CANNOT ACCESS MIKROTIK HOTSPOT

1. Do you use WPA2 or any other security options?
2. Please do not use CAPS on the subject!
by Sitron
Fri Dec 18, 2009 12:42 pm
Forum: General
Topic: Advice for VPN for Mikrotik, IPv4 and IPv6
Replies: 12
Views: 2684

Re: Advice for VPN for Mikrotik, IPv4 and IPv6

I agree on with you on that one! So, my conclusion is: - I can do a L2TP from MikroTik SOHO -> MikroTik HQ, which is simple to set up. But to get it truly confidential/encrypted, I have to use IPsec in addition. - From the Linux clients "on the road" it is far more easy to set up just IPsec to the M...
by Sitron
Thu Dec 17, 2009 9:12 pm
Forum: General
Topic: how to do src-nat on dynamic wan IP?
Replies: 7
Views: 1262

Re: how to do src-nat on dynamic wan IP?

Here is my setup, it port forwards port 22/tcp, some Bittorrents-ports and 1194/udp to my OpenVPN-server. Actually, all portforwarding is to the same server (192.168.10.5): 0 chain=srcnat action=masquerade src-address=192.168.10.0/24 out-interface=ADSL 1 chain=dstnat action=dst-nat to-addresses=192....
by Sitron
Thu Dec 17, 2009 9:08 pm
Forum: General
Topic: Advice for VPN for Mikrotik, IPv4 and IPv6
Replies: 12
Views: 2684

Re: Advice for VPN for Mikrotik, IPv4 and IPv6

@fewi: According to the MikroTik docs, L2TP can be encrypted: http://www.mikrotik.com/testdocs/ros/2.9/interface/l2tp.php @all: Here is a diagram of what I want: http://www.sysrq.info/~sitron/public/network.png I want all clients and servers to communicate (securely) with each other, not depending o...
by Sitron
Thu Dec 17, 2009 5:02 pm
Forum: General
Topic: Advice for VPN for Mikrotik, IPv4 and IPv6
Replies: 12
Views: 2684

Re: Advice for VPN for Mikrotik, IPv4 and IPv6

I have one other question: When I want to connect one private LAN behind one Mikrotik with another private LAN behind another Mikrotik, it seems I can use L2TP, L2TP w/IPsec or just IPsec. Why use L2TP when I can go just IPsec? On Debian/Ubuntu-forums they all say that if you can, just go with IPsec...
by Sitron
Thu Dec 17, 2009 2:51 pm
Forum: General
Topic: how to do src-nat on dynamic wan IP?
Replies: 7
Views: 1262

Re: how to do src-nat on dynamic wan IP?

Just add a rule:
chain=srcnat action=masquerade src-address=192.168.10.0/24 out-interface=ADSL 
Do not specify the IP, just say which interface.
by Sitron
Mon Dec 14, 2009 8:45 pm
Forum: General
Topic: Advice for VPN for Mikrotik, IPv4 and IPv6
Replies: 12
Views: 2684

Re: Advice for VPN for Mikrotik, IPv4 and IPv6

OpenVPN <...> can not handle more than one client at the time
are you sure?..
On a normal OpenVPN, that's no problem. On Mikrotik/RouterOS V4.2 however, server mode (multi client to server) is listed as unsupported.
by Sitron
Mon Dec 14, 2009 5:16 pm
Forum: General
Topic: Advice for VPN for Mikrotik, IPv4 and IPv6
Replies: 12
Views: 2684

Advice for VPN for Mikrotik, IPv4 and IPv6

I hope I can ask you all for an advice: I have a HQ network with a Mikrotik as the router. And I have a SOHO network also with a Mikrotik router. The HQ-Mikrotik has a static IPv4 public IP, while the SOHO-network has one public IP, but not static. In addition I have some Linux-clients (traveling) o...
by Sitron
Tue Nov 10, 2009 6:01 pm
Forum: General
Topic: Question(s) about bandwith control
Replies: 0
Views: 332

Question(s) about bandwith control

Hi all, I am writing a Wiki-page regarding QoS: Bandwith control on ADSL link . Challenge 1 solved and I think I did everything correct. Measurements confirmed this, so I'm happy. However, at challenge 2, I didn't get everything to work at once, so I have some questions: - When I marked the packages...
by Sitron
Sat Aug 29, 2009 9:14 pm
Forum: Wireless Networking
Topic: WPA2 PSK with Nokia Phone as client
Replies: 10
Views: 4425

Re: WPA2 PSK with Nokia Phone as client

Hi,

What I had to do is edit my Security Profile for my wireless:
Mode: dynamic keys
Authentication Types: WPA2 PSK
Unicat Ciphers: tkip, aes ccm
Group Ciphers: aes ccm

Hope it helps, if not: ask!
by Sitron
Sun Aug 02, 2009 2:31 pm
Forum: General
Topic: Bandwidth control: Some questions before I write a tutorial
Replies: 0
Views: 333

Bandwidth control: Some questions before I write a tutorial

Hi folks, I am about to configure bandwidth control in my set-up and at the same time writing a comprehensive, but easy-to-follow tutorial describing my steps to get it up and running. I am doing this to help others, since I did not find a suitable tutorial for this kind of setup. However, before I ...
by Sitron
Thu Jul 30, 2009 4:53 pm
Forum: Wireless Networking
Topic: WPA2 PSK with Nokia Phone as client
Replies: 10
Views: 4425

Re: WPA2 PSK with Nokia Phone as client

WPA only, tkip only: Works WPA only, tkip+aes: Works WPA only, aes only: Works WPA2 only, tkip only: WLAN network not found! , and nothing in the logs WPA2 only, tkip+aes: Works :D WPA2 only, aes works: WLAN network not found! , and nothing in the logs So, I finally got I working with WPA2, so I had...
by Sitron
Thu Jul 30, 2009 3:56 pm
Forum: Wireless Networking
Topic: WPA2 PSK with Nokia Phone as client
Replies: 10
Views: 4425

Re: WPA2 PSK with Nokia Phone as client

Hi again, I have now enabled debug-messages for Wireless on the RouterOS, and I tried again several times. But before I post the results, let me explain how I do this: * I have a WLAN with SSID broadcast * The WLAN is Bridge AP * The phone has a WLAN-scanner, and I can choose to connect to a WLAN an...
by Sitron
Thu Jul 30, 2009 11:18 am
Forum: Wireless Networking
Topic: WPA2 PSK with Nokia Phone as client
Replies: 10
Views: 4425

Re: WPA2 PSK with Nokia Phone as client

22 chars long. It's the same key I have used before, both on OpenWRT, hostAP (Linux) and other types of AP. Same settings, same key. Both when using RouterOS on my MikroTik, my Nokia would not connect.
by Sitron
Wed Jul 29, 2009 11:59 pm
Forum: Wireless Networking
Topic: WPA2 PSK with Nokia Phone as client
Replies: 10
Views: 4425

WPA2 PSK with Nokia Phone as client

I have just got my MikroTik and everything works as expected (in other words: great!). However, I have just experienced one problem of which I hope you can help me: I configured the wireless device as a bridge ap with all the settings needed to get it working. My Linux-client connects without a prob...