Community discussions

MUM Europe 2020

Search found 36 matches

by he1ium
Tue Jun 08, 2010 1:07 am
Forum: General
Topic: ROS4.9 and Hotspot Bridge multiple RB433 Problem
Replies: 8
Views: 2773

Re: ROS4.9 and Hotspot Bridge multiple RB433 Problem

I have been having similar issues for a couple months now. We use Hotspot with Walled Garden for website Whitelisting at our 300+ locations. Hotspot running on a router with wireless bridged to ethernet ports causes random issues constantly. Mikrotik recommend using RSTP (among a lot of failed recom...
by he1ium
Tue Jun 08, 2010 12:58 am
Forum: General
Topic: unknown access attempts
Replies: 4
Views: 676

Re: unknown access attempts

You could block after so many failed attempts in a certain time limit. This is posted in other forums - add action=drop chain=input comment="drop ssh brute forcers" disabled=no \ dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ a...
by he1ium
Thu May 13, 2010 1:49 am
Forum: RouterBOARD hardware
Topic: ipsec hardware acceleration under RB1000
Replies: 12
Views: 9034

Re: ipsec hardware acceleration under RB1000

Is there a theoretical limit for the number of concurrent connections on the RB1000 with the following setup -

SHA1/AES256 IPSec over an IPIP tunnel also using OSPF for routing. This is HUB and SPOKE setup where the RB1000 is the HUB, all other locations are SPOKE with 493AH routers.
by he1ium
Thu May 06, 2010 8:32 pm
Forum: The User Manager
Topic: walled garden question
Replies: 3
Views: 1007

Re: walled garden question

How about this? Or would that be too open?

*.changeip.net
by he1ium
Tue May 04, 2010 12:53 am
Forum: General
Topic: Strange IPsec error
Replies: 2
Views: 805

Re: Strange IPsec error

I am experiencing the same issue (4.6) when I enable any of my ipsec connections.
by he1ium
Tue Apr 27, 2010 11:29 pm
Forum: Forwarding Protocols
Topic: OSPF - Up and Down...
Replies: 7
Views: 2293

Re: OSPF - Up and Down...

Scratch that, similar issue not exact same. Try this, drop the MTU on the IPIP interface and see if this fixes it. I have run into that as well and learned OSPF is VERY picky about fragmentation. Packet fragmentation on the IPIP tunnel will break OSPF connection.
by he1ium
Tue Apr 27, 2010 11:25 pm
Forum: General
Topic: Multiple IPSEC peers breaks connection?
Replies: 25
Views: 10635

Re: Multiple IPSEC peers breaks connection?

dsobin Have you tried using IPIP tunnels like in this article http://wiki.mikrotik.com/wiki/IPSec_VPN_with_Dynamic_Routing_/_Mikrotik_and_Cisco? Also, have you tried using something other than MD5/3DES? We experienced issues with MD5/3DES (300+ locations) and are testing SHA1/AES256 next week. Just ...
by he1ium
Tue Apr 27, 2010 11:19 pm
Forum: Forwarding Protocols
Topic: OSPF up, Router reliability DOWN :-(
Replies: 16
Views: 3548

Re: OSPF up, Router reliability DOWN :-(

thaak, Are you using any kind of encryption? We have the same issue and have 300+ locations. OSPF error "discarding packet locally originated" flows through the logs every few minutes. We disabled encryption and upgraded to 4.7 (supposed to fix) and still experience the same issue, but it doesn't cr...
by he1ium
Tue Apr 27, 2010 11:11 pm
Forum: Forwarding Protocols
Topic: OSPF - Up and Down...
Replies: 7
Views: 2293

Re: OSPF - Up and Down...

We have 300+ locations running IPIP/IPSec and experience the exact same issue. Turned off IPSec and ran OSPF over unencrypted IPIP tunnels, same result. I have a ticket open with Mikrotik and they were supposed to fix it in 4.7. It didn't and now 4.7 is pulled from the shelf. Still waiting on a solu...
by he1ium
Tue Apr 27, 2010 10:45 pm
Forum: Scripting
Topic: upgrade-package-source
Replies: 23
Views: 15500

Re: upgrade-package-source

dssmiktik,
Thanks for your help. I tried several variations including the one you posted. Mikrotik has since then admitted it is an issue with the 493AH model. Nuff said.
by he1ium
Sat Apr 24, 2010 1:30 am
Forum: General
Topic: OS 4.7 DHCP
Replies: 14
Views: 3175

Re: OS 4.7 DHCP

So if I have 300+ locations with this issue, will an upgrade to 4.8 (if we ever see it now that they yanked 4.7) fix this? Am I going to have to do this by hand?
by he1ium
Thu Apr 22, 2010 9:44 am
Forum: Scripting
Topic: upgrade-package-source
Replies: 23
Views: 15500

Re: upgrade-package-source

here is the script -

system reboot;
y;
by he1ium
Thu Apr 22, 2010 9:43 am
Forum: Scripting
Topic: upgrade-package-source
Replies: 23
Views: 15500

Re: upgrade-package-source

OK, I have found something interesting. The script works on the RB1000 router but not on an RB493AH. Any thoughts?
by he1ium
Fri Apr 16, 2010 3:35 am
Forum: General
Topic: Walled Garden and Wildcards
Replies: 1
Views: 1181

Walled Garden and Wildcards

Maybe someone can explain if I am doing something wrong or this is an issue with the Walled Garden feature. Our company wants to allow http://www.state.nj.us/ through the Walled Garden. Like most of my sites I use the following scheme -> *.domain.com So we used -> *.nj.us Then we tried adding the FQ...
by he1ium
Wed Mar 24, 2010 6:56 am
Forum: Scripting
Topic: upgrade-package-source
Replies: 23
Views: 15500

Re: upgrade-package-source

janisk, This is sad :( What about other commands that have the same issue in the CLI? I just don't understand why the password would not be an option/variable using the CLI. This makes life really frustrating when you are dealing with 300+ locations. Thanks at least for an answer even if it's not th...
by he1ium
Wed Mar 24, 2010 6:51 am
Forum: Scripting
Topic: upgrade-package-source
Replies: 23
Views: 15500

Re: upgrade-package-source

dssmiktik,
Yes I have tried just like Chupaka. It still asks for y/N just like the screen copy. This is v.4, are you still using v.3?
by he1ium
Tue Mar 23, 2010 6:40 am
Forum: Scripting
Topic: upgrade-package-source
Replies: 23
Views: 15500

Re: upgrade-package-source

I still haven't got an answer on how to do this "with out" the API. Chupaka, your system does not work as per below. It still asks for a y/N reply just like the password: reply request from my first post -

[admin@Mikrotik] > /system script run reboot
Reboot, yes? [y/N]:
by he1ium
Fri Mar 19, 2010 9:56 pm
Forum: Scripting
Topic: upgrade-package-source
Replies: 23
Views: 15500

Re: upgrade-package-source

Ok, so how do you get it to do that through the terminal and not using the API? - MMM MMM KKK TTTTTTTTTTT KKK MMMM MMMM KKK TTTTTTTTTTT KKK MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK MMM...
by he1ium
Fri Mar 19, 2010 7:11 am
Forum: Forwarding Protocols
Topic: route ospf error -> Discarding packet: locally originated
Replies: 25
Views: 29630

Re: route ospf error -> Discarding packet: locally originated

OK. Do you have any advice then? I tested Chupaka's method with the same result.
by he1ium
Fri Mar 19, 2010 4:34 am
Forum: Scripting
Topic: upgrade-package-source
Replies: 23
Views: 15500

Re: upgrade-package-source

Thanks for the reply. We did get it to work by pushing it as into /system/scripts using the API. But 4.6 seems to have broken that. We used to be able to run it from /system scripts just like this with the password on a new line - /system upgrade upgrade-package-source add address=1.1.1.1 user=mtupd...
by he1ium
Thu Mar 18, 2010 11:39 pm
Forum: Scripting
Topic: upgrade-package-source
Replies: 23
Views: 15500

Re: upgrade-package-source

So there's no one in here that knows how to script the "/system upgrade upgrade-package-source" command where it asks for the password: ?
by he1ium
Thu Mar 18, 2010 7:18 am
Forum: Forwarding Protocols
Topic: route ospf error -> Discarding packet: locally originated
Replies: 25
Views: 29630

Re: route ospf error -> Discarding packet: locally originated

I did not add interface ether1 as the reply states. Only "add interface=all passive=yes" and this still kills routes. These interfaces are IPIP tunnels and not wired directly to this router.
by he1ium
Wed Mar 17, 2010 8:32 pm
Forum: Forwarding Protocols
Topic: route ospf error -> Discarding packet: locally originated
Replies: 25
Views: 29630

Re: route ospf error -> Discarding packet: locally originated

This is what I got from Mikrotik and it didn't work (see below). By setting interfaces to passive (on one side, other side, both sides), the tunnel addresses appears to be up but the remote LAN networks were not distributed - Hello, Yes it is possible. Lets say we have setup 10.1.1.1/24 on ether1 an...
by he1ium
Wed Mar 17, 2010 8:35 am
Forum: Forwarding Protocols
Topic: route ospf error -> Discarding packet: locally originated
Replies: 25
Views: 29630

Re: route ospf error -> Discarding packet: locally originated

Layer 2 separation = no good. Still getting errors. As always, Mikrotik support says it's fixed in the newest firmware... and it's not. Then they told me to set all my interfaces as passive... this = loosing OSPF routes all over the place. My frustrations continue.
by he1ium
Wed Mar 17, 2010 5:49 am
Forum: Scripting
Topic: upgrade-package-source
Replies: 23
Views: 15500

upgrade-package-source

Ok I have finally given up on this. When executing the /system upgrade upgrade-package-source cmd, it will prompt you for a [admin@Mikrotik] > /system upgrade upgrade-package-source add address=1.1.1.1 user=mtupdate password: <- THIS IS THE PART I AM HAVING TROUBLES SCRIPTING BELOW AND THERE IS NO S...
by he1ium
Sat Mar 13, 2010 12:29 am
Forum: Forwarding Protocols
Topic: route ospf error -> Discarding packet: locally originated
Replies: 25
Views: 29630

Re: route ospf error -> Discarding packet: locally originated

Scratch that, they are back. But my point remains. Layer 2 separation begins Monday.
by he1ium
Sat Mar 13, 2010 12:22 am
Forum: Forwarding Protocols
Topic: route ospf error -> Discarding packet: locally originated
Replies: 25
Views: 29630

Re: route ospf error -> Discarding packet: locally originated

You may have just helped me FINALLY prove a point to my boss on why you don't run your WAN and LAN on the same dumb switch. There are many unintended consequences from doing so. I blocking 89(OSPF) on the WAN interface and the errors seem to have stopped. Thank you OSI model (even though there are d...
by he1ium
Sat Feb 06, 2010 6:23 am
Forum: Forwarding Protocols
Topic: route ospf error -> Discarding packet: locally originated
Replies: 25
Views: 29630

route ospf error -> Discarding packet: locally originated

Quick overview - wheel and spoke network with IPSec over IPIP tunnel and OSPF running on the IPIP interfaces (based on this article http://wiki.mikrotik.com/wiki/IPSec_VPN_with_Dynamic_Routing_/_Mikrotik_and_Cisco but using OSPF instead of RIP and both routers are Mikrotiks). I am only getting these...
by he1ium
Sat Dec 12, 2009 3:26 am
Forum: Scripting
Topic: System Upgrade upgrade-package-source Problem
Replies: 1
Views: 1085

Re: System Upgrade upgrade-package-source Problem

Just to clarify, the following does not have an option for password ie -> password=insertpwd. It only asks you for the password after the following has been executed - /system upgrade upgrade-package-source add address=10.1.10.40 user=admin password: <-asks here If you copy/paste to the terminal wit...
by he1ium
Tue Oct 20, 2009 8:13 am
Forum: Scripting
Topic: How winbox search for Mikrotik
Replies: 12
Views: 6473

Re: How winbox search for Mikrotik

I'm guessing that Mikrotik will never make this available to the public? I can understand the reasons to keep it closed. It sure would be nice to at least have some kind of API that would not undermine your intellectual property and/or security. Is this a pipe dream I will never see? It sure would m...
by he1ium
Tue Oct 20, 2009 8:10 am
Forum: Forwarding Protocols
Topic: IPSec and OSPF
Replies: 2
Views: 1230

Re: IPSec and OSPF

Solved - Someone snuck a 0.0.0.0/0 into my OSPF tables. Sick joke or human error? I will never know.
by he1ium
Tue Oct 20, 2009 8:09 am
Forum: Forwarding Protocols
Topic: 1to1 NAT = no internal access
Replies: 3
Views: 1159

Re: 1to1 NAT = no internal access

I figured it out. I needed to put a ! 10.0.0.0/8 rule in there so it did not pass requests to this dst network through the NAT. Similar ! rule to stop masquerading. Thanks though.
by he1ium
Thu Oct 15, 2009 1:28 am
Forum: Forwarding Protocols
Topic: 1to1 NAT = no internal access
Replies: 3
Views: 1159

1to1 NAT = no internal access

I have a 1to1 NAT forwarding my public IPs to my servers internal IPs (10.1.10.xxx). The internal IPs are on a network running OSPF. The problem is I can't access the servers using their internal IPs. If I send a ping, it reaches the server but the return route is forwarded directly to the public IP...
by he1ium
Fri Oct 02, 2009 5:01 am
Forum: Forwarding Protocols
Topic: IPSec and OSPF
Replies: 2
Views: 1230

Re: IPSec and OSPF

A little more info - Killed all connections. Ran 4 locations with ipip/ipsec tunnel to central RB1000 and OSPF running on the tunnel IPs at each end. This caused random tunnel collapse (ie - no ping) off and on. Disabling OSPF = no Tunnel crash. Was using 4beta4, upgrade to 4RC1 helped but issue rem...
by he1ium
Thu Oct 01, 2009 8:29 pm
Forum: Forwarding Protocols
Topic: IPSec and OSPF
Replies: 2
Views: 1230

IPSec and OSPF

Has anyone in here successfully implemented IPSec with OSPF on over 100 locations all connected to a single central location? My setup was working fine until we hit about 110 locations, then the IPSec tunnels and therefore the OSPF routes started dropping like flies. I am using an RB1000 with almost...
by he1ium
Fri Aug 07, 2009 7:40 am
Forum: Scripting
Topic: How winbox search for Mikrotik
Replies: 12
Views: 6473

Re: How winbox search for Mikrotik

We want to program a Mikrotik without using Winbox and the Mikrotik has no IP (ie - you would see 0.0.0.0 if you used Winbox MAC-Telnet). Are you saying it is not possible for us to do this with the APIs provided? We understand you are using a broadcast to send/receive with MAC-Telnet. We would real...