Community discussions

Search found 198 matches

by petterg
Wed Mar 27, 2019 11:49 am
Forum: Scripting
Topic: Variables named with a "-" [SOLVED]
Replies: 2
Views: 426

Re: Variables named with a "-" [SOLVED]

Thanks
by petterg
Wed Mar 27, 2019 1:30 am
Forum: Scripting
Topic: Variables named with a "-" [SOLVED]
Replies: 2
Views: 426

Variables named with a "-" [SOLVED]

I'm a noob when it comes to scripting mikrotik. How do you use varables with a name that contains a "-" ? Reading the manual at https://wiki.mikrotik.com/wiki/Manual:PPP_AAA For /ppp profile under section "on-up" it states: Execute script on user login-event. These are available variables that are a...
by petterg
Tue Mar 26, 2019 5:13 pm
Forum: General
Topic: Mangle rule to match https initial packet [SOLVED]
Replies: 9
Views: 509

Re: Mangle rule to match https initial packet [SOLVED]

Thanks. Then the answer to my question is 'no'.
by petterg
Tue Mar 26, 2019 4:51 pm
Forum: General
Topic: Mangle rule to match https initial packet [SOLVED]
Replies: 9
Views: 509

Re: Mangle rule to match https initial packet [SOLVED]

my OpenVPN only accept the connection if the first packet is 60bytes. Connection like telnet won't get through and will be thrown to DROP rule. Not great but works for me. Something like that would be nice, assumed first packet from a browser always has the same size. What I had in mind was a https...
by petterg
Tue Mar 26, 2019 3:28 pm
Forum: General
Topic: Mangle rule to match https initial packet [SOLVED]
Replies: 9
Views: 509

Mangle rule to match https initial packet [SOLVED]

Is there a way to create a mangle rule that matches the first packet (from client to server) of a https connection?
It doesn't need to 100%. What I want is a rule that can separate actual https initial packets from most other (i.e. port scanners) initial packets.
by petterg
Fri Mar 01, 2019 12:47 pm
Forum: Beginner Basics
Topic: Ovpn from ubuntu failing
Replies: 1
Views: 280

Ovpn from ubuntu failing

I have a rb3011 running ovpn server. This works for mikrotik - mikrotik tunneling, gentoo - mikrotik, mac - mikrotik and windows - mikrotik. However, ubuntu - mikrotik returns "error=unsupported certificate purpose" On gentoo I've tested client versions 2.4.2, 2.4.4 and 2.4.6. All works. On ubuntu t...
by petterg
Fri Jan 11, 2019 7:59 am
Forum: General
Topic: Apple devices flooding DHCP server
Replies: 7
Views: 1108

Re: Apple devices flooding DHCP server

We've identified one macbook that seemed to be the cause of this issue. Disconnected it from wlan - problem went away. Reconnected it - problem came back. Rebooted that mac - problem is gone. At least for now. This device got identified because the user complained that wlan only worked in her office...
by petterg
Thu Jan 10, 2019 9:43 am
Forum: General
Topic: Apple devices flooding DHCP server
Replies: 7
Views: 1108

Re: Apple devices flooding DHCP server

This is an office network in a building where walls and windows are so thick that there are no wifi coverage on the balcony, Even with the AP just inside the window. Wifi is WPA2-PSK. Apple devices has not behaved this way before. I have not tested another mikrotik, but the customers network admin h...
by petterg
Wed Jan 09, 2019 8:54 pm
Forum: General
Topic: Apple devices flooding DHCP server
Replies: 7
Views: 1108

Re: Apple devices flooding DHCP server

Well. Disable DHCP server and force everyone to set static ip will be a way to get around DHCP issues. Though, it will case quite a bit of other problems when dealing with users without technical knowledge. The strange thing is that this turned up as an issue with so many devices at once. Network eq...
by petterg
Wed Jan 09, 2019 5:33 pm
Forum: General
Topic: Apple devices flooding DHCP server
Replies: 7
Views: 1108

Apple devices flooding DHCP server

At a customers site, a week ago, log started to show lots of dhcp-lan client xx:xx:xx:xx:xx:xx declines IP adress 172.18.11.xx there were several of these entries every second during business hours. The problem was reported as windows users got a message telling their ip was already in use. Well, no...
by petterg
Sun Oct 07, 2018 10:56 am
Forum: Wireless Networking
Topic: Apple devices not choosing nearest AP
Replies: 2
Views: 475

Apple devices not choosing nearest AP

In a setup of 4 wAP ac's administrated by CapsMan things works good for pc's and android devices, but not for iphones and macbooks. Same SSID are used for 2G and 5G. The Apple devices then chooses 2G over 5G. So I created a new SSID for 5G only. This made the Apple products to jump to the combined 2...
by petterg
Mon Sep 17, 2018 9:41 pm
Forum: Wireless Networking
Topic: CapsMan: avoid channel
Replies: 1
Views: 400

CapsMan: avoid channel

In a setup with multiple wAP ac setup as CAPs administrated from CapsMan, where both the 5ghz and 2ghz radios are provided with the same configuration, what is the easiest way to avoid that a single CAP select a specific channel? The current issue is that one Caps 2ghz tend to select the 2427MHz cha...
by petterg
Sat Sep 08, 2018 2:27 pm
Forum: General
Topic: vlan unreachabel
Replies: 0
Views: 265

vlan unreachabel

A customer has three wAP ac setup for capsman using vlan (old version - ros 6.39). Two of them works fine. The third one does not communicate on ether1. The config is pretty much identical. Hostname and IP are the major differences as I can see. Why does one of these not communicate on ether1? I kno...
by petterg
Sun Aug 12, 2018 12:59 am
Forum: General
Topic: mikrotik scp/sftp client to transfer file between MT
Replies: 13
Views: 9587

Re: mikrotik scp/sftp client to transfer file between MT

Where do you store a file in router os to make it available to download via https (webfig)?
by petterg
Sun Aug 12, 2018 12:58 am
Forum: Scripting
Topic: Permissions to trigger script remotely?
Replies: 0
Views: 307

Permissions to trigger script remotely?

I'm in need of a cron job on a server to make changes to the router. The server is located in a none-secure zone, hence I don't want to give it full admin permission. I want it to trigger the script to change the router firewall config as needed to do some other tasks in that cron job, then, when it...
by petterg
Thu Apr 05, 2018 6:52 pm
Forum: Announcements
Topic: v6.40.7 [bugfix] is released!
Replies: 33
Views: 9645

Re: v6.40.7 [bugfix] is released!

Seems like all 6.40.7 download links are dead on https://mikrotik.com/download
by petterg
Fri Feb 23, 2018 9:33 pm
Forum: Scripting
Topic: Script run WOL permissions
Replies: 0
Views: 402

Script run WOL permissions

I have some users who are allowed to login using webconfig only. There they are set up with a skin that shows the scripts only, hence they cannot really do anything to the config even though the scripts requires the users to have write policy enabled. I've had scripts that disables / enables interfa...
by petterg
Sun Jan 28, 2018 12:03 pm
Forum: Beginner Basics
Topic: WOL from WAN
Replies: 20
Views: 8990

Re: WOL from WAN

Another way to trigger the script from wan: In winbox go to ppp -> profile -> (add) -> scripts Then, when your user logs in the script is triggered that makes use of the build in wol tool. For security you may put logged in users into a subnet not used for anything else, create firewall rule to tarp...
by petterg
Sat Jan 27, 2018 9:00 pm
Forum: General
Topic: switch vlan missconfig
Replies: 2
Views: 366

Re: switch vlan missconfig

Are noone able to see where I went wrong with this?
by petterg
Thu Jan 25, 2018 8:34 pm
Forum: Wireless Networking
Topic: Caps selecting same channel
Replies: 31
Views: 7306

Re: Caps selecting same channel

I ran into this issue again. What was the solution this time was to downgrade firmware, and upgrade firmware again. No config changed - problem gone.
I wonder if that's going to be the solution next time as well.
by petterg
Thu Jan 25, 2018 8:21 pm
Forum: Beginner Basics
Topic: WOL from WAN
Replies: 20
Views: 8990

Re: WOL from WAN

I guess you could solve this by creating a script in the mikrotik that sends magic packet to the server. Next you need a way to trigger the script. One way to do that is to create a firewall filter or mangle rule on a chosen port, and a scheduled task (running every minute or so) that checks the pac...
by petterg
Thu Jan 25, 2018 5:03 pm
Forum: General
Topic: switch vlan missconfig
Replies: 2
Views: 366

switch vlan missconfig

I'm missing out on something with the vlan setup. On a hAP AC running ROS 6.39.1 the goal is to use switching on port 3-5, while ports 1 and 2 are standalone. Port 5 is the master port. On port 4 and 5 I want tagged vlan1 and vlan2, while on port 3 I want vlan1 to be untagged. In my current config, ...
by petterg
Sun Nov 19, 2017 8:37 pm
Forum: Wireless Networking
Topic: Caps selecting same channel
Replies: 31
Views: 7306

Re: Caps selecting same channel

I have not configured channels. Hence the caps should use the country dependent frequency list.
by petterg
Sat Nov 18, 2017 9:54 pm
Forum: Wireless Networking
Topic: Caps selecting same channel
Replies: 31
Views: 7306

Re: Caps selecting same channel

Country tested with norway (frequency list know to be incorrect for wAPac models), france and UK. There are no other 5GHz networks in range at this customers site. The same goes at my house where I replicated the issue. For the two previous customers where I ran into this, there were some other 5ghz...
by petterg
Thu Nov 16, 2017 9:32 pm
Forum: Wireless Networking
Topic: Caps selecting same channel
Replies: 31
Views: 7306

Re: Caps selecting same channel

New customer - same problem. What appeared to solve the problem last time, does not work now. This setup differs in the way that I put the wAPac as capsman, and hAPac as cap (last time it was the other way around). Both selects 5180MHz for 5GHz. For 2GHz the select different channels. Apparently a f...
by petterg
Wed Nov 08, 2017 2:16 pm
Forum: General
Topic: free ssl certs in ros
Replies: 1
Views: 481

free ssl certs in ros

Does anyone know of free ssl certs that will work with ros sstp server service / MS sstp client? Now as even Microsoft has distrusted startssl, the only provider I'm aware of to provide free ssl certs is Letsencrypt. However, certs from Letsencrypt are valid only for 90 days. That calls for a need t...
by petterg
Tue Sep 26, 2017 11:32 pm
Forum: Wireless Networking
Topic: CAPSMAN disconnects sporadic all caps interfaces
Replies: 15
Views: 3136

Re: CAPSMAN disconnects sporadic all caps interfaces

I guess you could connect a device that will create a loop. Try it multiple places in your network. If it causes the caps to disconnect you may have a lead.
by petterg
Tue Sep 26, 2017 11:24 pm
Forum: Wireless Networking
Topic: Caps selecting same channel
Replies: 31
Views: 7306

Re: Caps selecting same channel

Thanks for making me aware of that
by petterg
Tue Sep 26, 2017 1:16 am
Forum: Wireless Networking
Topic: Caps selecting same channel
Replies: 31
Views: 7306

Re: Caps selecting same channel

Attached are two screenshots of capsman and caps while they were on my desk at home
capsman.jpg
capsman-4devices.jpg
by petterg
Tue Sep 26, 2017 12:39 am
Forum: Wireless Networking
Topic: Caps selecting same channel
Replies: 31
Views: 7306

Re: Caps selecting same channel

I got to a very minimal config demonstrating the problem. I wrote down all the changes I did to the default config. Resat config, went through all the steps I had written down, and the problem was replicated. Then I connected another wAPac running ros 6.35 - which also got the same frequency. Then I...
by petterg
Mon Sep 25, 2017 5:45 pm
Forum: Wireless Networking
Topic: Caps selecting same channel
Replies: 31
Views: 7306

Re: Caps selecting same channel

I'm currently trying to simplify config as much as possible to isolate the issue. This has revealed two other issues that I think are bugs. Those two are: 1) reset-configuration deletes all files on unit. This is causing problem when I want a script to run after reset - the script file is no longer ...
by petterg
Mon Sep 25, 2017 5:32 pm
Forum: Announcements
Topic: v6.40.3 [current]
Replies: 95
Views: 26241

Re: v6.40.3 [current]

When running reset-configuration from system menu in winbox all files are removed. Is this a bug? If this is not a bug, is there a chance to go back to the old practice where you could do a backup, reset config, and keep the backupfiles remained in the unit. (Also it seems pointless that the dialog ...
by petterg
Mon Sep 25, 2017 2:46 pm
Forum: Wireless Networking
Topic: Caps selecting same channel
Replies: 31
Views: 7306

Re: Caps selecting same channel

Now I've replicated this issue at home. Took a brand new hAPac and a new wAPac, ros 6.40.3, copied system identity, capsman, caps, bridge, vlan, switch and IP settings from the customer. They are connected to each other with a 30cm cable, and they select same channel for both radios. I live at at pl...
by petterg
Mon Sep 25, 2017 1:17 pm
Forum: Wireless Networking
Topic: Caps selecting same channel
Replies: 31
Views: 7306

Re: Caps selecting same channel

Thanks. You may be onto something. Restarting the cap makes it select another 2GHz channel, but it keeps using the same 5GHz. There's a lot of unused 5GHz channels in the building, and the the APs are within range of each other (-58dB). Is something wrong with the wAPac channel selection that makes ...
by petterg
Sun Sep 24, 2017 2:51 pm
Forum: Wireless Networking
Topic: Caps selecting same channel
Replies: 31
Views: 7306

Re: Caps selecting same channel

Noone has experienced this?
This is the second time I have this issue. The first time I thought all the wAPac's I had with me was from a defective batch, and replaced them with hAPac's.
by petterg
Sun Sep 24, 2017 2:47 pm
Forum: Wireless Networking
Topic: CAPSMAN disconnects sporadic all caps interfaces
Replies: 15
Views: 3136

Re: CAPSMAN disconnects sporadic all caps interfaces

Maybe there's a pc in your network that has wlan and cabled nic's bridged? When that user connects his laptop to the cabled network it creates a loop causing everything to stop for a while, including your caps connection to capsman.
by petterg
Sun Sep 24, 2017 2:41 pm
Forum: Wireless Networking
Topic: Wi-Fi on-off switch
Replies: 10
Views: 3063

Re: Wi-Fi on-off switch

I suppose you could even make a sort of switch by inserting a usb stick. If file1 is present on usb storage, run script1. If file2 is present run script2.... Multiple sticks act as different switches.
by petterg
Sat Sep 23, 2017 6:35 pm
Forum: Wireless Networking
Topic: CAPSMAN disconnects sporadic all caps interfaces
Replies: 15
Views: 3136

Re: CAPSMAN disconnects sporadic all caps interfaces

Maybe this is a (r)STP config issue?
by petterg
Sat Sep 23, 2017 6:30 pm
Forum: Wireless Networking
Topic: Wi-Fi on-off switch
Replies: 10
Views: 3063

Re: Wi-Fi on-off switch

My home router runs a script that has the intention to enable wlan when someone tries to connect, and disables wlan when no clients are connected. This is scheduled to run every 150seconds. It's not as effective as it sounds. wlan is only disabled 93% of the time when disabled. The reminding 7% of t...
by petterg
Fri Sep 22, 2017 1:38 pm
Forum: Wireless Networking
Topic: Capsman avoid channel
Replies: 2
Views: 482

Re: Capsman avoid channel

That would require to enter all frequencies, make a full list of frequencies for the country. I was wondering if there was a way to say all EXCEPT the one specified.
by petterg
Fri Sep 22, 2017 1:31 pm
Forum: Wireless Networking
Topic: Caps selecting same channel
Replies: 31
Views: 7306

Caps selecting same channel

I updated a customers caps from ros 6.39.1 to 6.40.3. Now I notice that both caps (a hAPac and a wAPac) have selected the same channel for both radios. I didn't notice if they did so before the update. How can they do that for both radios? They are located just 10m from each other. I could understan...
by petterg
Fri Sep 22, 2017 12:12 pm
Forum: Wireless Networking
Topic: Capsman avoid channel
Replies: 2
Views: 482

Capsman avoid channel

Is there a way to configure caps to NOT use a specific frequency? Trouble is that in a small area the 5500MHz is not working (near the fridge in a meetingroom), and the nearest AP tend to select exactly that channel when set to auto. The result is that devices try to connect to that AP, get disconne...
by petterg
Thu Sep 21, 2017 6:54 pm
Forum: General
Topic: Move vlan from port to bridge remotely
Replies: 10
Views: 1411

Re: Move vlan from port to bridge remotely

I hope so too. But as off today that is not the case.
by petterg
Thu Sep 21, 2017 6:20 pm
Forum: General
Topic: Move vlan from port to bridge remotely
Replies: 10
Views: 1411

Re: Move vlan from port to bridge remotely

If you read the wiki, the table shows that offloading will automatically be disabled once you make use of vlan, unless you are using a crs3xx. https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading I also though taking a port out of switch would make me able to do swit...
by petterg
Thu Sep 21, 2017 4:22 pm
Forum: General
Topic: Move vlan from port to bridge remotely
Replies: 10
Views: 1411

Re: Move vlan from port to bridge remotely

The way I read the new bridge/vlan implementation, the hardware offloading will be disabled once vlan is enabled on most devices. Hence anything vlan will be software. I don't think that will be a good idea. Also I have no idea of how to do the setup when a unit should run be configured as a caps wi...
by petterg
Sun Sep 17, 2017 11:42 pm
Forum: General
Topic: Move vlan from port to bridge remotely
Replies: 10
Views: 1411

Re: Move vlan from port to bridge remotely

I can ask them to connect a second cable, but as this unit only has one switch chip, it's still a major chance of loosing connection when doing the switch config. Just two weeks ago I went to a customer to setup two wAPac's and a hAPac as capsman with vlan. The customer had a rb750gl as router, with...
by petterg
Fri Sep 15, 2017 2:26 pm
Forum: General
Topic: Bridge for tagged and untagged traffic
Replies: 4
Views: 852

Re: Bridge for tagged and untagged traffic

I've lately learned that it's better to configure vlan on bridge interface than on etherX interface. Then use the switch menu to control what to tag or untag. How the switch menu works highly depends on the switch chip - they all seems to behave differently, and I have to say the switch vlan config ...
by petterg
Fri Sep 15, 2017 2:01 pm
Forum: General
Topic: Slow routing with a CCR1009
Replies: 11
Views: 1731

Re: Slow routing with a CCR1009

This kind of sounds similar to what I experienced with a rb3011. After 6 weeks it got worse. Turned out to be a faulty router. Replaced with a new one, copied config, problem solved.
by petterg
Fri Sep 15, 2017 1:52 pm
Forum: General
Topic: IPsec and firewall issues
Replies: 2
Views: 458

Re: IPsec and firewall issues

I never (with a few exceptions) create drop rules, except for the final drop all rule. My philosophy is that everything should be dropped unless I specify otherwise. What you probably want is: add action=accept chain=forward comment=Established connection-state=established add action=accept chain=fo...
by petterg
Fri Sep 15, 2017 12:28 pm
Forum: General
Topic: Move vlan from port to bridge remotely
Replies: 10
Views: 1411

Move vlan from port to bridge remotely

I want to change a customers vlan setup, without going onsite. How can I do this without loosing connection to the unit? This customer has a hAPac as single access point in their office, also serving as a local switch. It's connected to a RB450g serving as a router. Now their extending their office ...
by petterg
Fri Sep 08, 2017 2:14 am
Forum: Wireless Networking
Topic: Auto channel selection - how does it decide?
Replies: 24
Views: 10853

Re: Auto channel selection - how does it decide?

Old thread, but it looks like a solution has arrived! I have not tested though, and it's not mentioned in the wiki.
ROS: 6.40.3
Capsman -> Channel -> reselect interval

The name sounds like something we've been looking for.
Seems like this cannot be set on a wlan interface not controlled by capsman.
by petterg
Tue Aug 29, 2017 12:27 am
Forum: Wireless Networking
Topic: Auto channel selection - how does it decide?
Replies: 24
Views: 10853

Re: Auto channel selection - how does it decide?

One way could be to schedule a reboot. Preferably outside office hours.
by petterg
Tue Aug 29, 2017 12:24 am
Forum: RouterBOARD hardware
Topic: RB3011 unstable winbox
Replies: 6
Views: 968

Re: RB3011 unstable winbox

Just an update: The new 3011 (which actually is older than the old one) is stable running same config as the dead one. Winbox stayed connected for 40 hours over vpn, then power at my house went out an my internet connection dropped. Thats way better than the old 3011 managed when new. This was my fi...
by petterg
Thu Aug 24, 2017 5:04 am
Forum: Beginner Basics
Topic: Winbox 3.11 - how to save notes?
Replies: 2
Views: 912

Re: Winbox 3.11 - how to save notes?

Thanks
*feeling blind*
by petterg
Thu Aug 24, 2017 4:54 am
Forum: RouterBOARD hardware
Topic: RB3011 unstable winbox
Replies: 6
Views: 968

Re: RB3011 unstable winbox

I replaced the box because within an hour after I posted this thread it got impossible to deal with. I couldn't even stay connected to the unit long enough to do a remote reboot - neither by winbox or telnet (from lan). As the problem got worse so fast, and also started to affect packets passing tro...
by petterg
Wed Aug 23, 2017 10:45 am
Forum: RouterBOARD hardware
Topic: RB3011 unstable winbox
Replies: 6
Views: 968

RB3011 unstable winbox

A customer has a RB3011 as main router and running CAPsMAN. Ever since it was new, winbox has disconnected frequently. When I first configured it, the disconnects happend at randomish 30 minute intervals. I could reconnect immediately so it wasn't a big issue. Now this happens about every minute, an...
by petterg
Wed Aug 23, 2017 10:06 am
Forum: Beginner Basics
Topic: Winbox 3.11 - how to save notes?
Replies: 2
Views: 912

Winbox 3.11 - how to save notes?

In the old days of winbox I could save ip, username, (password) and a comment of the devices I manage with winbox. In the 3.11 version I could copy my old config into the new and get the list of managed devices. I could also add the column "notes" to see the comment saved with each device. But can a...
by petterg
Sun Jul 02, 2017 6:54 pm
Forum: General
Topic: Find available vlans on a link
Replies: 2
Views: 403

Re: Find available vlans on a link

The ISP switch is a Zyxel. I think the model number was 2210.
I didn't pay attention to what was written on the sfp.

ISP say they wont support any other configuration that the one they have provided. So the options is either to do it by mikrotik configuration or get a second UPS.
by petterg
Sun Jul 02, 2017 4:52 pm
Forum: General
Topic: Find available vlans on a link
Replies: 2
Views: 403

Find available vlans on a link

At a customers site ISP delivers fiber in the basement. The fiber terminates in a switch controlled by ISP. I think they're using vlan and their point with a switch rather than a media converter is that they could just configure another port at the switch in order to give a connection to a new custo...
by petterg
Sat Jul 01, 2017 4:59 pm
Forum: General
Topic: RB3011 instability ROS 6.39.2
Replies: 5
Views: 755

Re: RB3011 instability ROS 6.39.2

I had a new case of a similar subject. I had 11 vlans configured on eth5. Then I got the need for the same vlans on sfp1. I figured the fastest way to get them all in place was to do an export compact, search/replace the interface name, and run the resulting script. That was a mistake. I did not cha...
by petterg
Wed Jun 28, 2017 10:46 pm
Forum: Wireless Networking
Topic: Capsman redundancy certificate issue
Replies: 2
Views: 2030

Re: Capsman redundancy certificate issue

I think I found the answer here https://forum.mikrotik.com/viewtopic.php?t=102518#p509112 ... There is also quick and dirty way to do what you want - just export the certificate on your old CAPsMAN along with its private key. You do this by: /cert export-certificate 0 export-passphrase=12345678, it ...
by petterg
Wed Jun 28, 2017 9:50 pm
Forum: General
Topic: RB3011 instability ROS 6.39.2
Replies: 5
Views: 755

Re: RB3011 instability ROS 6.39.2

Well, at least we've learned that the fastest way to a fresh start may be backup - reset - restore.
by petterg
Wed Jun 28, 2017 5:37 pm
Forum: Wireless Networking
Topic: EAP on virtual AP on two separate RADIUS
Replies: 5
Views: 536

Re: EAP on virtual AP on two separate RADIUS

A customer has a setup where sstp uses two different radius servers depending on the domain-part of the username. I would think that wlan would give similar behavior in respect to domain name. The only thing I did to make it work was to enter domainname for each radius server. I'll post config here,...
by petterg
Wed Jun 28, 2017 5:21 pm
Forum: General
Topic: RB3011 instability ROS 6.39.2
Replies: 5
Views: 755

Re: RB3011 instability ROS 6.39.2

That's pretty much what I did. Hence I temporary concluded a faulty config, but what could be causing such behavior? After all the problem were first observed on ports that was unchanged from the default settings. And why is the problem impossible to replicated when config is restored from a backup?...
by petterg
Wed Jun 28, 2017 4:32 pm
Forum: Wireless Networking
Topic: Capsman redundancy certificate issue
Replies: 2
Views: 2030

Capsman redundancy certificate issue

I'm testing out capsman... As it seems to introduce a single point of failure (if the capsman goes down, all CAPs are disabled) I'm trying to setup a second CAPsMAN. The idea is that the CAPs will use the second one when the primary goes down. So I did /capsman export compact on the one running, usi...
by petterg
Wed Jun 28, 2017 3:09 am
Forum: General
Topic: RB3011 instability ROS 6.39.2
Replies: 5
Views: 755

RB3011 instability ROS 6.39.2

Here's the story of a brand new RB3011 I've been fighting today. There is something about this box that is not right, and I can't figure what it is. First thing I did was to upgrade it to ROS 6.39.2. My laptop was connected to eth3. Then I took eth6 out of bridge and added vlans to it. A wAP ac conn...
by petterg
Wed Jun 28, 2017 1:06 am
Forum: Wireless Networking
Topic: capsman local bridge as datapath
Replies: 12
Views: 3663

Re: capsman local bridge as datapath

Thanks, that was the trick! I add some details in case someone is searching for the solution to a similar issue. When using capsman forwarding: -set bridge in datapath section of capsman - do not set bridge in cap config. When using local forwarding: - set vlan using bridge as interface. Do not use ...
by petterg
Tue Jun 27, 2017 3:15 am
Forum: Wireless Networking
Topic: capsman local bridge as datapath
Replies: 12
Views: 3663

capsman local bridge as datapath

I'm testing out capsman. What I'm trying to do is to provision multiple ssid to multiple wAP ac / hAP ac that already has vlan and bridges configured. The problem is that provisioning does not add wlan interface to the local bridge at the ap. I have to log into every ap and run something like /inter...
by petterg
Mon Jun 19, 2017 4:31 am
Forum: Wireless Networking
Topic: Drop clients when signal is weak
Replies: 7
Views: 8876

Re: Drop clients when signal is weak

Does capsman tell clients which AP to connect to?
by petterg
Sat Jun 17, 2017 10:33 pm
Forum: Wireless Networking
Topic: Drop clients when signal is weak
Replies: 7
Views: 8876

Drop clients when signal is weak

A customer has 3 wAP ac running ROS 6.39.1. All setup with same SSID / wpa2 key so that clients can move around the area and connect to the AP with strongest signal. Problem is that they have 6 sonos devices, and these seems to frequently connect to the first AP they see, not the one with the strong...
by petterg
Fri Jun 16, 2017 1:14 pm
Forum: Wireless Networking
Topic: Dual wireless link - loadbalance/failover
Replies: 5
Views: 841

Re: Dual wireless link - loadbalance/failover

Bonding two EoIP tunnels over two wlan links seems quite stable using broadcast as bond mode. The only issue I ran into is that when a client moves from one site to the other, traffic stops for 30-60 seconds. I followed an example of bonding eoip where rstp was used on the bridge. I suspect the rstp...
by petterg
Fri Jun 16, 2017 12:59 pm
Forum: Wireless Networking
Topic: Auto channel selection - how does it decide?
Replies: 24
Views: 10853

Re: Auto channel selection - how does it decide?

Maybe that could be something for Mikrotik to implement as well?
by petterg
Sat Jun 03, 2017 7:59 pm
Forum: Wireless Networking
Topic: Auto channel selection - how does it decide?
Replies: 24
Views: 10853

Re: Auto channel selection - how does it decide?

The reason I asked is that a customer is in a location where channels are crowded. Even in the 5ghz band its hard to find channels. I've never used auto channel. At this place there may be channels available where the AP is located, but once moving 5m away the same channel is filled with other netwo...
by petterg
Mon May 29, 2017 1:15 pm
Forum: Wireless Networking
Topic: Auto channel selection - how does it decide?
Replies: 24
Views: 10853

Auto channel selection - how does it decide?

How does routeros decide which frequency to use when AP is set to auto? Does it scan and look for the frequency with the least noise? (If so; How often does it perform such scan?) Does the connected clients affect the frequency selection in any way? If there are two AP's at same frequency (your own ...
by petterg
Mon May 29, 2017 12:58 pm
Forum: Wireless Networking
Topic: Same SSID for 2,4 and 5 Ghz
Replies: 18
Views: 5271

Re: Same SSID for 2,4 and 5 Ghz

I've experienced that HP Spectre 13 running windows 8.1 preferred 2GHz at default setting, even when putting the laptop next to the AP. Setting it manually to 5GHz solved performance issues (2GHz in that office building is crowded.)
by petterg
Sun May 28, 2017 12:14 pm
Forum: Wireless Networking
Topic: Dual wireless link - loadbalance/failover
Replies: 5
Views: 841

Re: Dual wireless link - loadbalance/failover

From reading the manual on bonding, bonding seems to be the way to go. Choosing the bonding mode seems to require some experimenting. And while the manual states that wireless interfaces can be bounded, the examples states that they can not unless a layer of EoIP is added. I'm a bit confused, but I ...
by petterg
Sat May 27, 2017 10:06 pm
Forum: Wireless Networking
Topic: Dual wireless link - loadbalance/failover
Replies: 5
Views: 841

Re: Dual wireless link - loadbalance/failover

I've tried both bands, different frequencies. They all seems to drop, but not at the same time. Currently 2GHz band is the one in use, and I have configured a test subnet for a 5GHz link. I have a ping running on the 5GHz link. From the log it seems like the 5GHz is still alive when the 2GHz disconn...
by petterg
Fri May 26, 2017 6:38 pm
Forum: Wireless Networking
Topic: Dual wireless link - loadbalance/failover
Replies: 5
Views: 841

Dual wireless link - loadbalance/failover

I have 2 wAP ac mounted for a wireless link between two buildings. The link transports 5 vlans. Problem is that a few times a day some cars stop outside and the link drops. So I'm thinking, as the wAP ac has two radios, I could use them both, and hopefully when cars passes, only one of the frequenci...
by petterg
Sun May 07, 2017 12:36 am
Forum: Wireless Networking
Topic: Priorty of Skype VoIP over wlan
Replies: 4
Views: 1480

Re: Priorty of Skype VoIP over wlan

I was hoping the packets could be identified in some other way than by IP.
by petterg
Fri Apr 21, 2017 11:44 am
Forum: Wireless Networking
Topic: Priorty of Skype VoIP over wlan
Replies: 4
Views: 1480

Priorty of Skype VoIP over wlan

What is best practice to give priority to Skype users connected with wlan? Keep in mind that Skype (for business) is tunneling VoIP over https. How would you give priority to these packages? Would you setup QoS to give priority by skype server IP and a script to look up skype connection dns and upda...
by petterg
Sun Mar 26, 2017 11:43 am
Forum: General
Topic: Speed issues, Fastpath appears to be employed in only one direction
Replies: 12
Views: 1843

Re: Speed issues, Fastpath appears to be employed in only one direction

In order to locate the problem I'd start with doing speed test to/from the CRS125 from both sides. Either by configuring the CRS125 so that it can be used for speedtest, or (better) bring another box up on the roof and connect it to the CRS125 for performing the speed test trough the CRS125. Another...
by petterg
Sun Mar 26, 2017 12:23 am
Forum: General
Topic: [Solved] Bug? CRS125 running 10mbit on all ports
Replies: 1
Views: 367

Re: Bug? CRS125 running 10mbit on all ports

The solution is explained here:
viewtopic.php?f=2&t=120003
by petterg
Sun Mar 26, 2017 12:20 am
Forum: General
Topic: Solved: Cloud Router HUB(!) 125
Replies: 1
Views: 872

Re: Cloud Router HUB(!) 125

I finally figured this one out! The problem is explained here: https://support.radware.com/app/answers/answer_view/a_id/15364/~/when-should-source-mac-learning-be-disabled-on-vlans%3F Somehow I managed to set sa-learning=no in both entries at switch->ingress-vlan-translation Changing that to yes (wh...
by petterg
Fri Mar 24, 2017 11:31 am
Forum: General
Topic: CRS with RouterOS vlan stacking (QinQ)
Replies: 4
Views: 3647

Re: CRS with RouterOS vlan stacking (QinQ)

You can set both customer-vid and service-vid in switch -> vlan
I think that is what you need. I have never tried service-vid. And customer-vid seems to be buggy as showed in this thread:
viewtopic.php?f=2&t=120003
by petterg
Thu Mar 23, 2017 2:23 am
Forum: General
Topic: IP NAT Pool with 5 Remote VLAN Networks
Replies: 1
Views: 360

Re: IP NAT Pool with 5 Remote VLAN Networks

You probably want to add out-interface to both of those rules. And disable the masquerade rule if you haven't - or at least put it later than the two new ones. Next. Take a look at the packet counter for each of the rules. Do they hit any packets at all? If yes. create a mangle rule, post routing, t...
by petterg
Thu Mar 23, 2017 2:11 am
Forum: General
Topic: Bonding Multiple Lines
Replies: 3
Views: 483

Re: Bonding Multiple Lines

You'll need to ask if the 4 of them are willing to cooperate with each other in order to provide you bounding of their lines. I'll guess they say no, if you're lucky enough to get in touch with anyone at their customer care who understands what bounding is. When I did this I had two lines from the s...
by petterg
Wed Mar 22, 2017 10:01 am
Forum: General
Topic: Bonding Multiple Lines
Replies: 3
Views: 483

Re: Bonding Multiple Lines

Bonding is possible only if your ISP is willing to cooperate. It requires that there is a shared public ip between the lines. I've done this a couple of times many years ago. Load balancing is something you can do independent of the ISP. There are a few howtos around the forum and/or wiki about how ...
by petterg
Wed Mar 22, 2017 1:19 am
Forum: General
Topic: Route Cache Size Overflow, High CPU Usage, Internal IP Spam, UPNP XML? RB2011
Replies: 3
Views: 594

Re: Route Cache Size Overflow, High CPU Usage, Internal IP Spam, UPNP XML? RB2011

I think I've seen a UPnP setting for each guest in hyper-v management. Look for it and see if it helps to change that setting.
by petterg
Wed Mar 22, 2017 1:14 am
Forum: General
Topic: VPN
Replies: 5
Views: 667

Re: VPN

I assume R1 main and backup connections does not share ip's. My approach in such case would be to make sure router at R2 would be the one to initiate the connection. At R2 I would create a set of netwatch entries: - Netwatch1: ip=[a lan ip at R1] OnDown=/system script run StabilityCheck - Netwatch2:...
by petterg
Tue Mar 21, 2017 6:30 pm
Forum: General
Topic: Solved: Cloud Router HUB(!) 125
Replies: 1
Views: 872

Solved: Cloud Router HUB(!) 125

I've managed to replicate and isolate an issue two of my customers of CRS125 has run into. I'm not sure if this is a bug or a config fault. I've replicated this with ROS 6.15 6.38.1 and 6.39rc55. What happens is that the CRS125 starts sending out each packet (TX) to ALL active ports. It basically st...
by petterg
Tue Mar 21, 2017 9:22 am
Forum: General
Topic: dynamic FW rules based on outgoing traffic
Replies: 5
Views: 542

Re: dynamic FW rules based on outgoing traffic

You said the remote part would have to make connection to a server first, the you wanted a rule to be created from that server to the client. In that sense you know the clients ip, and can use the ip as identifier. It will work as long as the client keeps the same ip while connected. When IP changes...
by petterg
Wed Mar 15, 2017 2:26 am
Forum: General
Topic: dynamic FW rules based on outgoing traffic
Replies: 5
Views: 542

Re: dynamic FW rules based on outgoing traffic

What I showed is to logic to create those return rules. Now as you say there is a lan to lan dial up, you skip the connection scrips, and just create a set of those two rules explained for each client ip you want. (or make a script to generate the for you) I recommend putting them in a new chain, an...
by petterg
Fri Mar 10, 2017 11:06 pm
Forum: General
Topic: [SOLVED] Dhcp Server on Bridge with vlan doesn't work
Replies: 4
Views: 1075

Re: Dhcp Server on Bridge with vlan doesn't work

I ran into case of wireless clients not getting dhcp once. Everything worked if I set static ip on the wireless clients. I spent hours trying to figure out and finally went for factory reset of the access point and start all over. Then it worked. So, my advice, if you're stuck; start all over again.
by petterg
Fri Mar 10, 2017 10:59 pm
Forum: General
Topic: dynamic FW rules based on outgoing traffic
Replies: 5
Views: 542

Re: dynamic FW rules based on outgoing traffic

I think you could accomplish this by using firewall action = add dst/src to address list Combine this with the use of ppp -> profiles -> add -> scripts (winbox navigation) The idea is that when a dial up connection is established, a script will run that creates: - a fw rule with dst-address=[client ...
by petterg
Fri Mar 10, 2017 10:14 pm
Forum: General
Topic: CRS and Port Isolation
Replies: 1
Views: 723

Re: CRS and Port Isolation

You may find what you're looking for here
https://wiki.mikrotik.com/wiki/Manual:CRS_examples

Far down that page there's an example called "isolation"
by petterg
Fri Mar 10, 2017 5:01 pm
Forum: General
Topic: [Solved] Bug? CRS125 running 10mbit on all ports
Replies: 1
Views: 367

[Solved] Bug? CRS125 running 10mbit on all ports

There seems to be a problem with CRS125 wire speed. Say ports 3-24 is set up with port2 as master port. Now, if you connect a 10mbit (or 100mbit) device to any of the grouped ports, and two 1Gbit devices to two of the other ports in the same group, the max data transfer speed between the two 1Gbit d...
by petterg
Thu Feb 23, 2017 8:29 pm
Forum: General
Topic: CRS125 vlan config
Replies: 9
Views: 1349

Re: CRS125 vlan config

It is somewhat offtopic for this thread, but still.. Unless you plan to add more ports to the bridges later, it's pointless to have bridges with only one interface. Just assign the ip adresses and the firewall rules to the vlan interfaces, and you can delete the bridges. Also, when you do config cha...
by petterg
Thu Feb 16, 2017 2:04 pm
Forum: General
Topic: CRS125 vlan config
Replies: 9
Views: 1349

Re: CRS125 vlan config

So the problem may be that I have one single port and 23 in the port group, not all 24 in the group?
Unfortunately I had to hand this box over to the customer - the last in stock - and have to wait for a new delivery to arrive before I can experiment more with this.
by petterg
Wed Feb 15, 2017 11:28 pm
Forum: General
Topic: CRS125 vlan config
Replies: 9
Views: 1349

Re: CRS125 vlan config

Am I alone with the issue of masterport not working when vlan is configured?
by petterg
Tue Feb 14, 2017 2:41 am
Forum: General
Topic: CRS125 vlan config
Replies: 9
Views: 1349

Re: CRS125 vlan config

Here is the config (excluded wireless, dhcp and ipsec config) where ether2 is not working. Does anyone see why that is? Ether1 is wan, Ether2-16 are untagged members of bridge-lan, Ether17-20 are untagged members of bridge-gjest, Ether21-24 are tagged members of both bridges. # feb/14/2017 01:23:28 ...
by petterg
Tue Feb 14, 2017 2:14 am
Forum: General
Topic: CRS125 vlan config
Replies: 9
Views: 1349

Re: CRS125 vlan config

Thanks. I think I found the answer to my question in a note in your first link Note: Multiple master-port configuration is designed as fast and simple port isolation solution, but it limits a part of VLAN functionality supported by CRS switch-chip. For advanced configurations use one master-port wit...
by petterg
Sun Feb 12, 2017 11:58 pm
Forum: General
Topic: CRS125 vlan config
Replies: 9
Views: 1349

CRS125 vlan config

This is the first time I run into the need of vlan on a CRS125. The switch menu on CRS125 tells that there are some new possibilities with the CRS compared to the routerboards I've configured for vlan earlier (mostly 1100AHx2, 433g and 951g). The config I'm looking for is: Ether1 as wan link (routin...
by petterg
Mon Oct 17, 2016 3:10 am
Forum: Wireless Networking
Topic: Connect as station with username/password
Replies: 5
Views: 684

Re: Connect as station with username/password

I didn't have the username and password fields in that menu. Guess I need a software upgrade. Which ROS version is that screen shot from?
by petterg
Sat Oct 15, 2016 9:08 pm
Forum: Wireless Networking
Topic: CRS125 wlan noise level
Replies: 0
Views: 273

CRS125 wlan noise level

I got a surprise when I replaced an rb951g with an CRS125-24G-1S-2HnD-IN - I thought they would be quite similar in regards to wlan. They were set up as wlan stations connecting to a cisco ap several buildings away. While the rb951g had a signal to noise ratio of 24-28dB (depending on weather) and g...
by petterg
Sat Oct 15, 2016 8:43 pm
Forum: Wireless Networking
Topic: Connect as station with username/password
Replies: 5
Views: 684

Re: Connect as station with username/password

Oh, so it's not just me being blind this time?
by petterg
Thu Oct 13, 2016 7:55 pm
Forum: Wireless Networking
Topic: Connect as station with username/password
Replies: 5
Views: 684

Connect as station with username/password

Today I failed in setting up an rb951g for a customer. I thought it would be a simple case, but I couldn't solve it. The case is that this customer (small company) has moved into a building where they have internet access from the owner of the building, provided as wlan only. My plan was to set an r...
by petterg
Wed Jun 08, 2016 9:40 pm
Forum: Wireless Networking
Topic: wAP directional antenna?
Replies: 2
Views: 540

Re: wAP directional antenna?

Thank you Normis
by petterg
Tue Jun 07, 2016 7:37 pm
Forum: Wireless Networking
Topic: wAP directional antenna?
Replies: 2
Views: 540

wAP directional antenna?

Does the antenna in wAP give better signal in some directions?
I'm wondering if it makes a difference if it's roof mounted (near the wall) or wall mounted (near the roof) when the goal is to get the best signal in a half circle out from the wall?
by petterg
Fri May 13, 2016 12:11 pm
Forum: Wireless Networking
Topic: Which AP for basketball arena?
Replies: 2
Views: 632

Re: Which AP for basketball arena?

Thanks
I wasn't aware of the wap series AP's.
Do you really think there's no need for roof mounted sector antennas (as the SXT series) in the large open area?
by petterg
Wed May 11, 2016 1:03 pm
Forum: Wireless Networking
Topic: Which AP for basketball arena?
Replies: 2
Views: 632

Which AP for basketball arena?

Hi guys I need a recommendation for access points to cover a indoor basketball arena. The area is about 40m x 30m. Roof is 8m up. There is also a cafe next to the arena that should be covered and meetingrooms/wardrobes one floor up from the cafe. Outer walls and roof are steel (may reflect wireless ...
by petterg
Wed Jun 24, 2015 11:55 pm
Forum: General
Topic: Allow user to run script only
Replies: 6
Views: 1814

Re: Allow user to run script only

Then, how come it works randomly? If a command in the script requires write, how come the user with read only access can run it most of the time? And, when the script owned by admin is run by a read only user, why does the log show that the "device was changed by admin"? And why does this log entry ...
by petterg
Wed Jun 24, 2015 6:48 pm
Forum: General
Topic: Allow user to run script only
Replies: 6
Views: 1814

Re: Allow user to run script only

I created a custom skin. It randomly works. Sometimes user cannot log in. Giving the group write permission makes the login stable. But I don't want the user to have write permission. Having just read and web permission, the user randomly cannot log in. Another issue is that script randomly is not e...
by petterg
Tue Jun 23, 2015 9:29 pm
Forum: General
Topic: Allow user to run script only
Replies: 6
Views: 1814

Allow user to run script only

Is there a way to limit a user login to run script only? I frequently run into the case where I want to allow someone to run a script on some of my routerboards, and I don't want them to be able to do or see any other parts of the config. The scripts could be of the kind 'wakeOnLanFtpServer', or 'En...
by petterg
Thu May 28, 2015 3:12 am
Forum: Wireless Networking
Topic: Wlan for 500 devices, high density
Replies: 10
Views: 2022

Re: Wlan for 500 devices, high density

Isn't the antenna in 951 (and 751) shaped so that the signal goes equally out in all directions? If so it would have to be mounted in the height of peoples head. I think a more directional antenna is required to mount the equipment somewhat less visible. I have a bunch of rb951g laying around. Rule ...
by petterg
Wed May 27, 2015 12:15 am
Forum: Wireless Networking
Topic: Wlan for 500 devices, high density
Replies: 10
Views: 2022

Re: Wlan for 500 devices, high density

I've now spoken to some friends who runs a catering service. We're thinking of setting up a test with 2.4GHz only, and invite a bunch of people for a snack and wlan test. Which antennas would be the best suited? According to the cisco guide the preferred antenna should ha low gain and cover as small...
by petterg
Sat May 23, 2015 9:40 pm
Forum: Wireless Networking
Topic: Wlan for 500 devices, high density
Replies: 10
Views: 2022

Re: Wlan for 500 devices, high density

I'd like to test mikrotik for this application. Over the years I've replaced a lot of expensive cisco wlan that users complain about i favor of cheap mikrotik. It won't be cheap to test with mikrotiks either. I'll need probably 15 AP's and 500 people. I don't have that many friends! (Or I could do a...
by petterg
Sat May 23, 2015 7:14 pm
Forum: Wireless Networking
Topic: Wlan for 500 devices, high density
Replies: 10
Views: 2022

Re: Wlan for 500 devices, high density

Things I learned from Ciscos guide: it is better for two APs to share a channel than to have two channels overlapping on the edge. Two APs sharing a channel can demodulate each others’ transmissions and share the bandwidth amicably. When two channels overlap at the edge, it is just noise to both and...
by petterg
Fri May 22, 2015 6:10 pm
Forum: Wireless Networking
Topic: Wlan for 500 devices, high density
Replies: 10
Views: 2022

Wlan for 500 devices, high density

The subject has been up before, but the newest I found was 3 years old. Has something changed? The case is: one room, 20x50m. 500 devices (mobile, laptop, pad, press camera..) Can it be covered by mikrotik wlan devices? Say 50% of the devices can handle 5ghz. 50% is stuck on 2,4Ghz. How many 2,4GHz ...
by petterg
Fri Nov 28, 2014 2:24 am
Forum: Wireless Networking
Topic: AD authentication for wlan connections
Replies: 4
Views: 4757

Re: AD authentication for wlan connections

Thanks. Your config did the trick. This config now works excellent with radius on windows server 2012.
The required changes was mac-mode=username, and disable eap-accounting.
by petterg
Wed Nov 26, 2014 10:46 am
Forum: Wireless Networking
Topic: AD authentication for wlan connections
Replies: 4
Views: 4757

AD authentication for wlan connections

Device: rb433gl, ros 6.7, 2x wlan. I'm trying to setup a wlan on microtik so that users will use their username/password in AD to connect. I've got to the point where computers that are members of the domain (and has a certificate from the domain installed) will connect using the certificate and not...
by petterg
Wed Aug 27, 2014 12:19 pm
Forum: General
Topic: 1100AHx2 - preferred IPsec config (hw encryption)
Replies: 1
Views: 695

1100AHx2 - preferred IPsec config (hw encryption)

What is the preferred way to setup ipsec tunnel between two 1100AHx2 to make use of the build in hardware encryption? I've tried quite a few combinations of settings, and never really got the expected throughput over the tunnel. I'm currently running peer with 3des/md5/modp1024 and policy at aes-128...
by petterg
Fri Mar 21, 2014 3:19 pm
Forum: Wireless Networking
Topic: Mikrotik and VoIP
Replies: 2
Views: 1092

Re: Mikrotik and VoIP

After some discussion with spectralink we figured that the accesspoint needs to support WMM-PS or WMM-AC in order for the handset to connect. I found a statement from mikrotik dated 2011 that PS is not supported. Is that still true? I haven't found anything regarding mikrotik and WMM-AC. Could it be...
by petterg
Fri Mar 21, 2014 12:03 pm
Forum: Wireless Networking
Topic: Mikrotik and VoIP
Replies: 2
Views: 1092

Re: Mikrotik and VoIP

I've bumped into the very same issue using RB951g with ROS 6.7 and ROS 5.25 (two boxes). A friend of mine managed to get the spectralink 8440 connected to his RB493g using a b/g wlan card about a year ago. He remember he messed about a lot to make it work, but finally he got it. Surely he didn't mak...
by petterg
Sat Mar 08, 2014 2:54 pm
Forum: Beginner Basics
Topic: Starting the Mikrotik routerboard after shutdown command?
Replies: 3
Views: 1577

Re: Starting the Mikrotik routerboard after shutdown command

Has anyone tried just to send a wol magic packet to the box?
(Why would anyone shutdown a routerboard unless there is a need to unplug the powercable?)
by petterg
Sat Mar 08, 2014 2:50 pm
Forum: General
Topic: after upgrade to 6.3 cannot generate certificate-request
Replies: 33
Views: 26360

Re: after upgrade to 6.3 cannot generate certificate-request

Thanks to this thread and rpr's posting above I managed to get a new certificate into my router. However I struggled to figure out why the cert was not accepted when enabling sstp. RouterOS WinBox Error Couldn't change SSTP Server - no certificate found (6) [OK] Even thou the certificate appeared in...
by petterg
Sat Mar 01, 2014 4:56 pm
Forum: General
Topic: NAT/PAT loopback challenge
Replies: 5
Views: 2746

Re: NAT/PAT loopback challenge

Will a proxy really help in this situation? I'd suppose it would make all connections look like they come from the proxy servers ip?
by petterg
Fri Feb 21, 2014 1:27 am
Forum: General
Topic: NAT/PAT loopback challenge
Replies: 5
Views: 2746

Re: NAT/PAT loopback challenge

Thanks. I didn't know the term "hairpin nat". Hence not what to search for.

The link describes the setup I'm currently using. What is the other way (of the two) of doing this?
by petterg
Tue Feb 18, 2014 3:15 pm
Forum: General
Topic: NAT/PAT loopback challenge
Replies: 5
Views: 2746

Re: NAT/PAT loopback challenge

Would it be possible to set the router to reply with some kind of reroute-information to the laptop on lan, so that it will send new request directly to the serverLanIp with correct port number? How does other brands solve this? I'm quite sure I've done this kind of setups before I discovered mikrot...
by petterg
Tue Feb 18, 2014 5:13 am
Forum: General
Topic: NAT/PAT loopback challenge
Replies: 5
Views: 2746

NAT/PAT loopback challenge

I got a challenge with a portforward setup. lan subnet is 192.168.91.0/24 wan subnet is 84.x.x.192/29 The mikrotik router is setup with 3 public addresses (so far) on the wan interface. From those there are several ports forwarded to 6 servers on lan. Now, the challenge. Laptops are set to connect t...
by petterg
Wed Dec 18, 2013 3:49 am
Forum: General
Topic: IPsec tunel between 3 routerboard
Replies: 3
Views: 720

Re: IPsec tunel between 3 routerboard

The easiest way to get what you want is to make a 3rd ipsec from brench1 to brench2. This also gives the fastest connection. If you need the network to scale better you'll need to add brench2 subnet on head-side of head-brench1-policy and brench1 subnet on head-side of head-brench2-policy - either b...
by petterg
Wed Dec 18, 2013 3:05 am
Forum: General
Topic: NAT rules hit on bridge
Replies: 1
Views: 532

NAT rules hit on bridge

I have a fully redundant network consisting of 2x rb1100ahx2. Being fully redundant, implies a network loop and use of RST, which again implies the use of bridge where switching otherwise would have been sufficient. (And I love the by-pass functionality!) The RB's are set as master / standby using V...
by petterg
Tue Dec 03, 2013 1:26 am
Forum: General
Topic: Bug in ROS 6.7: simple queue ignores unlimited
Replies: 1
Views: 1003

Bug in ROS 6.7: simple queue ignores unlimited

I think I found a bug in CRS125 running ROS 6.5, and it's still there after upgrading to ROS 6.7 I want a bandwidth to/from all destinations except for one particular subnet to be limited (All local subnets on this box is within 172.27.0.0/16 the range) According to how I read documentation the foll...
by petterg
Mon Dec 02, 2013 7:00 pm
Forum: General
Topic: CRS125 vlan best practice
Replies: 1
Views: 1106

CRS125 vlan best practice

As this new box has a significantly changed switch menu (in winbox) I suppose there might be some changes to best practice for configuring wlan. What will be the best configuration in the following scenario: CRS125 setup: ether1: gateway, dhcp client ether2: private network, dhcp server ether3-19: s...
by petterg
Mon Dec 02, 2013 1:19 pm
Forum: General
Topic: ROS 6.6 multiIP-issue
Replies: 1
Views: 481

ROS 6.6 multiIP-issue

When configuring ROS 6.6 so that one interface has one static ip and one ip from dhcp (both in the same subnet) - after a week the interface stop responding to any packets. Status in the routing table for 0.0.0.0/0 route is "unreachable". But pinging the gateway from the router does get reply. This ...
by petterg
Sun Dec 01, 2013 10:59 pm
Forum: General
Topic: SSTP: recvd too small packet
Replies: 33
Views: 11593

Re: SSTP: recvd too small packet

A little update here as the registerfix didn't work for one of my users. The next time I had the users pc on my hands I searched through the registry for keys named "SCHANNEL" and added the key value to all the hits I got. That solved the problem. The search got 4-5 hits. I don't know which key did ...
by petterg
Sun Dec 01, 2013 10:32 pm
Forum: RouterBOARD hardware
Topic: CRS Documentation
Replies: 45
Views: 14296

Re: CRS Documentation

I have to admit that after upgrading CRS125 to ROS 6.6, the switch configuration in winbox is rather confusing.

What does "Bridge Type" = "service / customer vlan bridge" do?
by petterg
Thu Oct 24, 2013 6:27 am
Forum: General
Topic: SSTP: recvd too small packet
Replies: 33
Views: 11593

Re: SSTP: recvd too small packet

Registry fix did not solve the problem for my user who upgraded to windows 8.1. I guess there is something more that has to be fixed when using radius for authentication? (pptp also fail to authenticate using radius, and the router never send auth-packets to the radius server, neigther for pptp nor ...
by petterg
Thu Oct 24, 2013 6:19 am
Forum: General
Topic: Fast VPN?
Replies: 9
Views: 2473

Re: Fast VPN?

My experience is that SSTP is fastest for tunneling routerboard-routerboard and routerboard-windows when you're not having rb1100AHx2 or rb1000 on both ends. With those two routerboards ipsec 3des is the fastest. However, rb1100AH (not x2) also won't have any problem filling a 100mbit link with ipse...
by petterg
Mon Oct 21, 2013 7:54 pm
Forum: General
Topic: windows 8.1 fail with vpn authentication
Replies: 3
Views: 3373

Re: windows 8.1 fail with vpn authentication

I guess the same issue is reported here.
FYI, I have confirmed that this bug is back in Windows 8.1 and ROS 6.1. Adding SendExtraRecord with with a hexadecimal base value of 2, the problem is resolved.
I'll make the win 8.1 user try the register fix mentioned in that thread.
by petterg
Mon Oct 21, 2013 7:07 pm
Forum: General
Topic: windows 8.1 fail with vpn authentication
Replies: 3
Views: 3373

windows 8.1 fail with vpn authentication

Has anyone had success when connecting windows 8.1 to routeros' sstp or pptp server? I've only got to test one pc with windows 8.1, and my experience is that radius (windows domain) users fail to authenticate when logging in from windows 8.1 client, while users that authenticate locally on the route...
by petterg
Tue Jul 30, 2013 9:24 pm
Forum: RouterBOARD hardware
Topic: RB2011 freeze
Replies: 49
Views: 14671

Re: RB2011 freeze

A customer had the same issue. We replaced the motherboard and I have no longer access to it and can't really test this out, so I'm writing this so that hopefully others may find it handy information. I read in the changelog that this issue (or something very similar) has been fixed in a newer route...
by petterg
Thu May 23, 2013 3:26 pm
Forum: General
Topic: bandwithlimit some interfaces only
Replies: 1
Views: 313

Re: bandwithlimit some interfaces only

*bump*
by petterg
Thu May 23, 2013 3:25 pm
Forum: General
Topic: VPN Authentication to RSA Radius Server
Replies: 4
Views: 2381

Re: VPN Authentication to RSA Radius Server

I'm quite sure the authentication server is not set to allow NAS-Port-Type = 5 for the username provided. (This is just another term for telling the same as I did on april 24th)
by petterg
Tue May 14, 2013 6:38 pm
Forum: General
Topic: bandwithlimit some interfaces only
Replies: 1
Views: 313

bandwithlimit some interfaces only

Hi guys In a setup with the following interfaces: ether1-wan, bridge-lan, bridge-dmz and bridge-guest How would you go about setting bandwith limitation to guest and dmz connections with wan, and not limit any other interfaces? My issue is that in configuration of queues i can only match on src-inte...
by petterg
Mon Apr 29, 2013 3:37 am
Forum: General
Topic: PPP profiles and radius
Replies: 1
Views: 565

Re: PPP profiles and radius

The solution is called Framed-pool. This is a setting that can be configured for a network policy on windows server. You set framed-pool=some name, and create a ip-pool on the mikrotik with the same name.
by petterg
Thu Apr 25, 2013 12:09 am
Forum: General
Topic: VPN Authentication to RSA Radius Server
Replies: 4
Views: 2381

Re: VPN Authentication to RSA Radius Server

Seems like your radius server is not set to allow dial in / vpn connection type for the username you're providing.
by petterg
Wed Apr 24, 2013 11:10 am
Forum: General
Topic: PPP profiles and radius
Replies: 1
Views: 565

PPP profiles and radius

A customer uses pptp / sstp to a rb1100ahx2. They authenticate with their windows domain user and the mikrotik uses radius to verify their credentials. It works. However, is there any way to make users that are authenticated by radius use different ppp security profiles? Basically what we want is th...
by petterg
Mon Apr 22, 2013 2:03 pm
Forum: General
Topic: Switch groups, vlan and bridging
Replies: 2
Views: 887

Re: Switch groups, vlan and bridging

*bump*
by petterg
Mon Apr 08, 2013 4:26 pm
Forum: General
Topic: Switch groups, vlan and bridging
Replies: 2
Views: 887

Re: Switch groups, vlan and bridging

The closest I've been to make this work is this: (Testing on rb493g, ros 5.22) /interface bridge add l2mtu=1520 name=bridgeV5 add l2mtu=1516 name=bridgeV7 /interface vlan add interface=bridgeV5 name=vlan7 vlan-id=7 add interface=bridgeV7 name=vlan5 vlan-id=5 /interface bridge port add bridge=bridgeV...
by petterg
Mon Apr 08, 2013 12:31 pm
Forum: General
Topic: Switch groups, vlan and bridging
Replies: 2
Views: 887

Switch groups, vlan and bridging

Hi guys. How would you do this configuration? On a rb1100AHx2 I want a private and a guest networks. On port 1-5 (switch group 1) I want the private network untagged and guest network as a tagged vlan (vlanid 7). On port 6-10 (switch group 2) I want the guest network untagged and private network as ...
by petterg
Sat Apr 06, 2013 12:28 am
Forum: Beginner Basics
Topic: PPPTP server on a RB951G-2HnD with 3g connection
Replies: 14
Views: 4078

Re: PPPTP server on a RB951G-2HnD with 3g connection

You set up sstp exactly like you set up pptp. Only difference (for a basic setup) is that you select sstp every place you would otherwise select pptp. And in the firewall you need to open port 443, not 1723 (unless you select a custom port in the config) To secure the sstp you should also create a c...
by petterg
Thu Apr 04, 2013 9:48 pm
Forum: General
Topic: System reboots unexpectedly after usb power-reset on Rb2011
Replies: 4
Views: 699

Re: System reboots unexpectedly after usb power-reset on Rb2

May I ask how you connect the 3G usb device to the rb2011? (Where did you find a cable with micro usb male in one end and regular usb female in the other?)
by petterg
Thu Apr 04, 2013 9:44 pm
Forum: Beginner Basics
Topic: PPPTP server on a RB951G-2HnD with 3g connection
Replies: 14
Views: 4078

Re: PPPTP server on a RB951G-2HnD with 3g connection

I don't really see why you want the pptp server for this. If I get you right you have users traveling with laptop and a mikrotik and you want to be able to get onto to lan-side of the box i order to i.e. do rdp to the users computer. The way I do this is to setup sstp-server on the office router. On...
by petterg
Wed Apr 03, 2013 7:51 pm
Forum: General
Topic: System reboots unexpectedly after usb power-reset on Rb2011
Replies: 4
Views: 699

Re: System reboots unexpectedly after usb power-reset on Rb2

What if you change the script so that it disables ppp-out interface, sleep 10 seconds, do usb power reset, sleep 10 seconds, enable ppp-out
by petterg
Wed Apr 03, 2013 7:40 pm
Forum: General
Topic: USB stability (rb751g)
Replies: 7
Views: 1302

Re: USB stability (rb751g)

With the reduced wlan tx-power the usb was alive for almost 2 weeks! That is, the day after I lowered the power I left for 11 days. When I got back, it was still working - and it stopped working during that day. I'm not sure if is improvement though. It managed 2 days of use and 9 days of idling. I'...
by petterg
Tue Mar 26, 2013 1:04 am
Forum: General
Topic: VRRP causes arp fail on other MT's
Replies: 0
Views: 642

VRRP causes arp fail on other MT's

I've replicated this issue on several devices and ros versions. Either I'm doing something wrong, or there is a bug. Routerboards apparently cannot use other routerboards set up with vrrp as gateway, as the arp table get a mismatch ip / mac address. Is there a trick to get around this? In short: Set...
by petterg
Wed Mar 20, 2013 1:24 pm
Forum: General
Topic: USB stability (rb751g)
Replies: 7
Views: 1302

Re: USB stability (rb751g)

I was not using any cable between modem and card. Where do I find the settings to adjust usb power? Now I've tested with a usb-power inejctor (huawei brand, not mikrotik) and it has been somewhat more stable. More stable in the sense that I did not need to change the router configuration. Disconnect...
by petterg
Wed Mar 13, 2013 2:32 pm
Forum: General
Topic: USB stability (rb751g)
Replies: 7
Views: 1302

Re: USB stability (rb751g)

Thank you. I'll give that a try.
by petterg
Mon Mar 11, 2013 1:25 am
Forum: General
Topic: USB stability (rb751g)
Replies: 7
Views: 1302

Re: USB stability (rb751g)

*bump*
by petterg
Tue Mar 05, 2013 11:53 pm
Forum: General
Topic: VRRP on-backup-script not running
Replies: 9
Views: 4238

Re: VRRP on-backup-script not running

I've solved the startup issue this way: I've scheduled the following to run on startup: /system script run vrrpCheck The script vrrpCheck basically runs the onBackup, then waits for a while before it checks if there is any vrrp master interfaces. If there is, it runs onMaster. The script looks like ...
by petterg
Tue Mar 05, 2013 11:36 pm
Forum: General
Topic: USB stability (rb751g)
Replies: 7
Views: 1302

USB stability (rb751g)

I connected a mobile usb modem to a rb751g with the intention that the router should provide network access for some laptops. It worked great... for two days. Within a week the mobile connection has failed 4 times, in 4 different ways. Has anyone experienced anything similar? Any suggestions on how ...
by petterg
Wed Dec 05, 2012 3:46 pm
Forum: General
Topic: Partial export / import of config
Replies: 6
Views: 2379

Re: Partial export / import of config

I want this to be a script. If I have to do things on my pc in order to run the script, it's kind of pointless to use a script. Then it would be easier to do all changes on both routers manually.
by petterg
Tue Dec 04, 2012 12:01 pm
Forum: General
Topic: Partial export / import of config
Replies: 6
Views: 2379

Re: Partial export / import of config

Except that grep does not exist in routeros. What would a command to perform something similar to grep on a file look like in routeros?
by petterg
Mon Dec 03, 2012 3:59 pm
Forum: General
Topic: Partial export / import of config
Replies: 6
Views: 2379

Re: Partial export / import of config

I guess the lack of replies to this thread is because it's not possible to filter on export. What about textfile editing? Is it possible to make a script that extracts only some of the lines from the export file into a new file that can be used for import? What I need is something similar to cat exp...
by petterg
Mon Dec 03, 2012 12:06 pm
Forum: General
Topic: Partial export / import of config
Replies: 6
Views: 2379

Re: Partial export / import of config

bump
by petterg
Sun Dec 02, 2012 2:49 pm
Forum: Virtualization
Topic: MetaRouter and 1100AH on ROS 5.8 not working?
Replies: 36
Views: 18892

Re: MetaRouter and 1100AH on ROS 5.8 not working?

Metarouter is not supported on RB1100AHx2
Any chance that metarouter will be supported on RB1100AHx2 ?
by petterg
Sun Dec 02, 2012 4:19 am
Forum: General
Topic: Partial export / import of config
Replies: 6
Views: 2379

Partial export / import of config

I'm thinking of syncing firewall rules between two routers, and I came across the method explained in the last post of this thread: http://forum.mikrotik.com/viewtopic.php?f=2&t=59240 But how can I sync only some of the rules? I was thinking one way to go would be to prefix the comment of all the ru...
by petterg
Fri Nov 09, 2012 1:07 am
Forum: General
Topic: Scripts skiping lines!
Replies: 5
Views: 1288

Re: Scripts skiping lines!

So you think that when I run the script in winbox the index numbers are different from when I run the same script in terminal? I think the first failing attempt with the use of find proved that the issue here is not related to find. /ip ipsec policy enable [find] and /ip ipsec policy enable [find di...
by petterg
Thu Nov 08, 2012 7:53 pm
Forum: General
Topic: Scripts skiping lines!
Replies: 5
Views: 1288

Re: Scripts skiping lines!

The failing lines are ip address 20 and ipsec. The ipsec line is totally skipped. It's not like it executes on some policies and skip other. It's failing on all of them. Adding disabled=yes/no did not make any difference. Even if I change the line to read /ip ipsec policy enable 1 it is skipped And ...
by petterg
Thu Nov 08, 2012 4:01 am
Forum: General
Topic: Scripts skiping lines!
Replies: 5
Views: 1288

Re: Scripts skiping lines!

And to make this even more interesting: I copy/pasted the scripts into the other router. There it runs smoothly on all triggers (vrrp / scheduler / winbox). So, I case some invisible characters had showed up on the original I deleted the scriptfiles and created new files and copy/pasted the code fro...
by petterg
Thu Nov 08, 2012 3:47 am
Forum: General
Topic: Scripts skiping lines!
Replies: 5
Views: 1288

Scripts skiping lines!

This is driving me mad! I have two scripts consisting of 21 lines each. When run from winbox or vrrp or scheduler lines 2 and 20 are skipped in one, lines 18 and 20 are skipped in the other. When running the scripts from terminal, they run just fine! Why does this happen? ROS 5.21 First script: "onB...
by petterg
Thu Nov 08, 2012 3:32 am
Forum: General
Topic: portforward and access from local net
Replies: 2
Views: 414

Re: portforward and access from local net

Great! Thank you!

I didn't even know there was a name for this.
by petterg
Wed Nov 07, 2012 6:21 pm
Forum: General
Topic: portforward and access from local net
Replies: 2
Views: 414

portforward and access from local net

I replaced a router at a customers site with a RB433 with 5ghz and 2ghz wlan. There I ran into an issue. They have some software on ~40 laptops that is set to connect to [publicIP:serviceport]. On ~40 desktop pc's the same software is set to connect to [internalIP:serviceport]. [publicIP:serviceport...
by petterg
Mon Oct 29, 2012 12:34 am
Forum: General
Topic: VRRP on-backup-script not running
Replies: 9
Views: 4238

Re: VRRP on-backup-script not running

One more thing I've realized: if the vrrp interface has a /32 address, the arp of various devices (inkluding other RB's) does not update. For my test I'm using a RB750 as a switch on the LAN side between my pc and the two rb1100's. Even if I manually delete the vrrp address from the arp table of the...
by petterg
Wed Oct 24, 2012 12:53 pm
Forum: General
Topic: VRRP on-backup-script not running
Replies: 9
Views: 4238

Re: VRRP on-backup-script not running

If I get you right that was done by the following:
Master
...
/ip address add address=192.168.2.2/24 interface=ether5
...
Slave:
...
/ip address add address=192.168.2.3/24 interface=ether5
...
Now I connected them together with a cable in ether5 on both.
...
by petterg
Tue Oct 23, 2012 11:14 pm
Forum: General
Topic: VRRP on-backup-script not running
Replies: 9
Views: 4238

Re: VRRP on-backup-script not running

You think I rather should have done this? /ip address add address=192.168.2.1/24 interface=vrrp1 That was my first attempt, and as I discovered problems, and all examples I found were using /32, I changed to /32. In both cases I run into these kind of problems. (Maybe I misunderstood what you explai...
by petterg
Tue Oct 23, 2012 2:29 am
Forum: General
Topic: VRRP on-backup-script not running
Replies: 9
Views: 4238

Re: VRRP on-backup-script not running

I did a new test of vrrp on two brand new RB2011, ROS 5.20 From the default settings I did these changes to the settings: Master Master: /interface bridge port remove [find interface=ether5] /interface bridge port remove [find interface=ether4] /interface bridge port remove [find interface=ether3] /...
by petterg
Mon Oct 22, 2012 5:53 am
Forum: General
Topic: VRRP on-backup-script not running
Replies: 9
Views: 4238

VRRP on-backup-script not running

I had a case where a customer lost network. It turned out that both the routers had the WAN-address enabled, and of course this made trouble. Rebooting the customers routers solved the problem. This customer have two RB450g running ROS 4.14. They have one VRRP on the lan side, and rely on the on-bac...
by petterg
Tue Aug 28, 2012 2:44 am
Forum: General
Topic: Routing table ignoring routing mark
Replies: 3
Views: 2687

Re: Routing table ignoring routing mark

Nobody has experience with routing-mark?
by petterg
Sun Aug 26, 2012 5:06 am
Forum: General
Topic: Routing table ignoring routing mark
Replies: 3
Views: 2687

Re: Routing table ignoring routing mark

A litle bit of additional information: This logging catches the ipsec packets with wrong out-interface: /ip firewall mangle add action=log chain=postrouting disabled=no dst-address=192.168.9.123 log-prefix=POST: routing-mark=to_ISP1 While these two does not: /ip firewall nat add action=log chain=src...
by petterg
Sun Aug 26, 2012 2:17 am
Forum: General
Topic: Routing table ignoring routing mark
Replies: 3
Views: 2687

Routing table ignoring routing mark

I followed the wiki at http://wiki.mikrotik.com/wiki/PCC to set up loadbalancing of two internet connections. Because of an ipsec tunnel I added the following: /ip firewall mangle add chain=prerouting dst-address=172.29.5.0/24 action=accept /ip firewall mangle add chain=prerouting dst-address=1.2.3....
by petterg
Wed May 30, 2012 3:09 pm
Forum: General
Topic: Monitor 3G usage
Replies: 1
Views: 569

Monitor 3G usage

Is there any way to log how much data my RB751G use on the 3G interface monthly? The 3G card is connected with usb, and it works - sometimes too well (I can tell when the bills arrive). As long as the 3G usage is not unlimited I'd like to keep an eye on the usage. I CAN watch the interface stats and...
by petterg
Thu Apr 26, 2012 7:26 pm
Forum: General
Topic: IPsec - router not responding to its own ip.
Replies: 2
Views: 652

Re: IPsec - router not responding to its own ip.

Thanks becs.

Perfect solution. I'd never thought of making ipsec policy with action=none.
by petterg
Tue Apr 24, 2012 12:50 am
Forum: General
Topic: IPsec - router not responding to its own ip.
Replies: 2
Views: 652

IPsec - router not responding to its own ip.

Router: RB750GL RouterOS version: 5.something (I don't have remote access to the box. It was shipped in march 2012, with whatever version those were shipped with.) Here is a strange behavior. I was at a customers site to figure why their network had stopped working. They are a small branch office of...
by petterg
Thu Mar 29, 2012 4:10 pm
Forum: Wireless Networking
Topic: WLAN coverage for large area. Whats the best practice?
Replies: 6
Views: 2970

Re: WLAN coverage for large area. Whats the best practice?

ok

Thanks for advices. I'll keep testing the next time I'm onsite. The laptops here are using various intel cards. N6230 i my laptop.
by petterg
Thu Mar 29, 2012 1:51 am
Forum: Wireless Networking
Topic: WLAN coverage for large area. Whats the best practice?
Replies: 6
Views: 2970

Re: WLAN coverage for large area. Whats the best practice?

Then there must be something I've missed in the wireless configuration. Do you remember what you changed from default? Which routerboard/wlan card did you use?
by petterg
Wed Mar 28, 2012 11:35 am
Forum: Wireless Networking
Topic: WLAN coverage for large area. Whats the best practice?
Replies: 6
Views: 2970

Re: WLAN coverage for large area. Whats the best practice?

It wlan for a company. Using the same ssid and encryption doesn't work very well here. How did you make it work? Are you using the same frequency on both AP's? Does the coverage areas overlap? (I'm thinking, maybe turn the sender power down, so that the AP's get less overlapping area will make thing...
by petterg
Wed Mar 28, 2012 12:55 am
Forum: Wireless Networking
Topic: WLAN coverage for large area. Whats the best practice?
Replies: 6
Views: 2970

WLAN coverage for large area. Whats the best practice?

I'm quite new to wlan on mikrotik. Although, I've been using mikrotiks as routers for three years. Now, what wouuld be the best practice for covering a large office area with wlan using mikrotiks? The current setup in the office is two Cisco AP541N set as clustered. Now one of the ciscos has turned ...
by petterg
Wed Jun 22, 2011 1:39 am
Forum: General
Topic: Issue on redundant routing
Replies: 3
Views: 634

Re: Issue on redundant routing

I solved this by creating a scriptline to run when state change between master/slave that enables/disables the IP on the wan interface.
by petterg
Sat May 28, 2011 3:57 pm
Forum: General
Topic: Issue on redundant routing
Replies: 3
Views: 634

Re: Issue on redundant routing

*bump*
by petterg
Wed May 25, 2011 11:13 am
Forum: General
Topic: Issue on redundant routing
Replies: 3
Views: 634

Issue on redundant routing

I'm having an issue setting up two RB's redundant. The senario is: ISP provides two internet connections and two cisco routers running HSRP. These two ensures that if one internetconnection fail, the other will run. Or if one cisco router dies, the other will run. Hence the connection to ISP is redu...
by petterg
Tue May 11, 2010 2:02 am
Forum: RouterBOARD hardware
Topic: RB1000 discontinued - What to do with IPsec?
Replies: 3
Views: 881

Re: RB1000 discontinued - What to do with IPsec?

I have six customers that potentially wants 14 RB1000's in total. The norwegian distributor does not have any left in stock. One is even considering replacing a cisco 3500 with a RB1000 because of the IPsec performance. I just don't know what to recommend the customers now as the RB1000 is not avail...
by petterg
Sun May 09, 2010 9:35 pm
Forum: RouterBOARD hardware
Topic: RB1000 discontinued - What to do with IPsec?
Replies: 3
Views: 881

RB1000 discontinued - What to do with IPsec?

RB1000 was excellent for IPsec as it had encryption in hardware. What are the options for new customers now as the RB1000 is out of production and the RB1100 does not have encryption in hardware?
by petterg
Wed Nov 18, 2009 10:06 pm
Forum: General
Topic: winbox cpu monitor
Replies: 2
Views: 706

Re: winbox cpu monitor

That was easy (and kind of embaressing)

Thanks a lot
by petterg
Wed Nov 18, 2009 8:10 pm
Forum: General
Topic: winbox cpu monitor
Replies: 2
Views: 706

winbox cpu monitor

I've just taken over the responsibility for a datacenter build with mikrotik routers. When I use winbox to log in to any of the existing routers it displays cpu and ram usage on the top line. When I login to the new routers I've added to the network I don't get this info. Does anyone know how to ena...
by petterg
Thu Sep 17, 2009 5:23 pm
Forum: General
Topic: Routing issue through IPsec tunel
Replies: 2
Views: 947

Re: Routing issue through IPsec tunel

I figured out #2: When creating a IPsec Peer I had to tick [Generate Policy]

Still wondering about #1, how do you initiate the tunel from the MikroTik?
by petterg
Wed Sep 16, 2009 4:49 pm
Forum: General
Topic: Routing issue through IPsec tunel
Replies: 2
Views: 947

Routing issue through IPsec tunel

Hi guys I've been playing with a mikrotik router for a week now, and starting to love it. There is just two issues I cannot figure out: 1) When an IPsec tunnel is configured, how do you initiate the tunel? 2) What do you do with the routing table to make packages go into the tunel? I created the tun...