MikroTik

dragon2611

Is Capsman forwarding supposed to work with Spanning Tree enabled on the bridge? If forwarding is set in a datapath config I cannot get it to work, in either Capsman or local forwarding. If I set local forwarding in the datapath config under a configuration (Capsman > Configurations > select configu...

dragon2611

Upgraded, had to enable wds static mesh before the Google homes would connect though (read it as a suggestion for wpa timeouts on another post)

dragon2611

Nice Version. My hac ac2 WiFi performs much better than with current stable. Hope we will See it soon.... When you say performs better, do you mean better throughput or more stable? I have a pair of AC2's that are running as AP + bridge on 6.46 and they do drop out a fair bit wondering if it will h...

dragon2611

Can someone confirm what a good upgrade from an RB750Gr3 would be? Have 200 down 20 up cable, which may go to ~350/20 soon but I also have a fairly heavy configuration I'm running VRF's with 2 ISP's (There's a DSL Circuit as fail over) and then L2TP tunnels off to another ISP (It was for IPv6 and to...

dragon2611

Ah thanks, I'll give that a try. Had a few cases where my cable modem has been dropping out lately and I wanted to improve failover to the DSL connection. Also need to contact the ISP and get it checked out if it does it again (Last time they claimed it was an area fault, then it seemed ok for the l...

dragon2611

Would it be possible to implement the "check gateway" feature for routes added by DHCP? For example say the routerOS device is connected to ISP that requires DHCP via a Modem or Media convertor, said device loses it's connection to the ISP, the ISP hands out a long DHCP lease so the router...

dragon2611

Keep finding that on ROS 6.40.5 winbox 3.11 I'll goto IP > IPSEC > Peers click on a peer and goto advanced and the lifetime is 00:00:00

I'll change it to a more sensible value and save but at somepoint it seems to get reset to 00:00:00

dragon2611

Am I right in thinking CHR 6.40.5 doesn't support virtio-scsi as a storage device? Created a VM in ovirt then copied the downloaded raw image over the HDD image ovirt had created (HDD image ovirt created was also RAW), RouterOS started booting and then decided it couldn't find the HDD. Changed the D...

dragon2611

It's just done it again with the new PSU, and interestingly the Vlan's it's passing through at L2 appeared to work ok, it looks like the IP on the bridge interface stops responding for some reason as when it happens I can't ping that IP or access winbox.etc using it. That would explain why the L3 in...

dragon2611

I have an RB450G configured mostly as switch with the exception of one interface where it routes so been using 6.41rc for the new switch/bridge implementation , I've had a problem over the last couple days where it appears it stops passing traffic after a while (Usually happens overnight at somepoin...

dragon2611

Just a friendly warning, it's very easy to mess up the configuration when getting to grips with the new way Vlans are handled via bridge and it seems if you change the bridge PVID wrongly it's quite possible to get in a state where you can't access the router at all even with mac-telnet, at least it...

dragon2611

Sorry if it's been asked before and I missed it but what IPSEC settings can be accelerated? I had AES-256 / SHA512/ DH16 which I don't think was as CPU was around 50% (One core pegged) @ ~ 50Mbit AES-128/SHA-1/DH16 seems to get over 100Mbit with little CPU usage so I presume *IS* accelerated, but I'...

dragon2611

There is also a "undo" and "redo" button in winbox.

I'm ashamed to say I'd not noticed that.

dragon2611

Not sure safe mode would have done anything as It was an L2TP I accidentally deleted instead of disabled and I wasn't coming in over that interface so it wouldn't have caused a disconnect

dragon2611

Would it be possible to either have winbox ask when deleting an interface, I have on occasion hit delete instead of disable or have a mode where changes were not made "live" until a commit button was pressed.

dragon2611

7 -8 I think, Although the remote edgerouter appears to be having problems at the moment.

dragon2611

For GenieACS issues try contacting the developer, he was quite responsive last time I was playing with it (although that was a couple years back)

dragon2611

This bug only affected CHR speed limitation mechanism. It is not related to non-virtual (real) devices. Yes my home router happens to be a CHR running in Proxmox (KVM) on an N3150 celeron with 2 cores allocated to the VM There's also an instance of Opnsense doing IPS for the IOT (internet of things...

dragon2611

We have found an issue in the queue which creates the license speed limitations. Next RouterOS build should have a fix. Thanks for reporting it. Hi Normis Any details on the Issue and when the fix is out, I'm wondering if that's why I was seeing packet-loss on my VDSL even if I shaped it to below t...

dragon2611

Still doesn't like it even with that set to unique, same problem 1 tunnel establishes the others just sit on no phase2

Switch to IKEv1 and it appears to work.

dragon2611

Does routerOS support IKEv2 + Tunnel isolation (At least that what it's called on Opnsense) It seems UBNT edgerouters don't like it if you negotiate IKEv2 then try and setup multiple tunnels, only the first one sets up. Tunnel isolation makes it behave more like IKEv1 where each tunnel would be setu...

dragon2611

Sorry, using Webfig is the only option right now. It is not trivial to fix. P.S: side note. isn't it a bit strange, that a laptop at it's native resolution shows too small text? Some manufacturers seem to like putting 2k-4k panels in 13 -15" laptops, not really sure the point to be honest. Als...

dragon2611

Try a switch between the RB and the PC

dragon2611

I've been suspicious about VLANs, since Ubiquiti Edgerouter-x doesn't support them either, Mediatek seems to have screwed the pooch on delivering well documented switch drivers to their customers. The ER-X does support VLANs on the switch, needs EdgeOS 1.85 or later if I remember rightly. Regarding...

dragon2611

Have to say from the pictures it's quite possibly the best looking thing to come out of Mikrotik yet.

However shame about the 10/100 ports, are there any plans to put other RB hardware in this same case design, i.e some of the Gigabit capable stuff?

dragon2611

My proxmox host running the CHR has a Draytek vigornic 132 in bridge mode for modem (It's essentially a vigor 130 on a PCI-E card) That is nice for using on a PC platform. How does it appear in the host system? As an ethernet card? Which driver? Sorry had only just seen this. Shows up as RTL8111/81...

dragon2611

My proxmox host running the CHR has a Draytek vigornic 132 in bridge mode for modem (It's essentially a vigor 130 on a PCI-E card)

dragon2611

Interesting thanks,

Might have to take a packet capture and then see if the ISP (Or something in the middle) isn't responding correctly.

I tried setting the MTU at 1500 from the ISP end as well but no dice (Yes they actually expose that in their control panel!)

dragon2611

Any reason the CHR wouldn't be able to run a 1500byte PPP MTU providing the physical interface is at least 1508 Bytes as is the Vswitch.etc?

Mine connects at 1500 and then drops to 1480 for some reason.

Had 1500Byte MTU working on the pfSense firewall that I was using previously.

dragon2611

Draytek have just made a Router/VDSL modem on a PCI-E card, but don't know about pricing yet but it can also bridge, if it's NIC driver is supported by routerOS then maybe X86 builds could be done using it if you did want an all in one box.

dragon2611

Without a corresponding interface route it won't work as it won't know which interface to send the packet out of to reach that /32 or /128 /32 /128 should really only be used on PPP links where you can just next hop the interface and in loopbacks for IGP's.etc I have done things with /32's on provid...

dragon2611

I already worked around that issue by making it a /126

dragon2611

A /128 contains 1 IP address what do you propose to put on the other end of the Link?

dragon2611

You are confusing PPP with Ethernet links that only have 2 devices on (which can also be refereed to as a point2point link as there are only 2 possible destinations) in which case a /31 is acceptable to use providing both devices know how to support it.

dragon2611

I thought the advise had since changed regarding the use of such subnet sizes on router2router links.

dragon2611

In this case the other "Router" is actually a proxmox host, due to it being a rented dedicated server and me not having a seperate router onsite. Essentially the Host has an IPv6 address (now a /126) and next-hops the CHR virtual machine. Same for Ipv4 execpt in that case it's RFC1918 spac...

dragon2611

Not sure RouterOS likes /127's or at least it doesn't seem to like /127's where the gateway is :: For instance 2607:XXXX:XXa::1 with a gateway of 2607:XXXX:XXa:: RouterOS would ping 2607:XXXX:XXa:: but it would show unreachable in ipv6 routes and wouldn't use it as the default gateway I swapped to a...

dragon2611

How not to install an RB750 :lol: http://i.imgur.com/9Ma7ZJh.jpg I'll probably replace it with something gig capable shortly but it was either that on an RB450G that I had spare that could be poe powered :lol: Seriously why the builders would pre-wire the place with CAT5, then put it in the TV distr...

dragon2611

I'd be a bit worried about it if it got so hot to melt the case :shock: I do have some RB450G's spare but I think the HEX might be a better fit as it looks to be smaller and also hopefully a bit more energy efficient/runs cooler? There's a large hole in the wall in the back of the box so it's not to...

dragon2611

As per title really, I need a small remote powered switch with at least 4 ports, Given the HEX seems smaller than the 250GS and has the full routerOS i'm wondering if it's a better choice. Also do Routerboards shut down if they get to hot it might need to be shoved into the TV distribution box as th...

dragon2611

Done Also i've changed the IPv6 addressing since last night as it turns out I'd used the wrong ranges on the router's at home :lol: I think I accidentally used part of my /48 from tunnel-broker with part of my /56 from the co-lo provider :lol: Although in the case of this specific problem correcting...

dragon2611

OSPF is working between them for Ipv4 but OSPFv3 (which is needed for the Ipv6) isn't I've recently gotten a /56 from my co-location provider so rather than use tunnelbroker (which seems to geolocate to the USA more often than not) I was trying to use the Site2Site tunnels I have in place to route s...

dragon2611

I'm guessing I've missed a setting or something on the UBNT side as My 2 RB450G's seem to be happily talking OSPFv3 to each other but I can't get the RB at home to talk to the Edgerouter Any idea's, the message I keep getting on the Routerboard is "info Database Description packet has different...

dragon2611

Winbox 3.0 When trying to setup a jump rule Chain input input interface "all ppp" action jump jump target ppp Couldn't add New firewall rule -outgoing interface matching not possible in input and prerouting chains (6) Errm I never asked it to perform any output interface matching? Edit: ru...

dragon2611

Any dumb switch does support vlans. Do you really need it to be manageable? http://www.alfa.net.my/products/Alfa-Network-APS08G-8-Port-Gigabit-802.3at-PoE-Desktop-Switch/62 Yes otherwise any device can just tag a packet with a VLAN tag and join that Vlan, which kind of defys the point of segmenting...

dragon2611

Any recommendations for a small Silent POE switch to use at home? Needs to be managed/smart (Vlan support as a minimum) and have 802.3af (or 802.3.at) which rules out the mikrotik switches :( Was going to get an RB3011 at home to upgrade an aging RB450G, but starting to think a 850gx2 with the H/W c...

dragon2611

Change to 20 MHz only and see the difference! Some phones dont understand 40 MHz. ;) Also if you are in Europe or somewhere that allows the use of channels 12,13 make sure you're not actually using them, some devices forget that not everywhere prohibits their use. HP stream7 comes to mind here but ...

dragon2611

It's not UPNP, but the device tends to reply to queries directed at by sending the reply to the broadcast address on port 9671 I believe (It's a lightwaveRF link, it pulls electricity usage and controls a few remote switched sockets) I'm also probably getting an IR blaster if it ever turns up, who k...

dragon2611

If I was going to bridge across sites it would only be my IOT vlan anyway so wouldn't be all the remote sites traffic

Also no need for static routes, I have OSPF working between the 2 sites

dragon2611

Would it be possible to catch a UDP broadcast packet with an NAT rule and redirect it to a host that's not in the same L2 segment of the network? I have an IOT device that tends to send stuff to the broadcast address (UDP I think) and I want to interact with it from a Virtual Machine that's sitting ...

dragon2611

Hmm it looks like if you check use IPSEC in routerOS 6.33.3 on an RB450 and the remote end also allows plain L2TP it's possible to get into a situation where the IPSEC doesn't come up and the L2TP ends up connected without encryption. I would have thought it would be sensible if the IPSEC option is ...

dragon2611

As per title really, noticed that when RouterOS is configured to initate a L2TP/IPSEC connection it creates a dynamic Peer in IPSEC > Peers. Fine but it doesn't seem to do a very good job of cleaning up after itself as dispite having 2 L2TP/IPSEC tunnels I have about 24 peers created 22 of them are ...

dragon2611

Hoping a desktop version is not far behind, the RM version won't fit where I want to locate one (To wide)

dragon2611

http://linitx.com/product/mikrotik-rout ... -psu/14584 - Interesting LinITX are listing the 3011-RM for start DEC.

Might ask them about it if I remember as sometimes the dates on the sites aren't that accurate.

dragon2611

I asked support on the off chance they'll reply. I have a RB450G i want to upgrade since it's a bit of a bottleneck, problem is I can't really justify the price of a CCR1009, I'm not sure an RB2011 would be enough of an upgrade to justify the cost of that either depends how much fastrack helps it al...

dragon2611

Could the priority option in IPSEC be used for failover? I.e if I configure 2 policies with the same source/destination but different SA endpoints will router OS try to use the low priority one if the higher priority one drops out or am I completely misunderstanding what the priority option in IPSEC...

dragon2611

I had a RB450G do something similar and reloading it via Netinstall fixed it so it's definitely worth trying.

dragon2611

MIkrotik would not produce ADSL product but I will realy like to see some. Hate to have 2 devices ADSL(bridge) + Mikrotik at client place. Or at least some Small POE powered VDSL modems, it seems there is not a POE DSL modem, maybe they're to power hungry for that? I have 2 Huawei HG612's one doing...

dragon2611

If you want to be able to saturate your internet line without causing latency for online games you'll have to implement QoS on your end. The ISP already does downstream QOS, if their traffic management system is working properly it should treat real-time protocols such as gaming as higher priority....

dragon2611

Interestingly I had some friends round the other week who were trying to play TF2, I'd not installed it on my laptop so was downloading it from steam and was causing them latency spikes of around 200ms+, it seemed the RB cpu was spiking to 90% at around the same time. Two different issues here: CPU...

dragon2611

Since EOIP will soon support encryption it would be nice if this could be combined with support for dynamic IP's where for the local IP could be pulled from the internet and the remote IP could be resolved from an FQDN.

Currently if you enter an FQDN winbox resolves it and adds the IP.

dragon2611

I've got an RB450G connected to 2 DSL isps via bridged modems one providing ~72/20 and one providing 14/1 (One is VDSL2 and the other is ADSL2+) both connections are PPPoE Fairly basic Nat/Firewall setup, 1 Mangle rule to direct inbound traffic on the 2nd isp to another routing table (so the reply g...

dragon2611

Isn't that already achievable with nTH packet based mangle rules (All be it rather CPU intensive).

dragon2611

If Mikrotik are planning to offer some more "Home" products how about some nicer looking cases? Personally I'm more about the feature-set but then again if these are going to end up in home environment where lets face it they're likely to end up standing next to a TV.etc (Yes I know that's...

dragon2611

Now how about a "Pro" with at least 802.11ac 2x2:2 on 5ghz and 2.4ghz 802.11n + gigabit ethernet.

Serious lack of decent 802.11ac ap's out there, it's mostly either consumer crap or expensive enterprise stuff.

dragon2611

I'm guessing it was a duff definitions update as it used to be fine with it

Anyway seeing as apparently Bitdefender isn't capable of the simple task of restoring a file from quarantine when told to it's gone from my system.

Also just noticed my typo in the topic title

dragon2611

Looks like bitdefender is blocking winbox from RouterOS 6.0 thinking it's a virus.

Useless piece of junk didn't even restore the file when it was told to and was blocking subsequent re downloads of winbox, Since it seems impossible to tell this AV software who's in charge it's now uninstalled.

dragon2611

Upgrading the routerboard to RouterOS 6 seems to have solved it, now Dead peer detection seems to be working properly.

Not sure if it was configuration specific or something wrong with DPD in 5.25

dragon2611

I have an IPSEC tunnel between a RB450G running RouterOS 5.25 that seems to randomly stop working. DPD is enabled on the Mikrotik end and I think it's also enabled on the ASA and as far as I can tell the SA lifetimes match up at each end. Manually flushing the SA's on the Routerboard usually fixes i...

dragon2611

Yes it does indeed, you could however copy all the VM images to an external device/storage. Then reinstall it, create the VM's again on the proxmox server, and then copy the image back to the host in the specific VM folder. Then you wont loose any VM data ;) Just a lot of downtime on the VM's :lol:...

dragon2611

Ofcourse im not sure which hardware you got there, but all the hardware i tried here just ignore the vlan packets, as they do not support it / or have it disabled. If hardware is causing trouble when you have vlans on the link, but also untagged vlan then i would suggest getting other hardware whic...

dragon2611

Ofcourse im not sure which hardware you got there, but all the hardware i tried here just ignore the vlan packets, as they do not support it / or have it disabled. If hardware is causing trouble when you have vlans on the link, but also untagged vlan then i would suggest getting other hardware whic...

dragon2611

As far as i know you can do that when setting the ports on Optional (and leave the header 'as-is'). Then you put the ports on vlan4 and packets for vlan9 will travel thru it. Like this: Screen Shot 2013-03-29 at 05.16.24.png Doesn't work as it leaves the traffic tagged with Vlan4 which is what caus...

dragon2611

Is there a way to match a packet on the firewall only if it came in via an IPSEC tunnel?

I.e I want to allow a packet only if it comes from a specific Source address but also only if it came in IPSEC encrypted.

dragon2611

Is it possible to support Dual Mode ports on the GS250? Basically I need port 2 and 3 to pass untagged packets for Vlan4 and also to accept packets tagged with Vlan9 I seem to only manage either completely untagged (By striping on egress) or completely tagged, the problem is there are HP proliant ma...

dragon2611

OK today I have tried Chain srcnat Src Add 10.0.0.0/16 Dst Add 46.65.209.241 Proto TCP Dst Port 443 action = src-nat to 46.65.209.241 No joy Interestingly, I have IIS running on port 80 NAT'ed against one IP address and that works without one of the above rules. Services directed at port 80 on anot...

dragon2611

I'd have thought a cisco AP could send Vlan Tagged packets.

dragon2611

Essentially what I'm trying to do is: Port 1 - WAN Port 2 - VLAN10 client (no tag) Port 3 - VLAN10 client (no tag) Port 4 - VLAN10 client (no tag) Port 5 - Cisco WAP (VLAN10 no tag, VLANs20,40,60,80 with tags) No need to firewall between VLAN10 clients, but I'd want to firewall off the VLANs from c...

dragon2611

If it's just the one port on the RB that needs to carry the Vlan tagging it might be better to place the Vlans directly on that port and not the bridge. Also if you don't need to firewall or record traffic stats between the internal ports it might be better to shove them on the switch instead of usi...

dragon2611

My RB1200 normal again with ROS 5.22,thanks

What problems were you having before?

Sent from my Phone using Tapatalk

dragon2611

Hi Normis

Much better thanks

Sent from my tablet using Tapatalk HD

dragon2611

Not even sure this is the right forum as they all show up as the same

Any idea If its possible to display the entire name

Sent from my tablet using Tapatalk HD

dragon2611

Has anyone done a scan with another spectrum scanning device placed in with the RB751 to confirm that it actually is sending out that interference? Be interested to know if it shows up on something like a wispy and is actually the 751 kicking out interference or if it's simply some kind of data proc...

dragon2611

Thanks everyone for the answers. djdrastic, There are 10 Gigabit ports, from eth1 to eth10, in manual it is written that eth1 is configured as 192.168.88.1. Should I use eth10? There is no Windows there at the moment, can't try winbox now. Whist it does physically have 10 Supposedly Gigabit ports i...

dragon2611

Is it possible to use scripting to firstly configure the packetsniffer to capture a DHCP exchange and then to parse the captured packet to retrieve the values present in DHCP options 242 and 243 in the DHCP offer/DHCP ack packet. What would be even better would be if It could run a HEX to DEC conver...

dragon2611

It can be done in winbox by double clicking the Ethernet interface Can't remember the commands off the top of my head Also you probably don't want slave te ports to the wan either bridge or set the ip on 3 and slave 4 to 3 if you don't need any monitoring or filtering on the traffic between 3 and 4 ...

dragon2611

Had this working in one build think it might have been 5.15 but now it doesn't work on 5.19 However I changed from adsl to Vdsl and the ISP changed the login so i dont know if thats why there's some non alphanumeric chars in the login one thing I did notice during a pcap was the packet from the RB h...

dragon2611

It would be nice to be able to export a torch.

Use packet-sniffer then open the dump in wireshark and filter as appropriate?

You might (Probably will) need to filter the initial capture as well or you'll take up a lot of storage space in a very short time period.

dragon2611

Is EOIP a good option if I want to trunk traffic from a "Guest" SSID across an Infrastructure that cannot handle Vlans? The switch My Downstairs AP and my Alix (running routerOS) is on Does support Vlans but the switch my upstairs AP is connected to doesn't The AP upstairs is my RB751, so ...

dragon2611

In the end I just switched things around so the DSL line with the dynamic IP was the default route and then used PBR to route stuff I didn't want hitting that line to my other DSL line (which has a static IP)

dragon2611

Does anyone know how to make a marked route if you have a dynamic IP on one of your WAN interfaces? It's easy if the IP is static as the gateway isn't likely to change but in the case of the Interface IP being assigned by DHCP it's quite possible to pickup an IP from a completely different range on ...

dragon2611

Maybe it was just a neutrino passing through your 751's CPU

I don't get it?

dragon2611

model: 751U-2HnD current-firmware: 2.38 RouterOS: 5.14 I have had it a couple of times now where using Airplay Display mirroring between an AppleTV connected to the Wired Lan and an Ipad2 connected via the wireless interface on the RB751 causes the RB to reboot itself a few seconds after the Ipad co...

dragon2611

The D-link was supposed to be putting anything connected to it's port 2 on the guest Vlan (Vlan 16) I did also have a virtual AP defined but wasn't worried about that untill I had sorted the wired side. The ethernet port was on a bridge so that might well have been the problem, for now I'll leave it...

dragon2611

I'm also voting for one of these options: 1) Session idle timeout - I got negative answer from MikroTik support about adding this feature at this moment 2) Remove active user session - the same as option (1) Any update on this? I have a router running v2.9.26 that shows several of the same user nam...

dragon2611

I had an issue upgrading my RB751 from 5.13 (i think) to 5.14 where it crashed after upgrading and had to be reset before it would respond at all

dragon2611

Should a Vlan work ok i if it's been added to a bridge in routerOS? I have an RB751U-2HnD at home connected to a d-link DES-1100-16 switch, ROS is version 5.14 RB firmware 2.38 I wanted to create a "Guest" Vlan (802.1q tag = 16) which provides internet access only and doesn't allow access ...

dragon2611

Spot when the port was changed.

dragon2611

Just had the Uplink moved to port4

Initial results look good Packetloss is gone and also much less jitter on the connection.

Will monitor it further but it looks like ports 9 and 10 on my RB1200 are faulty

dragon2611

Hmm Pinging the other side of the router (ports 1 and 2) is fine, both 9 or 10 (enabled/disabled them independently) show the problem. I'm going to try and get the cable in port 10 moved to one of the other free ports just to eliminate ports 9/10 on my RB as having gone bad seeing as I've seen other...

dragon2611

I seem to be having a strange issue with my RB1200 where I start seeing 25%+ PL mostly in the evenings over the past few days. I did think I might have somehow caused a switching loop as I have 2 Uplinks to the Rack Switch one on ETH9 and on on ETH10 but even if I disable one of the ports and switch...

dragon2611

Tried upgrading my RB751U-2HnD, The files uploaded ok but upon rebooting to upgrade it didn't come back up :( Managed to reset the RB and load an old backup config from December last year, sure I had more recent backups but they might be on the other pc... Either way something in my config seems to ...

dragon2611

Ah thanks that was driving me nuts, was trying to figure out what i'd done to my laptop to break SSTP seeing as it had worked the last time I'd used it and was working fine between routerboards.

dragon2611

Neither of the routerboards I can access from here are running 5.12 it seems

One is still on 5.8 and the other on 5.10

I can't get access to my RB at home from here as my firewall rules disallow it.

dragon2611

I'd actually like to do this as well (although on an RB751), as I've seen some reports on my ISP's forum of the latency compensation in certain games giving players a disadvantage because their ping is to low and it's overcompensating. Would be interesting to add a 10 - 20ms delay and see if it's tr...

dragon2611

Any ideas anyone?

I know the username/password I have works since I can get a DG834v4 with dgteam to connect by killing it's udhcpc and restarting it with the -c argument

But would much rather have the Public IP on the routerboard directly.

dragon2611

Having a bit of trouble using the Client-ID option on the DHCP client, is this option supposted to be sending the data using dhcp option61? Trying to get my routerboard to get an IP address from Sky Broadband using a bridged DSL modem, although offically speaking you're only supposed to use the supp...

dragon2611

I've always wondered if the related rule allows the host you are exchanging traffic with open access through the firewall or it's just to allow replies to your request

dragon2611

I tend to allow established, related and then drop everything else incoming

Not sure if that's the best way to do it or if that opens up some potential holes

dragon2611

Is there anyway to configure RouterOS to simulate a Higher latency link?

I did wonder if it was possible to use the Traffic Queues to hold the packets in a buffer for 10 - 20ms but I can't see how it would be done if it is indeed even possible.

dragon2611

Does anyone know how to make a cisco ASA pass through an L2TP connection initated from a Routerboard? There's an ASA between one of my routerboards and the internet connection and it seems to be preventing me making an outbound L2TP connection from the RB to a remote location. I can't easily move th...

dragon2611

We've just tried using L2TP and was able to get ~30mbit/s CPU usage was very high 90 - 100% so I doubt it's possible to get much more, that and there's only another 2-3Mbit/s I could possibly pull above that anyway before I run out of bandwidth on my DSL's

dragon2611

I've been testing an OVPN based bonding solution that a friend of mine's been working on. We're using a Linux server his end and a rb751 at my end. We seem to have gotten it working pretty well in terms of handling a link failure.etc but the problem I'm now having is I can't pull more than 20Mbit/s ...

dragon2611

I was adding an Ovpn client interface when I lost connection.

It looks like watchdog rebooted the router, have raised a ticket with the autosupout.rif attached in the hope it will help MT track down the problem.

dragon2611

Nope no proxy enabled

Has a couple VPN tunnels and usually 5 - 10 wifi clients

Can't think of much that needs to be written to flash

dragon2611

Hi Normis, I couldn't get a sup-out as I got kicked out of winbox before I could run one, watchdog was disabled so it wouldn't have run one and in the end had to give up and powercycle the RB. However I did manage to screencap this before It threw me out. Edit: Turned watchdog back on (I had turned ...

dragon2611

Thanks I'll try that next time it happens (providing I can actually login to the RB of course)

I'm wondering if it's related to this http://forum.mikrotik.com/viewtopic.php?f=1&t=47655 as I do use SNMP from a Cacti server to graph my bandwidth usage over time.

Running 5.8 but also had it on 5.7

dragon2611

I seem to have a problem with my RB751-U-2nHD where it will spike to 100% CPU usage and sit there for several minutes making it almost totally unresponsive, if watchdog is enabled it will then eventually reboot itself. I do have an SSTP tunnel established, however I don't think it's encryption causi...

dragon2611

there is a known problem with DHCP server. It will be resovled in RouterOS 5.8 Hi Janisk, I don't think this is just the DHCP server though as some of the VLans had an external DHCP server and still had no DHCP :( Edit: Forgot the DHCP relay is being used for those other vlans, Is this bug specific...

dragon2611

Hi All, Upgraded an RB450G from 5.5 and 5.7 and it seems the Vlans I had configured on a network bridge (2 ports) stopped working correctly. Downgraded from 5.7 to 5.6 and traffic on the Vlans started working again. I'm not 100% sure if it's all traffic on the Vlan or just broadcast traffic as none ...

dragon2611

Does anyone know if the realtek RTL8100CL ethernet controller chip is supported in RouterOS X86? Reason I ask is I've seen a ADSL2+ PCI card that handles the DSL related stuff on the card itself and then presents itself to the host OS as a RTL8100CL based Ethernet controller. Currently run my Router...

dragon2611

Ok seems to be working at the moment with the route set to use the interface rather than an IP address. The only problem i'm having currently is I can't ping my 2nd Interface from the internet when the primary Interface is also online. I think it's trying to reply via the other ISP :-/ Edit: fixed i...

dragon2611

Having a bit of fun with Setting up Policy based routing. I have 2 ISP's and I want certain computers to get routed over the 2nd ISP. ISP1 Is a static IP connection on ETH1 provided by A bridged DSL modem, this is my system default router ISP2 is PPPoE from a bridged DSL modem on ETH2. Whilst the IS...

dragon2611

Oh right.

I'd have thought referencing the numeric ID for the rule would be a lot less resource intensive than searching for a comment.

The only reason I can presume they disallow this is in case rules get re-orderd?

dragon2611

I have a couple of scripts that's triggered by netwatch that quite simply turns on a mangle rule to tag packets to take a different route if one of my Wan connections drops. The ones "BEup" and "BEdown" function as expected , the other 2 do not seem to actually do anything when r...

dragon2611

Do you have a DHCP server running on that interface? It should grab an address from that DHCP server pool. Yes [admin@MikroTik] > ip dhcp-server print detail Flags: X - disabled, I - invalid 0 name="My-Lan" interface=Lan lease-time=3d address-pool=My-lan bootp-support=static add-arp=yes a...

dragon2611

http://wiki.mikrotik.com/wiki/Manual:Hotspot_Introduction#Getting_an_Address One-to-one NAT can be disabled by un-setting the address-pool parameter under /ip hotspot. ie: /ip hotspot set 0 address-pool=none That just seems to cause the clients to end up without a usable IP address. my android phon...

dragon2611

Check "/ip hotspot host". Compare the "address" value to the "to-address" value. Are they the same? This is the hotspot 1:1 NAT feature. Ah yes thanks just spotted that actually, why it would 1:1 NAT to an IP in the same subnet seems a bit silly, is it a feature of Hot...

dragon2611

hmm Upgraded to 5.2 and now it's showing 192.168.0.3 for the same client.

Although I think I now know why

if I look in hosts under hotspot it shows 192.168.0.8 bound to 192.168.0.3

dragon2611

Will update to Version 5.2 shortly and retest but noticed this bug in 5.0 Connected a friends laptop to my guest network in order to download some updates onto it, went to the router's IP address after authenticating and got the status screen The status screen shows Welcome Guest1 IP 192.168.0.9 etc...

dragon2611

Not sure if it's my pc or not (It worked on RouterOS v4.16) but if I click on an active host in hotspot to bring up it's details and then hit the "make binding" button it will cause winbox to crash. Tried downloading the version of winbox from the router to make sure I had the correct vers...

dragon2611

Managed to figure out a work around. It seems the IP doesn't work until there has been some outbound traffic on it, originally my default NAT rules rewrote everything to my first IP so even if I sent a packet from the router with a source IP set to one of the others I think the NAT rule was catching...

dragon2611

so, even without firewall you just add ip address to the interface, that already has an address (same subnet) and you are not able to ping it? Or is there anything else as simple test of adding another address did not yield any ICMP packet failures. I could ping it from the LAN side of the network ...

dragon2611

The issue here is likely routing. Without more info on your setup, I can't give you a certain answer. You can only have one route to a given destination active at any given time, unless the route is for a specific packet/routing mark. Essentially, the IP all have the same default gateway, so only o...

dragon2611

Ended up buying a Licence for L4 X86

I think it was partly due to "I want it now" syndrome.

dragon2611

http://wiki.mikrotik.com/wiki/Manual:All_about_licenses#What_is_a_Replacement_Key It is a special key which is issued by the Support Team if you accidently lose the license, and the Mikrotik Support decides that it is not directly your fault. It costs 10$ and has the same features as the key that y...

dragon2611

How are you booting the Alix boards? Licenses are tied to the media they are installed on. If you can't swap the drive to a different board you cannot use that board as a spare. Edit: saw you use a CF card. CF card failure still kills you. Edited my previous post some, by the way. I would hope that...

dragon2611

A 450G will do just fine what you're trying to do. I also like buying RouterBOARDs simply because I like buying an entire stack from a vendor as it more or less guarantees compatibility for the next couple of years. That said, the Alix board should also work just peachy and will save you $55 over l...

dragon2611

Whilst this is a nice discussion about bonding.etc and I'm quite happy to continue on with it can we get back to the original question for a moment? Which was actually about what would be best suited to doing ~40Mbit/s throuhput and will be able to handle radius.etc Don't really want to spend any mo...

dragon2611

I have a netgear GS105V2 and it seems to be VERY fussy about what it will talk to at 1Gbit/s although I'm unsure if the one I have was faulty, someone gave it to me but the original Psu was faulty (failing under load). According to the power rating it should work with a 12V 1A psu but when I tried i...

dragon2611

1) Shame really as I already own about 3 Alix 2D3's Is there a specific RB that's best to get? 2) MLPPP on the RB750 did work (Think it was a Cisco RAS at the other end) apart from the aforementioned issue when one of the lines dropped sync, throughput was fine when it worked, which was most of the ...

dragon2611

My ISP offers a bonded service where they Bond 2 Adsl2+ lines using ATM layer bonding (G998.1 based I believe) the ISP provided router (Comtrend Nexuslink 5631) handles the DSL (including the bonding), and can be configured to act as an Ethernet > DSL bridge. As since my ISP uses RFC1483/2684 bridge...

dragon2611

Currently I have bonded ADSL2+, with the ISP supplied modem bridged to my RouterOS box. The DSL Sync speed is 42Mbit/s downstream 4.6Mbit/s upstream Currently running routerOS 5.7RC7 Demo (l1) on an Alix 2D3 (X86 500mhz Geode, 128mb cf card 256mb ram) Also doing IPv6 tunnelling via HE.net and have v...

dragon2611

Just had a really strange Issue in RouterOS 5 RC7 with multiple IP's on the same interface. My ISP gives multiple IPv4s as single IP's from a larger subnet rather than allocate a proper routed subnet, this usually works fine on routerOS you just add the IP to the interface with the Subnet Mask given...

dragon2611

That happens a lot with antivirus software. McAfee does the same thing - by default "prevent worms from mass emailing" is enabled, and telnet isn't a whitelisted process: can't check mail servers via telnet that way. Bit me more than a few times. With avast it actually does look like it's...

dragon2611

Think i've figured it out. You're right RouterOS isn't actually allowing the connection through on port 25, infact it seems the PC wasn't even bothering to try and make an SMTP connection to the server. Turns out it was the Antivirus App running on the pc (Avast) looks like its SMTP proxy was either...

dragon2611

Hi all, I've been playing around with router OS v5 on an Alix2D3 and have come across a bit of an odd situation. It seems if you configure a rule in the forward chain to drop TCP port 25 connection it ignores it completely. I've even tried making this the first rule in the chain and yet somehow it s...

dragon2611

Hi all being playing around with MLPPP on RouterOS and one of the problems I seem to be having is detecting a DSL link failure as I find when that occurs I get a lot of packetloss until the PPP session eventually drops. I did try to speed up the proccess by setting up a Netmonitor to bounce the PPPo...

dragon2611

i more wonder why giaddr field is changed by your bridge. RouterOS dhcp-server will ignore requests that comes with giaddr set, as that means it has to have relay configured, if it is not, then request is addressed to another dhcp-server. adding second dhcp-server with relay ip address set should n...

dragon2611

i more wonder why giaddr field is changed by your bridge. RouterOS dhcp-server will ignore requests that comes with giaddr set, as that means it has to have relay configured, if it is not, then request is addressed to another dhcp-server. adding second dhcp-server with relay ip address set should n...

dragon2611

giaddr field is set if you have dhcp-relay set up (or something equal is other vendor) in that case, dhcp server sees the request with giaddr set and ignores that because it has nothing to do with something that is not configured to work with. you can just set another dhcp-server to give addresses ...

dragon2611

what is your OS that tries to get the ip address? Basically, if something is able to get IP, there is no reason why other devices could not do the same. Check your firewall, maybe it has something to do with it. I figured out what it is (with the help of some people in irc) it's the computers on th...

dragon2611

I recently bought a routerboard 750 to try routerOS. I was previously loadbalancing 2 lines with pfSense but wanted to try MLPPP bonding, i replaced my pfsense box with the RB750 and the problem i'm having is my PC upstairs refuses to get a DHCP lease yet works fine if i manually set an IP on the in...

dragon2611

Hi, Until now we use RB450 for ML-PPP with two 16 Megabit ADSL2+ Lines and see no CPU problem at all. When the Lines are totally stuffed with downloads by a bittorrent client, cpu usage levels around 35%. Since the RB750 should be very similar in CPU Power, i suppose you won't be seeing any CPU pro...

dragon2611

Hi all Forgive me if this is a really stupid question but i'm completely new to routerboards and routerOS :( What would I need hardware wise to handle 40Mbit/s and MLPPP? (2x 20Mbit down 2Mbit up ADSL2+ lines) Would a routerboard 750 be able to handle it? I want to use NAT but I can always use my Pf...

Search found 155 matches