Community discussions

MikroTik App

Search found 211 matches

by oreggin
Sat Jan 11, 2025 9:07 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 355
Views: 124363

Re: v7.17rc [testing] is released!

RoSv7.17RC3. SSTP doesn't work with ciphers=aes256-gcm-sha384. If I change back to ciphers=aes256-sha it works again. Other relevant configs: verify-server-certificate=yes verify-server-address-from-certificate=no authentication=mschap2 pfs=required tls-version=only-1.2 add-sni=no Edit: SSTP works w...
by oreggin
Thu Dec 05, 2024 8:28 am
Forum: General
Topic: L2TP TUNNEL P2P IP PING STRANGE BEHAVIOR
Replies: 4
Views: 676

Re: L2TP TUNNEL P2P IP PING STRANGE BEHAVIOR

Please post your l2tp, ppp, ip, interface sections configurations without sensitive info, and
/interface/l2tp-client/monitor <num> once
outputs.
by oreggin
Wed Dec 04, 2024 4:01 pm
Forum: General
Topic: Random reboots on RB4011 since 7.13/7.14
Replies: 22
Views: 3745

Re: Random reboots on RB4011 since 7.13/7.14

Did I read right? Do you powering hAP ax3 from RB4011 over passive PoE? I have two RB4011 with original power supply but none of them reboots. One of them is powering a hAP ax2 but thats all. Sometimes the grid voltage drops under 200V over here where 230V is nominal but RB4011 doesn't rebooting. hA...
by oreggin
Wed Dec 04, 2024 3:45 pm
Forum: General
Topic: Complaints from v7.17rc [testing]
Replies: 45
Views: 4387

Re: Complaints from v7.17rc [testing]

Last saturday I chatted with my old friend whom actively using Enterprise level MikroTik devs and other vendors devices too. He didn't hear about device-mode. I don't want to mess the joke so I didn't tell about it. There are many others over the world whom doesn't hear about device-mode and its loc...
by oreggin
Fri Nov 29, 2024 6:26 pm
Forum: General
Topic: Complaints from v7.17rc [testing]
Replies: 45
Views: 4387

Re: Complaints from v7.17rc [testing]

This thread speaks for itself, please rethink device-mode and don't give a shit. We have been switching to MTik devices for some time, but now we can move on to other manufacturers. Thanks! Can you please describe in full sentences how device-mode is interfering with your workflow? What was impleme...
by oreggin
Wed Nov 27, 2024 10:21 am
Forum: General
Topic: Complaints from v7.17rc [testing]
Replies: 45
Views: 4387

Re: Complaints from v7.17rc [testing]

This thread speaks for itself, please rethink device-mode and don't give a shit. We have been switching to MTik devices for some time, but now we can move on to other manufacturers. Thanks!
by oreggin
Sun Nov 24, 2024 10:13 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 355
Views: 124363

Re: v7.17rc [testing] is released!

Anybody give an OK for Hap ax2 running capsman, I wouldn't want my config to explode! You can try it without harm. Repartition the hapax2 with two partition, on part0, stay 7.16.1, copy that onto part1 and switch to part1, then upgrade it to 7.17. If it is messed up itself, you can switch back to p...
by oreggin
Wed Nov 20, 2024 9:35 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 165173

Re: v7.17beta [testing] is released!

As far as I understand, MTik is trying to discourage unauthorized attackers from using MTk devices for attacks.
the user himself takes measures to protect his device.
In a perfect world, yes, In a real world, unfortunately not in every single case.
by oreggin
Tue Nov 19, 2024 11:49 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 165173

Re: v7.17beta [testing] is released!

As far as I understand MTik tries to mitigate unauhorized atterkers to using MTik devices for attacks.
the user himself takes measures to protect his device.
In a perfect world, yes, In a real world, unfortunately not in every single case.
by oreggin
Tue Nov 19, 2024 11:08 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 165173

Re: v7.17beta [testing] is released!

but once I had left an innocent router with publicly accessible DNS server, and it was actively used in amplification attack, but I realized my mistake and fixed it fast. In that case, we should definitelly hide this dangerous functionality behind device-mode /s or maybe fix DNS VRF-support, still ...
by oreggin
Tue Nov 19, 2024 9:58 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 165173

Re: v7.17beta [testing] is released!

Hi, I'm working for an ISP and we use a lot of Mikrotik devices on customer sites. BTest is a very important feature for us for validating and supporting. Please don't disable it in advanced mode. I can understand that you want to make product for home users with some security but in this case plea...
by oreggin
Mon Nov 18, 2024 6:01 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 165173

Re: v7.17beta [testing] is released!

There's one other detail in being hacked/locked out as well. Intruder can disable button/jumper reset before changing the password and that can really make device a paperweight for the owner. Therefore flagged status should take care of re-enabling jumper/button reset as well. What? :-O If anybody ...
by oreggin
Sat Nov 16, 2024 9:28 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 165173

Re: v7.17beta [testing] is released!

Device-Mode: My personal opinion is that this is a bad approach. (not only MikroTik) customers are a special species :-) Who don't want to bother with SW upgrades and security to harden its network environment, they don't bother with this kind of tries. What they would do in that moment when they hi...
by oreggin
Sat Nov 16, 2024 8:02 pm
Forum: Forwarding Protocols
Topic: bgp filter problem
Replies: 3
Views: 3316

Re: bgp filter problem

As I see in your example, in the first case, the route was filtered but we don't see the first element in your routing filter ruleset. On RoS v7.16.1 we using routing filters mathing on BGP ext communities: chain=BGP_RR_in4 rule="if (bgp-ext-communities any-list RTList_sulinet) {accept}" A...
by oreggin
Thu Nov 14, 2024 10:52 pm
Forum: Forwarding Protocols
Topic: BGP Prefix forwarding
Replies: 1
Views: 424

Re: BGP Prefix forwarding

Maybe this is what you want: https://www.youtube.com/watch?v=JWSfC_7p1yU
Edit: except the NAT part.
Here is the official documentation: https://help.mikrotik.com/docs/spaces/R ... cy+Routing
by oreggin
Thu Nov 14, 2024 12:15 pm
Forum: Forwarding Protocols
Topic: ARP Table
Replies: 6
Views: 2002

Re: ARP Table

Bridge horizon might be a solution, although unfortunately it disables HW offload.

https://help.mikrotik.com/docs/spaces/R ... +Switching
by oreggin
Wed Nov 13, 2024 10:25 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 165173

Re: v7.17beta [testing] is released!

Hey Mikrotik, it's already been a month since beta4, and no new releases since, are you okay? :-)
+1 :-)
zero reactions in ticketing also :(
by oreggin
Wed Nov 13, 2024 12:27 pm
Forum: Forwarding Protocols
Topic: RoS7 MPLS LDPv4 over PPP
Replies: 2
Views: 508

Re: RoS7 MPLS LDPv4 over PPP

Now only two Spokes can communicate: [oreggin@lns.mtik-test] > /mpls/ldp/remote-mapping/print where dst-address~"10[.]4" label=impl-null Flags: X - DISABLED, I - INACTIVE; D - DYNAMIC Columns: VRF, DST-ADDRESS, NEXTHOP, LABEL, PEER # VRF DST-ADDRESS NEXTHOP LABEL PEER 721 D main 10.44.2.25...
by oreggin
Tue Nov 12, 2024 7:17 pm
Forum: Forwarding Protocols
Topic: RoS7 MPLS LDPv4 over PPP
Replies: 2
Views: 508

Re: RoS7 MPLS LDPv4 over PPP

Topology is: [cisco NCS5500 XR]---{gigabitethernet}---[CCR2004]==={L2TPs}===[Spokes] CCR2004 is the LNS as of now, later would be CCR2116. I tried OSPF and RIP as IGP without success. There are 5 Spokes on LNS/HUB. All the five LDP adjacency is DOp (D - DYNAMIC; O - OPERATIONAL; p - PASSIVE), but so...
by oreggin
Mon Nov 11, 2024 10:34 pm
Forum: Forwarding Protocols
Topic: OSPF/MPLS Migrations on 7.16.1
Replies: 5
Views: 1683

Re: OSPF/MPLS Migrations on 7.16.1

Hi!
Can you try it with RouterOS v7.17.beta2? There are some changes in mpls code.
oreggin
by oreggin
Mon Nov 11, 2024 4:45 pm
Forum: Forwarding Protocols
Topic: RoS7 MPLS LDPv4 over PPP
Replies: 2
Views: 508

RoS7 MPLS LDPv4 over PPP

Hi! I try to bring this up in HUB&Spoke topology, both VPNv4 and VPNv6. Funny thing is VPNv6 over IPv6 peers just works fine. VPNv4 over IPv4 peers is strange in LDP + IGP aspect. One Spoke reachable from LNS and router behind LNS, other doesn't. Did anybody successfully managed to configuring t...
by oreggin
Sun Aug 25, 2024 10:56 pm
Forum: RouterOS beta
Topic: Feature Request : IPv6 Fasttrack
Replies: 214
Views: 65563

Re: Feature Request : IPv6 Fasttrack

It is not MikroTik related, other vendors treat IPv6 too as a gentleman's fad. As I try to understand whats going on here, I digging deeper and deeper. It seems to me RouterOS using Linux kernel's fastpath and flowtable functions with some specialized code to RouterOS. IIRC RouterOS7 is based on Lin...
by oreggin
Fri Jun 21, 2024 8:40 am
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

It depends on is it supported in the current kernel and if not how hard to implement it without other things falls apart. Without this option we need dual stack IGP and LDP to use both VPNv4 and VPNv6.

EDIT: and if I'm right it depends on how hard to implement this in RIB and FIB levels.
by oreggin
Wed Jun 12, 2024 1:42 pm
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

It should work if you configure vpnv6 on IPv6 BGP peer and configure LDPv6 and IGP ipv6 address-family. FTR: It should, but it doesn't. I tried IS-IS IPv6 over GRE, but nexthops doesn't work. I switched back to OSPFv2+v3, it works, LDPv4+v6 works, but if I activate VPNv6 on our routers's BGP connec...
by oreggin
Tue Jun 11, 2024 12:23 pm
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

I tried adding a static IPv6 route and the results I got are as follows: - With the IPv4 gateway it was not possible ("invalid or unexpected argument base" message). - with IPv4 mapped to IPv6 gateway (in the format ::ffff:a.b.c.d) it was possible, however the route never became active. A...
by oreggin
Mon Jun 10, 2024 9:59 am
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

I think the nexthop translation is the smaller task. If RouterOS based on at least Linux v5.2 then we have a chance to implement v6 routes with v4 nexthop. FRR faced this in the past already: https://github.com/FRRouting/frr/issues/4661 Last comment goes to another thread where mention that Linux 5....
by oreggin
Sun Jun 09, 2024 9:18 pm
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

I don't think its a shame. It is not a problem, it is a task ;) If I'm right, the mapped IPv4 nexthop in BGP table needs to be translated to native IPv4 address when building the MPLS forwarding table when VPNv6 prefixes exchanged over IPv4 BGP session , but I need further invesigation about this ju...
by oreggin
Sun Jun 09, 2024 6:43 pm
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

So, If I'm right, it should works as mentioned above. BGP neighbors and LDP neighbors is communicating over IPv4, so VPNv4 route's nexhop is plain IPv4 addresses and VPNv6 (over IPv4) route's nexthop is mapped IPv4 address. This documents also referring this: https://www.cisco.com/c/en/us/support/do...
by oreggin
Sat Jun 08, 2024 8:05 pm
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

Hi mrz,

Thanks so much to digging these out. If I'm right, if I use VPNv6 over IPv6 I should use LDPv6 for IPv6 nexthops.
I don't understand yet how should VPNv6 over IPv4 exactly works. I'll try to investigate this.
by oreggin
Fri Jun 07, 2024 3:47 pm
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

RFC 4659 said: 3.2.1.2. BGP Speaker Requesting IPv4 Transport When the IPv6 VPN traffic is to be transported to the BGP speaker using IPv4 tunneling (e.g., IPv4 MPLS LSPs, IPsec-protected IPv4 tunnels), the BGP speaker SHALL advertise to its peer a Next Hop Network Address field containing a VPN-IPv...
by oreggin
Fri Jun 07, 2024 3:40 pm
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

In BGP table, yes, but not in RIB: ASR1000#show bgp vpnv6 unicast vrf VRF_A 2001:xxxx:800:4700::/56 BGP routing table entry for [65001:40]2001:xxxx:800:4700::/56, version 2914773 Paths: (1 available, best #1, table VRF_A) Not advertised to any peer Refresh Epoch 1 65000, imported path from [65000:10...
by oreggin
Fri Jun 07, 2024 2:38 pm
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

1.: we have no LDPv6 nor SRv6 in our network so we can't use VPNv6 over IPv6. 2.: I can't figure out how to change GW address. I tried two ways of rules: [admin@rtr2.CPE] > /routing/route/print where afi=vpn6 Flags: U - UNREACHABLE, A - ACTIVE; b - BGP, y - BGP-MPLS-VPN; H - HW-OFFLOADED Columns: DS...
by oreggin
Fri Jun 07, 2024 11:58 am
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

Ok, so my routing is like this: [admin@rtr1.CPE] > /routing/route/print where afi=vpn6 Flags: U - UNREACHABLE, A - ACTIVE; b - BGP, y - BGP-MPLS-VPN; H - HW-OFFLOADED Columns: DST-ADDRESS, GATEWAY, AFI, DISTANCE, SCOPE, TARGET-SCOPE, IMMEDIATE-GW DST-ADDRESS GATEWAY AFI DISTANCE SCOPE TARGET-SCOPE I...
by oreggin
Fri Jun 07, 2024 11:06 am
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

It seems to me BGP routes exchanged between routers but it doesn't appearing in RIB over here. BGP session table doesn't shows AFI correctly for me too however it negtiated.
by oreggin
Mon Jun 03, 2024 2:07 pm
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

This is an automated message. Our bug tracker reports, that your issue has been fixed. This means that in the upcoming days, we plan to release a RouterOS update with this fix. Make sure to upgrade to the next release when it comes out soon. The support engineer wrote that it was just a typo so it ...
by oreggin
Sat Jun 01, 2024 6:38 pm
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

@oreggin, you have done a thorough analysis. Have you reported your discovery to support?
Yes I have reported it in e-mail. I hope they can fix this easily in 7.15.1...
by oreggin
Sat Jun 01, 2024 5:01 pm
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

Ok, so 7.15 is out, I tested it in LAB and it does not work. I getting curious and dumped the BGP traffic on links. I found that RouterOS sends incorrect SAFI NLRI for VPNv6: Screenshot_2024-06-01_15-55-20.png As RFC4659 (3.2. VPN IPv6 NLRI Encoding) says: AFI must be 2 and SAFI must be 128, but ROS...
by oreggin
Thu Apr 25, 2024 5:10 am
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 41
Views: 7447

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

Glad to seeing it! I testing it in the lab with CHR mesh network topology. I can set vpnv6 under bgp connections but nothing really happens: [admin@rtr1.CPE] > /routing/bgp/connection/export # 2024-04-25 04:18:12 by RouterOS 7.15rc1 # software id = # /routing bgp connection add address-families=ip,l...
by oreggin
Mon Oct 09, 2023 2:12 pm
Forum: General
Topic: Bridge drops zero src MAC DHCP frames in egress?
Replies: 1
Views: 580

Re: Bridge drops zero src MAC DHCP frames in egress?

It seams this is an IOS-XR bug. Anyway I would be interested in whether this is a bug or a feature in MTik bridges. I mean on bridges should it drops unicast zero src MAC frames?
by oreggin
Sun Oct 08, 2023 5:10 pm
Forum: General
Topic: Bridge drops zero src MAC DHCP frames in egress?
Replies: 1
Views: 580

Bridge drops zero src MAC DHCP frames in egress?

Hi all! I have an issue with MTik bridges. We using MTik bridges for aggregate CPE routers traffic. These CPE routers using DHCP on their uplinks. We have two types of DHCP szerver. One is IOS-XE, other is IOS-XR. Initial DHCP 4-way is works fine, BUT after the half lease time CPE try to renew its u...
by oreggin
Fri Nov 04, 2022 11:11 pm
Forum: RouterOS beta
Topic: Wireguard in a "hub-and-spoke" topology
Replies: 12
Views: 7513

Re: Wireguard in a "hub-and-spoke" topology

Thanks Guys, I hope now I understand the whole WG idea. I looked WG from bad direction. I tried to compare it with L2TP over IPSec or SSTP, however it simplify IPSec job and it is not a universal DMVPN solution. In IPSec I can control the traffic with IPSec policies, in WG I can control the traffic ...
by oreggin
Thu Nov 03, 2022 6:35 pm
Forum: RouterOS beta
Topic: Wireguard in a "hub-and-spoke" topology
Replies: 12
Views: 7513

Re: Wireguard in a "hub-and-spoke" topology

Thanks anav, now I got that "allowed-address" is for routing decision or similar in WG.
If I have 1000 of Spokes then I need 1000 WG interface on HUB?
Dynamic routing (IGP) should works on this? What about IPv6 and MPLS?
Can I scale this up to at least 1000 spokes?
Thanks!
by oreggin
Sun Oct 30, 2022 5:18 pm
Forum: RouterOS beta
Topic: Wireguard in a "hub-and-spoke" topology
Replies: 12
Views: 7513

Re: Wireguard in a "hub-and-spoke" topology

I desided to add second chance to WG, but I wasn't success. I try to set up two peer on one router but only the first working, I can't ping to the second one. I tried to setup a triangle topology with 3 routers but only one WG link is working from the three. /interface wireguard add listen-port=1323...
by oreggin
Fri Oct 07, 2022 8:19 pm
Forum: Announcements
Topic: v7.6rc is released!
Replies: 94
Views: 32025

Re: v7.6rc is released!

DNS issue addressing is not success in 7.6rc1. It doesn't work most of the times. I created a bash oneliner to test it with 7.6rc1 and after downgrade to 7.6beta8 it works fine as you can see in the second case: $ while true; do i=0; while [ $i -lt 20 ]; do getent hosts web.facebook.com > /dev/null ...
by oreggin
Sun Jul 03, 2022 7:23 pm
Forum: Forwarding Protocols
Topic: ROSv7 MPLS over L2TP doesn't working [SOLVED]
Replies: 1
Views: 4982

Re: ROSv7 MPLS over L2TP doesn't working [SOLVED]

Fixed in 7.3RC1
by oreggin
Mon May 02, 2022 8:38 pm
Forum: RouterOS beta
Topic: BGP signaled VPLS in ROSv7
Replies: 15
Views: 6850

Re: BGP signaled VPLS in ROSv7

Hi, IIRC BGP signaled VPLS is under /interface/vpls/bgp-vpls/add It should be BGP signaled if you using site-id instead of cisco-id. for example if your AS is 65535 and RD is 111: /interface/vpls/bgp-vpls/add disabled=no rd=65535:111 import-route-targets=65535:111 export-route-targets=65535:111 site...
by oreggin
Mon May 02, 2022 8:23 pm
Forum: RouterOS beta
Topic: ROS7 MPLS forwarding over PPP
Replies: 1
Views: 3038

ROS7 MPLS forwarding over PPP

Should ROS7 do MPLS forwarding over PPP tunnels like L2TP, as do with ROS6?
I set LDP on my L2TP tunnels but all mappings are inactive and no forwarding.
by oreggin
Thu Apr 28, 2022 9:02 pm
Forum: Forwarding Protocols
Topic: BGP and routing filter improvement suggestions
Replies: 61
Views: 26319

Re: BGP and routing filter improvement suggestions

I realize that what I am asking for down below is a LOOOOOT of work but....I'd like to put them in there. BGP Labeled Unicast (RFC3107) for both IPv4 and IPv6 BGP Link-State (RFC7752) for the TE database distribution between areas (allowing for inter-area MPLS-TE) BGP Route-Target Constraints (RFC4...
by oreggin
Thu Apr 28, 2022 4:30 pm
Forum: RouterOS beta
Topic: arp-ping not working on RouterOS v7 [SOLVED]
Replies: 26
Views: 20220

Re: arp-ping not working on RouterOS v7 [SOLVED]

Same here, RoSV7.3beta37 and RB4011
by oreggin
Fri Apr 22, 2022 12:49 pm
Forum: RouterOS beta
Topic: iBGP RR
Replies: 7
Views: 9331

Re: iBGP RR

Ohkay, (l)user error :) I messed up the nexthops and this is why it didn't worked for me. Now I fix it and works fine.
by oreggin
Wed Apr 20, 2022 10:52 pm
Forum: RouterOS beta
Topic: RB1100AHx2 failing upgrade [SOLVED]
Replies: 5
Views: 10703

Re: RB1100AHx2 failing upgrade [SOLVED]

This could happen if you had model with a specific nand (can affect RB1100AHx2 and RB850x2). It will be fixed in the next version.
Thanks mrz, waiting for next release...

update: Upgraded to 7.3beta37 successfully. thanks again!
by oreggin
Wed Apr 20, 2022 10:19 am
Forum: RouterOS beta
Topic: RB1100AHx2 failing upgrade [SOLVED]
Replies: 5
Views: 10703

Re: RB1100AHx2 failing upgrade [SOLVED]

Anyone else testing ROS7 with RB1100AHx2? If so experiencing this?
by oreggin
Mon Apr 18, 2022 5:50 pm
Forum: General
Topic: VPN Protocol suggested for large Hub and Spoke topology
Replies: 32
Views: 4155

Re: VPN Protocol suggested for large Hub and Spoke topology

When I saw "large" I expected thousands of spokes.
We using cleartext L2TP to aggregate IPv4 and IPv6 traffic from random/dynamic addressed Spokes (6000+, some behind NAT) on a single HUB.
by oreggin
Mon Apr 18, 2022 12:51 pm
Forum: RouterOS beta
Topic: iBGP RR
Replies: 7
Views: 9331

Re: iBGP RR

hmmm, thanks, it works now but I can't figured out, why...
by oreggin
Sun Apr 17, 2022 8:57 pm
Forum: RouterOS beta
Topic: iBGP RR
Replies: 7
Views: 9331

Re: iBGP RR

How did you solve this? My RR doesn't wanna reflect clients routes to other clients even if I switching that "No Client To Client Reflection" knob.
I use 7.3beta33
by oreggin
Thu Apr 07, 2022 8:37 am
Forum: RouterOS beta
Topic: RB1100AHx2 failing upgrade [SOLVED]
Replies: 5
Views: 10703

Re: RB1100AHx2 failing upgrade [SOLVED]

Thanks for reply.
I always keep routerboot on the same version as routeros even it needs dual reboot. I experiencing this with 7.x versions. Last time it runned 7.2RC5 and I had would like to upgrade it to 7.2 and failed.
All other type of my routerboards upgraded successfully.
by oreggin
Wed Apr 06, 2022 9:10 pm
Forum: RouterOS beta
Topic: RB1100AHx2 failing upgrade [SOLVED]
Replies: 5
Views: 10703

RB1100AHx2 failing upgrade [SOLVED]

Hi! I have an RB1100AHx2 ppc based board and I testing ROSv7 with it. I can't upgrade it with normal method because of boot error, I see this on console: loading kernel partition 0... OK setting up elf image... OK jumping to kernel code Could not mount ubifs/yaffs filesystem: No such device [ 3.3081...
by oreggin
Mon Apr 04, 2022 12:22 pm
Forum: RouterOS beta
Topic: ROSv7 RIP doesn't distribute routes
Replies: 4
Views: 3223

Re: ROSv7 RIP doesn't distribute routes

...and RC7 make it inoperative again :-(
by oreggin
Sun Mar 27, 2022 1:24 pm
Forum: RouterOS beta
Topic: ROSv7 RIP doesn't distribute routes
Replies: 4
Views: 3223

Re: ROSv7 RIP doesn't distribute routes

RourerOS v7.2RC5 solve this.
Thanks!
by oreggin
Tue Mar 01, 2022 11:24 pm
Forum: RouterOS beta
Topic: ROSv7 RIP doesn't distribute routes
Replies: 4
Views: 3223

Re: ROSv7 RIP doesn't distribute routes

Try redistribute=rip,connected.
Thanks for the hint. I added rip to redistribute on HUB without success. I upgradded all routers to 7.2rc4, no win :-(
by oreggin
Sun Feb 27, 2022 9:51 pm
Forum: RouterOS beta
Topic: ROSv7 RIP doesn't distribute routes
Replies: 4
Views: 3223

ROSv7 RIP doesn't distribute routes

Hi! I use RIPv2 for distribute large number of routes in HUB&Spoke setups with RoSv6. It is very scalable, easily fits thousands of Spokes on a HUB. I testing it with RoSv7.2rc3 but I see that RoSv7 HUB doesn't send out received RIPv2 routes from other Spokes. It sends out only its own redistrib...
by oreggin
Tue Dec 28, 2021 11:46 pm
Forum: Forwarding Protocols
Topic: ROSv7 MPLS over L2TP doesn't working [SOLVED]
Replies: 1
Views: 4982

ROSv7 MPLS over L2TP doesn't working [SOLVED]

Hi! I using MPLS over PPP (PPPoE,L2TP,SSTP) in ROSv6, and tried it on ROSv7 without success. LDP neigborship build up, but forwarding doesn't working. MPLS forwarding table is empty and label mappings are inactive: [oreggin@rtr1.vtkl20] > mpls/export # dec/28/2021 22:49:22 by RouterOS 7.1.1 # softwa...
by oreggin
Sun Nov 14, 2021 8:59 pm
Forum: RouterOS beta
Topic: crs309 v7.1rc6 MPLS Problem
Replies: 6
Views: 3173

Re: crs309 v7.1rc6 MPLS Problem

Hi, I experiencing the same issue with my CHR lab. The first node after the packet source drops the packet. I can't debugging it, so I opened a support ticket.
by oreggin
Wed Nov 03, 2021 5:40 pm
Forum: RouterOS beta
Topic: more modern ssh in routerOS please
Replies: 22
Views: 7519

Re: more modern ssh in routerOS please

Sure, but then ... is anybody (except me? ;-) ) checking all the change-logs before blindly upgrading software? I mean ... it's ssh client upgrade which breaks things "that worked yesterday" and if one does one thing at a time, it would be pretty obvious, wouldn't it? Except for the part ...
by oreggin
Wed Nov 03, 2021 2:59 pm
Forum: RouterOS beta
Topic: more modern ssh in routerOS please
Replies: 22
Views: 7519

Re: more modern ssh in routerOS please

Sure, this is not a big problem, but many of us noticed "I can't login into my device which was worked yesterday". And some of us starts thinking "Some bad guy cracked it, or not?". In security, you have never be too careful.
by oreggin
Wed Nov 03, 2021 7:12 am
Forum: RouterOS beta
Topic: L2TP + IPsec crashes on 4011
Replies: 6
Views: 3854

Re: L2TP + IPsec crashes on 4011

I have a similar problem when using L2TP/IPsec to connect from a device running 7.1rc3 to a device running 6.48.3. Everything works just fine for a couple of days, then suddenly the L2TP part stop working completely (IPsec part seems to work, SAs are being created and there are no errors in any log...
by oreggin
Wed Nov 03, 2021 7:01 am
Forum: RouterOS beta
Topic: more modern ssh in routerOS please
Replies: 22
Views: 7519

Re: more modern ssh in routerOS please

....Ok, here's the rant: modern ssh clients refuse to work with mikrotik, because its crypto is woefully old.... What ssh client do you use? Why do you call it modern if it can't use old ciphers? It could/should compalin but dropping support in such a tool is a shame. Why not to drop telnet support...
by oreggin
Thu Oct 21, 2021 2:55 pm
Forum: RouterOS beta
Topic: wAPac-wAPac WDS forwarding stops after some time
Replies: 5
Views: 2248

Re: wAPac-wAPac WDS forwarding stops after some time

I will try to do some debug on AP when traffic stops, maybe somesthing comes out.
by oreggin
Wed Oct 20, 2021 10:23 am
Forum: RouterOS beta
Topic: more modern ssh in routerOS please
Replies: 22
Views: 7519

Re: more modern ssh in routerOS please

Now, with OpenSSH v8.8p1 I can't use RSA pubkey auth as in this version it is disabled by default and I need to workaround in .ssh/config with PubkeyAcceptedKeyTypes +ssh-rsa to able to connect. Moreover still only RSA pubkey auth is supported in RC4, which is the first generation key type. The seco...
by oreggin
Tue Oct 19, 2021 10:04 pm
Forum: RouterOS beta
Topic: wAPac-wAPac WDS forwarding stops after some time
Replies: 5
Views: 2248

Re: wAPac-wAPac WDS forwarding stops after some time

RC4 didn't solve the issue.
I noticed that some of regular WiFi clients hangs too after random time. WiFi connection is seems good but there is no packet forwarding on it. Only disassoc-assoc repair the connection.
by oreggin
Sat Oct 02, 2021 1:29 pm
Forum: RouterOS beta
Topic: Loosing configuration after reboot (7.1rc3)
Replies: 16
Views: 5076

Re: Loosing configuration after reboot (7.1rc3)

I experienced loss of partial configuration on my Rb4011 with 7.1RC4 under normal operation, but unfortunately I didn't saved the autosupout. Next time I will save it and send to support, I promise ;-) It happend last week at night when I slept and next day I was can't reach it over IPv4, only on IP...
by oreggin
Sat Oct 02, 2021 11:43 am
Forum: RouterOS beta
Topic: L2TP + IPsec crashes on 4011
Replies: 6
Views: 3854

Re: L2TP + IPsec crashes on 4011

Do you using any special in the config? I using L2TP over native ethernet IF and Vlan IF also and I have stable L2TP connections on my RB4011 (ARM) and RB1100AHx2 (PPC) with 7.1RC4. Here is my config about the L2TP client side: ppp/profile/print where name="default-encryption" Flags: * - d...
by oreggin
Thu Sep 16, 2021 10:37 pm
Forum: RouterOS beta
Topic: Reboot right after PPP login when EOIP (7.1b6,7.1b7,7.1rc1)
Replies: 4
Views: 4036

Re: Reboot right after PPP login when EOIP (7.1b6,7.1b7,7.1rc1)

Moreover my RB1100AHx2 (PPC) crashing with 7.1RCx when I add EoIP interface to any type of bridge.
by oreggin
Tue Sep 14, 2021 4:56 pm
Forum: RouterOS beta
Topic: Reboot right after PPP login when EOIP (7.1b6,7.1b7,7.1rc1)
Replies: 4
Views: 4036

Re: Reboot right after PPP login when EOIP (7.1b6,7.1b7,7.1rc1)

On ROSv6 I was using L2VPN/VPLS over L2TP over IPSec and when I upgraded my RB4011s to ROS7 I experienced the crash too. Then I tried EoIP over L2TP over IPSec instead but it cause the same crash so now I haven't L2 pipe possibility over global internet...
by oreggin
Tue Sep 14, 2021 4:27 pm
Forum: RouterOS beta
Topic: VRF status with RouterOS v7
Replies: 16
Views: 9174

Re: VRF status with RouterOS v7

Since we now have IPv6 VRF support, I do not see the reason why not.
6PE and 6VPE would be phenomenal, as this is the most missing feature that blocks MTik out from our backbone/aggregation.
I also trying the VPNv4 but I don't find a docu about it in ROSv7, maybe it is not implemented either.
by oreggin
Sun Sep 12, 2021 5:47 pm
Forum: RouterOS beta
Topic: Feature request: 6PE & 6VPE
Replies: 0
Views: 1446

Feature request: 6PE & 6VPE

Hi,
there is FR for VPNv6/6VPE in the tree, maybe here would be better place for it.
by oreggin
Sun Sep 12, 2021 5:43 pm
Forum: RouterOS beta
Topic: Feature Request : IPv6 Fasttrack
Replies: 214
Views: 65563

Re: Feature Request : IPv6 Fasttrack

+1 for ipv6 fasttrack
by oreggin
Sat Sep 11, 2021 8:31 pm
Forum: RouterOS beta
Topic: wAPac-wAPac WDS forwarding stops after some time
Replies: 5
Views: 2248

Re: wAPac-wAPac WDS forwarding stops after some time

With RC3 I experience the same issue. After two days and a few hours it stop forwarding. I tried to generate supout on the far end AP2, but it hang at 8% and after that it rebooted itself and I have no supout file, while on AP1 I succesfully can generate supout. So on AP2 something smells fishy.
by oreggin
Sat Sep 11, 2021 8:28 pm
Forum: RouterOS beta
Topic: L2TP + IPsec crashes on 4011
Replies: 6
Views: 3854

Re: L2TP + IPsec crashes on 4011

Hi! I have a 4011 and it terminates three L2TPoIPSec. Not with the embedded PSK option but with separate IPSec config (IKEv2 with certificate). I can use it without any problem with RC2 and RC3. The difference is I don't use NAT on it.
by oreggin
Mon Sep 06, 2021 10:47 am
Forum: RouterOS beta
Topic: wAPac-wAPac WDS forwarding stops after some time
Replies: 5
Views: 2248

wAPac-wAPac WDS forwarding stops after some time

Hi! I have two wAPac (older ones), one of them is the WiFi GW the other is a repeater like AP. Topology: [wired LAN]==={wire}===[AP1]---(((wifi 5GHz)))---[AP2]---)))---WiFi clients I use AP2 to extend the wired & wireless LAN with WiFi-WDS. There is a static WDS between the two AP. On AP1 the WL...
by oreggin
Thu Sep 02, 2021 12:50 pm
Forum: RouterOS beta
Topic: MPLS crs3xx 7.1rc1
Replies: 5
Views: 2112

Re: MPLS crs3xx 7.1rc1

The same happens on my CHR lab: chr-lab.png When I enable LDP instance between two routers, traffic stops, however the label stack seems good for the first look. The config is: [admin@rtr1.CPE] > routing/ospf/export # sep/02/2021 11:42:10 by RouterOS 7.1rc2 # software id = # /routing ospf instance a...
by oreggin
Thu Sep 02, 2021 12:25 pm
Forum: RouterOS beta
Topic: MPLS LDP config conception [SOLVED]
Replies: 3
Views: 1897

Re: MPLS LDP config conception [SOLVED]

AFI in LDP configuration allows to specify on which address-family control plane will be working.
Thanks mrz! What if I don't specify the AFI and the backbone is dual stacked with IGP?
by oreggin
Wed Sep 01, 2021 11:16 pm
Forum: RouterOS beta
Topic: MPLS LDP config conception [SOLVED]
Replies: 3
Views: 1897

MPLS LDP config conception [SOLVED]

Hi! What is the AFI conception of the MPLS LDP configuration? It is for LDPv6 or for 6PE?
by oreggin
Wed Sep 01, 2021 8:05 pm
Forum: RouterOS beta
Topic: Migrated home network from 6.48.3 to 7.1RC1 to 7.1RC2
Replies: 5
Views: 1844

Re: Migrated home network from 6.48.3 to 7.1RC1

I seemlessly upgraded my home devices to ROSv7.1RC2 with the regular method.
by oreggin
Wed Sep 01, 2021 5:36 pm
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 321177

Re: ZeroTier added to RouterOS v7rc2

So, if I understand correctly, ZT is building a huge L2 domain inside the "Network"? There is a P2P L2 solution? We hate L2 in ISP backbone as it is very dangerous and caused a lot of issues. This huge L2 domain works only in a perfect world where we isn't living. How can we defend against...
by oreggin
Wed Sep 01, 2021 4:17 pm
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 321177

Re: ZeroTier added to RouterOS v7rc2

First of all I can't find ZT package in allpkg zip file: $ unzip -l all_packages-arm-7.1rc2.zip Archive: all_packages-arm-7.1rc2.zip Length Date Time Name --------- ---------- ----- ---- 14053521 2021-08-31 11:30 wifiwave2-7.1rc2-arm.npk 20625 2021-08-31 11:30 calea-7.1rc2-arm.npk 24721 2021-08-31 1...
by oreggin
Mon Aug 30, 2021 7:21 pm
Forum: RouterOS beta
Topic: SDWAN using Zerotier [SOLVED]
Replies: 54
Views: 27838

Re: SDWAN using Zerotier

Yeah, ZT build up tunnels between Spokes, IF Spokes can talk to each other, but 1: this not alway possible, 2: we don't really need horizontal traffic engineering because of a lot of reason. However if we need horizontal traffic (L2VPN for example) then it goes through regional aggregation, and neve...
by oreggin
Mon Aug 30, 2021 2:35 pm
Forum: RouterOS beta
Topic: Wireguard in a "hub-and-spoke" topology
Replies: 12
Views: 7513

Re: Wireguard in a "hub-and-spoke" topology

WireGuard is not for HUB&Spoke. Its seems it is only P2P, and if Spokes has random global addresses, you might add billions of peers on the HUB. WireGuard is for whom has two dedicated fix global IP addresses on the two end, and Layer3 tunneling is enough. Then you gets an encrypted and fast IP ...
by oreggin
Mon Aug 30, 2021 2:27 pm
Forum: RouterOS beta
Topic: HMAC-SHA for OSPFv2/3 authentication
Replies: 2
Views: 4860

Re: HMAC-SHA for OSPFv2/3 authentication

The second problem with MD5 in OSPFv3, other vendors implementing SHA1 auth.
by oreggin
Mon Aug 30, 2021 1:05 pm
Forum: RouterOS beta
Topic: SDWAN using Zerotier [SOLVED]
Replies: 54
Views: 27838

Re: SDWAN using Zerotier

Hi! I working in ISP sector and we operating with low-mid budget so we can't buy high-end SD-WAN solutions yet for 10X-20X the price. So we need to find the optimal solution at all times for the following: using various underlaying network, PPPoE, DOCSIS, metro ethernet, DF etc. with optional IPSec ...
by oreggin
Mon Aug 30, 2021 9:14 am
Forum: RouterOS beta
Topic: Migrated home network from 6.48.3 to 7.1RC1 to 7.1RC2
Replies: 5
Views: 1844

Re: Migrated home network from 6.48.3 to 7.1RC1

I hacked my RB433AH 10-15 years ago with openwrt and other more perverted methods to gets proper WiFi at my home but I don't have such time anymore :-)
If I would like to buy cheap devices for hacking then I would searching on other vendors palette which are popular for hackers.
by oreggin
Sun Aug 29, 2021 11:05 pm
Forum: RouterOS beta
Topic: Migrated home network from 6.48.3 to 7.1RC1 to 7.1RC2
Replies: 5
Views: 1844

Migrated home network from 6.48.3 to 7.1RC1 to 7.1RC2

Hi folks, I have a CHR lab (OSPF,BGP,LxVPN) with ROS6 and another one with ROS7 copied from ROS6. I tested ROS7 for a long time on the CHR lab but OSPF, BGP and MPLS does not working as expected. Then I saw 7.1RC1 is out and RB4011s get HW offloading with vlan filtering, so I trapped, I feeled to mu...
by oreggin
Tue May 25, 2021 1:46 pm
Forum: RouterOS beta
Topic: 7.0beta6 OSPFv3 CPU hog
Replies: 5
Views: 2062

Re: 7.0beta6 OSPFv3 CPU hog

Because of OSPFv3 I prefer set interface and not networks. I unsetted networks field but it does not help. However OSPFv2 works as before.
If I disable all of interface-template CPU hog still occurs.
by oreggin
Tue May 25, 2021 1:03 pm
Forum: RouterOS beta
Topic: 7.0beta6 OSPFv3 CPU hog
Replies: 5
Views: 2062

Re: 7.0beta6 OSPFv3 CPU hog

Yeah, I see now. All of beta6 issues must be reported under that thread?
BTW removing networks="" from interface-template does not fix for me as there was no networks before upgrade. I tried to disable all interface-templates but no success.
by oreggin
Tue May 25, 2021 11:50 am
Forum: RouterOS beta
Topic: 7.0beta6 OSPFv3 CPU hog
Replies: 5
Views: 2062

7.0beta6 OSPFv3 CPU hog

Hi! I decided to upgrade my RoSv7 testbed (OSPFv2, v3, BGP, MPLS) from 7.0beta5 to 7.0beta6, but I stopped at the first CHR instance. When I enable OSPFv3 backbone area, routing eats up CPU and I can't reach the CHR over network. I can only reach it with VNC. OSPF config before upgrade: /routing osp...
by oreggin
Mon Apr 26, 2021 7:47 pm
Forum: General
Topic: Large scale (1000) L2VPN HUB-Spokes over UDP
Replies: 0
Views: 795

Large scale (1000) L2VPN HUB-Spokes over UDP

Hi, In one of our project we need to concentrate at least 1000 customer branch office with L2VPN. Branches has various conection types (L3 routed with/without NAT, PPPoE) so we need UDP based solution as GRE not goes through all NAT devices. We trying MikroTik L2TP/PPP as it can handle MLPPP (for Ju...
by oreggin
Thu Mar 04, 2021 4:42 pm
Forum: General
Topic: DHCP SERVER option 43 (vendor-specific) based on clients DHCP option 60?
Replies: 4
Views: 4338

Re: DHCP SERVER option 43 (vendor-specific) based on clients DHCP option 60?

This would be a good feature, we need this too for several reason. PXE environment, appliances, stc.
by oreggin
Mon Feb 08, 2021 12:54 pm
Forum: General
Topic: IPSec ESP over UDP without NAT
Replies: 5
Views: 1674

Re: IPSec ESP over UDP without NAT

Thanks, this is a common problem in ISP networks if there is a nonESPcapable FW in the path then IPSec is dead. I suggested to customers using IPSec peers behind NAT and now it is works fine. Would be nice an RFC standard for IPSec then we could configure it to use UDP on public networks too.
by oreggin
Wed Jan 20, 2021 10:25 pm
Forum: General
Topic: IPSec ESP over UDP without NAT
Replies: 5
Views: 1674

Re: IPSec ESP over UDP without NAT

/ip ipsec profile
set [ find default=yes ] dh-group=ecp521 dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=aes-256 hash-algorithm=sha256 lifetime=1h name=default \
    nat-traversal=yes proposal-check=obey
triple checked, same on both side
by oreggin
Wed Jan 20, 2021 2:11 pm
Forum: General
Topic: IPSec ESP over UDP without NAT
Replies: 5
Views: 1674

IPSec ESP over UDP without NAT

Hi, Is there a way to make ESP encapsulation work over UDP and not using ip protocol 50 (ESP)? My setup is public addressed HUB and Spokes with enabled nat traversal and I would like if MTik routers sending ESP packet over UDP and not in ESP packets because of transport network has FW between them a...
by oreggin
Sat Sep 19, 2020 12:20 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 387
Views: 201289

Re: RB4011

Hello! Does anyone know if Mikrotik GPON ONU SFP can be used with this device?
Same question here. Plus I see it is discontinued. There will be a replacement device? Some store has discontinued modules but if it is not supported in 4011 then I don't want to loose 90$.
by oreggin
Fri Jul 24, 2020 11:39 am
Forum: RouterOS beta
Topic: OSPF routes marked invalid
Replies: 15
Views: 10536

Re: OSPF routes marked invalid

Does it start to work if you change interface type from point-to-point to broadcast?
Yes, thanks mrz for workaround.
by oreggin
Wed Jul 22, 2020 1:30 pm
Forum: RouterOS beta
Topic: OSPF routes marked invalid
Replies: 15
Views: 10536

Re: OSPF routes marked invalid

Hi! I have a ROS v7.1ß1 test setup with CHR on qemus and I have the same issue with OSPFv2. All of my ipv4 ospf routes duplicated and inactive: [admin@rtr1.CPE] > routing/ospf/interface-state/print Flags: D - dynamic; V - virtual-interface 0 D address=fe80::d012:2bff:fe83:2e99%Loopback0 area=backbon...
by oreggin
Tue Jan 21, 2020 8:21 pm
Forum: RouterOS beta
Topic: ROS 7 Wireless?
Replies: 21
Views: 13854

Re: ROS 7 Wireless?

it seems this is related here: viewtopic.php?f=1&t=153238
by oreggin
Thu Dec 19, 2019 12:46 pm
Forum: RouterOS beta
Topic: ROS 7 Wireless?
Replies: 21
Views: 13854

Re: ROS 7 Wireless?

I did some debug. On APs, 5GHz radios works fine and only 2.4GHz radios has this issue. Client trying to connect but can't go through handshake, never goes to authenticated state, remained in registered state for some seconds, but disconnect after that. However one of my lucky client did a successfu...
by oreggin
Thu Dec 19, 2019 12:29 pm
Forum: RouterOS beta
Topic: wireless not working mAP Lite - beta03
Replies: 19
Views: 11645

Re: wireless not working mAP Lite - beta03

I did some debug. On APs, 5GHz radios works fine and only 2.4GHz radios has this issue. Client trying to connect but can't go through handshake, never goes to authenticated state, remained in registered state for some seconds, but disconnect after that. However one of my lucky client did a successfu...
by oreggin
Thu Dec 19, 2019 12:15 pm
Forum: RouterOS beta
Topic: [ROS 7.0b4] Bricked 1100AHx2 after upgrade to 7.0b4
Replies: 4
Views: 3801

Re: [ROS 7.0b4] Bricked 1100AHx2 after upgrade to 7.0b4

Did you tried install 7beta4 with netinstall? If so, it works?
by oreggin
Mon Dec 09, 2019 5:30 pm
Forum: General
Topic: DHCPv6 client on Vlan interface doesn't work
Replies: 8
Views: 4685

DHCPv6 client on Vlan interface doesn't work

Hi! I trying to get work ipv6 dhcp-client on Vlan interface on a vlan aware bridge under ros v6.46 on my RB1100AHx2. config: /interface bridge add name=LAN protocol-mode=mstp region-name=LAN region-revision=1 vlan-filtering=yes /interface bridge msti add bridge=LAN identifier=1 vlan-mapping=1-4094 /...
by oreggin
Sat Nov 23, 2019 12:07 am
Forum: RouterOS beta
Topic: ROS 7 Wireless?
Replies: 21
Views: 13854

Re: ROS 7 Wireless?

Since at the moment v6 and v7 uses identical driver and software for wireless, your observation is most likely a coincidence. The performance should be the same, signals also. Yes it should. I'm total puzzled about this issue. Same device, same place, only the software version changed. An IoT devic...
by oreggin
Tue Nov 19, 2019 12:07 am
Forum: RouterOS beta
Topic: wireless not working mAP Lite - beta03
Replies: 19
Views: 11645

Re: wireless not working mAP Lite - beta03

I have two type of dual band AP, and it ssems 2.4GHz radio is affected some strange thing. I see lower signal level both on clients and on AP with 7.0beta3.
by oreggin
Tue Nov 19, 2019 12:04 am
Forum: RouterOS beta
Topic: v7beta3 issues
Replies: 4
Views: 5480

Re: v7beta3 issues

I write this here too, it seems in ros v7.0beta3 the 2.4GHz radios drops off some dBm of its tramsit signal level and client can't connect to it while 5GHz radio is working fine.
by oreggin
Mon Nov 18, 2019 11:58 pm
Forum: RouterOS beta
Topic: ROS 7 Wireless?
Replies: 21
Views: 13854

Re: ROS 7 Wireless?

I tried v7beta3 on RB433AH, and wAPac, and on both AP the 2.4GHz radio was useless. Clients can't connect to them because received signals (on client side) much lower with v7beta3.
Both AP works fine with ROS v6...
by oreggin
Fri Aug 30, 2019 2:54 pm
Forum: General
Topic: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved
Replies: 102
Views: 93239

Re: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved

Meanwhile I tested a script for update ipsec policy behind NAT: :global uplinkif "ether1" :global poladdr [ /ip ipsec policy get [ find peer=HUB ] src-address ] :global polip [:pick $poladdr 0 [:find $poladdr "/"]] :global intaddr [ /ip address get [ find interface=$uplinkif and ...
by oreggin
Tue Jun 25, 2019 7:40 am
Forum: General
Topic: IPsec Hardware acceleration on CHR?
Replies: 9
Views: 6390

Re: IPsec Hardware acceleration on CHR?

Same here, KVM with host CPU which has AES-NI flag.
Is there any solution?
by oreggin
Wed Jun 12, 2019 11:47 am
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 48590

Re: v6 RC and v7 BETA

I configured IPSec on one of my RoS devs, and that said don't configure base mode because it will removed in RoSv7 so something is cooking in the owen and i hope it wont burned up :)
by oreggin
Wed May 22, 2019 3:05 pm
Forum: General
Topic: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved
Replies: 102
Views: 93239

Re: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved

Off topic, what is your native language if I may ask?
Sure, my native lang is hungarian. I hope my english is not too wrong and you understand what I'd like to say. BTW we using worse, strange, mixed language in business that you shouldn't see/hear :-D
by oreggin
Wed May 22, 2019 1:33 pm
Forum: General
Topic: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved
Replies: 102
Views: 93239

Re: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved

Meanwhile I switched the cabelmodem to bridge mode for testing so now the spoke has public IP, but I will switch it back as cabelmodem in this mode has a reduced feature set. Another thing I tried is a static policy on spoke with UDP:1701:1701 and tunnel mode, under identity "generate-policy=no...
by oreggin
Tue May 21, 2019 5:12 pm
Forum: General
Topic: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved
Replies: 102
Views: 93239

Re: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved

Cisco have their own protocol for that (DMVPN).
Yes, high-end vendors has mGRE+NHRP based DMVPN which is good but not scalable above some thousands of tunnels and it is off topic over here.
by oreggin
Tue May 21, 2019 4:31 pm
Forum: General
Topic: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved
Replies: 102
Views: 93239

Re: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved

Now it comes into my mind I tried this HUB setup with cisco CPE and when it is connects to HUB it somehow generating tunnel mode policy but I can't figured out how did it do that :(
by oreggin
Tue May 21, 2019 11:43 am
Forum: General
Topic: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved
Replies: 102
Views: 93239

Re: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved

We have only one spoke behind every branch's ISP modem which are the NAT GWs, but spokes behind NAT with this configuration does not work. There is no need any trick to supports more spoke behind the same NAT GW. We need a trick to build tunnel mode (instead of transport mode) dynamic tunnels to wor...
by oreggin
Mon May 20, 2019 7:14 pm
Forum: General
Topic: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved
Replies: 102
Views: 93239

Re: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved

Here are my anonymised configs and print outputs: [oreggin@HUB] > ip ipsec export verbose # may/20/2019 17:52:51 by RouterOS 6.44.3 # software id = XXXX-XXXX # # model = XXX # serial number = XXXXXXXXXXXX /ip ipsec mode-config set [ find default=yes ] name=request-only responder=no /ip ipsec policy ...
by oreggin
Mon May 20, 2019 4:40 pm
Forum: General
Topic: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved
Replies: 102
Views: 93239

Re: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved

Thanks for deep explanations, good to learn something new every day. BTW your conclusion is not exactly right as our L2TP tunnels are encrypted, I checked it. Dynamic policies generated on HUB and spokes and SA counters increasing with the amount of trasmitted bytes. I don't say that I 100% understa...
by oreggin
Mon May 20, 2019 3:11 pm
Forum: General
Topic: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved
Replies: 102
Views: 93239

Re: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved

I didn't mentioned IPSec is the outer and L2TP is inside of it. In the reverse situation the result performance is terrible. Now I have dynamic policies on both end and it works if peers are not behind NAT. I'm not an IPSec expert, so do you say I need set static policy on spokes? On spokes because ...
by oreggin
Mon May 20, 2019 1:41 pm
Forum: General
Topic: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved
Replies: 102
Views: 93239

Re: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved

Under "/interface l2tp-client" I set "use-ipsec=no" as if I'm right it supports only PSK based auth. I configured dynamic policies under "/ip ipsec": /ip ipsec peer set 0 exchange-mode=ike2 /ip ipsec identity set 0 auth-method=rsa-signature generate-policy=port-override...
by oreggin
Mon May 20, 2019 12:52 pm
Forum: General
Topic: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved
Replies: 102
Views: 93239

Re: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved

How can I request tunnel mode, if both side has dynamic policies? I can't find this option in RoS :(
I using BGP inside L2TP to distribute (IPv4+IPv6) routes between hubs and spoke, so i think i can't drop L2TP, or can I? How?
Oh, and I missed the MPLS part inside the L2TP.
by oreggin
Fri May 17, 2019 9:10 pm
Forum: General
Topic: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved
Replies: 102
Views: 93239

Re: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved

Hi! I build a hub and spokes IKEv2/rsa signature auth with L2TP over IPSec setup with Tik deivces. There is one central HUB with static public address, and there are some spokes, one of them have a dynamic public address, and the other is behind NAT where NAT public address is dynamic as well. Publi...
by oreggin
Tue Apr 09, 2019 4:56 pm
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 48590

Re: v6 RC and v7 BETA

MikroTik's plan is to release RouterOS v7 :)

"Probably this year" ™
Are you sure?! :lol:
by oreggin
Tue Apr 09, 2019 3:11 pm
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 48590

Re: v6 RC and v7 BETA

Nah, please public a roadmap with public informations in a correct way. Under correct I mean correct for MTik and correct for customers too.
If I working on something my boss insist plans :) Please tell us MTik plans about RouterOS development.
by oreggin
Sat Apr 06, 2019 4:04 pm
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 48590

Re: v6 RC and v7 BETA

All I can say is that development of v7 has picked up in the last few months, more than ever. While I can't promise anything stable, it is pretty safe to say, that some kind of public test release (like beta for specific platforms) could be expected this year. The chances of that happening are now ...
by oreggin
Wed Jan 23, 2019 5:24 pm
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 48590

Re: v6 RC and v7 BETA

What is the timeline? if there is no cut-off date then it's just proof of concept for developers. Alpha is exactly that - proof of concept (in a lot of ways) They continue to work on 6.x, but 7 being a new kernel and everything means they have to make sure all existing functionality from 6.x is imp...
by oreggin
Wed Jan 23, 2019 5:18 pm
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 48590

Re: v6 RC and v7 BETA

And hopefully some new ARM64-based hardware as CCR replacement. Indeed. The CCR-line is a key product for many customers. It would be very welcomed with an refreshed version with similar number/type of interfaces. There is no need to replace the hardware if MT upgrade to the latest Linux kernel whi...
by oreggin
Mon Nov 26, 2018 2:31 pm
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 48590

Re: v6 RC and v7 BETA

I think, the first and most important step is to finish kernel transplantation at least RC state and this should has more and more priority over RoS v6.x train. After this can slowly dropping v6 and fix v7 bugs and implement the new features as a transition. I hope MT switch to the most recent LTS k...
by oreggin
Fri Nov 16, 2018 7:16 pm
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 48590

Re: v6 RC and v7 BETA

Too big silence...Santa brings some wanted surprise? :-)
by oreggin
Mon Nov 05, 2018 5:10 pm
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 48590

Re: v6 RC and v7 BETA

V7 beta seems to be already in development. You can see mrz's post:

http://forum.mikrotik.com/viewtopic.php?t=130551

Seems to be v7beta running on Virtualbox.
Then mrz has a unicorn :)
When exactly we have one too? A bugpile is better than nothing... :)
by oreggin
Fri Jul 13, 2018 11:49 am
Forum: Wireless Networking
Topic: CAPsMAN + local forwarding CAP + SSID/Vlan? [SOLVED]
Replies: 11
Views: 7317

Re: CAPsMAN + local forwarding CAP + SSID/Vlan? [SOLVED]

Thanks to all! So, the solution is disabling vlan-filtering on the CAP's bridge and then voilà! CAP drops selected SSID to its vlan what I set in CAPsMAN, so now CAPsMAN controlling the CAPs Vlan selection based on SSID. If I enabling vlan-filtering, this method is not works! As this is not a proble...
by oreggin
Thu Jul 12, 2018 12:54 pm
Forum: Wireless Networking
Topic: CAPsMAN + local forwarding CAP + SSID/Vlan? [SOLVED]
Replies: 11
Views: 7317

Re: CAPsMAN + local forwarding CAP + SSID/Vlan? [SOLVED]

Yes, this can be done in datapath. I jumped on the "do it manually per interface" train b/c you said that vlans differ from site to site for the same ssid... And this can only be done by hand ;-) I can configure as many datapath/configuration as I need and then assign it to provision and ...
by oreggin
Thu Jul 12, 2018 12:40 pm
Forum: Wireless Networking
Topic: CAPsMAN + local forwarding CAP + SSID/Vlan? [SOLVED]
Replies: 11
Views: 7317

Re: CAPsMAN + local forwarding CAP + SSID/Vlan? [SOLVED]

Thanks, but the topic started at somewhere "can capsman assign vlan to SSID on CAP instead of configuring it on every CAP by hand?" At the moment I assign vlans on CAP to SSID by hand.

Kind regards,
oreggin
by oreggin
Wed Jul 11, 2018 5:20 pm
Forum: Wireless Networking
Topic: CAPsMAN + local forwarding CAP + SSID/Vlan? [SOLVED]
Replies: 11
Views: 7317

Re: CAPsMAN + local forwarding CAP + SSID/Vlan? [SOLVED]

For using local forwarding, your CAP devices must have a bridge configured with ethernet and wlan interfaces in them. Then you set in cap settings bridge=<yourbridge> -Chris I did it: [oreggin@ap11] > interface bridge print Flags: X - disabled, R - running 0 R name="LAN" mtu=auto actual-m...
by oreggin
Wed Jul 11, 2018 4:04 pm
Forum: Wireless Networking
Topic: CAPsMAN + local forwarding CAP + SSID/Vlan? [SOLVED]
Replies: 11
Views: 7317

Re: CAPsMAN + local forwarding CAP + SSID/Vlan? [SOLVED]

You can edit this in the corresponding CAP interface under datapath. select vlan-mode = tag and then set the corresponding vlan id. A bit cumbersome, but it works. -Chris I tried it but it didn't work for me in local-forwarding mode. How to configure the CAP in this case? Now it has a bridge in MST...
by oreggin
Wed Jul 11, 2018 11:31 am
Forum: Wireless Networking
Topic: CAPsMAN + local forwarding CAP + SSID/Vlan? [SOLVED]
Replies: 11
Views: 7317

CAPsMAN + local forwarding CAP + SSID/Vlan? [SOLVED]

Hi! I found some topic under this issue but there is no clear to me if it would be possible to capsman assign vlan to ssid in local-forwarding mode where vlans specified on CAP device and not on capsman. I have a capsman device and caps devices in hub&spoke topology. CAPs are on some sites, and ...
by oreggin
Tue Jul 03, 2018 3:02 pm
Forum: General
Topic: RB1100AHx2 bridge HW-offload issue [SOLVED]
Replies: 4
Views: 2744

Re: RB1100AHx2 bridge HW-offload issue [SOLVED]

Dear Samot, Thanks for your answer but I think you totally misunderstand me. I didn't wrote that there would need another page. Instead it would be clearer if it is more sectioned and not mixing switching/bridging/L3Interface configs around pre-v6.41 and post-v6.41. In the past I used pre-v6.41 with...
by oreggin
Tue Jul 03, 2018 2:00 pm
Forum: General
Topic: RB1100AHx2 bridge HW-offload issue [SOLVED]
Replies: 4
Views: 2744

Re: RB1100AHx2 bridge HW-offload issue [SOLVED]

Hi CZFan! Thanks for pointing on that page. I read many times that wiki but all the times many inline "pre-v6.41", and "post-v6.41" are totally confused me, but I think I harvested the essence and now it works. As it depends on architecture, on RB1100AHx2 between ether1-5 and eth...
by oreggin
Fri Jun 29, 2018 3:26 pm
Forum: General
Topic: RB1100AHx2 bridge HW-offload issue [SOLVED]
Replies: 4
Views: 2744

RB1100AHx2 bridge HW-offload issue [SOLVED]

Hi! I have an RB1100AHX2 and I would like to use it as desktop switch with hw-offload to save CPU. It works fine with vlan filtering but it disables hw-offload on all bridge port. If I disable vlan filtering (RSTP or none) then hw-offloading automatically enabled on all ports but forwarding not work...
by oreggin
Tue Dec 20, 2016 11:36 am
Forum: RouterBOARD hardware
Topic: RB450G upgrade failed with ROS 4.1 from 3.30
Replies: 38
Views: 13119

Re: RB450G upgrade failed with ROS 4.1 from 3.30

Hehe, I written many times "netinstall doesn't work without 'Clients for Microsoft Networks' option" and comes answares: "disable your firewall" LOL :D
by oreggin
Tue Dec 20, 2016 11:26 am
Forum: General
Topic: IPv6 stateless autoconfiguration, can ROS get autoconfed?
Replies: 9
Views: 8074

Re: IPv6 stateless autoconfiguration, can ROS get autoconfed?

What about this? I can't use SLAAC however I disabled IPv6 forwarding. I tried on RoS ver 6.37.3 So my box is only router(board) in its name but not in its functionality as ipv6 forwarding disabled so it is a host device. So please make it possible to can get IPv6 address with SLAAC. This would be g...
by oreggin
Wed Jul 29, 2015 10:46 pm
Forum: General
Topic: Slow VPN tunnels (SSL, PPTP, L2TP)
Replies: 49
Views: 67717

Re: Slow VPN tunnels (SSL, PPTP, L2TP)

I found this topic and I would like to correct me. L2TP client MTU/MRU is 1460 if uplink MTU is 1500byte. This because L2TP uses UDP encapsulation (UDP port 1701). IPv4 + UDP header = 20+20 = 40 byte. 1500-40=1460. With these options I can reach almost the maximum speed of the router capability @ 10...
by oreggin
Sat Jul 11, 2015 12:59 pm
Forum: General
Topic: Feature Request: PEAP-MSCHAPv2 in station mode
Replies: 6
Views: 3980

Feature Request: PEAP-MSCHAPv2 in station mode

Hi! I hope I write this to the right place. If not please excuse me. UPC Wi-Free service is getting more widespreading so it would be nice if we can use our routerboards running RoS on it as a wireless client to connect to UPC Wi-Free and share it among our PCs and Laptops. It is works with EAP-PEAP...
by oreggin
Sat Jul 11, 2015 12:50 pm
Forum: Wireless Networking
Topic: PEAP mschapv2 auth in station mode?
Replies: 21
Views: 11579

Re: PEAP mschapv2 auth in station mode?

Hi!

I faced the same problem. I can't use my RB433AH to connect UPC Wi-Free as a station, to share it for my PC and Laptop. UPC Wi-Free is getting more widespread, so it will be appreciated to implement PEAP-MSCHAPv2 in RoS.

Cheers,
oreggin
by oreggin
Thu Apr 30, 2015 1:20 am
Forum: RouterBOARD hardware
Topic: RB1100AHx2 FAN question
Replies: 0
Views: 1036

RB1100AHx2 FAN question

Hi folks, I have a RB1100AHx2 and it has two fans, main + aux. At the same time only one FAN operating and I can choose between them. It has a really annoying noise :-) Can I chose an option to spin up both fans at half RPM but the same airflow and when one of them fault then the other doubling the ...
by oreggin
Mon Apr 20, 2015 9:25 pm
Forum: General
Topic: Feature Request: Hardware NAT
Replies: 20
Views: 11903

Re: Feature Request: Hardware NAT

http://www.taifatech.com/files/TF470_Product_Brief_02.pdf http://www.taifatech.com/files/TF480-Product-Brief-04-08.pdf Something like these? It is enough for 100M uplink. But if we need 1G or 10GE wire-speed NAT then we need something like this + TCAM + design + garnish: http://www.marvell.com/netw...
by oreggin
Wed Jan 28, 2015 11:55 pm
Forum: RouterBOARD hardware
Topic: CRS226
Replies: 33
Views: 13614

Re: CRS226

If i'm right, CRS is a Layer2 ASIC with CPU Layer3 support. So it can't NAT or routing in ASIC but in CPU?
Do you plan make real Layer3 switches? I mean what can does simple routing or NAT functions with TCAM or similar.
by oreggin
Wed Oct 01, 2014 12:01 pm
Forum: General
Topic: DNSSEC
Replies: 43
Views: 25006

Re: DNSSEC

+1 for feature request
by oreggin
Sat Oct 19, 2013 2:17 pm
Forum: General
Topic: IPv6 ping - "no route to host"
Replies: 7
Views: 7335

Re: IPv6 ping - "no route to host"

Did you all mentioned it to MT support?
by oreggin
Sun Oct 13, 2013 2:15 pm
Forum: General
Topic: IPv6 ping - "no route to host"
Replies: 7
Views: 7335

Re: IPv6 ping - "no route to host"

Reboot can resolve it temporarily but after a random time the router lost again their routes to own connected neigbours. It can only reach itself. Really very strange thing. It would be appreciated if someone from MT could tells something if they knows this issue and working on it or not.
by oreggin
Sun Oct 13, 2013 2:06 pm
Forum: General
Topic: IPv6 ping - "no route to host"
Replies: 7
Views: 7335

Re: IPv6 ping - "no route to host"

Same problem here. I wrote it to support for months ago, I asked they multiple times if this is a known bug or not but no answare comes back.
by oreggin
Sat Oct 12, 2013 4:42 pm
Forum: General
Topic: Slow VPN tunnels (SSL, PPTP, L2TP)
Replies: 49
Views: 67717

Re: Slow VPN tunnels (SSL, PPTP, L2TP)

Same problem here. I have a 120/10 connection, and I can only using 12-13Mbps over it with NAT on L2TP /wo compression and encryption on my RB450G: [oreggin@RB450G] > /interface monitor ether1 name: ether1 rx-packets-per-second: 2 020 rx-drops-per-second: 0 rx-errors-per-second: 0 rx-bits-per-second...
by oreggin
Wed Jul 04, 2012 2:50 pm
Forum: General
Topic: DHCPv6 client doesn't create pool at startup
Replies: 2
Views: 1403

Re: DHCPv6 client doesn't create pool at startup

I think this happens because the Pool gets created and then the time gets set using ntp

I have reported this as a bug
Nick.
Me too :)
Thanks.

oreggin
by oreggin
Mon Jul 02, 2012 2:17 pm
Forum: General
Topic: DHCPv6 client doesn't create pool at startup
Replies: 2
Views: 1403

DHCPv6 client doesn't create pool at startup

Hi, I testing an RB450G with RoS 5.18 on DSL and IPv6. While I configured dhcpv6 client on the router and it works but as soon as I reboot the router or turn on then dhcpv6 client doesn't make ipv6 pool: [admin@rtr.test] > /interface ethernet print Flags: X - disabled, R - running, S - slave # NAME ...
by oreggin
Mon Jul 02, 2012 10:42 am
Forum: General
Topic: /31 point to point Ethernet links not working
Replies: 4
Views: 1964

Re: /31 point to point Ethernet links not working

This is a duplicated topic:
http://forum.mikrotik.com/viewtopic.php?f=2&t=63255

@mrz: do you have any information when will be supported RFC3021 in Linux/RoS on ethernet?
by oreggin
Sun Jul 01, 2012 2:44 pm
Forum: General
Topic: /31 not useable on Mikrotik
Replies: 8
Views: 2898

Re: /31 not useable on Mikrotik

Thus the smallest functional subnetting on an interface would be /30. And nothing is broken, just working as expected.
/31 doesn't brake too. Please see RFC3021.
by oreggin
Sun Jul 01, 2012 12:43 pm
Forum: General
Topic: /31 not useable on Mikrotik
Replies: 8
Views: 2898

Re: /31 not useable on Mikrotik

Ok, but what if I need to work with non-MT/RoS devices like cisco?
by oreggin
Sat Jun 30, 2012 11:20 pm
Forum: General
Topic: /31 not useable on Mikrotik
Replies: 8
Views: 2898

Re: /31 not useable on Mikrotik

You can do /31 on Mikrotik.

Set interface to 10.99.99.1/32 and set broadcast to the remote end e.g. 10.99.99.2 do the opposite on the remote end.
It is not clear to me. Can you please give us a config example?

Thanks,
oreggin
by oreggin
Sat Jun 30, 2012 11:05 pm
Forum: General
Topic: /31 not useable on Mikrotik
Replies: 8
Views: 2898

Re: /31 not useable on Mikrotik

Same thing here, but I don't forcing this because I can live with /30s and IPv6 is coming and knocking on the window :-)
by oreggin
Sat Jun 30, 2012 12:06 pm
Forum: General
Topic: Bridge and IPv6 address unreachable
Replies: 0
Views: 1033

Bridge and IPv6 address unreachable

Hi, I testing an RB450G /w RoS 5.18. I configured a bridge interface as a loopback and it seems to if i configure IPv6 address on bridge then that address can't be reachable: [admin@MikroTik] > /interface bridge print Flags: X - disabled, R - running 0 R name="loopback0" mtu=1500 l2mtu=655...
by oreggin
Sat Jun 30, 2012 11:49 am
Forum: Forwarding Protocols
Topic: BGP - RoS sends bad auth after success auth?
Replies: 0
Views: 1759

BGP - RoS sends bad auth after success auth?

Hi, I testing an RB450G interoperability on our cisco based network and i see exactly six times "Invalid MD5 digest" messages on our cisco router log after every RB450G (re)boot and after it successfully authenticated the BGP session: LC/0/0/CPU0:Jun 30 10:18:30.139 MET_DST: ifmgr[186]: %P...
by oreggin
Mon Feb 06, 2012 9:57 pm
Forum: Forwarding Protocols
Topic: Cisco 1800 series / DMVPN / connect MikroTik RB750 as client
Replies: 9
Views: 11343

Re: Cisco 1800 series / DMVPN / connect MikroTik RB750 as cl

Moreover GRE tunnel interface doesn't have IPv6 link-local address and I can't set up link-local address on GRE tunnel interface so I can't use DHCPv6 on it.
by oreggin
Mon Feb 06, 2012 9:45 pm
Forum: Forwarding Protocols
Topic: Cisco 1800 series / DMVPN / connect MikroTik RB750 as client
Replies: 9
Views: 11343

Re: Cisco 1800 series / DMVPN / connect MikroTik RB750 as cl

When will be approx. supported multipont GRE and/or NHRP in RoS? Where are these features on the roadmap?
by oreggin
Wed Apr 13, 2011 11:02 am
Forum: General
Topic: v5.1 hangs in /export
Replies: 28
Views: 8415

Re: v5.1 hangs in /export

I can't generate supout.rif :(
I was tried over SSH and serial console...
by oreggin
Tue Apr 12, 2011 3:51 pm
Forum: General
Topic: v5.1 hangs in /export
Replies: 28
Views: 8415

Re: v5.1 hangs in /export

oreggin and nz_monkey, please contact support with support output file from the router.
Ok, I will send e-mail to support soon.
by oreggin
Tue Apr 12, 2011 11:19 am
Forum: General
Topic: v5.1 hangs in /export
Replies: 28
Views: 8415

Re: v5.1 hangs in /export

I can't generate supout.rif but I will try again today...
by oreggin
Tue Apr 12, 2011 12:26 am
Forum: General
Topic: v5.1 hangs in /export
Replies: 28
Views: 8415

Re: v5.1 hangs in /export

I started the sup-output process for 2 hours. I hope it will finish till I should go to work...
It's still running...
by oreggin
Mon Apr 11, 2011 10:39 pm
Forum: General
Topic: v5.1 hangs in /export
Replies: 28
Views: 8415

Re: v5.1 hangs in /export

I started the sup-output process for 2 hours. I hope it will finish till I should go to work...
by oreggin
Sat Apr 09, 2011 9:52 pm
Forum: General
Topic: v5.1 hangs in /export
Replies: 28
Views: 8415

v5.1 hangs in /export

Hi, I have two routerboard. RB433AH and RG450G. Both hangs when I issue the /export or /interface export command: [admin@RB433AH] > /interface export # jan/02/1970 07:36:19 by RouterOS 5.1 # software id = XXXX-XXXX # /interface ethernet set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=...
by oreggin
Sun Sep 26, 2010 8:31 pm
Forum: RouterBOARD hardware
Topic: Per interface traffic shaping
Replies: 13
Views: 10668

Re: Per interface traffic shaping

Any idea?
by oreggin
Thu Sep 23, 2010 8:16 pm
Forum: RouterBOARD hardware
Topic: OpenWRT for Routerboard
Replies: 30
Views: 11489

Re: OpenWRT for Routerboard

Visit the OpenWRT site and check what boards are supported...
by oreggin
Thu Sep 23, 2010 8:04 pm
Forum: RouterBOARD hardware
Topic: Dead RB750 after upgrade to ROS5.0 rc1 ?
Replies: 2
Views: 1775

Re: Dead RB750 after upgrade to ROS5.0 rc1 ?

Did you see what happens in console?
by oreggin
Wed Sep 22, 2010 8:59 pm
Forum: RouterBOARD hardware
Topic: RB800 don't stop beeping
Replies: 6
Views: 2640

Re: RB800 don't stop beeping

It's only file you can upload to the router via serial port - *.fwf but can't use it for reinstall ROS
Ok, so it was uploaded through the serial line, not TFTP.

eth1's LEDs doesn't emit any light?
by oreggin
Wed Sep 22, 2010 8:18 pm
Forum: RouterBOARD hardware
Topic: RB800 don't stop beeping
Replies: 6
Views: 2640

Re: RB800 don't stop beeping

I can't because eth1 is broken and it's impossible do netinstall over other 2 ethernet ports...
Then how did you change the firmware?
by oreggin
Wed Sep 22, 2010 7:54 pm
Forum: RouterBOARD hardware
Topic: RB800 don't stop beeping
Replies: 6
Views: 2640

Re: RB800 don't stop beeping

Did you try format flash and reinstall ROS with netinstall from windows?
by oreggin
Wed Sep 22, 2010 3:42 pm
Forum: RouterBOARD hardware
Topic: Per interface traffic shaping
Replies: 13
Views: 10668

Re: Per interface traffic shaping

Sure. Put a queue tree rule as follows: /queue tree add name="ether2" parent=ether2 limit-at=2000000 priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s Shouldn't it actually be "max-limit"? limit-at should be empty in this case This queue is doesn't any effect ...
by oreggin
Wed Sep 22, 2010 3:27 pm
Forum: RouterBOARD hardware
Topic: Per interface traffic shaping
Replies: 13
Views: 10668

Re: Per interface traffic shaping

I have a RB433AH with an 11n wireless miniPCI card and use 5.0rc1 ROS. If I enable any queue on wlan1 (which isn't member port of bridge1), on the ether2 and ether3 port (which are member ports of bridge1) DNS resolving is slow (~5000msec). If I disable the queue DNS resolving is fast again ~50-100m...
by oreggin
Mon Sep 13, 2010 6:44 pm
Forum: RouterBOARD hardware
Topic: Per interface traffic shaping
Replies: 13
Views: 10668

Re: Per interface traffic shaping

Sorry, I forgot: It was tested on ROS v5beta6
by oreggin
Sat Sep 11, 2010 3:13 pm
Forum: RouterBOARD hardware
Topic: Per interface traffic shaping
Replies: 13
Views: 10668

Re: Per interface traffic shaping

This isn't working on wlan1 interface for example, but works on bridge1.
by oreggin
Tue Jun 29, 2010 12:12 am
Forum: General
Topic: Feature request: convert decimal to hexadecimal format
Replies: 5
Views: 2998

Re: Feature request: convert decimal to hexadecimal format

I'd also like to have :tohex, it was just if you really needed some solution (even if not elegant) right now without waiting. :)
I had already integrated into my script, works fine :)
by oreggin
Sat Jun 26, 2010 12:53 am
Forum: General
Topic: Feature request: convert decimal to hexadecimal format
Replies: 5
Views: 2998

Re: Feature request: convert decimal to hexadecimal format

Ehh, nice work but while this script part is 25 lines long then this should be 1 line ":tohex" for example...
Nahh, ok then 5 lines with kindness :)
by oreggin
Fri Jun 25, 2010 7:47 pm
Forum: General
Topic: Feature request: convert decimal to hexadecimal format
Replies: 5
Views: 2998

Re: Feature request: convert decimal to hexadecimal format

Ehh, nice work but while this script part is 25 lines long then this should be 1 line ":tohex" for example...
I hope your work will provide inspiration to ROS developer too :)
by oreggin
Fri Jun 25, 2010 12:21 am
Forum: General
Topic: Feature request: convert decimal to hexadecimal format
Replies: 5
Views: 2998

Feature request: convert decimal to hexadecimal format

http://wiki.mikrotik.com/wiki/Manual:IPv6_Overview#6to4_.286in4.29_tunnels Link above describe howto set up an 6to4 relay on ROS but one thing is missing: Now you need to add a IPv6 address to the tunnel interface. The address should be in form "2002 + <IPv4 address in hex> + <custom id>"...
by oreggin
Wed Jun 23, 2010 8:19 pm
Forum: Scripting
Topic: Howto convert numbers from dec to hex?
Replies: 1
Views: 1616

Re: Howto convert numbers from dec to hex?

Any comment from Mikrotik team?

Converting from decimal to hexadecimal format completely missing from scripting toolset?
by oreggin
Thu Jun 17, 2010 8:35 pm
Forum: Scripting
Topic: Howto convert numbers from dec to hex?
Replies: 1
Views: 1616

Howto convert numbers from dec to hex?

Hy, As my ISP doesn't support native IPv6 so I use 6to4 relay. To this I need to configure the following in the router where "1.2.3.4" is my current WAN IP: /interface 6to4 add disabled=no local-address=1.2.3.4 mtu=1472 name=6to4 remote-address=192.88.99.1 /ipv6 address add address=2002:01...
by oreggin
Fri Dec 18, 2009 4:34 pm
Forum: RouterBOARD hardware
Topic: Per interface traffic shaping
Replies: 13
Views: 10668

Re: Per interface traffic shaping

THX, I will try.
by oreggin
Mon Nov 30, 2009 6:32 pm
Forum: RouterBOARD hardware
Topic: RB450G upgrade failed with ROS 4.1 from 3.30
Replies: 38
Views: 13119

Re: RB450G upgrade failed with ROS 4.1 from 3.30

works for me on win7 on multiple computers. Check your settings.

Scott
Which version of Win7 do U using? I'll be check settings...
by oreggin
Mon Nov 30, 2009 5:27 pm
Forum: RouterBOARD hardware
Topic: RB450G upgrade failed with ROS 4.1 from 3.30
Replies: 38
Views: 13119

Re: RB450G upgrade failed with ROS 4.1 from 3.30

Netinstall also doesn't work on Windows 7 with default windows install config.
It produce the same thing like on WinXP without "Clients for Microsoft Networks" module :/
by oreggin
Mon Nov 30, 2009 5:18 pm
Forum: General
Topic: Wish: RB1000 more ports, SFP-Ports
Replies: 24
Views: 6278

Re: Wish: RB1000 more ports, SFP-Ports

PoweRouters do not have 10G ports, and they don't have the power to actually pump 10Gbit.. Maybe the 8-core version of the 2000 series PoweRouter does, but they do not actually provide any performance figures for that - and they don't offer 10G cards. Does anyone know which 10GbE Chipsets actually ...
by oreggin
Mon Nov 30, 2009 4:03 pm
Forum: General
Topic: Wish: RB1000 more ports, SFP-Ports
Replies: 24
Views: 6278

Re: Wish: RB1000 more ports, SFP-Ports

PoweRouters do not have 10G ports, and they don't have the power to actually pump 10Gbit.. Maybe the 8-core version of the 2000 series PoweRouter does, but they do not actually provide any performance figures for that - and they don't offer 10G cards. Does anyone know which 10GbE Chipsets actually ...
by oreggin
Thu Nov 26, 2009 2:02 pm
Forum: RouterBOARD hardware
Topic: Per interface traffic shaping
Replies: 13
Views: 10668

Per interface traffic shaping

Hi,

I have an RB450G and I would like to shape on LAN interfaces without MAC or IP address.
For example shape the whole traffic of ether3 interface to 2Mbps/4Mbps up/down.
It is possible? It could work?

Thx,
oreggin
by oreggin
Sat Nov 07, 2009 7:43 pm
Forum: RouterBOARD hardware
Topic: RB450G upgrade failed with ROS 4.1 from 3.30
Replies: 38
Views: 13119

Re: RB450G upgrade failed with ROS 4.1 from 3.30

I figured out what was the problemwhen I failed with Netinstall.
If I remove "Client for Microsoft Networks" from network settings then the Netinstall won't work.
Normis, U can test it it is possible!
by oreggin
Tue Nov 03, 2009 8:12 pm
Forum: RouterBOARD hardware
Topic: RB450G upgrade failed with ROS 4.1 from 3.30
Replies: 38
Views: 13119

Re: RB450G upgrade failed with ROS 4.1 from 3.30

I can't believe. On virgin WinXP installation Netinstall works at first time. Netinstall doesn't like me :)
Normis or anybody do you know any (experimental) settings on Windows that congest netinstall procedure?
by oreggin
Mon Nov 02, 2009 11:18 am
Forum: RouterBOARD hardware
Topic: RB450G upgrade failed with ROS 4.1 from 3.30
Replies: 38
Views: 13119

Re: RB450G upgrade failed with ROS 4.1 from 3.30

I tried the netinstall version 4.2 but the result is the same as in my previous post (at Tue Oct 20, 2009 2:22 pm) It's not possible, we tested and it works on our side. Try to run Netinstall from another PC and make sure no antivirus or firewall is running on that PC I was tested on two different ...
by oreggin
Wed Oct 28, 2009 12:10 am
Forum: RouterBOARD hardware
Topic: RB450G upgrade failed with ROS 4.1 from 3.30
Replies: 38
Views: 13119

Re: RB450G upgrade failed with ROS 4.1 from 3.30

I tried the netinstall version 4.2 but the result is the same as in my previous post (at Tue Oct 20, 2009 2:22 pm)
by oreggin
Mon Oct 26, 2009 4:37 pm
Forum: RouterBOARD hardware
Topic: RB450G upgrade failed with ROS 4.1 from 3.30
Replies: 38
Views: 13119

Re: RB450G upgrade failed with ROS 4.1 from 3.30

When will be release the new versions of netinstall in that maybe fixed the "Sending offer..." issue?
by oreggin
Tue Oct 20, 2009 3:22 pm
Forum: RouterBOARD hardware
Topic: RB450G upgrade failed with ROS 4.1 from 3.30
Replies: 38
Views: 13119

Re: RB450G upgrade failed with ROS 4.1 from 3.30

So I try Netinstall 4.0 as normis wrote. Attached screenshots, and the descriptions: booting.jpg: The router is booting the netinstalls kernel booted.jpg: The router has been booted the kernel and waiting for installation server netinstall1.jpg: Netinstall detect the router properly, package selecte...
by oreggin
Tue Oct 20, 2009 2:35 pm
Forum: RouterBOARD hardware
Topic: RB450G upgrade failed with ROS 4.1 from 3.30
Replies: 38
Views: 13119

Re: RB450G upgrade failed with ROS 4.1 from 3.30

invalid upgrade file id :(
Because you select the firmware upgrade option in RouterBOOT menu.

Select boot from ethernet after you start the netinstall, and NOT the firmware upgrade.

Reboot the router and it will boot up, and waiting for installation server...
by oreggin
Mon Oct 19, 2009 4:57 pm
Forum: RouterBOARD hardware
Topic: RB450G upgrade failed with ROS 4.1 from 3.30
Replies: 38
Views: 13119

Re: RB450G upgrade failed with ROS 4.1 from 3.30

we fixed the Netinstall upgrading issue where it's stuck at "Sending offer". It will be in next Netinstall version, right now you have to use Netinstall 4.0 http://www.mikrotik.com/download/netinstall-4.0.zip Sorry, maybe I'm too lamer but Netinstall never works for me. Not just the 4.x v...
by oreggin
Mon Oct 19, 2009 4:18 pm
Forum: RouterBOARD hardware
Topic: RB450G upgrade failed with ROS 4.1 from 3.30
Replies: 38
Views: 13119

Re: RB450G upgrade failed with ROS 4.1 from 3.30

Ok, janisk was locked my topic:

viewtopic.php?f=3&t=35813

and linked this one but I don't understand why.
I was opened that topic at wrong place? I'm newby here, so sorry for offtopic :)
I searched about Netinstall but didn't found topics/posts about my issue.
by oreggin
Mon Oct 19, 2009 3:00 pm
Forum: RouterBOARD hardware
Topic: Netinstall doesn't install ROS on RBOOT formatted NAND flash
Replies: 2
Views: 3562

Re: Netinstall doesn't install ROS on RBOOT formatted NAND flash

Netinstall v3.30 indicate "Sending offer..." for only 1 second after I press the "install" button and busy for 10 seconds but the result is the same = nothing...
by oreggin
Mon Oct 19, 2009 1:51 pm
Forum: RouterBOARD hardware
Topic: RB450G upgrade failed with ROS 4.1 from 3.30
Replies: 38
Views: 13119

Re: RB450G upgrade failed with ROS 4.1 from 3.30

RouterBOOT booter 2.23
Where did you get this version of firmware? :)
by oreggin
Sat Oct 17, 2009 12:45 pm
Forum: RouterBOARD hardware
Topic: Need to install OpenWRT on a 433AH, can later restore ROS ?
Replies: 8
Views: 3603

Re: Need to install OpenWRT on a 433AH, can later restore ROS ?

He sed:

"2- The second thing we tried was to use Ros 4 virtualization and boot OpenWRT. The problem is that apparently the guest can´t see the SD as storage."
by oreggin
Sat Oct 17, 2009 12:09 am
Forum: RouterBOARD hardware
Topic: Netinstall doesn't install ROS on RBOOT formatted NAND flash
Replies: 2
Views: 3562

Netinstall doesn't install ROS on RBOOT formatted NAND flash

I was format the NAND flash and I can't restore the RouterOS on my RB450G with Netinstall. When I start the Netinstall it can boot the router and the router is wait for the installation server, Netinstall is found them and then I select it by MAC address and select package folder and package, and cl...
by oreggin
Fri Oct 16, 2009 9:31 pm
Forum: RouterBOARD hardware
Topic: Need to install OpenWRT on a 433AH, can later restore ROS ?
Replies: 8
Views: 3603

Re: Need to install OpenWRT on a 433AH, can later restore ROS ?

Hello, I was format the NAND flash and I can't restore the RouterOS on my RB450G with Netinstall. When I start the Netinstall, it can boot the router, and the router is wait for the installation server, but nothing else. I select the proper package and sometimes I select the previously saved license...