Community discussions

Search found 31 matches

by spotts78
Thu Nov 13, 2014 3:09 pm
Forum: General
Topic: IPsec Disconnects
Replies: 3
Views: 1891

Re: IPsec Disconnects

I've done some more testing with this and the issue seems to be isolated to OS X and ROS code newer than 6.10 There's been an issue with OS X since 2011 that Apple has not addressed. https://discussions.apple.com/thread/3275811?start=0&tstart=0 http://simon.heimlicher.com/articles/2011/03/17/cisco-v...
by spotts78
Wed Nov 12, 2014 3:42 pm
Forum: General
Topic: IPsec Disconnects
Replies: 3
Views: 1891

Re: IPsec Disconnects

I turned up logging and was able to capture this when my session abruptly ended after 48+/- minutes: 08:36:09 ipsec IPsec-SA expired: ESP/Transport 1.1.1.1[0]->2.2.2.2[0] spi=15416181(0xeb3b75) 08:36:09 ipsec IPsec-SA expired: ESP/Transport 2.2.2.2[0]->1.1.1.1[0] spi=95088246(0x5aaee76) 08:36:14 ips...
by spotts78
Wed Nov 12, 2014 1:49 am
Forum: General
Topic: IPsec Disconnects
Replies: 3
Views: 1891

IPsec Disconnects

I've got a RB2011UiAS running 6.19 code with L2TP/IPsec VPN access. Clients(OS X) can connect fine, but active VPN sessions disconnect after 45-60 minutes. The only error I'm seeing before the connections die is. "ipsec,error failed to begin ipsec sa negotiation" /ip ipsec policy print Flags: T - te...
by spotts78
Thu Oct 09, 2014 3:43 pm
Forum: General
Topic: IP Services Listening Interface/IP
Replies: 2
Views: 728

Re: IP Services Listening Interface/IP

Anyone?
by spotts78
Sat Oct 04, 2014 12:50 am
Forum: General
Topic: IP Services Listening Interface/IP
Replies: 2
Views: 728

IP Services Listening Interface/IP

I've got a RB2011 configured with ether1-WAN interface with 3 public IPs(ex: 1.1.1.1, 1.1.1.2, 1.1.1.3) I'd like to use the 1.1.1.1 as a management IP and have www-ssl(tcp/443) and ssh(tcp22) access. 1.1.1.2/.3 will be NAT'd to ether2-LAN and have web servers(tcp/443) running behind them. When I ena...
by spotts78
Tue Sep 23, 2014 5:13 pm
Forum: Virtualization
Topic: 10G support on VMware?
Replies: 9
Views: 3976

Re: 10G support on VMware?

There have been other threads on this, but just uncase this one turns out differently

+1 for vmnext3 support.
and vmtools support as well

I have paid for all of my vm's :)

+1 for full support for VMware virtrualization
by spotts78
Fri Sep 20, 2013 11:46 pm
Forum: Virtualization
Topic: Metarouter move to another host
Replies: 1
Views: 2222

Metarouter move to another host

I started experimenting with metarouter on a RB450G running ROS 6.2, very cool stuff. If I build a MR running ROS or even openwrt how would I move it to another host or even backup the metarouter? I don't see anything under the Files menu and don't see an option to backup/export the metarouter VM.
by spotts78
Tue Jun 04, 2013 9:19 pm
Forum: General
Topic: VPN Authentication to RSA Radius Server
Replies: 4
Views: 2393

Re: VPN Authentication to RSA Radius Server

Turns out the RSA RADIUS server we're using only supports PAP, EAP-PEAP-GTC, EAP-TTLS-PAP, and EAP-TTLS-GTC protocols for authentication. I'm guessing when I telnet in it uses PAP? If it set both the PPTP server and client to use PAP, it works! BUT VERY INSECURE! Looks like the Mikrotik VPN servers ...
by spotts78
Wed Apr 24, 2013 11:51 pm
Forum: General
Topic: VPN Authentication to RSA Radius Server
Replies: 4
Views: 2393

VPN Authentication to RSA Radius Server

I'm trying to setup a RB450G(ros 5.24) with PPTP VPN/RSA SecurID token authentication. PPTP connectivity works with local user authentication, but errors out with RADIUS. I've enabled AAA authentication for router admin login and I can telnet into the RB450G fine: 16:18:44 radius,debug new request 0...
by spotts78
Sat Jul 14, 2012 5:11 am
Forum: General
Topic: ether1 link down
Replies: 1
Views: 889

Re: ether1 link down

Update: I can also reproduce the "ether1-WAN link down" behavior by running a bandwidth test to another MT router(RB450G running v5.4). The test indicates I'm getting the full 5MB/s from the ISP, but the link will go down after 3-5 minutes of running the BT.
by spotts78
Sat Jul 14, 2012 4:24 am
Forum: General
Topic: ether1 link down
Replies: 1
Views: 889

ether1 link down

I've got a RB493G running v5.18 that configured with ether1 as the WAN port and ether9 as the LAN port. Basic firewall rules and NAT with a FTP server on the LAN. If I start a FTP transfer, it will begin then anywhere from 3 to 5 minutes later fail. Logs on the router indicate that "ether1-WAN link ...
by spotts78
Fri Feb 10, 2012 1:17 am
Forum: General
Topic: Calculate Day of Week from Date
Replies: 5
Views: 4249

Re: Calculate Day of Week from Date

I ran your script and it gave me an incorrect result for today. It's Thursday February 9, 2012 and your function says it's Friday???
by spotts78
Sat Feb 04, 2012 9:34 pm
Forum: General
Topic: SSTP and HTTPS
Replies: 8
Views: 4153

Re: SSTP and HTTPS

I'm stupid!

Changed to SSTP listening port in mikrotik to 4430 then in the VPN setup on Windows 7 you can specify a port number in the server address ex: vpnserver.domain.com:4430

Works fine now. Thanks for all the responses and making me think! :D
by spotts78
Fri Feb 03, 2012 2:05 pm
Forum: General
Topic: SSTP and HTTPS
Replies: 8
Views: 4153

Re: SSTP and HTTPS

Getting another IP from my ISP isn't really an option. Guess I'm just stuck...
by spotts78
Fri Feb 03, 2012 1:28 pm
Forum: Beginner Basics
Topic: script policy
Replies: 6
Views: 7209

Re: script policy

Have you read about it in the wiki?
http://wiki.mikrotik.com/wiki/Manual:Sc ... repository
by spotts78
Fri Feb 03, 2012 10:34 am
Forum: Scripting
Topic: How to make scheduler based on days of the week ?
Replies: 10
Views: 4789

Re: How to make scheduler based on days of the week ?

Please take a look at this post http://forum.mikrotik.com/viewtopic.php?f=2&t=59029 and help me test the code. I get bad results with the script from the wiki as well.
by spotts78
Fri Feb 03, 2012 5:18 am
Forum: General
Topic: Calculate Day of Week from Date
Replies: 5
Views: 4249

Calculate Day of Week from Date

I've tried the script here http://wiki.mikrotik.com/wiki/Script_to_find_the_day_of_the_week for calculating the day of the week from a given date and it doesn't seem to give me the correct answer. Is it broken, am I doing something wrong? So in an effort to improve my scripting skills and using that...
by spotts78
Thu Feb 02, 2012 11:03 pm
Forum: General
Topic: SSTP and HTTPS
Replies: 8
Views: 4153

Re: SSTP and HTTPS

Can't do that the SSTP client software is "hard-coded" to run through port 443.
by spotts78
Wed Feb 01, 2012 8:03 pm
Forum: General
Topic: Mikrotik to Cisco VPN
Replies: 3
Views: 1032

Re: Mikrotik to Cisco VPN

Two things that I've done in my config seemed to have helped a lot with this issue.

1. Disable DPD on the Mikrotik
2. Make sure the Lifetime in IPsec Peer and IPsec Proposal match what's configured on the Cisco, in my case it's 08:00:00
by spotts78
Wed Feb 01, 2012 4:02 pm
Forum: General
Topic: SSTP and HTTPS
Replies: 8
Views: 4153

SSTP and HTTPS

I've got SSTP VPN server running on ros5.11, been working fine for months now. Question is can I run a webserver behind the router which also uses TCP port 443? They want to fight each other. Here are my firewall/NAT rules: 20 ;;; Allow SSL to webserver chain=forward action=accept protocol=tcp in-in...
by spotts78
Tue Mar 15, 2011 6:30 pm
Forum: Beginner Basics
Topic: New basic Setup Help!
Replies: 6
Views: 1369

Re: New basic Setup Help!

If you're new to AT&T U-Verse service, you will learn to hate their modem/router. If you're not new, you probably already do! It doesn't do bridge mode and you must use it as the gateway router to access their network. And forget about setting anything up with public static IPs as it never works cor...
by spotts78
Fri Feb 11, 2011 2:08 am
Forum: Beginner Basics
Topic: How can i use host winbox on guest mikrotik via vmware
Replies: 9
Views: 7507

Re: How can i use host winbox on guest mikrotik via vmware

You could try a "system reset-configuration" (caution will wipe the settings), then try to connect with the MAC address.
by spotts78
Wed Jan 26, 2011 9:18 pm
Forum: General
Topic: 5V power supply
Replies: 0
Views: 486

5V power supply

Anyone have a U.S. vendor for 5V power supplies that fit the Mikrotik 5VUSB?


5V power injector for USB (RB/411UAHR and RB/493G). IMPORTANT! 5VUSB is just injector cable, 5V power supplies must be sourced locally- we don\'t sell those.
Accepts DC Plug, 1.1MM x 3.5MM.
by spotts78
Fri Mar 19, 2010 10:23 pm
Forum: Beginner Basics
Topic: How to configure Mikrotik with ADSL on Intel-PC !
Replies: 7
Views: 7328

Re: How to configure Mikrotik with ADSL on Intel-PC !

You're on the right track! First you need to disable DHCP and set the DSL modem to bridge mode, this will allow the Mikrotik to handle the PPPoE connection and routing on the LAN side(firewall, DHCP, DNS, etc.). You should be able to search the Internet on exact steps to take to get your specific DS...
by spotts78
Thu Mar 18, 2010 4:31 pm
Forum: RouterBOARD hardware
Topic: 450G + MicroSD
Replies: 18
Views: 13137

Re: 450G + MicroSD

I made a trip to my local electronics store and got 2 more cards to "try". This $12.99(USD) 2GB PNY card delivered inconsistent results, sometimes the board would see it sometimes not. Part # on package is P-SDU2GB-EF/BG Printed on chip is SD-C02G http://i480.photobucket.com/albums/rr165/spotts78/RB...
by spotts78
Tue Mar 16, 2010 12:25 am
Forum: RouterBOARD hardware
Topic: 450G + MicroSD
Replies: 18
Views: 13137

Re: 450G + MicroSD

I've tried 3 different SanDisk 8GB microSDHC (part #: SDSDQ-8192) in 2 different RB450G(v4.5) routers with poor results. Half the time they don't show up on boot. I've tried reseating, reformatting, and even the boot delay setting mentioned earlier in this thread. Anyone have a specific Brand/Part #...
by spotts78
Thu Feb 25, 2010 5:09 am
Forum: General
Topic: Mikrotik Management for iPhone Available Now
Replies: 141
Views: 28430

Re: Mikrotik Management from iPhone (soon)

Thats ok. I added an additional method to contact me. You may go to my website http://www.murderdev.com and contact me that way. I would give out my email but I really don't need anymore spam. That contact page goes directly to my mail box.

Thanks for adding that! :D

Email sent...
by spotts78
Thu Feb 25, 2010 3:55 am
Forum: General
Topic: Mikrotik Management for iPhone Available Now
Replies: 141
Views: 28430

Re: Mikrotik Management from iPhone (soon)

:? "You are not authorised to send private messages." :?

Once again, stuck on the outside looking in... :(
by spotts78
Tue Feb 23, 2010 8:10 pm
Forum: General
Topic: Mikrotik Management for iPhone Available Now
Replies: 141
Views: 28430

Re: Mikrotik Management from iPhone (soon)

I was just think this morning how useful an app would be! Keep us posted on your progress!

Need beta testers?
by spotts78
Tue Feb 23, 2010 7:27 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 5
Views: 1698

Re: Port Forwarding

sam7, I tested and was able to accomplish I think what you want. I was able to "forward" tcp port 80 requests going to mypublicIP to another public IP(in this case www.google.com) 0 chain=dstnat action=dst-nat to-addresses=74.125.47.147 to-ports=80 protocol=tcp dst-address=mypublicIP dst-port=80 10 ...
by spotts78
Thu Dec 03, 2009 6:12 pm
Forum: Beginner Basics
Topic: WAN services not available to local users, please help!
Replies: 11
Views: 31255

Re: WAN services not available to local users, please help!

I have the same issue... We host our own web/FTP site (setup & works fines NAT, port forwarding, etc...) and clients on the LAN cannot access it by public IP. Unfortunately I do not have write access to our router :( , only our ISP does :( They seem to think that employing the below solution will 1....