Community discussions

Search found 29 matches

by lordcoke
Fri Apr 20, 2018 4:03 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 207755

Re: Feature requests

Feature request for /tool sniffer. Please make it possible to submit a filter-port range to the sniffer to allow sniffing like this:
/tool sniffer set filter-ip-protocol=udp filter-port=32000-32255
by lordcoke
Mon Jan 29, 2018 3:29 pm
Forum: Beginner Basics
Topic: IPsec-SA expired before finishing rekey [SOLVED]
Replies: 4
Views: 2035

Re: IPsec-SA expired before finishing rekey [SOLVED]

Had the same issue. It has been solved by setting pfs-group for RW to none under IPsec Proposal menu
by lordcoke
Wed Jun 07, 2017 11:55 pm
Forum: Announcements
Topic: v6.39.2 [current]
Replies: 122
Views: 34976

Re: v6.39.2 [current]

*) ipsec - renamed "remote-dynamic-address" to "dynamic-address";
is this 'dynamic-adress' feature already documented ? Did not found any note in Wiki.
by lordcoke
Tue Apr 26, 2016 10:19 am
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80610

Re: Feature Req: IKEv2 server and client

+1
It's time for IKEv2
by lordcoke
Thu Feb 04, 2016 12:52 pm
Forum: Announcements
Topic: v6.34 [current] is released!
Replies: 91
Views: 22923

Re: v6.34 [current] is released!

We have released 6.34 version. What's new in 6.34 (2016-Jan-29 10:25): *) ipsec - allow my-id address specification in main mode; *) ipsec - prioritize proposals; *) ipsec - support multiple DH groups for phase 1; /ip ipsec peers display problem for enc-algorithm. Peers configured with enc-algorith...
by lordcoke
Sun Jan 03, 2016 11:31 pm
Forum: General
Topic: MyNetName timeouts Jan 2016?
Replies: 3
Views: 657

Re: MyNetName timeouts Jan 2016?

Confirmed. Can't reach ns1,kissthenet.net and ns2.kissthenet.net from Germany. *.sn,mynetname.net names are unresolvable.
by lordcoke
Tue Dec 08, 2015 2:41 pm
Forum: Beginner Basics
Topic: IPSEC policy generation problems between Mikrotik and strongswan
Replies: 2
Views: 4029

Re: IPSEC policy generation problems between Mikrotik and strongswan

Hi,

I've discovered some problems with authentication. If SHA256 is configured, then ROS uses HMAC-SHA256-96 and StrongSwan HMAC-SHA256-128.
by lordcoke
Thu Sep 10, 2015 10:12 am
Forum: General
Topic: IPSec - different PSKs for road warriors
Replies: 1
Views: 447

Re: IPSec - different PSKs for road warriors

Does the recent ROS 6 allow the use of individual PSKs for each road warrior?
by lordcoke
Tue Feb 24, 2015 10:59 am
Forum: General
Topic: Feature Request: W_DISABLE# switch on Mini-PCIe
Replies: 2
Views: 1092

Re: Feature Request: W_DISABLE# switch on Mini-PCIe

i would appreciate it very much!
by lordcoke
Wed Aug 27, 2014 12:15 pm
Forum: General
Topic: Site to site IPSec Mikrotik 6.18 <-> pfSense 2.1.4
Replies: 4
Views: 8102

Re: Site to site IPSec Mikrotik 6.18 <-> pfSense 2.1.4

Phase2 settings differ. On ROS you have 3des in Phase2 (default proposal), in pfSense is aes-128 chosen.
by lordcoke
Thu Jun 05, 2014 1:04 pm
Forum: General
Topic: IPSec not working on Mikrotik Network
Replies: 2
Views: 895

Re: IPSec not working on Mikrotik Network

NAT is really not configured on your MikroTik?
/ip firewall nat print
by lordcoke
Wed Jun 04, 2014 5:15 pm
Forum: Beginner Basics
Topic: VPN L2TP/IPSec with iPhone works in LAN but not WAN
Replies: 1
Views: 1937

Re: VPN L2TP/IPSec with iPhone works in LAN but not WAN

I think your problem is caused by the NAT made ​​on the Fritzbox. Remove the Fritzbox and assign your public ip to the MikroTik RB.
by lordcoke
Thu Mar 06, 2014 4:32 pm
Forum: General
Topic: IPSec Road Warrior not working
Replies: 1
Views: 1273

Re: IPSec Road Warrior not working

Same problem here with the following ipsec,debug messages 14:29:51 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=XAuth RSASIG client 14:29:51 ipsec,debug auth method 65005 isn't supported. 14:29:51 ipsec,debug no Proposal found. 14:29:51 ipsec,debug failed to get valid proposal. 1...
by lordcoke
Thu Oct 04, 2012 3:09 pm
Forum: General
Topic: The RB won't recognize my SIM
Replies: 4
Views: 734

Re: The RB won't recognize my SIM

maybe you need to upgrade your MC8790 firmware to K2_0_7_35AP C:/WS/FW/K2_0_7_35AP/MSM6290/SRC
for me it works with this card.
by lordcoke
Tue Sep 04, 2012 5:09 pm
Forum: General
Topic: The RB won't recognize my SIM
Replies: 4
Views: 734

Re: The RB won't recognize my SIM

you may send the MC8790 an global reset command (helps for this old firmware sometimes): 1.) disable your dialout-interface ppp-out1 2.) open the serial terminal: /system serial-terminal channel=3 usb2 3.) enter the following chars and press enter AT!GRESET 4.) exit from serial-terminal and reboot t...
by lordcoke
Tue Sep 04, 2012 4:55 pm
Forum: General
Topic: trying to connect Remote desktop
Replies: 6
Views: 1270

Re: trying to connect Remote desktop

0 chain=srcnat action=masquerade add your outgoing interface: /ip firewall nat set 0 out-interface=ppp-out1 because you only want the traffic leaving the router out of ppp-out1 be masqed 1 chain=dstnat action=dst-nat to-addresses=10.0.0.222 to-ports=0-60000 protocol=udp dst-address=91.135.1.10 in-i...
by lordcoke
Tue Sep 04, 2012 2:57 pm
Forum: Beginner Basics
Topic: IPsec tunnel configuration
Replies: 3
Views: 1448

Re: IPsec tunnel configuration

Hello, you may try this, if you have static ip-addresses on your pppoe-client interfaces # on side1 /ip ipsec peer add addr=93.138.77.119 secret="your_very_strong_secret" nat-traversal=yes /ip ipsec policy add src-addr=172.16.1.0/24 dst-addr=192.168.2.0/24 sa-src-addr=78.0.208.170 sa-dst-addr=93.138...
by lordcoke
Wed Aug 15, 2012 3:07 pm
Forum: General
Topic: IPSec NAT-N
Replies: 3
Views: 579

Re: IPSec NAT-N

The following may work: RB1: /ip ipsec peer add address=8.8.1.1/32 secret="test" nat-traversal=yes send-initial-contact=no /ip ipsec policy add sa-dst-address=8.8.1.1 sa-src-address=8.8.0.1 src-address=192.168.0.0/24 dst-address=192.168.1.0/24 tunnel=yes /ip firewall nat add chain=srcnat action=acce...
by lordcoke
Wed Aug 15, 2012 11:58 am
Forum: General
Topic: VPN connection issue
Replies: 6
Views: 970

Re: VPN connection issue

I think the problem is the mikrotik kernel or the l2tp-server does not implement ipsec saref. File a feature request for ipsec saref! :)
by lordcoke
Tue Jul 24, 2012 3:32 pm
Forum: General
Topic: VPN connection issue
Replies: 6
Views: 970

Re: VPN connection issue

I can't explain why but it seems to be impossible to call out more than 1 times from behind one WAN-IP to IPsec-L2TP even with NAT-T. :/
by lordcoke
Mon Jul 23, 2012 2:53 pm
Forum: General
Topic: IPsec VPN encryption performance
Replies: 2
Views: 1599

IPsec VPN encryption performance

Hello,
what is the most effective IPsec encryption algorithm for MIPS 24Kc V7.4 cpu related boards? It seems 3des which is the default setting consumes lots of cpu cycles.
by lordcoke
Mon Jul 23, 2012 2:41 pm
Forum: General
Topic: VPN connection issue
Replies: 6
Views: 970

Re: VPN connection issue

Is on your mikrotik NAT-T active?
/ip ipsec peer ... nat-traversal=yes
by lordcoke
Fri Jun 15, 2012 10:56 am
Forum: General
Topic: Problem forwarding IPSEC through MT
Replies: 2
Views: 756

Re: Problem forwarding IPSEC through MT

Hi,

if src-nat is active between 'my router' and 'internet' then 'their router' must not dst-nat any vpn related protocol to 'their router'. Because of the NAT 'their router' will fall back to NAT-Traversal (ESP over 4500/udp). This also means 'their router' only can do outcalls.
by lordcoke
Fri May 04, 2012 3:13 pm
Forum: General
Topic: IPSec VPN between MikroTik and Mobile
Replies: 5
Views: 1500

Re: IPSec VPN between MikroTik and Mobile

I am having problem to setup IPSec VPN MacOS client ----> Mikrotik, which seems no one can help :shock:
For me l2tp-ipsec works great between MacOS road warriors and ROS. Do you use PSKs or Certs?
by lordcoke
Thu Nov 18, 2010 6:34 pm
Forum: General
Topic: OVPN client in ROS 4.11 fails with OpenVPN server 2.1.2
Replies: 12
Views: 2946

Re: OVPN client in ROS 4.11 fails with OpenVPN server 2.1.2

Same here. The problem stil exists in ROS 4.13. RB hangs when ovpn-client tries to connect to a OpenVPN 2.1.x server with x.509-certs.
by lordcoke
Mon Jun 28, 2010 7:11 pm
Forum: RouterBOARD hardware
Topic: How to reset a miniPCI 3G-modem card?
Replies: 9
Views: 4379

Re: How to reset a miniPCI 3G-modem card?

here the kernel oops in 4.10 AT!GRESET OK Oops[#1]: Cpu 0 $ 0 : 00000000 1000de01 00000000 00000001 $ 4 : c05ca800 c1acfe00 c1f73b80 c05ca890 $ 8 : c03233e0 0000de00 00000000 c1df4000 $12 : c037db50 00000000 0007762c 00010000 $16 : c1fd4f00 00000000 c1acfe3c c1acfe00 $20 : c05ca800 c1aee410 00000002...
by lordcoke
Sun Jun 20, 2010 6:26 pm
Forum: RouterBOARD hardware
Topic: How to reset a miniPCI 3G-modem card?
Replies: 9
Views: 4379

Re: How to reset a miniPCI 3G-modem card?

If you do an AT!GRESET to the MC8775 the 3G-Modem-card goes way for a second and comes up again with another device name in /dev. This causes a Kernel-Oops in RouterOS 4.x in certain circumstances.
by lordcoke
Thu Jun 10, 2010 10:30 am
Forum: RouterBOARD hardware
Topic: How to reset a miniPCI 3G-modem card?
Replies: 9
Views: 4379

Re: How to reset a miniPCI 3G-modem card?

Hi, have the same problem. The sierra wireless mc8775 sometimes just hangs. I also have seen on some RB411u's with this card that the serial port usb2 disappeared. /port print shows in this state just serial0. and the log says Jan/02/1970 01:03:49 async,ppp,info ppp-out1: initializing... Jan/02/1970...