Community discussions

MUM Europe 2020

Search found 11 matches

by jimr
Wed May 27, 2015 5:36 pm
Forum: General
Topic: Amazon AWS VPN -- A Working Configuration Example and Bug
Replies: 40
Views: 30405

Re: Amazon AWS VPN -- A Working Configuration Example and Bug

@mrz A further comment -- All three of the example implementations cited in your post illustrate the same requirement: a single address on the Mikrotik size is used to terminate both tunnels. This is not possible in RouterOS. Just try it. The problem exists whether or not one uses BGP for routing (a...
by jimr
Wed May 27, 2015 5:27 pm
Forum: General
Topic: Amazon AWS VPN -- A Working Configuration Example and Bug
Replies: 40
Views: 30405

Re: Amazon AWS VPN -- A Working Configuration Example and Bug

@mrz Sorry about the delay on this. The notification disappeared in a pile of other e-mail... I can assure you that the dual-tunnel requirement of AWS cannot be supported by the Mikrotik implementation. I'm not looking at it in the same level of implementation detail as you, but from an outward pers...
by jimr
Wed Jan 28, 2015 6:58 am
Forum: General
Topic: Amazon AWS VPN -- A Working Configuration Example and Bug
Replies: 40
Views: 30405

Re: Amazon AWS VPN -- A Working Configuration Example and Bu

Yes. Priority doesn't appear to matter. One of the policies is invariably declared "invalid" by RouterOS. Frankly, I don't think the priorities actually work.
by jimr
Mon Jan 26, 2015 4:02 pm
Forum: General
Topic: Amazon AWS VPN -- A Working Configuration Example and Bug
Replies: 40
Views: 30405

Re: Amazon AWS VPN -- A Working Configuration Example and Bu

On the Mikrotik side, confirm that you have a route through to the 172.31.x.x network. Also be certain that the firewall rules are in place to allow this access. Finally, be certain that you have the rule in place to bypass source address replacement on traffic outbound your local network and destin...
by jimr
Mon Jan 12, 2015 10:34 pm
Forum: General
Topic: Amazon AWS VPN -- A Working Configuration Example and Bug
Replies: 40
Views: 30405

Re: Amazon AWS VPN -- A Working Configuration Example and Bu

Yes. Both IPSEC must be enabled to get both BGP relationships to establish. It has been sometime since I posted those instructions. We have additional experience to share. Because of the limitation in the Mikrotik, the VPN setup using a Mikrotik router will result in rare application-level issues th...
by jimr
Tue Sep 30, 2014 6:46 pm
Forum: General
Topic: Amazon AWS VPN -- A Working Configuration Example and Bug
Replies: 40
Views: 30405

Re: Amazon AWS VPN -- A Working Configuration Example and Bu

We are tying to set up the same thing and having similar issues. How did you get ahold of Amazon for support question because we can not seem to get to anyone? P.S. Could you by any chance look over our configuration and see if you could identify the problem? I can't advise about AWS support. Howev...
by jimr
Thu Aug 07, 2014 4:45 am
Forum: General
Topic: Amazon AWS VPN -- A Working Configuration Example and Bug
Replies: 40
Views: 30405

Amazon AWS VPN -- A Working Configuration Example and Bug

We set out to connect our office LAN to an Amazon AWS Virtual Private Cloud (VPC) using Amazon's VPN facility. After some experimentation, we have a result that is quite usable and secure. Amazon doesn't support Microtik specifically, but they were helpful and not averse to answering questions to he...
by jimr
Mon Jan 24, 2011 7:53 pm
Forum: General
Topic: -RC7: IPV6 Configuration Changes on Switched Router I/F?
Replies: 4
Views: 1086

Re: -RC7: IPV6 Configuration Changes on Switched Router I/F

THere is a small bug in rc7 when sometimes radv is still using link local address other than masters address. It is fixed in rc8.
Thank you. That seems to be consistent with what we observed. The workaround for now is not to use the extra router ports as if a switch.
by jimr
Mon Jan 24, 2011 5:47 pm
Forum: General
Topic: -RC7: IPV6 Configuration Changes on Switched Router I/F?
Replies: 4
Views: 1086

Re: -RC7: IPV6 Configuration Changes on Switched Router I/F

Difference between RC3 and RC7 is that in rc7 ipv6 link local address is added only to master interface or bridge. All slaves are ignored. This seems to make sense. One link-local address per interface (and master and slaves are the same logical interface to the router). So why didn't the resulting...
by jimr
Sun Jan 23, 2011 6:57 pm
Forum: General
Topic: -RC7: IPV6 Configuration Changes on Switched Router I/F?
Replies: 4
Views: 1086

-RC7: IPV6 Configuration Changes on Switched Router I/F?

The changlog suggests that this is now handled "correctly". Could you elaborate? What is the difference? In upgrading an RB450 from -RC3 to -RC7, the IPV6 local network stopped working. It was noted that the link-local addresses assigned to the switched local ports were changed from before and someh...
by jimr
Fri Jun 18, 2010 6:06 pm
Forum: General
Topic: RB750 Switch Hardware - Broadcast and Multicast Behavior
Replies: 0
Views: 623

RB750 Switch Hardware - Broadcast and Multicast Behavior

I am hoping that somebody has explored the behavior of the Atheros switching hardware that forms the ports of the RB750. Under the default v4.10 configuration, ether1 is set to be a WAN gateway, ether2 is a master port and ether3 to -5 are set as slaves to ether2 . The purposes of this is to make th...