Community discussions

MUM Europe 2020

Search found 15 matches

by juaco
Sat Sep 03, 2011 10:03 pm
Forum: General
Topic: **NEED HELP** ipsec/l2tp and two factor auth (no EAP??)
Replies: 2
Views: 2186

ipsec/l2tp and two factor auth (please add EAP!!!!!)

Sure. I've followed this wiki page and made these mods (see the sections in the wiki page): L2TP Server configuration Specified mschapv2 only for L2TP authentication (this is were i should be using EAP btw), and used the ppp profile "default-encryption". Note that in this way you'll be using double ...
by juaco
Fri Sep 02, 2011 7:10 pm
Forum: General
Topic: Winbox Radius Login with Windows AD / NPS - Fixed!
Replies: 5
Views: 11656

Re: Winbox Radius Login with Windows AD / NPS

We are using radius against NPS for PPP authentication with AD credentials: /radius add accounting-backup=no accounting-port=1813 address=<NPS-SERVER> authentication-port=1812 called-id="" comment="" disabled=no domain=<DOMAIN-SHORT-FORM> realm="" secret=<NPS-CONFIGURED-SECRET> service=ppp timeout=\...
by juaco
Fri Sep 02, 2011 6:21 pm
Forum: General
Topic: **NEED HELP** ipsec/l2tp and two factor auth (no EAP??)
Replies: 2
Views: 2186

**NEED HELP** ipsec/l2tp and two factor auth (no EAP??)

I'm testing ipsec (psk) + l2tp (mschap2+radius) in ROS 5.6 with windows 7 clients and everything works fine, except now i have to add certificate based authentication to this, and ending with RSA tokens in the clients for two-factor authentication. I was sadly disappointed though, to see l2tp won't ...
by juaco
Tue Jun 14, 2011 3:26 pm
Forum: General
Topic: VPN and ISP Wide NATed clients
Replies: 2
Views: 848

Re: VPN and ISP Wide NATed clients

RTFM. Idecidedto go with PPTP for that reason that it still is easier to manage. * Good security. * Never had a problem with NAT clients in years. * No client needed. Guess what ;) OS support it. At least Mac and WIndows do out of the box. * Configuration - use Radius. Every AD server can be config...
by juaco
Thu May 19, 2011 9:32 pm
Forum: General
Topic: VPN and ISP Wide NATed clients
Replies: 2
Views: 848

VPN and ISP Wide NATed clients

Greetings fellow mikrotikers :) I have the task to implement a VPN as only entry point to our network. I'm starting to read docs now, and one of the first things i notice is there are some trouble to expect with ISP-NATed clients (especially with IPSEC, would seem). Do you have any advice/pointers o...
by juaco
Thu May 05, 2011 4:37 pm
Forum: Scripting
Topic: random number generators
Replies: 3
Views: 2403

Re: random number generators

Thanks guys :) just glad to know it is useful to you. @bburley: I think the LFSR should be more optimal than extracting items / reconcatenating the array (would have to :time it though, to get a more accurate estimation of how each performs): Array reconcatenation seed prng (this could be done just ...
by juaco
Sat Feb 26, 2011 5:18 am
Forum: Scripting
Topic: config parser
Replies: 0
Views: 819

config parser

It's somewhat a proof of concept, (and not like a real *LR parser), but so far i get the correct output from a config file and error checking is in place. Hope i can make it a bit more solid in the near time. Most syntax elements are tweakeable, (it's not universal though). So play with the code. Th...
by juaco
Sat Feb 26, 2011 4:43 am
Forum: Scripting
Topic: Config watchdog (toggable auto restore) for remote work
Replies: 0
Views: 1883

Config watchdog (toggable auto restore) for remote work

update: added toggable behaviour save the script and adjust ScriptName to the script name set policies tweak BackupName, WatchdogInterval, WatchdogLoop variables Run once to backup the config and schedule a restore/reboot, run it again before the scheduler triggers to cancel the scheduler and delete...
by juaco
Sat Feb 26, 2011 4:36 am
Forum: Scripting
Topic: Enhanced mail config backup
Replies: 0
Views: 454

Enhanced mail config backup

save the script and adjust ScriptName to the name you gave it set script policies tweak SystemIdentity, BackupName, BackupInterval, MailDestination, MailSubject and MailBody set MailBackupRunFromScheduler = false if you just want a one-time run # makes a config backup and sends it by mail # # If Ma...
by juaco
Mon Nov 29, 2010 10:18 am
Forum: Scripting
Topic: random number generators
Replies: 3
Views: 2403

random number generators

For a script i'm doing i need to randomly pick values from an array, in a way that the values are only picked once. What i was doing was: 1) copy the array in ArrayTemp 2) grab a random number in the interval 0..[:len $ArrayTemp] 3) pick the item from the array 4) reconcatenate the array to eliminat...
by juaco
Sun Nov 14, 2010 4:42 am
Forum: General
Topic: generalized failover/loadbalancer update
Replies: 3
Views: 1859

Re: first attempt at a generalized loadbalancer with failove

Hi I think the issue with nth it's because all this is made and tested in 3.x where nth has two params: "every" (how much to count), and "packet" (on which count match). In 4.x nth has 3 params, iirc the second is a "counter number" of which you have 8 (or something) available. I'll expand on multi ...
by juaco
Fri Nov 12, 2010 9:17 am
Forum: General
Topic: generalized failover/loadbalancer update
Replies: 3
Views: 1859

description

here i'll describe the logics used in the mangle chains and the scripts

but not now, as i'm going to sleep :lol:

bye
by juaco
Wed Nov 10, 2010 7:09 pm
Forum: General
Topic: ECMP
Replies: 66
Views: 25932

Re: ECMP

janisk: what you say is right, i haven't used PCC though it does look really good. Anyway, does it work along with ECMP or replaces it completely? I am confused as to the situations where it's best to use ECMP or NTH or Random or PCC for loadbalancing/failover. For now what i see is: ECMP the "kerne...
by juaco
Wed Nov 10, 2010 12:37 am
Forum: General
Topic: ECMP
Replies: 66
Views: 25932

Re: ECMP

Maybe some mangling can help with the ecmp/flush issue. Use add-src-to-address-list when a client is first routed through a gateway, and later, after the flush you can restore the route by matching from src-in-address-list and using route marks.
by juaco
Tue Nov 09, 2010 5:01 am
Forum: General
Topic: generalized failover/loadbalancer update
Replies: 3
Views: 1859

generalized failover/loadbalancer update

Hey this is starting to work fine :D If you can, please test it! Later i'll detail logics and list stuff i don't understand and need help in solving. Features address-list based, one list per config entry N incoming interfaces, N primary/backup outgoing routes per config entry auto reconfig on up/do...