Community discussions

MUM Europe 2020

Search found 48 matches

by PhilipLykov
Sun Nov 18, 2018 11:22 pm
Forum: General
Topic: Counters in NAT
Replies: 1
Views: 281

Counters in NAT

I made a rule in NAT with the same parameters as in Filter. But packet rate in NAT rule is almost not moving the total is also in thousands times less than in filter and in out interface in general. It seems that NAT counter is not count packets from established connections. Is it true? I use 6.43.4...
by PhilipLykov
Tue Dec 17, 2013 7:09 pm
Forum: General
Topic: IPSEC with Cisco 2811
Replies: 6
Views: 4078

Re: IPSEC with Cisco 2811

PhilipLykov hi,

Could you please explain how do you solve the problem?
I have the same problem :( when I clear crypto ipsec peer, ASA torn down the tunnel but MK keep the SPI and DPD is not working.
Sorry, but it still doesn't work fine.
Mikrotik has too much bugs and very bad support.
by PhilipLykov
Mon Dec 02, 2013 5:17 pm
Forum: General
Topic: IPSec Tunnel and Routes
Replies: 5
Views: 1613

Re: IPSec Tunnel and Routes

And we have no methods to exclude a network from the blackhole rule because we cannot create a new routing rule without GW address (what GW on IPSec tunnel?). Use your default GW in your new routing rules (to exclude specific ranges from the blackhole). Any GW that will direct packets out of the in...
by PhilipLykov
Mon Dec 02, 2013 1:54 pm
Forum: General
Topic: IPSec Tunnel and Routes
Replies: 5
Views: 1613

Re: IPSec Tunnel and Routes

It should not, based on your vision of it. :)
How to manage our situation? How to make an exclusion from the routing table for IPSec policy?
by PhilipLykov
Mon Dec 02, 2013 1:34 pm
Forum: General
Topic: IPSec Tunnel and Routes
Replies: 5
Views: 1613

IPSec Tunnel and Routes

Network A: 192.168.20.0/24 Network B: 192.168.30.0/24 Network C: 192.168.40.0/30 Network A <-> Router A (192.168.40.1) <-> (192.168.40.2) Router B <-> Network B On both routers we have an RFC required blackhole for private addresses (including 192.168.0.0/16) with metric 100, and default GW with met...
by PhilipLykov
Mon Nov 11, 2013 9:26 am
Forum: General
Topic: 6.6 -> PPTP configuration
Replies: 0
Views: 762

6.6 -> PPTP configuration

After upgrade to 6.6 version all PPTP settings was cleared. This is a huge problem for me today.

Mikrotik: you will lose all your clients if you will not invest in quality assurance of your software.
by PhilipLykov
Thu Aug 08, 2013 7:45 pm
Forum: General
Topic: v6.2 released
Replies: 247
Views: 90572

Re: Wireless problem

After upgrade to 6.2 on my RB751U-2HnD all WiFi troubles come back. I have two macbook pro, two iPads and two iPhones. At least two iPads experience the problem: every few minutes WiFi is freezing on it, it appears as connected but no replies from MKTK goes back to iPad. Preamble is Long and Cipher...
by PhilipLykov
Thu Aug 08, 2013 1:10 am
Forum: General
Topic: v6.2 released
Replies: 247
Views: 90572

Wireless problem

After upgrade to 6.2 on my RB751U-2HnD all WiFi troubles come back. I have two macbook pro, two iPads and two iPhones. At least two iPads experience the problem: every few minutes WiFi is freezing on it, it appears as connected but no replies from MKTK goes back to iPad. Preamble is Long and Cipher ...
by PhilipLykov
Fri Jun 14, 2013 3:48 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 54770

Re: RouterOS 6.1 released

need more details, IPSec did not receive any changes that would brake that. try to enable debug logs on RouterOS and see what is happening. IPSec logs or debug? debug ipsec logs. "ipsec,debug" is what you have to add. above shows incorrect configuration and is not supposed to work. Why is it incorr...
by PhilipLykov
Fri Jun 14, 2013 3:26 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 54770

Re: RouterOS 6.1 released

Logging doesn't work also! [admin@ITSC_MKTK] > system logging print Flags: X - disabled, I - invalid, * - default # TOPICS ACTION PREFIX 0 * info disk 1 * error disk 2 * warning disk 3 * critical echo 4 firewall disk 5 ipsec disk IPSEC_ 6 debug disk DEBUG_ No new records in the log... I find out th...
by PhilipLykov
Fri Jun 14, 2013 3:23 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 54770

Re: RouterOS 6.1 released

Logging doesn't work also! [admin@ITSC_MKTK] > system logging print Flags: X - disabled, I - invalid, * - default # TOPICS ACTION PREFIX 0 * info disk 1 * error disk 2 * warning disk 3 * critical echo 4 firewall disk 5 ipsec disk IPSEC_ 6 debug disk DEBUG_ No new records in the log...
by PhilipLykov
Fri Jun 14, 2013 3:16 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 54770

Re: RouterOS 6.1 released

need more details, IPSec did not receive any changes that would brake that.

try to enable debug logs on RouterOS and see what is happening.
IPSec logs or debug?
by PhilipLykov
Fri Jun 14, 2013 3:03 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 54770

Re: RouterOS 6.1 released

URGENT!
Where to take 6.0 in order to downgrade?
We have upgraded RB1100AHx2.
by PhilipLykov
Fri Jun 14, 2013 2:59 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 54770

Re: RouterOS 6.1 released

IPSec Cisco - Mikrotik stopped working after upgrade from 6.0 to 6.1.
Guys, are you really don't test your firmwares?
by PhilipLykov
Wed Apr 10, 2013 5:59 pm
Forum: General
Topic: Clear DF doesn't work on ROS 6.0 rc11
Replies: 6
Views: 2568

Re: Clear DF doesn't work on ROS 6.0 rc11

Hm, I believe that RC is not supported. Am I wrong?
by PhilipLykov
Wed Apr 10, 2013 12:28 am
Forum: General
Topic: Clear DF doesn't work on ROS 6.0 rc11
Replies: 6
Views: 2568

Re: Clear DF doesn't work on ROS 6.0 rc11

Hey guys! It's a real problem. So nobody else has this problem?
by PhilipLykov
Sat Mar 02, 2013 3:10 pm
Forum: General
Topic: Clear DF doesn't work on ROS 6.0 rc11
Replies: 6
Views: 2568

Re: Clear DF doesn't work on ROS 6.0 rc11

Before upgrade to 6.0 RC (we done it on rc9) everything was fine with this mangles and SMTP traffic.
by PhilipLykov
Fri Mar 01, 2013 8:08 pm
Forum: General
Topic: Clear DF doesn't work on ROS 6.0 rc11
Replies: 6
Views: 2568

Re: Clear DF doesn't work on ROS 6.0 rc11

Additional information: It can be MSS Adjustment trouble or Clear DF trouble. We have MSS Adjustment which change MSS to 1400 where TCP with SYN flag and which has current MSS other than 0-1400. Also we have Clear DF for this tunnels (IP Tunnel over IP Sec to Cisco router). When both rules enabled S...
by PhilipLykov
Fri Mar 01, 2013 1:30 am
Forum: General
Topic: Clear DF doesn't work on ROS 6.0 rc11
Replies: 6
Views: 2568

Clear DF doesn't work on ROS 6.0 rc11

It seems that Clear DF settings doesn't work on RouterOS 6.0 rc 11.
by PhilipLykov
Tue Feb 12, 2013 11:54 pm
Forum: General
Topic: ARP static records and ARP reply-only on interface problem
Replies: 10
Views: 10694

Re: ARP static records and ARP reply-only on interface probl

RESOLVED: "We cannot ping host, then we make ARP ping, then we can ping that host for some time." The source of problem is DHCP-snooping on HP ProCurve switch. Why does it work in such manner I don't know, because there is no ip source-lockdown enabled and DHCP snooping should be passive. But we STI...
by PhilipLykov
Tue Feb 12, 2013 4:13 pm
Forum: General
Topic: ARP static records and ARP reply-only on interface problem
Replies: 10
Views: 10694

Re: ARP static records and ARP reply-only on interface probl

I checked: there are all right.
I find another problem: when I ping from ip address of Mikrotik - there is no answer, but when I ping from other IP (client behind Mikrotik on other IP network) - everything works fine. May be there is a problem with ARP answers from Mikrotik.
by PhilipLykov
Tue Feb 12, 2013 4:04 pm
Forum: General
Topic: ARP static records and ARP reply-only on interface problem
Replies: 10
Views: 10694

Re: ARP static records and ARP reply-only on interface probl

I suppose that problem may be in switch, but we have HP ProCurve switches with limited management functionality. All what I can see there is mac address table, and there are nothing wrong.
by PhilipLykov
Tue Feb 12, 2013 3:00 pm
Forum: General
Topic: ARP static records and ARP reply-only on interface problem
Replies: 10
Views: 10694

Re: ARP static records and ARP reply-only on interface probl

Then it works. Also mikrotik reboot helps. But why?
by PhilipLykov
Tue Feb 12, 2013 2:37 am
Forum: General
Topic: ARP problem with routeros 6rc6
Replies: 4
Views: 2712

Re: ARP problem with routeros 6rc6

I have all described problems with ARP on RC9:
http://forum.mikrotik.com/viewtopic.php?f=2&t=69748
by PhilipLykov
Mon Feb 11, 2013 6:14 pm
Forum: General
Topic: ARP static records and ARP reply-only on interface problem
Replies: 10
Views: 10694

Re: ARP static records and ARP reply-only on interface probl

I found that Mikrotik work inadequate with ARP: there is ARP enabled in the interface settings, we ping from Mikrotik another device, ARP record creates on Mikrotik, ping doesn't work, we send ARP ping -> first packed without reply, second and all other with normal reply, then all communication work...
by PhilipLykov
Fri Feb 08, 2013 11:36 pm
Forum: General
Topic: ARP static records and ARP reply-only on interface problem
Replies: 10
Views: 10694

ARP static records and ARP reply-only on interface problem

We have interface with ARP reply-only, DHCP server which issue static-only addresses. Also we have static ARP records for these addresses. But this combination doesn't work as expected: after restart of Mikrotik no ping to devices, but when we delete static record, change ARP type to enable on inter...
by PhilipLykov
Mon Oct 15, 2012 7:43 pm
Forum: Wireless Networking
Topic: Apple devices & Mikrotik
Replies: 30
Views: 26786

Re: Apple devices & Mikrotik

MAC based access control is not a solution because MAC address can be easily changed.
by PhilipLykov
Sun Oct 14, 2012 3:59 pm
Forum: Wireless Networking
Topic: Apple devices & Mikrotik
Replies: 30
Views: 26786

Re: Apple devices & Mikrotik

I use only AES from the beginning and these trouble was with iOS 4, 5 and 6 for all Apple devices (MacBookPro, iPad 2, iPhone 3Gs/4). So it's not a problem within iOS 6 or iPhone 6 at me. But this problem appears at long WiFi usage only. In my scenario - iPad 90% of the day connected to AP and use W...
by PhilipLykov
Sun Oct 14, 2012 1:54 pm
Forum: Wireless Networking
Topic: Apple devices & Mikrotik
Replies: 30
Views: 26786

Re: Apple devices & Mikrotik

Hi,
Actually no workarounds was mentioned. And my iPads 2 and iPhones 4 still lost connection every few minutes.
by PhilipLykov
Thu Oct 11, 2012 1:22 am
Forum: Wireless Networking
Topic: Apple devices & Mikrotik
Replies: 30
Views: 26786

Re: Apple devices & Mikrotik

Sorry, but the problem still persist for at least two my iPads and one iPhone. You write about a bug in the MacOS but I don't have that problem with WPA black password. Is there any way to discover what is going on in the WiFi in that time when all my devices believe they are connected but it's no so?
by PhilipLykov
Tue Oct 09, 2012 6:34 pm
Forum: General
Topic: IPSEC with Cisco 2811
Replies: 6
Views: 4078

Re: IPSEC with Cisco 2811

Now it works fine. Thank you!
by PhilipLykov
Mon Oct 08, 2012 10:18 pm
Forum: Wireless Networking
Topic: Apple devices & Mikrotik
Replies: 30
Views: 26786

Re: Apple devices & Mikrotik

I enabled both WPA and WPA2. The situation is a same. After few hours of IDLE one of my iPads see connection but cannot even answer to ARP request. I see that Mikrotik update his last-activity timer for this item, I saw an ARP request in that time which ask who has 192.168.111.253. I see that Mikrot...
by PhilipLykov
Mon Oct 08, 2012 4:41 pm
Forum: General
Topic: IPSEC with Cisco 2811
Replies: 6
Views: 4078

Re: IPSEC with Cisco 2811

You are right. It happens on small network outages only, 1-5 seconds. I have only one policy for this host so I suppose that "unique" level is unnecessary. I will post logs in few hours.
by PhilipLykov
Mon Oct 08, 2012 10:18 am
Forum: Wireless Networking
Topic: Apple devices & Mikrotik
Replies: 30
Views: 26786

Re: Apple devices & Mikrotik

Here is my config: ------------------------- [root@mktk] > /export compact # oct/07/2012 16:14:19 by RouterOS 5.20 # software id = * # /interface wireless set 0 arp=reply-only band=2ghz-b/g/n default-authentication=no default-forwarding=no dfs-mode=no-radar-detect disabled=no disconnect-timeout=10s ...
by PhilipLykov
Sun Oct 07, 2012 1:50 am
Forum: General
Topic: IPSEC with Cisco 2811
Replies: 6
Views: 4078

IPSEC with Cisco 2811

I have 5 Mikrotik devices and all of them should connect with IPSEC to Cisco 2811. Everything work fine but when the network connection between these devices disappear for few seconds they cannot automatically reconnect IPSEC. It seems that MIkrotik or Cisco made a new SPI but the second device try ...
by PhilipLykov
Sun Oct 07, 2012 1:43 am
Forum: Wireless Networking
Topic: Apple devices & Mikrotik
Replies: 30
Views: 26786

Re: Apple devices & Mikrotik

Now I use 5.20. So you believe that older RouterOS version is better, isn't it?
by PhilipLykov
Sun Oct 07, 2012 1:32 am
Forum: Wireless Networking
Topic: Apple devices & Mikrotik
Replies: 30
Views: 26786

Apple devices & Mikrotik

I have 2 iPhones, 2 iPads, 2 MacBookPro in my home and one PC. I tried to use TP-Link, Linksys and now Mikrotik devices as WiFi AP and always have the following problem: After some time of work every Apple device lost connection with AP on IP level and there is no such problem with PC at all. The co...
by PhilipLykov
Sun Sep 16, 2012 6:30 pm
Forum: General
Topic: Connection Limit rule above/beyond Established Connections
Replies: 2
Views: 564

Re: Connection Limit rule above/beyond Established Connectio

Yes, I know, but it seems that Established Connections rule should be beyond the Connection Limit because it cannot calculate all established connections then. In any case there is should be some kind of advanced documentation which will describe such things.
by PhilipLykov
Thu Sep 13, 2012 11:33 pm
Forum: General
Topic: Connection Limit rule above/beyond Established Connections
Replies: 2
Views: 564

Connection Limit rule above/beyond Established Connections

Hello,

I cannot understand well the principle of work the "Connection Limit" rule in the Firewall/Filter. Should it be placed above or beyond the rule which allow all already established connections?
by PhilipLykov
Tue Aug 28, 2012 3:07 pm
Forum: General
Topic: ARP: Reply Only - doesn't work
Replies: 0
Views: 477

ARP: Reply Only - doesn't work

Hello, In my scenario all workstations use DHCP from Mikrotik and there is ARP for Leases. But a few devices has static address or address where I made ARP static on Mikrotik. In this case when I switch ARP mode on interface (VLAN) from "enabled" to "reply only" mikrotik cannot ping no one device on...
by PhilipLykov
Tue Aug 14, 2012 8:41 pm
Forum: Beginner Basics
Topic: RB1100ahx2
Replies: 1
Views: 769

RB1100ahx2

Hello, What is the right way to make one 10 ports switch from RB1100? I think to include ports 5 and 10 in the bridge. Some ports should be multi VLANs (trunk port) and some should be single VLAN (access port). And I have to connect L2 part to L3 part on every VLAN. Questions: 1. Will it work? 2. Ar...
by PhilipLykov
Sat Apr 28, 2012 1:29 pm
Forum: The Dude
Topic: reset configs of Dude on RB433
Replies: 0
Views: 1025

reset configs of Dude on RB433

Hello, I changed allowed IP address for user and forget to change allowed address for client connection within server bindings. So now when I connect from one address I receive an error that this user is not allowed from this address and when I use allowed address I receive an error Connection Close...
by PhilipLykov
Sun Aug 21, 2011 10:54 pm
Forum: The Dude
Topic: Graphing the probes when they in error
Replies: 1
Views: 606

Graphing the probes when they in error

I really can't understand the logic why probes stop graphs when Error function gives anything. For example: I have OID which gives me the average DB query execution time and when it get above 1000ms I have to inform technical specialist but in any case the engineer should know to which level this ti...
by PhilipLykov
Thu Aug 18, 2011 9:10 pm
Forum: The Dude
Topic: Function to find value within string
Replies: 2
Views: 1580

Re: Function to find value within string

Thank you Lebowsky!
by PhilipLykov
Thu Aug 18, 2011 5:30 pm
Forum: The Dude
Topic: Function to find value within string
Replies: 2
Views: 1580

Function to find value within string

We have OID which gives us: "chain=2,call=0" where 2 and 0 are variables. How can we take this values (2 and 0) in order to use for graphing from this OID?
by PhilipLykov
Fri Dec 10, 2010 12:54 am
Forum: The Dude
Topic: Probe from the telnet parsing
Replies: 1
Views: 1416

Probe from the telnet parsing

Hello! I have to monitor few different linux systems with Yate and Asterisk on them. I need to make charts of the used VoIP channels. Unfortunately Asterisk has very limited SNMP functionality (it can give only total number of calls, but I need to know the external calls) and Yate don't have SNMP at...
by PhilipLykov
Fri Dec 10, 2010 12:34 am
Forum: The Dude
Topic: Filter Array
Replies: 5
Views: 2159

Re: Filter Array

Hello!
This function works for the whole word in the value only. We need to find the strings which contain some word (but the whole string is longer) and count the quontity of such strings. Can we use any wildcards or maybe you know another functions which can do it?