Community discussions

MUM Europe 2020

Search found 25 matches

by aragon
Tue Aug 22, 2017 10:02 am
Forum: General
Topic: IPSec in-template-mismatches just increases
Replies: 6
Views: 1063

Re: IPSec in-template-mismatches just increases

Remove the policy that has "wrong direction". (there are 2 policies but of course each of them belongs to another endpoint) That seems to have fixed things. Thank you! To be clear, I disabled this policy rule: add dst-address=10.10.0.0/24 level=unique proposal=lantec sa-dst-address=4.3.2.1 sa-src-a...
by aragon
Fri Aug 18, 2017 2:20 pm
Forum: General
Topic: IPSec in-template-mismatches just increases
Replies: 6
Views: 1063

Re: IPSec in-template-mismatches just increases

Likely the src/dst address of your packets don't match with your policy dst-address=192.168.1.30/32 src-address=10.10.0.0/24 That's what I thought as well. However, they do match, at least /tool sniffer confirms as much. I recommend using a tunnel interface (GRE or IPIP) over IPsec transport instea...
by aragon
Fri Aug 18, 2017 12:42 pm
Forum: General
Topic: IPSec in-template-mismatches just increases
Replies: 6
Views: 1063

Re: IPSec in-template-mismatches just increases

In case anyone wonders about my config: /ip ipsec peer add address=1.2.3.4/32 dh-group=modp1024 enc-algorithm=3des nat-traversal=no secret=snip /ip ipsec policy add dst-address=192.168.1.30/32 level=unique proposal=lantec sa-dst-address=1.2.3.4 sa-src-address=4.3.2.1 src-address=10.10.0.0/24 tunnel=...
by aragon
Fri Aug 18, 2017 11:51 am
Forum: General
Topic: IPSec in-template-mismatches just increases
Replies: 6
Views: 1063

IPSec in-template-mismatches just increases

Hello,

I'm struggling to get a site-to-site IPSec VPN working. Packets that I expect to run over the IPSec tunnel session just cause the in-template-mismatches statistics counter to increase.

Anyone know what that statistics counter means? Or what is an in-template?
by aragon
Sun Aug 11, 2013 6:03 pm
Forum: General
Topic: v6.2 released
Replies: 247
Views: 90601

Re: v6.2 released

Thanks for the scripting fixes since 6.1, but unfortunately we're hitting a new scripting bug. :local q :local msg :set msg "hello world" :set q [:parse ("/put message=\"the message is: " . $msg . "\"")] $q :put $q On 6.2: [admin@dev] /system script> run test (eval /putmessage=the message is: hello ...
by aragon
Thu Jul 18, 2013 11:32 am
Forum: General
Topic: routeros 6.2 changelog
Replies: 61
Views: 16641

Re: routeros 6.2 changelog

v6.2 is not released, this is only a discussion about it. the issues will be fixed before we release v6.2
Even better, thanks!
by aragon
Thu Jul 18, 2013 10:31 am
Forum: General
Topic: routeros 6.2 changelog
Replies: 61
Views: 16641

Re: routeros 6.2 changelog

There are a few issues, but they are not fixed in the above build, that's why they are not in the changelog. Which specific issue are you talking about? Ok, thanks for confirmation. My issues are in ticket #2013061866000451. Please could you fix them in 6.3? The scripting API is very important to u...
by aragon
Thu Jul 18, 2013 9:38 am
Forum: General
Topic: routeros 6.2 changelog
Replies: 61
Views: 16641

Re: routeros 6.2 changelog

all scripts are working, check if you have updated your scripts for the v6 commands and features
Sorry, are you implying there were no scripting bugs with 6.1?
by aragon
Wed Jul 17, 2013 11:20 pm
Forum: General
Topic: routeros 6.2 changelog
Replies: 61
Views: 16641

Re: routeros 6.2 changelog

No mention of script fixes. Anyone had a chance to test previously working scripts on 6.2 yet?
by aragon
Fri Jun 21, 2013 12:56 am
Forum: General
Topic: EoIP support in Linux
Replies: 6
Views: 5209

Re: EoIP support in Linux

Thanks a lot! This was very useful recently for performing a remote netinstall.
by aragon
Mon Jun 17, 2013 4:43 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 54788

Re: RouterOS 6.1 released

Hi, We have 2 problems with the Ros6.1 release. importing rsc scripts has changed the calling structure and also the maximum characters per router script has been changed in Ros 6.1 The first problem is fixable with some work on rewriting the structure of the scripts, aka where we had to \\\ a " or...
by aragon
Tue Mar 12, 2013 5:28 pm
Forum: General
Topic: Feature request: SSL/TLS support for "/tool fetch" (https)
Replies: 4
Views: 1566

Re: Feature request: SSL/TLS support for "/tool fetch" (http

Big question is, why does the tool/fetch wiki page say HTTPS is supported, when it isn't?

Or was this feature recently added? When? Nothing in Changelogs??
by aragon
Mon Dec 24, 2012 10:05 am
Forum: General
Topic: script compatibility
Replies: 2
Views: 836

Re: script compatibility

I came up with a work around, in case this helps anyone: /ip firewall connection tracking :local rosver [:pick [/system resource get version] 0] :local test :if ($rosver = "6") do={ :set test "yes" } else={ :set test yes } :if ([get enabled] != $test) do={ set enabled=$test } Still mildly annoying. :)
by aragon
Sun Dec 23, 2012 11:30 pm
Forum: General
Topic: script compatibility
Replies: 2
Views: 836

script compatibility

Hi, I see some changes in v6 break script compatibility from v5. One in particular is the new "/ip firewall connection tracking enable" option that's gotten a new value of "auto". Unfortunately this breaks scripts that treat the enabled property as a boolean. It now has to be treated as a string, fo...
by aragon
Fri Apr 20, 2012 5:35 pm
Forum: General
Topic: 10 Equipment RB435G presenting the same problem.
Replies: 64
Views: 13130

Re: 10 Equipment RB435G presenting the same problem.

All I can say is, those who are still experiencing it, please help MT debug it with remote access to your equipment. Our boards haven't frozen for over a week now, and we haven't really changed much. As a result, they feel like ticking time bombs, but the problem is impossible to debug like this...
by aragon
Sat Mar 31, 2012 9:27 pm
Forum: General
Topic: 10 Equipment RB435G presenting the same problem.
Replies: 64
Views: 13130

Re: 10 Equipment RB435G presenting the same problem.

any update????? Not sure about you, but I enabled a netwatch script to toggle the switch-all-ports option if the ethernet interface died, and just having the netwatch running has prevented the interface from going dead on both my 435Gs (script hasn't fired once). Go figure. If it remains stable for...
by aragon
Wed Mar 28, 2012 2:40 pm
Forum: General
Topic: 10 Equipment RB435G presenting the same problem.
Replies: 64
Views: 13130

Re: 10 Equipment RB435G presenting the same problem.

We use SNMPv1. OIDs we poll are: IF-MIB::ifInOctets.X IF-MIB::ifInUcastPkts.X IF-MIB::ifInNUcastPkts.X IF-MIB::ifOutOctets.X IF-MIB::ifOutUcastPkts.X IF-MIB::ifOutNUcastPkts.X 1.3.6.1.4.1.14988.1.1.1.1.1.4.X 1.3.6.1.4.1.14988.1.1.1.2.1.3.Y.X 1.3.6.1.4.1.14988.1.1.1.2.1.4.Y.X 1.3.6.1.4.1.14988.1.1.1....
by aragon
Wed Mar 28, 2012 1:32 pm
Forum: General
Topic: 10 Equipment RB435G presenting the same problem.
Replies: 64
Views: 13130

Re: 10 Equipment RB435G presenting the same problem.

We use SNMP too.
by aragon
Wed Mar 28, 2012 1:20 pm
Forum: General
Topic: 10 Equipment RB435G presenting the same problem.
Replies: 64
Views: 13130

Re: 10 Equipment RB435G presenting the same problem.

[Ticket#2012032866000387]

We're going to be purchasing another board for lab testing. If we find a method of easily reproducing the problem in a lab environment, I'll post it.
by aragon
Wed Mar 28, 2012 11:51 am
Forum: General
Topic: 10 Equipment RB435G presenting the same problem.
Replies: 64
Views: 13130

Re: 10 Equipment RB435G presenting the same problem.

We just bought our first pair of 435G boards and they're both doing this! Both of them are powered and connected via the MT gigE PoE injector. One of them plugs into an RB250GS, but the other into a Soekris router. The switch-all-ports toggle does bring it back to life as reported elsewhere, but obv...
by aragon
Tue Mar 08, 2011 2:09 pm
Forum: RouterBOARD hardware
Topic: SNMP temperature/voltage OID missing on 450G 4.16
Replies: 11
Views: 11057

Re: SNMP temperature/voltage OID missing on 450G 4.16

FWIW, it's not a timeout situation. The RB is responding with an SNMP error and does so indefinitely until an SNMP walk is performed.

Glad you've confirmed it as a bug - thanks. For now we've wedged an snmpwalk into our monitoring scripts.
by aragon
Tue Mar 08, 2011 2:00 pm
Forum: RouterBOARD hardware
Topic: SNMP temperature/voltage OID missing on 450G 4.16
Replies: 11
Views: 11057

Re: SNMP temperature/voltage OID missing on 450G 4.16

point of my post is to show that using simple commands I can read named values from 450G and it is not really clear what problem you have. The problem is that they're inaccessible via SNMP after a fresh boot. The OID parent needs to be walked before the actual temperature and voltage OIDs return da...
by aragon
Tue Mar 08, 2011 2:09 am
Forum: RouterBOARD hardware
Topic: SNMP temperature/voltage OID missing on 450G 4.16
Replies: 11
Views: 11057

Re: SNMP temperature/voltage OID missing on 450G 4.16

janisk, I don't understand the point of your post?

This problem still occurs with 4.17.
by aragon
Thu Feb 17, 2011 4:12 am
Forum: RouterBOARD hardware
Topic: SNMP temperature/voltage OID missing on 450G 4.16
Replies: 11
Views: 11057

SNMP temperature/voltage OID missing on 450G 4.16

Hi, After a fresh boot, the SNMP temperature/voltage OIDs are missing. I have to perform an SNMP walk to make them accessible. $ snmpget -v1 -c public 172.18.87.136 SNMPv2-SMI::enterprises.14988.1.1.3.8.0 SNMPv2-SMI::enterprises.14988.1.1.3.10.0 ; snmpwalk -v1 -c public 172.18.87.136 SNMPv2-SMI::ent...