Community discussions

MUM Europe 2020

Search found 47 matches

by kshive
Thu Nov 19, 2015 11:09 pm
Forum: General
Topic: OpenVPN from Mikrotik to Sophos UTM
Replies: 2
Views: 1655

OpenVPN from Mikrotik to Sophos UTM

I'm having some trouble getting an OpenVPN session going from a Mikrotik (Client) to a Sophos UTM (Server). I've tried to regenerate certs on the Sophos, different settings like using blowfish, key sizes, etc and same on the Mikrotik side. Pretty much, I think I'm not able to negotiate TLS. Anyone h...
by kshive
Thu Apr 23, 2015 12:40 am
Forum: General
Topic: anyone having this problem at v6.28?
Replies: 5
Views: 990

Re: anyone having this problem at v6.28?

1d 6hrs with no issues on v6.28
by kshive
Thu Apr 23, 2015 12:28 am
Forum: General
Topic: Feature request: Stateful HA with Conntrackd
Replies: 30
Views: 7723

Re: Feature request: Stateful HA with Conntrackd

+1 I've had to go with other products because the customer wants a seamless HA device
by kshive
Thu Apr 23, 2015 12:15 am
Forum: Forwarding Protocols
Topic: OSPF route publishing issue
Replies: 13
Views: 2283

Re: OSPF route publishing issue

What versions of ROS are you running? I'm running 6.27. The problem occurs when I have ANY live nat rule. I too tried to replicate this problem between two RB750's I have laying around but couldn't get it to fail. I even copied the /export file removing the obvious entries and changing IPs and it w...
by kshive
Mon Apr 13, 2015 6:41 pm
Forum: Forwarding Protocols
Topic: OSPF route publishing issue
Replies: 13
Views: 2283

Re: OSPF route publishing issue

So is this nat rule on site-A or on HQ?
(out of curiosity)
It's a NAT rule on "A". I can't even apply a masquerade rule or OSPF won't publish. It's strange that this was working for over 4 months and then all of a sudden it stopped.
by kshive
Sat Apr 11, 2015 7:12 am
Forum: Forwarding Protocols
Topic: OSPF route publishing issue
Replies: 13
Views: 2283

Re: OSPF route publishing issue

Not trying to think of stupid stuff here, but you can actually ping across the L2tp link when it's established, ospf notwithstanding, right? If so - if you create static routes across it, does everything work? Yes, I can ping across the link to the routing IP addresses on the other side with no sta...
by kshive
Sat Apr 11, 2015 12:27 am
Forum: Forwarding Protocols
Topic: OSPF route publishing issue
Replies: 13
Views: 2283

Re: OSPF route publishing issue

No, no static routes and the MTU's are both at 1450. I thought I might be able to see who was out there by pinging 224.0.0.5 but nothing came back. Nothing came back on any of the working routes either so that wasn't a good test. I turned on OSPF logging and can see the HELLO send from HQ but no rec...
by kshive
Fri Apr 10, 2015 6:53 pm
Forum: Forwarding Protocols
Topic: OSPF route publishing issue
Replies: 13
Views: 2283

Re: OSPF route publishing issue

This might be an artifact of your IP address sanitization for the post, of course, but if it's not, then you need to figure out why the mismatch. Yes sorry, I change the 2nd and 3rd octet but forgot to change the 3rd octet on that one. I'll made the change in the original post (I think I can edit i...
by kshive
Fri Apr 10, 2015 6:11 pm
Forum: Forwarding Protocols
Topic: OSPF route publishing issue
Replies: 13
Views: 2283

OSPF route publishing issue

I'm having an issue with OSPF that has me banging my head. I've got several networks that fold into a single location like a hub and spoke. One of the remote sites was working fine until yesterday. I changed the IP addresses up a bit for this post but they should refer to the correct route publicati...
by kshive
Tue Mar 10, 2015 3:02 am
Forum: Virtualization
Topic: RouterOS on Amazon EC2
Replies: 35
Views: 17993

Re: RouterOS on Amazon EC2

Well, this stuff made me curious so I've created a VMWare image of the newest ROS, converted it into the appropriate format, uploaded to S3 (where the C2 cloud can import it)... only to find out in the end that this method only works for Windows operating systems. This does work for linux instances...
by kshive
Tue Mar 10, 2015 2:57 am
Forum: Virtualization
Topic: RouterOS on Amazon EC2
Replies: 35
Views: 17993

Re: RouterOS on Amazon EC2

I shot an email about 2 years ago asking if they would want to run Mikrotik as a service in aws. I told them I would help run the project too. They didn't want anything to do with it and told me I could do it myself if I were willing to be a reseller and purchase a bunch of licenses and resell each ...
by kshive
Wed Nov 26, 2014 10:43 pm
Forum: General
Topic: https problem on hotspot
Replies: 97
Views: 93862

Re: https problem on hotspot

Zvjer,

Go to IP > Services and enable www-ssl. Then go to IP > Hotspot > Server Profiles and click on your profile. Then check "HTTPS" under "Login By"
by kshive
Thu Jan 30, 2014 7:30 am
Forum: Beginner Basics
Topic: Attached: Mikrotik Visio Stencils
Replies: 30
Views: 81397

CloudCore VSS

Added just the Cloud Core routers into VSS
by kshive
Tue Jan 21, 2014 6:35 am
Forum: General
Topic: VPN PPTP Client and Server
Replies: 3
Views: 1745

Re: VPN PPTP Client and Server

I think windows redirects all traffic down the pptp tunnel where you've got a specify the route on the mikrotik. Do you have a return route back from the other end of your VPN tunnel?
by kshive
Tue Jan 21, 2014 6:30 am
Forum: General
Topic: hotspot https redirect
Replies: 1
Views: 1630

Re: hotspot https redirect

bump.

Anyone else having this issue? Hotspot not able to redirect SSL connections because the redirect port is closed?
by kshive
Tue Jan 14, 2014 10:19 pm
Forum: General
Topic: RSTP/STP
Replies: 7
Views: 3120

Re: RSTP/STP

I'm using a CCR1016-12G The mikrotik CCR is in the building MDF. There are 4 cables coming from the CCR directly connecting the vertical IDFs of the other floors. Each floor has 3 additional IDF closets and each IDF has a switch. Here's an ascii picture of what I'm working with: Floor 5 - IDF--IDF--...
by kshive
Tue Jan 14, 2014 7:54 pm
Forum: General
Topic: hotspot https redirect
Replies: 1
Views: 1630

hotspot https redirect

I'm having trouble with hotspot redirect on https. Safari and firefox says it can't open the page but Chrome and IE10 work. I tracked it down to the https redirect to 64875. The http redirect to port 64874 works fine. I can open a page directly to http://hotspot.gateway:64874/ and the login pages co...
by kshive
Thu Jan 09, 2014 1:25 am
Forum: General
Topic: RSTP/STP
Replies: 7
Views: 3120

Re: RSTP/STP

that's not what I mean though. I WANT to make a loop because I'm testing out spanning tree for a certain implementation. RSTP should disable the offending port of the loop preventing packet storms, network weirdness, etc. The scenario I'm working on is a semi-public network at a company that often h...
by kshive
Mon Jan 06, 2014 10:52 pm
Forum: General
Topic: RSTP/STP
Replies: 7
Views: 3120

RSTP/STP

Not sure if this is how it works or if I'm just not doing things incorrectly but I have RSTP enabled on a bridge with 4 ports. I loop two of the ports together with another switch just to test and start pinging the the mikrotik and it shutdown down all the ports in the bridge - even the two other po...
by kshive
Wed Dec 18, 2013 10:54 pm
Forum: General
Topic: Pass all vlans
Replies: 1
Views: 692

Pass all vlans

Is there a way of passing all vlans across an interface without specifying each individual VLAN? I'm looking for a command like the cisco "switchport mode encapsulation dot1q" that passes all VLANs if you don't specify which ones to pass. Not sure if this is possible because cisco actually has a VLA...
by kshive
Wed Dec 18, 2013 10:49 pm
Forum: General
Topic: VRRP / clustering capability
Replies: 2
Views: 1885

Re: AW: VRRP / clustering capability

I have not yet seen a router with active /passive failover capability and that includes cisco up to crs. Routers always do hsrp/vrrp. You are thinking about firewalls. That statement is somewhat true. Cisco 6800 series is a router that has the capability of dual processor failover. It also as a fir...
by kshive
Tue Nov 26, 2013 7:42 pm
Forum: General
Topic: VRRP / clustering capability
Replies: 2
Views: 1885

VRRP / clustering capability

I've had a cloudcore router installed for a few months and I'd like to backup it up with a redundant unit. I purchased another cloudcore router and realized that VRRP isn't want I thought it was. This is more for the Mikrotik folks but is there a point on the road map where we will have an active/pa...
by kshive
Mon Jul 30, 2012 10:42 pm
Forum: General
Topic: IPSec VPN to Amazon AWS VPC
Replies: 0
Views: 2038

IPSec VPN to Amazon AWS VPC

Has anyone successfully connected their Mikrotik to an Amazon VPC? I've looked around on the internet but I've only found this write-up on how to do it. http://rant.gulbrandsen.priv.no/amazon/mikrotik-aws-ipsec I tried to do it step by step twice with no success. The status of my remote peers is alw...
by kshive
Thu Jul 28, 2011 1:54 am
Forum: Beginner Basics
Topic: Bonding of two wan
Replies: 2
Views: 998

Re: Bonding of two wan

If you're not truly "Bonding" then I'm assuming you mean you want to use to WAN links say two DSL lines and load balance over them. It's tricky if the DSL runs DHCP or PPPoE but it's pretty simple if it's static. See the Wiki link below - http://wiki.mikrotik.com/wiki/Load_Balancing_over_Multiple_Ga...
by kshive
Thu Jul 21, 2011 2:21 am
Forum: General
Topic: Meshing
Replies: 0
Views: 478

Meshing

Anyone have a tool that will manage multiple Mikrotik units besides The Dude? I've got this condo complex that has 27 buildings and each a duplex. I can bury cable to 10 of the buildings but the rest I need to do a one hop mesh from the 10 buildings I can cable to. I'm looking for an interface somew...
by kshive
Wed Jul 06, 2011 7:23 pm
Forum: General
Topic: Slow VPN tunnels (SSL, PPTP, L2TP)
Replies: 40
Views: 46385

Re: Slow VPN tunnels (SSL, PPTP, L2TP)

Still having problems with Mikrotik to Mikrotik VPN. I've tried to contact Mikrotik support directly with no response and the vendor I purchased the units from says they don't provide technical support on their products and that I should contact Mikrotik directly. Is there a forum moderator that can...
by kshive
Sun Jul 03, 2011 8:46 pm
Forum: General
Topic: Slow VPN tunnels (SSL, PPTP, L2TP)
Replies: 40
Views: 46385

Re: Slow VPN tunnels (SSL, PPTP, L2TP)

Bump - Anyone have any ideas?
by kshive
Tue Jun 14, 2011 6:57 pm
Forum: General
Topic: Slow VPN tunnels (SSL, PPTP, L2TP)
Replies: 40
Views: 46385

Re: Slow VPN tunnels (SSL, PPTP, L2TP)

Yes, I guess there's no PM on this forum but here's my spam account. Just email me there and I'll reply with my real email. kshive % yahoo*com
by kshive
Tue Jun 14, 2011 6:45 pm
Forum: General
Topic: Slow VPN tunnels (SSL, PPTP, L2TP)
Replies: 40
Views: 46385

Re: Slow VPN tunnels (SSL, PPTP, L2TP)

No I have not. Another thing is I've tried is downgrading to 4.17 but I'm seeing the same issues.

I contacted the reseller I purchased the hardware from and they said they don't provide support. I also contacted mikrotik support directly and I haven't hard back from them.
by kshive
Wed Jun 08, 2011 8:38 pm
Forum: General
Topic: Urgent help, unstabel PtP link and Mtp link, going crazy
Replies: 8
Views: 1575

Re: Urgent help, unstabel PtP link and Mtp link, going crazy

Does it happen at random times? If it does, see if there's any interference that got added. I suggest you use a spectrum analyzer so see if there's any additional noise in the area. I had a customer use a supply closet as a network room. They eventually put a fridge and a microwave in the room. the ...
by kshive
Wed Jun 08, 2011 7:58 pm
Forum: General
Topic: Slow VPN tunnels (SSL, PPTP, L2TP)
Replies: 40
Views: 46385

Re: Slow VPN tunnels (SSL, PPTP, L2TP)

Anyone have any ideas?

When I do a BW Test to the internal SSTP/PPTP/L2TP address I get about 500k-700k. When I test the external IP of the Mikrotik I get about 5Mb-6Mb.
by kshive
Mon Jun 06, 2011 9:05 pm
Forum: General
Topic: Slow VPN tunnels (SSL, PPTP, L2TP)
Replies: 40
Views: 46385

Re: Slow VPN tunnels (SSL, PPTP, L2TP)

On and I don't think the RB750G's are the issue. I set up a desktop with 2GB of Mem and Quad Core 2.3Ghz and 2 NICs and it's still doing the exact same thing with the RouterOS 5.4 ISO demo image.
by kshive
Mon Jun 06, 2011 8:27 pm
Forum: General
Topic: Slow VPN tunnels (SSL, PPTP, L2TP)
Replies: 40
Views: 46385

Slow VPN tunnels (SSL, PPTP, L2TP)

I've tried to search through the forums on this but I can't seem to find anything with my specific issue and resolution. I've tried an SSTP, PPTP and L2TP tunnel from three locations back to one central location and I seem to be VERY slow speeds. I've played around with MTU's, encryption, compressio...
by kshive
Wed Jun 01, 2011 10:32 pm
Forum: General
Topic: direct all traffic through tunnel
Replies: 2
Views: 610

Re: direct all traffic through tunnel

Thanks! That worked perfectly!
by kshive
Mon May 30, 2011 8:10 pm
Forum: Beginner Basics
Topic: VLAN problems
Replies: 12
Views: 2374

Re: VLAN problems

This is all done and working now but I'm having some issues with CPU usage. Since everything is pretty much bridged, I'm starting to get high CPU whenever a video stream goes across from building 2 to building 1. I'm pushing about 3000pps and about 22Mb/s but my CPU goes up to 40% and my winbox sess...
by kshive
Mon May 30, 2011 7:30 pm
Forum: General
Topic: direct all traffic through tunnel
Replies: 2
Views: 610

direct all traffic through tunnel

I've got a PPTP tunnel set up with multiple remote sites and I'd like all the traffic including web traffic to come up the tunnel. I have a content filter at the main site and I'd like to filter all the traffic from the main location. Anyone have any idea on how this is done?
by kshive
Mon May 16, 2011 11:29 pm
Forum: General
Topic: MTCNA exam
Replies: 1
Views: 2289

MTCNA exam

Can you take the MTCNA exam without taking a training class? I'm really just trying to skip over it because I want to take the MTCRE class.
by kshive
Thu May 12, 2011 12:48 pm
Forum: Beginner Basics
Topic: VLAN problems
Replies: 12
Views: 2374

Re: VLAN problems

Since all the VLANs are set up on port 5, how do I create another trunk port?
by kshive
Wed May 11, 2011 6:18 pm
Forum: General
Topic: MT 5.2 bridged vlan's dhcp trouble
Replies: 16
Views: 4358

Re: MT 5.2 bridged vlan's dhcp trouble

You've binded an IP to the bridge and you're binding the DHCP to the bridge, not the VLAN right?
by kshive
Wed May 11, 2011 6:13 pm
Forum: Beginner Basics
Topic: VLAN problems
Replies: 12
Views: 2374

Re: VLAN problems

Thanks reverged! That worked and the explanation made complete sense. I'm just use to Cisco where you just tell it that a certain port is a trunk port and define what vlans to send across the trunk. So there's a chance I'm going to need to replace the switch in building #1 with a VLAN aware switch a...
by kshive
Wed May 11, 2011 1:43 am
Forum: Beginner Basics
Topic: VLAN problems
Replies: 12
Views: 2374

Re: VLAN problems

I purchased one RB750G unit today, let's see what I can do with it. Port 1 are independent from the other ports. I think I need to separate the other ports from the switch group, to get different VLANs working. Otherwise, they will belong to the same default VLAN group. A RB250G would be much easie...
by kshive
Tue May 10, 2011 10:36 pm
Forum: Beginner Basics
Topic: VLAN problems
Replies: 12
Views: 2374

Re: VLAN problems

I'm able to segment the traffic on each of the VLANs to a specific port on the SAME switch but I'm not able to see it on the RB750G in the opposite building. I'm pretty sure I'm just having issues with trunking between the two RB750Gs. The two switches that hang off the Mikrotik's are flat access la...
by kshive
Tue May 10, 2011 2:16 am
Forum: Beginner Basics
Topic: VLAN problems
Replies: 12
Views: 2374

VLAN problems

I'm having an issue getting two 750G's to trunk between each other. Please see attached file. I'm able to set up the VLANs on one side and get the ports to bridge to the respective VLANs but I'm having trouble getting the data across the trunk port on the other side. I also eventually want the AP to...
by kshive
Mon May 09, 2011 6:49 pm
Forum: General
Topic: IP Packing
Replies: 6
Views: 3973

Re: IP Packing

Bummer - what you're saying makes total sense. So pretty much all I can do is rely on the packet packing and almost nothing on the compression. Thanks for your help!
by kshive
Sat May 07, 2011 2:34 am
Forum: General
Topic: IP Packing
Replies: 6
Views: 3973

Re: IP Packing

What about the compression? Shouldn't it compress at least a little bit?
by kshive
Thu May 05, 2011 8:36 pm
Forum: General
Topic: IP Packing
Replies: 6
Views: 3973

Re: IP Packing

Oh and CPU is only at like 3% when it spikes.
by kshive
Thu May 05, 2011 7:14 pm
Forum: General
Topic: IP Packing
Replies: 6
Views: 3973

IP Packing

Anyone have any real world compression ratios for ip packing? I'm trying to compress data on a PTP T1 link and I'm barely getting any increase in speed. Here's my setup - Computer -- Switch -- RB433AH -- Cisco 1720 -- T1 -- Cisco 1720 -- RB433AH -- Computer I'm running ROS 5.1 and I'm transferring a...