Community discussions

Search found 28 matches

by miro
Wed Jun 26, 2019 12:47 pm
Forum: General
Topic: IPsec weird behavior
Replies: 1
Views: 192

Re: IPsec weird behavior

solved:
ipsec policy level=unique, solved the issue...
by miro
Wed Jun 26, 2019 10:40 am
Forum: General
Topic: IPsec weird behavior
Replies: 1
Views: 192

IPsec weird behavior

Hello guys, Bellow is export of my ipsec configuration. On my site (site A) is hEX with RouterOS 6.44.3 on other site (site B) is Cisco ASA. One host on my site A, is defined in two policies with /32 address, on site B there are defined two different hosts with /32 address. Problem is that traffic i...
by miro
Mon Nov 05, 2018 10:55 am
Forum: General
Topic: IPSec hardware encryption and QoS
Replies: 0
Views: 300

IPSec hardware encryption and QoS

hi guys, I can't find any guidelines for configuration for QoS and IPSec on a same router. I remember from last time I was digging about this, that if you use some queue tree on CCR series, all ipsec traffic is encrypted in a single core, so you loose benefit of hardware ipsec encryption. So, questi...
by miro
Tue Oct 30, 2018 11:09 am
Forum: General
Topic: A bit confused about RB750 Gr3 IPSec
Replies: 5
Views: 546

Re: A bit confused about RB750 Gr3 IPSec

Thank you for quick response...
by miro
Tue Oct 30, 2018 9:15 am
Forum: General
Topic: A bit confused about RB750 Gr3 IPSec
Replies: 5
Views: 546

A bit confused about RB750 Gr3 IPSec

Hi guys, On a mt wiki, there is a table which hardware encryption type is supported by particular router. https://wiki.mikrotik.com/wiki/Manual:IP/IPsec At rb750 Gr3 there are four asterisks: ****. At legend bellow table, there is explanation at four asterisks: 3DES only, but in table there is noted...
by miro
Thu Feb 01, 2018 10:53 am
Forum: The Dude
Topic: Probe Thread
Replies: 324
Views: 224022

Re: Probe Thread

For correct syntaks in notifications imho versions are not important...
But anyway, here they are:
Dude is on CHR ver 6.41 and server is Windows Server 2012...
In notification I receive no output of function services_info(), just plain text [Device.services_info()]
by miro
Wed Jan 31, 2018 3:43 pm
Forum: The Dude
Topic: Probe Thread
Replies: 324
Views: 224022

Re: Probe Thread

Hi guys. I monitor with dude WIndows servers. On Icon in Network map I've following info: CPU: [cpu_usage()]% RAM: [mem_usage()]% DiskC Free: [win_diskC_free_MB()] MB DiskE Free: [win_diskE_free_MB()] MB [failed_services()] [services_info()] I would like to display information from function services...
by miro
Sat Jan 27, 2018 7:04 pm
Forum: General
Topic: How to allow two devices with same IP access internet [SOLVED]
Replies: 21
Views: 2080

Re: How to allow two devices with same IP access internet [SOLVED]

Perhaps it could be done in nat messing with: you have condition src-mac address, or if you disable hardware switching, you can use in and out bridge port... Or use four cheapets Mikrotik, e.g. mAP...

But, my comment is: say to your customer: if you wan't to use IP network, obey IP standards...
by miro
Sat Jan 27, 2018 6:51 pm
Forum: General
Topic: QoS and ipsec performance in CCR routers
Replies: 3
Views: 463

Re: QoS and ipsec performance in CCR routers

Are you referring to the fact that queue tree on a CCR is processed by a single core.
Yes, but not only that, I'm thinking of that, if you are doing QoS on traffic, then also IPSec encryption and decryption on that same traffic is processed by single core...
by miro
Sat Jan 27, 2018 1:31 pm
Forum: General
Topic: QoS and ipsec performance in CCR routers
Replies: 3
Views: 463

QoS and ipsec performance in CCR routers

Hi guys, I have questions how does QoS affect ipsec performance in CCR1009-7G-1C-1S+. I remember, that someone from Mikrotik once wrote, that if you are using queues on traffic which is encrypted, that then encryption is made only in one core of cpu - I can't find that post. 1. So is that the case i...
by miro
Tue Jan 23, 2018 11:15 am
Forum: General
Topic: [ATTACHED] Mikrotik Rack-mounted Devices Visio Stencils
Replies: 28
Views: 18598

Re: [ATTACHED] Mikrotik Rack-mounted Devices Visio Stencils

Nice work... (Y)
Are there any plans for v4...
e.g. CCR1009-7G-1C-1S+
by miro
Tue Jan 23, 2018 11:14 am
Forum: Beginner Basics
Topic: Attached: Mikrotik Visio Stencils
Replies: 28
Views: 77936

Re: Attached: Mikrotik Visio Stencils

Nice work.... (Y)...
Are there any plans for v4...?
e.g. CCR1009-7G-1C-1S+
by miro
Wed Jan 17, 2018 4:22 pm
Forum: General
Topic: Hotspot Mac Cookie security issue
Replies: 4
Views: 688

Re: Hotspot Mac Cookie is just stupid !

Uhmmm... If you don't like it, just don't use it... And Mikrotik has request for feature section....
by miro
Wed Jan 17, 2018 11:29 am
Forum: General
Topic: IPSec ''strange'' question
Replies: 0
Views: 242

IPSec ''strange'' question

Hello, I'm trying to debug my IPSec problem. I don't have control of router on the other side(Cisco ASA5540), so I dont have all informations, what is going on on the other side... I configured IPSec properly source and destination subnet are not srcnated(accept rule in nat...) IPSec policies have P...
by miro
Tue Nov 07, 2017 11:29 am
Forum: General
Topic: Packet flow IPSec decryption
Replies: 2
Views: 390

Re: Packet flow IPSec decryption

Thanks... I was looking at old packet flow diagram... So packet is going through dst-nat facility...

I would like to ask for comments about configuration. This should be working like I posted abowe. There is no need for some ''dummy'' bridge and IP from nat translation on that bridge?
by miro
Tue Nov 07, 2017 11:17 am
Forum: General
Topic: Packet flow IPSec decryption
Replies: 2
Views: 390

Packet flow IPSec decryption

Hi guys, Does packet after decryption goes through routing decision , or is it send direct to forward facility ? Configuration is following: On my local subnet there is 192.168.1.0/24 subnet, at our customer is 192.168.2.0/24 subnet. IP 192.168.1.100 is in src-nat translated to 10.5.5.1/32, at custo...
by miro
Tue Oct 24, 2017 2:04 pm
Forum: General
Topic: Mikrotik please respond - IoT Reaper
Replies: 1
Views: 533

Mikrotik please respond - IoT Reaper

There are news about new malware, that can also affect Mikrotik...
https://www.infosecurity-magazine.com/n ... e-for-the/

Mikrotik: would you please post a statement about this: which hardware, which version of ROs, which configuration combinations...

Thank you...
by miro
Fri Oct 20, 2017 11:54 am
Forum: General
Topic: Is re-ordering fixed yet with IPSec and hardware acceleration? (Updating thread)
Replies: 134
Views: 26255

Re: Is re-ordering fixed yet with IPSec and hardware acceleration? (Updating thread)

Hi guys.
Do you have to change MSS to 1360, to achieve max performance or you still have reordering issue, if you don't change MSS... ?
by miro
Thu Oct 19, 2017 1:00 pm
Forum: General
Topic: IPSec NAT translation?
Replies: 6
Views: 1188

Re: IPSec NAT translation?

Thanks... I was thinking the same, but I couldn't find nice article about which phase is configured where in cisco.. In mikrotik is pretty obvious and easy to understand (for me) which phase is configured in which module... One more question... All the defined policies are common to all peers (but o...
by miro
Thu Oct 19, 2017 11:30 am
Forum: General
Topic: IPSec NAT translation?
Replies: 6
Views: 1188

Re: IPSec NAT translation?

it's ios....
by miro
Thu Oct 19, 2017 10:02 am
Forum: General
Topic: IPSec NAT translation?
Replies: 6
Views: 1188

Re: IPSec NAT translation?

Thanks... I'll try with netmap. Although I must admit I don't fully understand what the difference between action=src-nat and netmap... :( I'll report on final setup in about a week... I would like to ask for a little more help. I don't fully understand cisco sintaks. Please check if I understand co...
by miro
Wed Oct 18, 2017 2:50 pm
Forum: General
Topic: IPSec NAT translation?
Replies: 6
Views: 1188

IPSec NAT translation?

Hi guys. At one of my clients I have to change Cisco router with Mikrotik. In ipsec they have nat translation - that means that LAN subnet is 192.168.1.0/24, but through ipsec tunnel this subnet is ''advertised'' as a subnet 10.99.62.0/24. Can that be done with: ip firewall nat add src-address=192.1...
by miro
Wed Jun 11, 2014 12:06 pm
Forum: General
Topic: v6.14 released
Replies: 115
Views: 24584

Re: v6.14 released

Could you tell us, when are you planning to implement loop prevention in CRS series switches?
by miro
Tue Mar 12, 2013 8:48 pm
Forum: General
Topic: European MUM 2013: Croatia!
Replies: 51
Views: 17886

Re: European MUM 2013: Croatia!

> Are there no local wisps in the area?

Yes there are, bot noone from executive level(its on 6th floor), won't let me in their room, to mount some sextant on beside their window
:D :D :D
by miro
Tue Mar 12, 2013 8:24 pm
Forum: General
Topic: European MUM 2013: Croatia!
Replies: 51
Views: 17886

Re: European MUM 2013: Croatia!

> I have heard that the internet is not so good in the MUM hotel.

It is catastrophic.
by miro
Mon Mar 11, 2013 9:22 pm
Forum: General
Topic: European MUM 2013: Croatia!
Replies: 51
Views: 17886

Re: European MUM 2013: Croatia!

In rooms there is no wifi :twisted:
On fourth floor things has changed :)
by miro
Tue May 17, 2011 2:16 pm
Forum: Scripting
Topic: Simple script to enable/disable an IP address based on ping?
Replies: 6
Views: 7010

Re: Simple script to enable/disable an IP address based on p

My idea on failover may be usefull. I'm not doing load balancing, only failover. I have three routers: primary uplink, secondary uplink and LAN router. I'm manipulating with Default Route Metric in OSPF instance settings. Topology: (adsl interface)PrimaryUplink(eth1)-------(eth3)LAN(eth2)----------(...
by miro
Mon May 09, 2011 3:01 pm
Forum: The User Manager
Topic: User-manager and SP300e Thermal Printer entegrasyon
Replies: 3
Views: 1804

Re: User-manager and SP300e Thermal Printer entegrasyon

> maybe Mikrotik Hotspot Printer.... we showed it at mum... link is below

I must say, printer works fine. We're using it in production environment. Except one "issue". Printer looses connectivity with AP every 23 seconds and then reconnects again, despite that signal strength is well enough - 70 dBm?