Community discussions

MUM Europe 2020

Search found 8 matches

by JanRovner
Mon Oct 30, 2017 12:26 pm
Forum: General
Topic: Feature request: TLS SNI match - classify traffic based on TLS hostnames
Replies: 2
Views: 1876

Feature request: TLS SNI match - classify traffic based on TLS hostnames

Hello, there exists an iptables extension called xt_tls - https://github.com/Lochnair/xt_tls that can look into TLS SNI field and classify traffic based on TLS hostnames present in TLS handshake phase. It would be much more efficient and resource friendly than general L7 protocol regex matching. Usa...
by JanRovner
Mon Jul 20, 2015 10:35 am
Forum: RouterBOARD hardware
Topic: CRS switch (CRS125) and wired RADIUS authentication
Replies: 2
Views: 838

CRS switch (CRS125) and wired RADIUS authentication

Hi, I am successfully using RADIUS together with Mikrotik/RouterOS to authenticate wireless clients on APs. Now, I would like to do an analogous thing with CRS switch (CRS125). 1 port = 1 MAC (client). I would like to configure CRS125 to authenticate a client attached to a port against our RADIUS se...
by JanRovner
Thu Jun 19, 2014 10:00 am
Forum: General
Topic: Redundant RADIUS servers for authentication : bug ???
Replies: 4
Views: 1071

Redundant RADIUS servers for authentication : bug ???

Hello, we use RADIUS features for wireless client authentication: station MACs are checked by RouterOS AP against a (single) configured RADIUS server, and everything works fine. /radius add address=radius_server_ip1 secret=oursecret service=wireless However, the RADIUS server is a single point of fa...
by JanRovner
Tue Feb 12, 2013 3:06 pm
Forum: Beginner Basics
Topic: L2 VPN, NAT friendly + road warrior - how to?
Replies: 3
Views: 1292

Re: L2 VPN, NAT friendly + road warrior - how to?

Thank you very much for a good tip. Yes, i know about EoIP tunnels, they work fine. However, could you please give me some basic info how to "secure them" using SSTP or IPSec ? EoIP tunnels need an IP address on both side, I assume those IP addresses will be addresses assigned to of some kind of poi...
by JanRovner
Tue Feb 12, 2013 2:01 pm
Forum: Beginner Basics
Topic: L2 VPN, NAT friendly + road warrior - how to?
Replies: 3
Views: 1292

L2 VPN, NAT friendly + road warrior - how to?

Hello, I am looking for a most fitting solution of a L2 VPN using RouterOS as a VPN gateway. I would like to set up a transparent ethernet interconnection between a company headquarters LAN and branches LANs (many). There is a DHCP server on HQ's LAN, all clients on all branches should be able to ge...
by JanRovner
Tue Sep 18, 2012 4:57 pm
Forum: The Dude
Topic: Tree Tab / device dependencies - does it work?
Replies: 1
Views: 1211

Tree Tab / device dependencies - does it work?

Hello, can anyone help me how to get a Tree view of devices working on the Dude ? The feautre is described in http://wiki.mikrotik.com/wiki/Manual:The_Dude/Device_list , but I can't get it working. My Devices/List and Devices/Tree tabs are identical, there are no expand/collapse buttons in the Name ...
by JanRovner
Sun May 22, 2011 10:18 pm
Forum: Forwarding Protocols
Topic: 1+ VPLS tunnels between two devices
Replies: 2
Views: 1093

Re: 1+ VPLS tunnels between two devices

Thank you, it looks promissing!
by JanRovner
Fri May 20, 2011 11:12 pm
Forum: Forwarding Protocols
Topic: 1+ VPLS tunnels between two devices
Replies: 2
Views: 1093

1+ VPLS tunnels between two devices

Hello, I am attempting to achieve a fault tolerant and/or better perfomance solution using interface bonding. The goal is to establish a transparent wireless L2 bridge using two RB800 boards, each of them having two wireless interfaces. First of all, I've got it sucessfully working using two EoIP tu...