Community discussions

MUM Europe 2020

Search found 78 matches

by nsayer
Fri Sep 09, 2016 3:32 am
Forum: General
Topic: Out of nowhere, RB493G bricked with panic loop
Replies: 5
Views: 617

Re: Out of nowhere, RB493G bricked with panic loop

There are no cards installed. I haven't tried an alternate power supply. That's a good idea. I'll do that. The urgency has been reduced. I have a different router installed now that's working. In other words, Mikrotik has been fired. Recovering this unit would be useful, however, as the one thing I'...
by nsayer
Sun Aug 21, 2016 8:56 am
Forum: General
Topic: Out of nowhere, RB493G bricked with panic loop
Replies: 5
Views: 617

Re: Out of nowhere, RB493G bricked with panic loop

Well, it's even worse. Attempting to do NetInstall to load 6.34.6, I get this: Welcome to MikroTik Router Software remote installation Press Ctrl-Alt-Delete to abort mac-address: 00:0C:42:A9:0F:5D mac-address: 00:0C:42:A9:0F:5E mac-address: 00:0C:42:A9:0F:5F mac-address: 00:0C:42:A9:0F:60 mac-addres...
by nsayer
Sun Aug 21, 2016 8:10 am
Forum: General
Topic: Out of nowhere, RB493G bricked with panic loop
Replies: 5
Views: 617

Out of nowhere, RB493G bricked with panic loop

RouterBOOT booter 2.29 RouterBoard 493G Authorization: Passed CPU frequency: 680 MHz Memory size: 256 MB Press any key within 2 seconds to enter setup.. writing settings to flash... OK trying bootp protocol......... failed kernel loading failed loading kernel from nand... OK setting up elf image......
by nsayer
Fri Sep 19, 2014 4:52 pm
Forum: General
Topic: v6.19 released
Replies: 256
Views: 94979

Re: v6.19 released

Sometime between 6.16 and 6.19 L2TP VPN between my mac and iPhone and my routerboard has broken. I went in and made sure that the configuration was correct (so far as I know), including "enable IPSec" and adding the shared secret on the L2TP server page. What I get on the mac side is "IPSec connect...
by nsayer
Thu Sep 18, 2014 7:04 pm
Forum: General
Topic: v6.19 released
Replies: 256
Views: 94979

Re: v6.19 released

Sometime between 6.16 and 6.19 L2TP VPN between my mac and iPhone and my routerboard has broken. I went in and made sure that the configuration was correct (so far as I know), including "enable IPSec" and adding the shared secret on the L2TP server page. What I get on the mac side is "IPSec connect...
by nsayer
Wed Sep 17, 2014 9:58 pm
Forum: General
Topic: v6.19 released
Replies: 256
Views: 94979

Re: v6.19 released

Sometime between 6.16 and 6.19 L2TP VPN between my mac and iPhone and my routerboard has broken. I went in and made sure that the configuration was correct (so far as I know), including "enable IPSec" and adding the shared secret on the L2TP server page. What I get on the mac side is "IPSec connecti...
by nsayer
Tue Mar 05, 2013 10:58 pm
Forum: General
Topic: 802.3ad - how to use with Synology NAS
Replies: 3
Views: 1505

Re: 802.3ad - how to use with Synology NAS

Bueller?
by nsayer
Mon Feb 18, 2013 9:30 pm
Forum: Scripting
Topic: Need help - code snippet to filter hostname
Replies: 2
Views: 712

Re: Need help - code snippet to filter hostname

That worked! Thanks!
by nsayer
Mon Feb 18, 2013 9:12 pm
Forum: General
Topic: 802.3ad - how to use with Synology NAS
Replies: 3
Views: 1505

Re: 802.3ad - how to use with Synology NAS

Ok, I am certainly willing, but I think I need some more information. Can you suggest which knobs I need to twist to make this happen? I do see a mention of STP in the bridge config, and I can set that to 'stp' (it was none), but that's one level "up" from the bonding interface that ties together th...
by nsayer
Sat Feb 16, 2013 6:35 am
Forum: Scripting
Topic: Need help - code snippet to filter hostname
Replies: 2
Views: 712

Need help - code snippet to filter hostname

I have a script that runs periodically to convert the hostnames given in DHCP leases into static DNS entries. Unfortunately, some of the DHCP clients use illegal characters, which result in less-than-useful DNS entries. I've tried to engineer a snippet to fix this, but I can't quite wrap my brain ar...
by nsayer
Fri Feb 15, 2013 9:19 am
Forum: General
Topic: L2TP lifetime problem
Replies: 0
Views: 325

L2TP lifetime problem

I have L2TP+IPSec set up, and use it with my mac laptop. What I notice is that when the proposal lifetime elapses, the connection just hangs. What I expect is that IKE will step in and negotiate a new SA. Isn't this expectation reasonable? ip ipsec pro pr Flags: X - disabled, * - default 0 * name="d...
by nsayer
Thu Feb 14, 2013 5:05 am
Forum: General
Topic: 802.3ad - how to use with Synology NAS
Replies: 3
Views: 1505

802.3ad - how to use with Synology NAS

I have an RB493G and I've connected up my Synology DS412+ to two of the ports. I've created a bonding interface with the two Ethernet ports and added that to the bridge. So far, so good. Where things fail is if I set the NAS and the bonding interface to use 802.3ad. In short, it doesn't work. The de...
by nsayer
Sat Feb 02, 2013 5:52 pm
Forum: Beginner Basics
Topic: uPnP and firewall... what to do?
Replies: 14
Views: 6379

Re: uPnP and firewall... what to do?

Wouldn't blocking source routing achieve the same result?
by nsayer
Tue Jan 01, 2013 7:27 pm
Forum: General
Topic: v6 rc6 released
Replies: 215
Views: 63523

Re: v6 rc6 released

You're crazy. Everyone bugs MT to release it even with a beta ROS-Release. Now they did and a lot of people wines it does not work for them. *** DONT USE BETA SOFTWARE AND EXPECT IT TO BE FUNCTIONAL *** *** DONT USE BETA SOFTWARE AT YOUR CORE ROUTERS IF YOU WANT TO STAY ONLINE *** Your sentiment is...
by nsayer
Sun Dec 30, 2012 8:57 pm
Forum: RouterBOARD hardware
Topic: RB493G 800 MHz?
Replies: 2
Views: 829

RB493G 800 MHz?

I see in the Routerboard settings there is a CPU speed selector. I have a RB493G. If I attempt to set it to 800 MHz, I find I am unable to obtain a DHCP lease from my cable modem. 680 MHz, which was what it was set to when I found this, works fine. Does 800 MHz cause some functionality to be lost or...
by nsayer
Wed Aug 15, 2012 11:04 pm
Forum: General
Topic: DHCPv6 for home installations?
Replies: 37
Views: 13398

Re: DHCPv6 for home installations?

The default route issue is, indeed, fixed in 5.20.
by nsayer
Thu Aug 02, 2012 7:03 pm
Forum: General
Topic: IPv6: LL address is occasionally the wrong one
Replies: 1
Views: 464

Re: IPv6: LL address is occasionally the wrong one

After a couple of back-n-forths with Support, the upshot is that this is expected behavior. If you want your bridge to have a mac address that doesn't change (and thus, a LL address that doesn't change), then you must hard-code an admin-mac. I've done that, and after a reboot the LL address of the b...
by nsayer
Tue Jul 31, 2012 8:00 am
Forum: General
Topic: Need help blocking aggressive spam traffic
Replies: 3
Views: 641

Re: Need help blocking aggressive spam traffic

I dunno, I think you're likely to get more mileage out of hardening your mail server rather than attacking this in the firewall. One trick I've gotten good results with is configuring sendmail with FEATURE(`greet_pause', `2500')dnl The concept is that the RFC says that the client must wait for the s...
by nsayer
Tue Jul 31, 2012 4:20 am
Forum: General
Topic: Need help blocking aggressive spam traffic
Replies: 3
Views: 641

Re: Need help blocking aggressive spam traffic

I guess the first question is... what constitutes "abnormal" in this context?
by nsayer
Tue Jul 31, 2012 2:53 am
Forum: General
Topic: IPv6: LL address is occasionally the wrong one
Replies: 1
Views: 464

IPv6: LL address is occasionally the wrong one

[nsayer@KFU] > int br print Flags: X - disabled, R - running 0 R name="bridge1" mtu=1500 l2mtu=1520 arp=proxy-arp mac-address=00:0C:42:A9:0F:62 protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m [nsa...
by nsayer
Tue Jul 24, 2012 5:20 pm
Forum: General
Topic: DHCPv6 for home installations?
Replies: 37
Views: 13398

Re: DHCPv6 for home installations?

Support responded to me saying there would be a fix in the next release. Huzzah!
by nsayer
Mon Jul 23, 2012 11:47 pm
Forum: General
Topic: DHCPv6 for home installations?
Replies: 37
Views: 13398

Re: DHCPv6 for home installations?

AFAIK you also need to enable RA in IPV6/ND (Neighbour discovery) and enable advertisement of MAC and DNS (if you need it - mikrotik's dns server supports IPv6 resolution) on your internal interface. I don't advertise DNS. MacOS X machines appear to be allergic to that (at least, last time I tried ...
by nsayer
Mon Jul 23, 2012 11:24 pm
Forum: General
Topic: DHCPv6 for home installations?
Replies: 37
Views: 13398

Re: DHCPv6 for home installations?

I'm able to reproduce the same behavior with from-pool and add-default-route. Details are in this thread: http://forum.mikrotik.com/viewtopic.php?f=2&t=63777 I think there are two separate bugs in 5.19: 2) /ipv6 address attribute from-pool does not seem to be effective. That appears to be working f...
by nsayer
Mon Jul 23, 2012 7:44 am
Forum: General
Topic: DHCPv6 for home installations?
Replies: 37
Views: 13398

Re: DHCPv6 for home installations?

I think i don't get your setup details... You have an interface called ether1-gateway which is your ISP connection. Another one called bridge1 as your internal interface. If this is correct, your route number 3 is wrong! I agree that route 3 is wrong. It is, however, what showed up when I turned "a...
by nsayer
Sun Jul 22, 2012 7:51 pm
Forum: General
Topic: DHCPv6 for home installations?
Replies: 37
Views: 13398

Re: DHCPv6 for home installations?

The biggest difference I see is that I have 3 routs showing instead of two: 0 A S dst-address=::/0 gateway=ether1-gateway gateway-status=ether1-gateway reachable distance=1 scope=30 target-scope=10 1 X S dst-address=::/0 gateway=fe80::201:5cff:fe3c:b241%ether1-gateway gateway-status=fe80::201:5cff:f...
by nsayer
Sat Jul 21, 2012 6:18 am
Forum: General
Topic: DHCPv6 for home installations?
Replies: 37
Views: 13398

Re: DHCPv6 for home installations?

I am using 5.19. I have no explanation for any difference.

[edit]

Well... Except I did a "print detail" and the site might be reformatting it a bit.
by nsayer
Sat Jul 21, 2012 12:44 am
Forum: General
Topic: DHCPv6 for home installations?
Replies: 37
Views: 13398

Re: DHCPv6 for home installations?

This is a little odd looking. From /ipv6 route print get 2 ADC dst-address=2601:9:4980:52::/64 gateway=bridge1 gateway-status=bridge1 reachable distance=0 scope=10 3 DS dst-address=2601:9:4980:52::/64 gateway=fe80::201:5cff:fe3c:b241%ether1-gateway gateway-status=fe80::201:5cff:fe3c:b241%ether1-gate...
by nsayer
Fri Jul 20, 2012 6:25 pm
Forum: General
Topic: DHCPv6 for home installations?
Replies: 37
Views: 13398

Re: DHCPv6 for home installations?

Maybe there is a missing "set default gateway" in the DVCPv6 setup like in v4 or something? Starting from v5.18 there is an option add-default-route on the client. I see I did not have that turned on. I've turned it on, but the behavior is unchanged. With the gateway simply set to ext-if, it fails....
by nsayer
Fri Jul 20, 2012 4:30 am
Forum: General
Topic: DHCPv6 for home installations?
Replies: 37
Views: 13398

Re: DHCPv6 for home installations?

/ipv6 route add dst-address=::/0 gateway=ext-if ... What does setting gateway=[interface] supposed to do? The above setting tells your router the default gateway for IPv6 packets and states the next hop for packet routing. So in the above line, if there is no other route in place, the packet will b...
by nsayer
Thu Jul 19, 2012 6:53 am
Forum: General
Topic: DHCPv6 for home installations?
Replies: 37
Views: 13398

Re: DHCPv6 for home installations?

This comes really close for me (with RouterOS 5.19 on Comcast), but

/ipv6 route add dst-address=::/0 gateway=ext-if

does not work. I was forced to use

/ipv6 route add dst-address=2000::/3 gateway=fe80::[EUI-64 of ISP router]%ext-if

What does setting gateway=[interface] supposed to do?
by nsayer
Tue Apr 10, 2012 9:10 am
Forum: General
Topic: DHCPv6 for home installations?
Replies: 37
Views: 13398

Re: DHCPv6 for home installations?

I have to do some testing, but there might be a bug. You should be able to allocate addresses from the pool that is assigned via the dhcpv6 client, but the pool is not accessible via the cli via preliminary testing. It is accessible via the gui. You can assign the default prefix to the wan address ...
by nsayer
Mon Apr 09, 2012 3:38 am
Forum: General
Topic: DHCPv6 for home installations?
Replies: 37
Views: 13398

Re: DHCPv6 for home installations?

You won't need a dhcpv6 server for this - just a dhcpv6 client(the pool option is there in case you do get a larger allocation like a /48 and need to handle your own delegation). Your wan interface will get the /64 allocation then you will advertise that /64 using (RAs/ND) on your internal network....
by nsayer
Sun Apr 08, 2012 5:39 am
Forum: General
Topic: DHCPv6 for home installations?
Replies: 37
Views: 13398

DHCPv6 for home installations?

We had a problem with our cable modem today, and in the process of troubleshooting it, I noticed that my laptop was able to get an IPv6 address. This meshes well with what Comcast has announced so far - single hosts can perform a prefix solicitation and so on, but for networks, they will support DHC...
by nsayer
Sat Feb 25, 2012 8:09 am
Forum: General
Topic: L2TP VPN + IPv6 success (sort of)
Replies: 0
Views: 767

L2TP VPN + IPv6 success (sort of)

I upgraded from 5.8 to 5.14 when I noticed that the change log mentioned supporting IPv6 prefix pools for ppp. Sure enough, I added a /48 to my tunnelbroker.net tunnel and assigned it to an IPv6 pool and assigned that as the prefix pool for my ppp profile, and it works with my mac, provided I give i...
by nsayer
Tue Jan 03, 2012 2:29 am
Forum: Beginner Basics
Topic: uPnP and firewall... what to do?
Replies: 14
Views: 6379

Re: uPnP and firewall... what to do?

It's clearly being invoked in this scenario, as evidenced by the fact I had to add a rule to pass all traffic inwards to my LAN. I have no forward rules and UPnP works just fine for me with just the auto-added dst-nat rules. So you have the null forward rule, which is to pass everything. Try adding...
by nsayer
Mon Jan 02, 2012 2:08 am
Forum: Beginner Basics
Topic: uPnP and firewall... what to do?
Replies: 14
Views: 6379

Re: uPnP and firewall... what to do?

What I can't quite wrap my brain around is that now my forward chain doesn't seem like it's adding any value. Either I'm right - and it isn't; or it's achieving something I can't think of - which I'd like to understand. Well, the forward chain is for routed packets. You're using NAT for UPnP device...
by nsayer
Fri Dec 09, 2011 5:07 am
Forum: Beginner Basics
Topic: uPnP and firewall... what to do?
Replies: 14
Views: 6379

Re: uPnP and firewall... what to do?

It's been suggested that it's not sensible to rely solely on NAT to secure the inside hosts. At the same time, if the inside hosts *request* an incoming port forwarding via uPnP, then the firewall should allow it. But is that then not exactly equivalent to just using NAT as your firewall? UPnP is a...
by nsayer
Fri Dec 09, 2011 12:00 am
Forum: Beginner Basics
Topic: uPnP and firewall... what to do?
Replies: 14
Views: 6379

Re: uPnP and firewall... what to do?

Thanks. I'll try that. In my case, the router is acting as a simple home gateway, so the one question I have left is... what's the difference between your proposed ruleset and the null ruleset? I ask because I can't think of anything the router is going to be forwarding anything that isn't to or fro...
by nsayer
Thu Dec 08, 2011 10:04 pm
Forum: Beginner Basics
Topic: uPnP and firewall... what to do?
Replies: 14
Views: 6379

uPnP and firewall... what to do?

I have uPnP enabled so that inside hosts can request incoming connections. I also have... 0 X chain=forward action=accept protocol=icmp 1 X chain=forward action=accept connection-state=established in-interface=ether1-gateway 2 X chain=forward action=accept connection-state=related in-interface=ether...
by nsayer
Fri Aug 26, 2011 10:16 am
Forum: Beginner Basics
Topic: L2TP bridge problem
Replies: 2
Views: 878

Re: L2TP bridge problem

I'm not actually trying to have the Ethernet interface support larger frames. I just want to pass maximally sized Ethernet frames across the link.
by nsayer
Mon Aug 22, 2011 7:01 am
Forum: Beginner Basics
Topic: L2TP bridge problem
Replies: 2
Views: 878

L2TP bridge problem

I've got an RB450G acting as an L2TP client connecting to an RB493G. Both are at 5.5. Both ends are tied into an EoIP bridge. Because of that, I've set the MRRU on both ends set to 1600. That isn't working, for some reason. Large packets are being dropped. Here's the only thing I have found so far t...
by nsayer
Tue Jul 12, 2011 9:51 pm
Forum: Beginner Basics
Topic: Something's wrong with my L2TP VPN
Replies: 7
Views: 3844

Re: Something's wrong with my L2TP VPN

I believe I've gotten myself asymptotically close now. In order for ROS to configure IPSEC along with L2TP, you have to add a static policy. Having done that, I do see SAs on each end. Something is still attempting to send aggressive mode IPSec packets to my server from that same address. I suppose ...
by nsayer
Fri Jul 08, 2011 5:56 pm
Forum: Beginner Basics
Topic: Something's wrong with my L2TP VPN
Replies: 7
Views: 3844

Re: Something's wrong with my L2TP VPN

With help from support, I believe I've gotten closer. I discovered a dynamic dstnat rule for UDP port 4500. I think it was put there by a UPnP client. I deleted it and added a static "accept" rule. The only question left is whether that is sufficient to block UPnP from attempting to offer that port ...
by nsayer
Wed Jul 06, 2011 3:30 am
Forum: Beginner Basics
Topic: Something's wrong with my L2TP VPN
Replies: 7
Views: 3844

Re: Something's wrong with my L2TP VPN

Bueller?
by nsayer
Fri Jul 01, 2011 3:06 am
Forum: General
Topic: Vonage and other VoIP Optimization
Replies: 4
Views: 4336

Re: Vonage and other VoIP Optimization

Oh. Well, you might still be able to use packet marking mangle rules to do this.
by nsayer
Thu Jun 30, 2011 8:27 am
Forum: Beginner Basics
Topic: Switch ports in a 493G
Replies: 4
Views: 1323

Re: Switch ports in a 493G

You can switch ether2-ether5 and ether6-ether9, bridge together both master-ports and wireless interface. Will doing this result in using the CPU or will they all be at switch speed? I currently sacrifice two ports (one on each switch) to get the full speed. Is the way you posted better? The two sw...
by nsayer
Thu Jun 30, 2011 6:22 am
Forum: Beginner Basics
Topic: Something's wrong with my L2TP VPN
Replies: 7
Views: 3844

Re: Something's wrong with my L2TP VPN

I'm going to have to fall back to PPTP for now, I guess. That seems to work without any issues.
by nsayer
Thu Jun 30, 2011 12:04 am
Forum: Beginner Basics
Topic: Something's wrong with my L2TP VPN
Replies: 7
Views: 3844

Re: Something's wrong with my L2TP VPN

On the mac side, i simply see Jun 29 13:55:18 nsayer-osx racoon[21158]: Connecting. Jun 29 13:55:18 nsayer-osx racoon[21158]: IKE Packet: transmit success. (Initiator, Main-Mode message 1). Jun 29 13:55:18 nsayer-osx racoon[21158]: IKE Packet: receive success. (Initiator, Main-Mode message 2). Jun 2...
by nsayer
Wed Jun 29, 2011 8:20 am
Forum: General
Topic: Vonage and other VoIP Optimization
Replies: 4
Views: 4336

Re: Vonage and other VoIP Optimization

I just went through this exercise. Generally, there's no need to prioritize inbound traffic. Your WAN connection is likely the bottleneck. The place to put QoS for inbound traffic is on the opposite side. If your ISP is like most, they probably don't bother. The best you can do is put QoS on the out...
by nsayer
Wed Jun 29, 2011 1:58 am
Forum: Beginner Basics
Topic: Something's wrong with my L2TP VPN
Replies: 7
Views: 3844

Something's wrong with my L2TP VPN

I'm using macs and an iPhone to connect home from the road. I also have an L2TP tunnel to another premises that is more or less permanently up. That one is coming from a Mikrotik box. That one works. The one thing that seems a little odd is that it logs a lot of: 15:41:09 ipsec,debug,packet 224 byte...
by nsayer
Tue Jun 28, 2011 6:55 pm
Forum: Beginner Basics
Topic: Graphs not preserved across reboot?
Replies: 1
Views: 718

Graphs not preserved across reboot?

Yes, I have store-on-disk set to yes for everything. Still, after a reboot the graphs are empty.
by nsayer
Thu Jun 23, 2011 7:17 pm
Forum: Beginner Basics
Topic: /ip firewall connection - timeout counts *up*?
Replies: 1
Views: 692

/ip firewall connection - timeout counts *up*?

In winbox, I've opened up the connections tab of the ip firewall and filtered on a particular src address and asked for the detail view. There, I can see that a particular connection's timeout counted down past 0 and then started counting back *up* again. What does this mean? While we're at it, what...
by nsayer
Thu Jun 23, 2011 5:55 pm
Forum: Beginner Basics
Topic: VoIP QoS queueing
Replies: 2
Views: 1406

Re: VoIP QoS queueing

Thanks. I've gone ahead and done that.
by nsayer
Wed Jun 22, 2011 11:18 am
Forum: Beginner Basics
Topic: VoIP QoS queueing
Replies: 2
Views: 1406

VoIP QoS queueing

At the moment, I have this: /queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \ max-limit=0 name=Outgoing parent=ether1-gateway priority=8 add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \ max-limit=0 name=VoIP packet-mark=voip parent=Outgo...
by nsayer
Wed Jun 22, 2011 1:07 am
Forum: Beginner Basics
Topic: /system ssh hangs
Replies: 3
Views: 1120

Re: /system ssh hangs

I found the steps to import a private key pair, and using the keypair works. But password authentication does not. I also, seemingly, cannot ssh to a dns name that is IPv6 only. I can, however, ssh to an IPv6 literal.
by nsayer
Mon Jun 20, 2011 9:10 am
Forum: Beginner Basics
Topic: Poor bandwidth
Replies: 4
Views: 854

Re: Poor bandwidth

I'm not sure what it was. when I tried it later, it was just fine.
by nsayer
Mon Jun 20, 2011 9:09 am
Forum: RouterBOARD hardware
Topic: Basic R52Hn questions
Replies: 5
Views: 1919

Re: Basic R52Hn questions

Thanks. I guess I'll stick with the airport for now. I was attracted by the potential increase in coverage through the use of external antennas and 5 db more power, and I have a potential use for VAP, but I'd want simultaneous dual band, and I definitely will be using it as a multi-client base. Are ...
by nsayer
Sun Jun 19, 2011 8:58 am
Forum: Beginner Basics
Topic: EoIP over L2TP: MTU problem?
Replies: 1
Views: 1279

Re: EoIP over L2TP: MTU problem?

Setting MRRU 1600 on both ends fixed it. I also switched the connection over to BCP bridging instead of EoIP.
by nsayer
Sun Jun 19, 2011 1:23 am
Forum: Beginner Basics
Topic: RB493 chassis and USB cabling?
Replies: 2
Views: 744

RB493 chassis and USB cabling?

I have the standard desk mount / wall mount chassis. I'd like to bring the USB port out to the chassis, but the knock-outs in the end are N connector sized, not USB. Does anyone have a suggested solution for this?
by nsayer
Sun Jun 19, 2011 1:00 am
Forum: Beginner Basics
Topic: EoIP over L2TP: MTU problem?
Replies: 1
Views: 1279

EoIP over L2TP: MTU problem?

I got an EoIP tunnel working over L2TP, sort of. The symptom I *believe* I'm seeing is that large packets don't make it across. on a unix box, ping -s 1390 [remote host] works, but 1391 fails. I would expect the EoIP tunnel itself to be able to properly fragment the packets going across the link. Is...
by nsayer
Fri Jun 17, 2011 10:01 pm
Forum: RouterBOARD hardware
Topic: Basic R52Hn questions
Replies: 5
Views: 1919

Basic R52Hn questions

I'm considering replacing an AirPort Extreme by adding an R52Hn to my RB493G. 1. What does the R52Hn come with? Will I need to purchase pigtails to bring the antenna jacks to surface of my case (the Mikrotik RB493 case with the 3 holes on the side)? 2. I assume I'll need two antennas. For simultaneo...
by nsayer
Mon Jun 13, 2011 3:21 am
Forum: Beginner Basics
Topic: Single port EoIP?
Replies: 1
Views: 636

Re: Single port EoIP?

Gah.

It's always about 10 minutes after I post something I figure it out.

Create a bridge, add the EoIP tunnel and the Ethernet port desired to it (and set master-port to none, of course).
by nsayer
Mon Jun 13, 2011 3:11 am
Forum: Beginner Basics
Topic: Single port EoIP?
Replies: 1
Views: 636

Single port EoIP?

How do you configure the Ethernet interface for EoIP? Right now, I've got my RB450G set up with ether3-local through ether5-local set with a master-port of ether2-local - so the local LAN ports are switched. Dandy. What I'd like to do is disconnect ether5-local and connect it - and only it - to an E...
by nsayer
Sun Jun 12, 2011 7:43 am
Forum: Beginner Basics
Topic: IPv6 over PPP (L2TP)
Replies: 1
Views: 1604

Re: IPv6 over PPP (L2TP)

I did get this working, sort of. 1. I had to go get a /48 and assign a unique prefix to the ipv6-remote-prefix for the user. It doesn't seem to work with the /64 on the LAN. 2. on the mac, sudo "sysctl -w net.inet6.ip6.accept_rtadv=1" for the prefix to be assigned. 3. I must manually 'route add -ine...
by nsayer
Sun Jun 12, 2011 5:24 am
Forum: Beginner Basics
Topic: IPv6 over PPP (L2TP)
Replies: 1
Views: 1604

IPv6 over PPP (L2TP)

I've got my L2TP VPN set up, and it works, including IP6CP negotiating link-local connectivity with the routerboard. The routerboard is serving a /64 on the LAN. I could get a /48 instead of using a /64, and then use other networks in the /48 for the PPP clients. That just smacks of the same sort of...
by nsayer
Sat Jun 11, 2011 4:43 am
Forum: Beginner Basics
Topic: Android 2.2 PPTP Mikrotik
Replies: 4
Views: 5664

Re: Android 2.2 PPTP Mikrotik

When I was setting up the L2TP VPN, the biggest problem I had was in getting the firewall rules right.

In your case, a PPTP VPN will need port 1723 and IP protocol 47 passed through (probably on the 'input' chain).

The L2TP vpn, for the record, needed port 500, 1701, 4500 and IP protocol 50.
by nsayer
Fri Jun 10, 2011 2:29 am
Forum: Beginner Basics
Topic: Home router setup steps
Replies: 4
Views: 5312

Re: Home router setup steps

I just went through this whole exercise for my own home LAN. Things you might consider adding: 1. IPv6, including an IPv6 firewall. You can get a free tunnel from several places. I use tunnelbroker.net. If you have a dynamic IP on your WAN side, there's a script you can run on the wiki that will upd...
by nsayer
Wed Jun 08, 2011 3:35 am
Forum: Beginner Basics
Topic: TCP connection-state "related"
Replies: 13
Views: 12332

Re: TCP connection-state "related"

Is there a way to edit or augment the list of 'relating' rules?
by nsayer
Tue Jun 07, 2011 11:55 pm
Forum: Beginner Basics
Topic: Help with ipv6 firewall ?
Replies: 5
Views: 3349

Re: Help with ipv6 firewall ?

Fair enough. I have added, more or less, a duplication of the 'forward' ruleset from the IPv6 firewall to the IPv4 one: pass icmp, pass established and related when the in interface is the gateway, pass tcp 22 when the in interface is the gateway and reject everything else when the in interface is t...
by nsayer
Tue Jun 07, 2011 10:45 pm
Forum: Beginner Basics
Topic: Help with ipv6 firewall ?
Replies: 5
Views: 3349

Re: Help with ipv6 firewall ?

Because there's no NAT on IPv6, I need to use the forward chain for all the hosts on the inside, and then duplicate the rules for the input chain to protect the routerbox itself. That has always been the case, even with IPv4. There is absolutely no protection for hosts behind the router in your IPv...
by nsayer
Tue Jun 07, 2011 8:52 pm
Forum: Beginner Basics
Topic: Help with ipv6 firewall ?
Replies: 5
Views: 3349

Re: Help with ipv6 firewall ?

I think I figured it out. Because there's no NAT on IPv6, I need to use the forward chain for all the hosts on the inside, and then duplicate the rules for the input chain to protect the routerbox itself. I assume that the reason proto 41 traffic is being received is that the default ipv4 firewall h...
by nsayer
Tue Jun 07, 2011 8:28 pm
Forum: Beginner Basics
Topic: PPP remote-address
Replies: 3
Views: 2533

Re: PPP remote-address

You can set the pool name as a dest addr in a profile, and then set that profile for the given secret.
by nsayer
Tue Jun 07, 2011 8:20 pm
Forum: Beginner Basics
Topic: Help with ipv6 firewall ?
Replies: 5
Views: 3349

Help with ipv6 firewall ?

I've attempted to basically copy the default IPv4 firewall configuration, making changes where it makes sense. Here's what I came up with: # jun/07/2011 10:09:24 by RouterOS 5.4 # software id = XDDH-ZK31 # /ipv6 firewall filter add action=accept chain=input disabled=no protocol=icmpv6 add action=acc...
by nsayer
Tue Jun 07, 2011 7:48 pm
Forum: Beginner Basics
Topic: /system ssh hangs
Replies: 3
Views: 1120

Re: /system ssh hangs

Mine works. V4.16. This is to a PCLinuxOS box from a RB433AH: [admin@test] /system> ssh xx.xx.58.118 user=tim tim@xx.xx.58.118's password: [tim@localhost ~]$ Insure your computer firewall is open to port 22 and you have the ssh daemon running. I'm using 5.4. I'm really, really, really, really sure ...
by nsayer
Tue Jun 07, 2011 12:13 am
Forum: Beginner Basics
Topic: /system ssh hangs
Replies: 3
Views: 1120

/system ssh hangs

/system ssh doesn't seem to work. 1. /system ssh localhost user=knowngooduser prompts me for a password, but rejects knowngooduser's password (which works with the windows UI). 2. /system ssh [ip address of unix box] user=remoteusername just hangs. After about 30 seconds, it returns with "Welcome ba...
by nsayer
Fri Jun 03, 2011 8:35 am
Forum: Beginner Basics
Topic: Poor bandwidth
Replies: 4
Views: 854

Re: Poor bandwidth

Never mind. This seems to have cleared itself up.
by nsayer
Thu Jun 02, 2011 5:40 pm
Forum: Beginner Basics
Topic: Poor bandwidth
Replies: 4
Views: 854

Poor bandwidth

I've set up a RB450G to be the NAT router for our house. Everything is functioning, so far as I can tell, but speed tests top out at about 10 mb/sec. Speed tests without the router should be getting about 60 mb/sec down and 10 mbps up. So far as I can see from the lights and the interface status, th...