Community discussions

Search found 80 matches

by lorsungcu
Wed Mar 29, 2017 1:00 am
Forum: General
Topic: Looking for a second opinion on my queue configuration
Replies: 0
Views: 296

Looking for a second opinion on my queue configuration

Hello; I've built some mangling/queues and would like someone else's opinion on whether what I'm doing makes sense. The goal is to de-prioritize large downloads and ensure voice traffic has the highest priority. Issue I'm seeing is that it seems no matter what I do, I end up dropping packets on the ...
by lorsungcu
Wed Aug 17, 2016 7:11 am
Forum: General
Topic: Dual WAN GRE/IPSec + output mangling
Replies: 1
Views: 1435

Dual WAN GRE/IPSec + output mangling

Hello I have two ISPs, both static. I have GRE/IPSec tunnels I'd like to have up on both circuits simultaneously. I think I'm having trouble in properly mangling traffic in the output chain. See configs below: /ip firewall mangle add action=mark-connection chain=input connection-mark=no-mark in-inte...
by lorsungcu
Wed Mar 09, 2016 11:30 am
Forum: Announcements
Topic: Winbox3.1 released!
Replies: 50
Views: 27121

Re: Winbox3.1 released!

I would really like the ability to be able to choose where addresses are stored, so I can sync addresses between machines. Also, whoever asked for a download/upload button is right on. Short of releasing a native version for *nix, this would be the next best thing. Currently really breaks usability ...
by lorsungcu
Thu Jan 07, 2016 3:40 am
Forum: General
Topic: CCR Packet Loss
Replies: 4
Views: 1019

Re: CCR Packet Loss

Is this seriously still an issue? Is there an official word from Mikrotik?
by lorsungcu
Sat Aug 08, 2015 4:45 am
Forum: General
Topic: Switch Chips in GNS3?
Replies: 0
Views: 415

Switch Chips in GNS3?

Anyone using GNS3 able to shed some light on whether the ability to emulate switch chips is possible, and if so, how? I'm using QEMU, but am open to whatever.
by lorsungcu
Thu Jun 18, 2015 8:12 am
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 81773

Re: Feature Req: IKEv2 server and client

Any word on a timeline for ros7? This is needed so badly.
by lorsungcu
Sat Feb 28, 2015 6:17 am
Forum: General
Topic: Dynamic IPSec + Site to Site
Replies: 0
Views: 360

Dynamic IPSec + Site to Site

Sorry if this has been asked before, but I am wondering if it's possible to have both a dynamic IPSec peer config, and still have site to site peers. It seems like with this configured, the sites get disconnected every so often; no issues with out the dynamic peer. Dynamic peer is even configured to...
by lorsungcu
Tue Jan 20, 2015 11:29 pm
Forum: General
Topic: Error in Winbox 3beta at Ipsec Policy
Replies: 3
Views: 1617

Re: Error in Winbox 3beta at Ipsec Policy

This is still an issue. When will a resolution be released?
by lorsungcu
Thu Oct 16, 2014 10:36 pm
Forum: General
Topic: Public IP passthrough
Replies: 3
Views: 3266

Re: Public IP passthrough

Yep. Think that should do it.
by lorsungcu
Thu Oct 16, 2014 9:29 pm
Forum: General
Topic: Public IP passthrough
Replies: 3
Views: 3266

Re: Public IP passthrough

Place the WAN address you want for the phones on a bridge or switch that contains a) the port that the ISP is coming in on b) the logical "WAN" port for your voice network and c) the logical "WAN" port for your data network. Only assign the address(es) you want to use on the mikrotik to this switch/...
by lorsungcu
Thu Oct 16, 2014 7:51 pm
Forum: General
Topic: Android always-on IPSec problems
Replies: 5
Views: 1750

Re: Android always-on IPSec problems

Google thinks it's the router screwing things up. I am sure it isn't, but I guess it's just not possible. Any idea if RouterOS will support any of the GSS-API stuff?
by lorsungcu
Thu Oct 16, 2014 12:24 am
Forum: General
Topic: Android always-on IPSec problems
Replies: 5
Views: 1750

Re: Android always-on IPSec problems

Last bump before I give up. Anyone have any ideas?
by lorsungcu
Sun Oct 12, 2014 11:54 pm
Forum: General
Topic: Android always-on IPSec problems
Replies: 5
Views: 1750

Re: Android always-on IPSec problems

Anyone? Mikrotik?
by lorsungcu
Thu Oct 09, 2014 7:45 am
Forum: General
Topic: BAD IP block list - thoughts?
Replies: 1
Views: 849

Re: BAD IP block list - thoughts?

This might be relevant:

http://forum.mikrotik.com/viewtopic.php?f=3&t=22257

There are also some integrations with things like fail2ban that i've seen that would get you going in the right direction.

http://forum.mikrotik.com/viewtopic.php?f=9&t=54446
by lorsungcu
Thu Oct 09, 2014 4:58 am
Forum: General
Topic: Android always-on IPSec problems
Replies: 5
Views: 1750

Android always-on IPSec problems

Hello I'm trying to set up some android devices with always-on IPSec VPNs, using IPSec with x-auth/psk. I can connect fine with the devices normally, but when i turn them to 'always on', I get this error in the logs: oct/08 20:12:17 ipsec,debug ipsec =>: rejected authmethod: DB(prop#1:trns#1):Peer(p...
by lorsungcu
Thu Oct 09, 2014 4:06 am
Forum: General
Topic: Your uptime
Replies: 1
Views: 554

Re: Your uptime

Image
by lorsungcu
Mon Sep 29, 2014 3:49 am
Forum: General
Topic: Crystalfontz CFA-634 Support?
Replies: 4
Views: 906

Re: Crystalfontz CFA-634 Support?

Yes, have tried that with only gibberish on the display; it also turns the backlight off entirely when any changes to contrast are made.
by lorsungcu
Sun Sep 28, 2014 11:54 pm
Forum: General
Topic: Crystalfontz CFA-634 Support?
Replies: 4
Views: 906

Re: Crystalfontz CFA-634 Support?

Hmm, doesn't seem to work for me, and the only drivers I see are for the 633. I get garbled stuff all over, but nothing readable.
by lorsungcu
Fri Sep 26, 2014 11:10 pm
Forum: General
Topic: Crystalfontz CFA-634 Support?
Replies: 4
Views: 906

Crystalfontz CFA-634 Support?

Any chance this model will be supported via USB?
by lorsungcu
Fri Sep 19, 2014 5:35 am
Forum: Forwarding Protocols
Topic: Suggestions for hub/spoke routing
Replies: 4
Views: 1306

Re: Suggestions for hub/spoke routing

All the offices have cable or DSL connections, nothing fancy, unfortunately.

I'll look at open VPN, although my understanding is that they dropped support for it, and IPSec seems to be getting better with each release. Has that changed?
by lorsungcu
Wed Sep 17, 2014 6:41 am
Forum: Forwarding Protocols
Topic: Suggestions for hub/spoke routing
Replies: 4
Views: 1306

Suggestions for hub/spoke routing

Hello I have ~15 remote locations with subnets similar to the following: Location A: 10.0.0.0/29 10.0.1.0/29 192.168.0.0/25 192.168.0.128/25 Location n: 10.0.0.8/29 10.0.1.8/29 192.168.1.0/25 192.168.1.128/25 All locations would be connecting back to location A. Currently we're bridging a single sub...
by lorsungcu
Fri May 23, 2014 12:38 am
Forum: General
Topic: Stability
Replies: 5
Views: 925

Re: Stability

Its true that bugs can be frustrating, but you said something that I want to comment on. I owe almost all of my routing and network knowledge to messing with these routers Having used a large array of vendor's products, I can promise you that bugs are just as common everywhere else. The fact of the...
by lorsungcu
Thu May 22, 2014 11:56 pm
Forum: General
Topic: Stability
Replies: 5
Views: 925

Stability

Writing this hoping for a response from Mikrotik. I use a ton of Routerboard stuff. Deploy routers with every install, use your wireless stuff when necessary, etc. Every chance I get. I think that will stop, though. At the moment, there is literally no stable version of the software. Sure, there are...
by lorsungcu
Sat May 17, 2014 5:42 pm
Forum: General
Topic: DHCP over BCP in 6.x is broken?
Replies: 5
Views: 1249

Re: DHCP over BCP in 6.x is broken?

Yeah everything died overnight. Router locked up, no response, no telnet, nothing. Had to rebot, downgraded to 5.26. BCP simply does not work in 6.x, but IPSec/L2TP in 5.x is inherently broken. These are both bugs acknowledged by Mikrotik, but with no solution.
by lorsungcu
Sat May 17, 2014 9:01 am
Forum: General
Topic: DHCP over BCP in 6.x is broken?
Replies: 5
Views: 1249

Re: DHCP over BCP in 6.x is broken?

Anyone have any ideas? Have a ticket into Mikrotik, but I'm watching my DHCP leases get closer and closer to renewal, knowing they'll not work out. I need to get this resolved or downgrade to 5.26.
by lorsungcu
Fri May 16, 2014 11:23 pm
Forum: General
Topic: Help with OSPF
Replies: 2
Views: 453

Re: Help with OSPF

I think MPLS with TE will do this well; I've been meaning to build a lab for it, this would be a good excuse. I will try this weekend; in the mean time, you may want to check the wiki for information.
by lorsungcu
Fri May 16, 2014 11:20 pm
Forum: General
Topic: v6.13 released!
Replies: 177
Views: 49315

Re: v6.13 released!

Yeah that sounds like what I'm seeing, although I'm using L2TP. I need 6.x for IPSec but it breaks all kinds of other stuff. This is maddening.
by lorsungcu
Fri May 16, 2014 10:04 pm
Forum: General
Topic: v6.13 released!
Replies: 177
Views: 49315

Re: v6.13 released!

Found more issues with DHCP in BCP bridging in 6.12. Going to open a ticket but dont expect a fast enough response to matter. I dont see anything in the changelogs between 5.26 and 6.12 that would cause DHCP to break as it has, can someone from mikrotik confirm if anything is different?
by lorsungcu
Fri May 16, 2014 9:50 pm
Forum: General
Topic: DHCP over BCP in 6.x is broken?
Replies: 5
Views: 1249

DHCP over BCP in 6.x is broken?

Upgraded a router to 6.12 to fix IPSEC issues, finding that DHCP over BCP doesn't work consistently. Anyone else have these issues? I am utterly sick of dealing with side effects of new firmware. I need the advertised features to work between versions; is that seriously too much to ask?
by lorsungcu
Fri May 16, 2014 7:41 pm
Forum: General
Topic: v6.13 released!
Replies: 177
Views: 49315

Re: v6.13 released!

dg8ngn - can you go into more detail about what is broken with BCP in 6.13? I need to upgrade (apparently L2TP is broken in 6.12, which is half the reason I upgraded...), but rely pretty heavily on BCP.
by lorsungcu
Wed May 14, 2014 5:14 pm
Forum: General
Topic: Known issues and bugs - a list
Replies: 283
Views: 111593

Re: Known issues and bugs - a list

Issue: IPSEC will not connect from 6.12 to 5.26 ROS Description: Using 6.12 on a router and 5.26 on another, unable to initiate a tunnel. Tested on two different devices. Works fine if downgraded to 5.26, or 6.9. Versions affected: 6.12 How to reproduce: Build functioning IPSec/L2TP tunnels in 5.26 ...
by lorsungcu
Mon May 12, 2014 8:25 pm
Forum: General
Topic: LLDP support for neighbor discovery
Replies: 11
Views: 3354

Re: LLDP support for neighbor discovery

This would be very, very nice.
by lorsungcu
Mon May 05, 2014 10:47 pm
Forum: General
Topic: L2TP/IPSec between 6.12 and 5.26 routers not working
Replies: 0
Views: 655

L2TP/IPSec between 6.12 and 5.26 routers not working

I have multiple sites connected back to a datacenter using L2TP and IPSec. This was working fine when using 5.26 on all routers. Upgraded a testing device to 6.12 and it will not connect, regardless of how each side is configured. Below is the configuration at the remote site: /ip ipsec proposal set...
by lorsungcu
Fri Apr 18, 2014 10:57 pm
Forum: General
Topic: Feature Requests for 7.x for improved network security
Replies: 11
Views: 4422

Re: Feature Requests for 7.x for improved network security

Yes, VLAN from RADIUS auth would be very very nice.
by lorsungcu
Wed Apr 16, 2014 2:07 am
Forum: General
Topic: v6.12 released
Replies: 237
Views: 57840

Re: v6.12 released

6.12 completely broke my ipsec/l2tp tunnels. Not sure what the problem is at this point, but i'll be moving back to 6.11 until i figure it out..
by lorsungcu
Wed Mar 26, 2014 6:57 pm
Forum: General
Topic: No record of ICMP traffic on interfaces in 6.11
Replies: 2
Views: 1132

No record of ICMP traffic on interfaces in 6.11

Not sure if this is actually an issue, but thought I should put it out here in case anyone else is seeing something similar. Customer has a Comcast modem with 5 static IPs; pinging them I get a response, and see the traffic while torching, but I do not see the traffic increment the ICMP rule in the ...
by lorsungcu
Mon Mar 03, 2014 10:19 pm
Forum: General
Topic: Unable to reach devices on separate subnets on same router
Replies: 6
Views: 1701

Re: Unable to reach devices on separate subnets on same rout

I think I got it. Thanks.
by lorsungcu
Mon Mar 03, 2014 9:58 pm
Forum: General
Topic: Unable to reach devices on separate subnets on same router
Replies: 6
Views: 1701

Re: Unable to reach devices on separate subnets on same rout

Yes. It has no bearing on this.
by lorsungcu
Mon Mar 03, 2014 9:26 pm
Forum: General
Topic: Unable to reach devices on separate subnets on same router
Replies: 6
Views: 1701

Re: Unable to reach devices on separate subnets on same rout

Yes, connectivity works fine form all networks out, it's just routing between the 192.x.x.x and 10.x.x.x.
by lorsungcu
Mon Mar 03, 2014 7:12 pm
Forum: General
Topic: Unable to reach devices on separate subnets on same router
Replies: 6
Views: 1701

Unable to reach devices on separate subnets on same router

I can ping devices to/from the 10.x networks, but while on the 192.168.10.0, I can't reach anything on the other subnets. Any ideas? Below is some configuration, please let me know if there's anything else you need:

Thanks
Cullen


Thanks; resolved.
by lorsungcu
Thu Jan 30, 2014 6:25 am
Forum: General
Topic: VLANs are killing me!
Replies: 3
Views: 904

Re: VLANs are killing me!

What interfaces are a part of the bridge? Add the master interfaces for the switches, and try again.
by lorsungcu
Wed Jan 15, 2014 4:29 am
Forum: General
Topic: 6.8rc1 Crashing During L2TP over IPSec
Replies: 5
Views: 2191

Re: 6.8rc1 Crashing During L2TP over IPSec

I've heard from Mikrotik this release should fix the NAT issues with L2TP. This may be what you're seeing, if you have workarounds in place for it.
by lorsungcu
Sun Dec 29, 2013 7:35 am
Forum: General
Topic: Anyone have a good example of IPSEC/L2TP with RSA keys?
Replies: 18
Views: 6983

Re: Anyone have a good example of IPSEC/L2TP with RSA keys?

I have had trouble with the versions of routerOS that support xauth. Not completely clear on how that would resolve the question of using a single set of keys with many remote, dynamic-ip'ed sites, though, can you clarify?
by lorsungcu
Sat Dec 28, 2013 5:00 am
Forum: General
Topic: Anyone have a good example of IPSEC/L2TP with RSA keys?
Replies: 18
Views: 6983

Re: Anyone have a good example of IPSEC/L2TP with RSA keys?

That is what I thought. I was hoping to be able to just distribute a single key to a bunch of remote users, but dont think thats possible. Is there a way to do something like that with certificates? I will look more into that as well.
by lorsungcu
Fri Dec 27, 2013 5:43 pm
Forum: General
Topic: Anyone have a good example of IPSEC/L2TP with RSA keys?
Replies: 18
Views: 6983

Re: Anyone have a good example of IPSEC/L2TP with RSA keys?

Right, but it doesn't seem like this could work for dynamic peers. is that correct?
by lorsungcu
Fri Dec 27, 2013 3:35 am
Forum: Beginner Basics
Topic: Inconsistent L2TP/IPSEC success with Android 4.3 [RESOLVED?]
Replies: 7
Views: 4683

Re: Inconsistent L2TP/IPSEC success with Android 4.3

Continue to hit this issue. Mikrotik, can you please respond with an answer as to how the problem should be properly solved?
by lorsungcu
Fri Dec 27, 2013 2:06 am
Forum: General
Topic: Anyone have a good example of IPSEC/L2TP with RSA keys?
Replies: 18
Views: 6983

Re: Anyone have a good example of IPSEC/L2TP with RSA keys?

yeah, you're right. How would the third router work, then? Anyone willing to post their configuration?


Thanks again.
by lorsungcu
Mon Dec 09, 2013 7:23 pm
Forum: General
Topic: Anyone have a good example of IPSEC/L2TP with RSA keys?
Replies: 18
Views: 6983

Re: Anyone have a good example of IPSEC/L2TP with RSA keys?

Changing to PSK, and everything came right up. I must be screwing the key configuration up... Steps to set up IPSEC with RSA: Generate key on Router01 (r1_key) Export public key (r1_key.pub) Set Router01 IPSEC peer key=r1_key remote-key=r1_key.pub Generate key on Router02 (r2_key) Import Router01 pu...
by lorsungcu
Mon Dec 09, 2013 6:31 pm
Forum: General
Topic: Anyone have a good example of IPSEC/L2TP with RSA keys?
Replies: 18
Views: 6983

Re: Anyone have a good example of IPSEC/L2TP with RSA keys?

Removing the IPSEC policy restores L2TP service. One thing I noticed was that a remote peer on the client side (2.2.2.2) gets configured for an the gateway address at my ISP. Below is an example: /ip ipsec remote-peers> print 0 local-address=2.2.2.2 remote-address=1.1.1.1 state=message-3-sent side=i...
by lorsungcu
Mon Dec 09, 2013 5:04 pm
Forum: General
Topic: Anyone have a good example of IPSEC/L2TP with RSA keys?
Replies: 18
Views: 6983

Re: Anyone have a good example of IPSEC/L2TP with RSA keys?

IPs are set up just as they are anywhere else, and I have a NAT rule to force them out the correct address. I'm going to review/rebuild everything again today, I'm sure I missed something somewhere.
by lorsungcu
Mon Dec 09, 2013 5:20 am
Forum: General
Topic: Anyone have a good example of IPSEC/L2TP with RSA keys?
Replies: 18
Views: 6983

Re: Anyone have a good example of IPSEC/L2TP with RSA keys?

Is it possible to use the same key with multiple remote peers? If I have 10 connections I need to make, for instance, can I just distribute the router1 public key? Below is my current config; I am unable to get L2TP connected with this configuration. Router 01: /ip ipsec proposal set [ find default=...
by lorsungcu
Sun Dec 08, 2013 8:59 pm
Forum: General
Topic: Anyone have a good example of IPSEC/L2TP with RSA keys?
Replies: 18
Views: 6983

Re: Anyone have a good example of IPSEC/L2TP with RSA keys?

Thanks, I have a good grip on how VPN works. Neither of the links covered what I asked for clarification on. I have no issue getting it working with PSK. I am looking for info on getting RSA key auth working for IPSEC between two routerboards.
by lorsungcu
Sat Dec 07, 2013 7:46 pm
Forum: General
Topic: Anyone have a good example of IPSEC/L2TP with RSA keys?
Replies: 18
Views: 6983

Anyone have a good example of IPSEC/L2TP with RSA keys?

I am looking for a good working example of site to site VPN using IPSEC/L2TP, using RSA keys for IPSEC authentication. I've looked through the wiki and manuals, and can't find anything complete, or that actually seems to work. Both sides of the VPN are routerboards. I'll post what i've got as far as...
by lorsungcu
Mon Nov 25, 2013 9:48 pm
Forum: General
Topic: IKEv2 Support - Looking for an official word from Mikrotik
Replies: 3
Views: 2611

IKEv2 Support - Looking for an official word from Mikrotik

Anyone from Mikrotik able to tell me whether IKEv2 is supported, which version supports it, and if not, will it be supported, and when? Can't find a solid answer to this.

Thanks!
by lorsungcu
Fri Nov 01, 2013 9:11 am
Forum: General
Topic: Regex not matching
Replies: 1
Views: 433

Re: Regex not matching

Bump
by lorsungcu
Fri Nov 01, 2013 8:55 am
Forum: General
Topic: 6.5 released!
Replies: 185
Views: 69811

Re: 6.5 released!

Something has seriously got to be done about how these are released. I killed a brand new 2011 upgrading it before a new installation this week. Please, please stop releasing features until what exists now works 100%. It's killing my faith in the stuff, and I'm starting to have fond memories of Cisco.
by lorsungcu
Wed Oct 30, 2013 7:08 am
Forum: General
Topic: Regex not matching
Replies: 1
Views: 433

Regex not matching

I am trying to regex match a string like this: video11.ord01.justin.tv The digits can increment, "video" can be 'video' or 'media', and "ord" can be a number of things. Here's the regex I've come up with: ^.*(get|GET)\s+((video|media)\d+\.)((ams|fra|lhr|arn|iad|mia|jfk|ord|dfw|lax)?\d?\.)((twitch|ju...
by lorsungcu
Fri Sep 20, 2013 5:38 pm
Forum: Beginner Basics
Topic: Inconsistent L2TP/IPSEC success with Android 4.3 [RESOLVED?]
Replies: 7
Views: 4683

Re: Inconsistent L2TP/IPSEC success with Android 4.3 [RESOLV

Got a reply from Mikrotik. It is indeed a bug, and they said it "will be fixed in the future", which i'd guess is code for never.
by lorsungcu
Fri Sep 20, 2013 5:33 pm
Forum: General
Topic: v6.4 released
Replies: 170
Views: 61265

Re: v6.4 released

Yeah I spent 4 days undoing an upgrade to a router. DHCP was acting weird after the upgrade, although L2TP/IPSEC was better than in 5.26. Also experienced all the issues with winbox and syntax changes. What an unfortunate mess :/
by lorsungcu
Mon Sep 16, 2013 9:04 am
Forum: Beginner Basics
Topic: Inconsistent L2TP/IPSEC success with Android 4.3 [RESOLVED?]
Replies: 7
Views: 4683

Re: Inconsistent L2TP/IPSEC success with Android 4.3

The issue was that the traffic for the L2TP connection was not hitting the input chain. They were experiencing the same issue described here: http://forum.mikrotik.com/viewtopic.php?f=2&t=40751 That was posted 3 years ago. Am I doing something wrong, or is this seriously still broken? Mikrotik? Anyo...
by lorsungcu
Mon Sep 16, 2013 4:59 am
Forum: Beginner Basics
Topic: Inconsistent L2TP/IPSEC success with Android 4.3 [RESOLVED?]
Replies: 7
Views: 4683

Re: Inconsistent L2TP/IPSEC success with Android 4.3

Did just notice that the tablet replies with the "Result-Code" of 6, which according to http://www.iana.org/assignments/l2tp-parameters/l2tp-parameters.xhtml#l2tp-parameters-12 means invalid destination. I'll be testing this tonight with osx/windows 7 to see if I can get a different result. Should a...
by lorsungcu
Sun Sep 15, 2013 8:12 am
Forum: Beginner Basics
Topic: Inconsistent L2TP/IPSEC success with Android 4.3 [RESOLVED?]
Replies: 7
Views: 4683

Re: Inconsistent L2TP/IPSEC success with Android 4.3

I have 15+ other L2TP connections to this site. I generally use pptp for mobile connections, but need L2TP for always on van with android. I will test with osx this weekend.
by lorsungcu
Sun Sep 15, 2013 12:04 am
Forum: Beginner Basics
Topic: Inconsistent L2TP/IPSEC success with Android 4.3 [RESOLVED?]
Replies: 7
Views: 4683

Inconsistent L2TP/IPSEC success with Android 4.3 [RESOLVED?]

I am attempting to configure IPSEC/L2TP VPNs to various sites on a new Nexus 7, using a cellular connection. I have gotten it working successfully to one site, but when the exact same configuration is copied to another site, the connection will not establish. Both sites have static IPs, no NAT betwe...
by lorsungcu
Tue May 07, 2013 3:57 am
Forum: Beginner Basics
Topic: Issue with MTU on EOIP over L2TP
Replies: 8
Views: 6332

Re: Issue with MTU on EOIP over L2TP

Thanks, I will try this.
by lorsungcu
Mon May 06, 2013 10:57 pm
Forum: Beginner Basics
Topic: Issue with MTU on EOIP over L2TP
Replies: 8
Views: 6332

Re: Issue with MTU on EOIP over L2TP

Pings fragment at 1405bytes. Can anyone confirm that what I need to do is even possible the way I'm going about it?
by lorsungcu
Mon May 06, 2013 5:04 pm
Forum: Beginner Basics
Topic: Issue with MTU on EOIP over L2TP
Replies: 8
Views: 6332

Re: Issue with MTU on EOIP over L2TP

I was able to get everything working; downgraded all routers to 5.0.25 and BCP took off. MTU between sites is still not where I'd like it, though. I don't know the exact number off the top of my head but its somewhere around 1420 that fragmentation happens. Two sites that I've noticed have less prob...
by lorsungcu
Mon May 06, 2013 3:51 am
Forum: Beginner Basics
Topic: Issue with MTU on EOIP over L2TP
Replies: 8
Views: 6332

Re: Issue with MTU on EOIP over L2TP

I am not able to pass DHCP over the BCP link for some reason. Below are my configurations, your insights are very much appreciated! CLIENT SIDE PPP /ppp profile set 0 change-tcp-mss=no name=default only-one=default remote-ipv6-prefix-pool=none use-compression=default use-encryption=default use-ipv6=...
by lorsungcu
Mon May 06, 2013 2:12 am
Forum: Beginner Basics
Topic: Issue with MTU on EOIP over L2TP
Replies: 8
Views: 6332

Re: Issue with MTU on EOIP over L2TP

I do control all sites; I'd like to use BCP and remove the EOIP all together, but can't just yet. Going to try moving to it tonight, but am not sure how it will impact existing connections and such. I'll post my results here.
by lorsungcu
Fri May 03, 2013 8:14 pm
Forum: General
Topic: [RESOLVED] L2TP stuck using preferred source?
Replies: 2
Views: 657

Re: L2TP stuck using preferred source?

Should update this; you must create a source NAT rule for L2TP that chooses the address. This solved the issue for me.
by lorsungcu
Fri May 03, 2013 8:07 pm
Forum: Beginner Basics
Topic: Issue with MTU on EOIP over L2TP
Replies: 8
Views: 6332

Issue with MTU on EOIP over L2TP

I have some transparent bridges set up between locations using EOIP over L2TP. I know I should be using BCP,a nd will be moving to that when I can, but this is what I've got for now. The issue I am having is MTU between sites is wrong, and I'm not able to send packets larger than ~1375 over the tunn...
by lorsungcu
Thu Feb 07, 2013 10:40 pm
Forum: General
Topic: TCP ACK duplication over PPTP
Replies: 0
Views: 469

TCP ACK duplication over PPTP

I have a PPTP connection to a remote site that has has a tunnel to another site. I am unable to reach some endpoints on the tunneled-to site, and get a duplicate ACK error when I try to. I have the main site with two bridges, for voice and data. Each satellite office has two bridges as well, in the ...
by lorsungcu
Tue May 08, 2012 5:37 pm
Forum: General
Topic: Best way to flatten network over 3 remote sites
Replies: 2
Views: 494

Best way to flatten network over 3 remote sites

A customer has 3 sites, and wants a single /24 over all three. All are geographically separate, and no p2p links between them exist. Plenty of bandwidth at each location. I was going to use IPsec and EOIP, unless someone can give me a reason this wouldn't work, or a better solution? Are there any ad...
by lorsungcu
Fri Apr 13, 2012 9:04 am
Forum: Wireless Networking
Topic: While connected to omnitik, I must use web proxy on gateway
Replies: 1
Views: 498

While connected to omnitik, I must use web proxy on gateway

I'm messing around with an omnitik, and noticed that in order to access pretty much anything outside of the lan, I need to add a web proxy on the gateway (a 450g), and direct http traffic through it. I've tried everything, and nothing seems to fix it. Anyone have any ideas or directions to go lookin...
by lorsungcu
Wed Apr 11, 2012 7:19 pm
Forum: General
Topic: [RESOLVED] L2TP stuck using preferred source?
Replies: 2
Views: 657

[RESOLVED] L2TP stuck using preferred source?

I'm trying to get some L2TP/IPsec tunnels set up, but can't get l2tp to respond to connections with anything but the preferred source address from the routing table. I've looked through the forums and seen many people encounter the same issue, and seen MT acknowledge it, but I haven't seen a solutio...
by lorsungcu
Fri Apr 06, 2012 5:56 pm
Forum: General
Topic: layer7 regexp
Replies: 1
Views: 610

Re: layer7 regexp

by lorsungcu
Fri Apr 06, 2012 4:29 pm
Forum: General
Topic: Routerboards as dynamic remote VPN clients
Replies: 3
Views: 612

Re: Routerboards as dynamic remote VPN clients

Are you referring to open VPN?
by lorsungcu
Tue Apr 03, 2012 6:21 pm
Forum: General
Topic: Routerboards as dynamic remote VPN clients
Replies: 3
Views: 612

Routerboards as dynamic remote VPN clients

I need to deploy ~75 routerboards as remote VPN clients, so users have ethernet handoffs with their VPN, mainly for VOIP applications. Has anyone else done this, or have any suggestions as how best to accomplish it? The issue's I see are that users will have dynamic internet addresses, these routers...
by lorsungcu
Tue Apr 03, 2012 4:27 pm
Forum: General
Topic: Functional differences in bridging and master/slave ports
Replies: 1
Views: 2597

Functional differences in bridging and master/slave ports

I realize the obvious differences between using a bridge and master/slave ports, but can someone elaborate on what is functionally different, and where you would use one over the other? Turned on some new 450s and it struck me that 2-5 are always slaved, and that I didn't know _why_.


Thanks!
by lorsungcu
Thu Nov 10, 2011 9:01 pm
Forum: Forwarding Protocols
Topic: Bridge class C over MPLS using GRE/VPLS?
Replies: 0
Views: 660

Bridge class C over MPLS using GRE/VPLS?

I have an MPLS network with 10.128.11.0/24 on one end and 10.128.12.0/24 on the other. I need to have 11 on both ends; my thought was to put routerboards on either end, run a GRE tunnel between the two, and create only one .11 network. Will this work, or will I need to use VPLS or something? The RBs...
by lorsungcu
Sun Jul 10, 2011 12:10 am
Forum: Wireless Networking
Topic: Best indoor warehouse AP setup?
Replies: 3
Views: 1280

Best indoor warehouse AP setup?

I have a project coming up where I will need to outfit a large warehouse with some APs. My thought would be Mikrotik router boards with 2 sector/client antennas, and one directional 'uplink' antenna (3 radios). Attached is a simple layout of the building. There are 4 main warehouse rooms and one off...