Community discussions

Search found 64 matches

by Davis
Sun Mar 10, 2019 7:23 pm
Forum: RouterBOARD hardware
Topic: hAP ac² - more RAM than in HW specification [SOLVED]
Replies: 55
Views: 13865

Re: hAP ac² - more RAM than in HW specification [SOLVED]

I have recently bought hAP ac² and it has 128 MB RAM. Router was bought in beginning of March 2019 in Latvia (from Latvian distributor), total-memory: 128.0MiB, factory-software: 6.43.10, factory-firmware: 6.43.10, model: RBD52G-5HacD2HnD. /system resource print uptime: 10h12m27s version: 6.44 (stab...
by Davis
Fri Oct 19, 2018 12:59 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 22157

Re: v6.43.4 [stable] is released!

When updating from 6.43.2 to 6.43.4 one of my hAP ac2 logged this message (similar to message in this post after update to 6.43.4): oct/19 00:10:46 script,warning DefConf gen: Unable to find wireless interface(s) However all the configuration seems to be intact and this message is NOT logged on subs...
by Davis
Fri Oct 05, 2018 1:30 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 38244

Re: v6.43.1 [stable] and v6.43.2 [stable] are released!

On hAP ac2 is similar problem. Unexpected reboots every 2h to 48h. I sent description of problem to Mikrotik support. I have the same issue - one of my hAP ac2 is rebooting from time to time (looks like it usually reboots within 24 hours and then works properly till I reboot it manually - however t...
by Davis
Thu Aug 23, 2018 2:28 am
Forum: RouterBOARD hardware
Topic: Cheapest device to support 5GHz spectral scan
Replies: 2
Views: 591

Cheapest device to support 5GHz spectral scan

What is the cheapest (and preferably physically smallest) RouterBOARD that supports spectral scan on both 2,4 GHz and 5 GHz ranges (or at least on 5 GHz range alone)?
P.S. I am not talking about spectral scan (not about scanning for 802.11 access points).
by Davis
Thu Aug 09, 2018 4:55 pm
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 26
Views: 24768

Re: WPA2 preshared key brute force attack

No. In order to obtain any PMKID attacker must get to key handshake phase that happens only after successful 802.11 association. If client is not in access-list, it is refused 802.11 association and AP does not even go to key handshake phase. So in this scenario attacker won't be able to obtain any...
by Davis
Thu Aug 09, 2018 2:39 pm
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 26
Views: 24768

Re: WPA2 preshared key brute force attack

The only reason to include PMKID when PSK is used is because 802.11 does not seem to be very specific about whether it must be included. What if there is some client that is very strict on checking what it receives? Possibly Ubiquity might not be sending PMKID . We will add an option to disable sen...
by Davis
Thu Aug 09, 2018 11:25 am
Forum: General
Topic: New Attack on WPA/WPA2 Discovered, Most Modern Routers Might be at Risk
Replies: 8
Views: 1547

Re: New Attack on WPA/WPA2 Discovered, Most Modern Routers Might be at Risk

Is ROS affected? IMHO it is stupid question. If Mikrotik implements and follow WiFi standard then the standard is affected then this "flow in design" is in current ROS implemented. Isn't PMKID sending beneficial only for EAP (so there is no need to send it for PSK networks)? What, in yor opinion, s...
by Davis
Thu Aug 09, 2018 11:17 am
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 26
Views: 24768

Re: WPA2 preshared key brute force attack

Are there any benefits for sending PMKID for non-EAP networks ( some people claim that there aren't)? If no, is it planned to fix this vulnerability (by not sending PMKID for PSK networks)? There are actually 3 reasons why this attack is worse than previously known procedure: 1. It is possible to ob...
by Davis
Thu Aug 09, 2018 12:04 am
Forum: General
Topic: New Attack on WPA/WPA2 Discovered, Most Modern Routers Might be at Risk
Replies: 8
Views: 1547

Re: New Attack on WPA/WPA2 Discovered, Most Modern Routers Might be at Risk

It would be great to get an official response from MikroTik whether RouterOS is affected by this bug (sending PMKID for PSK networks). And what are the plans for fixing this in case RouterOS is affected? Although most likely this attack doesn't improve cracking speed, it greatly increases attack sur...
by Davis
Thu Aug 09, 2018 12:01 am
Forum: Wireless Networking
Topic: PMKID Attack - clientless WPA2/WPA PSK attack
Replies: 6
Views: 3125

Re: PMKID Attack - clientless WPA2/WPA PSK attack

It would be great to get an official response from MikroTik whether RouterOS is affected by this bug (sending PMKID for PSK networks). And what are the plans for fixing this in case RouterOS is affected? Although most likely this attack doesn't improve cracking speed, it greatly increases attack sur...
by Davis
Mon May 14, 2018 11:40 pm
Forum: General
Topic: Rules not working
Replies: 3
Views: 441

Re: Rules not working

Here is one of MUM presentations on the topic (however blocking of IP addresses is harder to bypass than blocking of DNS): https://youtu.be/3LmQYIQ5RoA?t=3m57s Another good option would be using tls-host firewall rule property (however that might not catch all traffic - e.g. Chrome+Youtube). Some fi...
by Davis
Thu May 03, 2018 1:09 am
Forum: General
Topic: Suggestion for MikroTik - Bug Bounties
Replies: 2
Views: 641

Suggestion for MikroTik - Bug Bounties

After recent attacks and vulnerabilities (especially winbox exploit - that was 0-day in the wild) I would like to suggest MikroTik starting a bug bounty program . Bug bounties are essentially rewards (usually financial) for finding security vulnerabilities and properly reporting them to the authors ...
by Davis
Tue May 01, 2018 2:35 am
Forum: General
Topic: hAP ac² LAN->WiFi 5GHz performance issue.
Replies: 23
Views: 5157

Re: hAP ac² LAN->WiFi 5GHz performance issue.

I have noticed that (at least in my specific setup) hAP ac² together with Intel 7260 wifi card has issues with action=set-priority mangle rules. I had used this mangle rule ( rule comes from this MUM presentation ) and disabling it in some cases drastically improved performance (e.g. SFTP file downl...
by Davis
Tue May 01, 2018 2:32 am
Forum: Wireless Networking
Topic: hAP ac^2 Problems---Extremely Poor Performance found in 2.4G and 5G WiFi
Replies: 288
Views: 59171

Re: hAP ac^2 Problems---Extremely Poor Performance found in 2.4G and 5G WiFi

I have noticed that (at least in my specific setup) hAP ac² together with Intel 7260 wifi card has issues with action=set-priority mangle rules. I had used this mangle rule ( rule comes from this MUM presentation ) and disabling it in some cases drastically improved performance (e.g. SFTP file downl...
by Davis
Tue May 01, 2018 2:01 am
Forum: RouterBOARD hardware
Topic: hAP ac² High temperature
Replies: 50
Views: 10421

Re: hAP ac² High temperature

I have accidentally (while installing dust cover for USB port) noticed that my hAP ac^2 feels less warm (around 35 C) than around 2 weeks ago (when it felt more like 45 C). Has MikroTik implemented some thermal improvements (e.g. shutting down/throttling unused CPU cores) for hAP ac^2 in recent Rout...
by Davis
Sun Apr 15, 2018 7:52 pm
Forum: General
Topic: Wireless beacon interval and DTIM missing
Replies: 17
Views: 4946

Re: Wireless beacon interval and DTIM missing

+1 Beacon interval and DTIM would be useful (especially in crowded areas)
by Davis
Tue Dec 22, 2015 8:36 pm
Forum: RouterBOARD hardware
Topic: Protected bootloader installation failure on RB951G-2HnD
Replies: 3
Views: 1994

Protected bootloader installation failure on RB951G-2HnD

When trying to install protected bootloader as described in MikroTik wiki after rebooting router the following was logged: 01:13:44 system,info verified protected_routerboot_v3_24_enable_6_29_1_mipsbe.dpk 01:13:47 system,info installed protected-router-6.29 01:13:47 system,info FAILED to enable prot...
by Davis
Mon Jul 28, 2014 9:24 pm
Forum: General
Topic: ATTENTION, DISASTER! V.6.17
Replies: 57
Views: 15092

Re: ATTENTION, DISASTER! V.6.17

I don't think this is RouterOS 6.17 specific , but one of my RB951-G got softbricked by power outage (I assume that power was restored for some seconds, router started to boot and then power was disconnected again) about a week ago. Wireless LED was lit, ethernet LEDs were even blinking, but router...
by Davis
Mon Jul 28, 2014 9:21 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 204309

Re: Feature requests

I want to suggest adjustable boot-delay (under /system routerboard settings), up to 255 seconds, for all RouterBOARDs. This would allow some safety against bricking by repeated power loss (i.e. in case electrician connects power only for a few seconds router won't yet start to boot and there would b...
by Davis
Sun Sep 22, 2013 6:09 pm
Forum: Scripting
Topic: Reading log on ROS 6.2/6.3
Replies: 6
Views: 2052

Re: Reading log on ROS 6.2/6.3

ros code

:set a ($a . [:tostr [($le->"time")]] . "\r\n")
Thanks for helping to improve my script Send email about reboot.
by Davis
Tue Sep 17, 2013 2:09 pm
Forum: Scripting
Topic: Reading log on ROS 6.2/6.3
Replies: 6
Views: 2052

Re: Reading log on ROS 6.2/6.3

Correct script would be: { :global a "" :foreach le in=[/log print as-value] do={ :set a ($a . [:tostr [$le->"time"]] . "\r\n") } :put $a } It is wiser to use the name of element to get the value since order of the elements may change. Thanks! But looks like this code fragment doesn't work... [demo...
by Davis
Mon Sep 09, 2013 2:12 pm
Forum: Scripting
Topic: Reading log on ROS 6.2/6.3
Replies: 6
Views: 2052

Re: Reading log on ROS 6.2/6.3

on 6.4rc1 I get log entry topics. If that is what you require, then this will work this way in 6.4
Great! Thanks! Then it's fixed in 6.4 :)
by Davis
Mon Sep 09, 2013 12:15 pm
Forum: Scripting
Topic: Reading log on ROS 6.2/6.3
Replies: 6
Views: 2052

Reading log on ROS 6.2/6.3

How to read log on RouterOS 6.2+? Till ROS 6.1 (including) the following code worked: { :global a "" :foreach le in=[/log print as-value] do={ :set a "$a$[:tostr [:pick $le 3]]\r\n" } :put $a } But starting with 6.2 it just outputs many empty lines. Is this a bug or log should be retrieved otherwise?
by Davis
Thu May 23, 2013 3:01 pm
Forum: General
Topic: v6.0 released
Replies: 321
Views: 67740

Re: v6.0 released

Thanks MikroTik for wonderful hardware and software! And congratulations with release! :) I want to report a bug with IPSec. After upgrading from 5.25 to 6.0 IPSec VPN (IP over IP tunnel via IPSec in transport mode) stopped to work. A lot was logged (when enabled ipsec logging), incloding the follow...
by Davis
Sat Mar 09, 2013 3:23 am
Forum: General
Topic: Revert RB751G to default config after custom netinstall
Replies: 7
Views: 2806

Re: Revert RB751G to default config after custom netinstall

I created a file with RouterOS configuration commands (usable as Netinstall configure script) from script outputed by /system default-configuration print There main difference is MAC Server configuration (my config commands disable the default all interface before adding required interfaces). Also i...
by Davis
Fri Mar 08, 2013 5:50 pm
Forum: RouterBOARD hardware
Topic: Reseting my Routerboard 750 questions (help)
Replies: 6
Views: 1970

Re: Reseting my Routerboard 750 questions (help)

To reset the router config on the 750, you only have to peel of one of it's transparent foots and press that opening inside with a philips screwdriver so all contacts are connected. After that you can just login with admin and no password. Then you add my comands above. Better use reset button near...
by Davis
Fri Mar 08, 2013 5:28 pm
Forum: RouterBOARD hardware
Topic: RB951-2n V5.24 CPU 100% Reboot
Replies: 8
Views: 2636

Re: RB951-2n V5.24 CPU 100% Reboot

Hi! I think may be there is something that usually gets cached in RAM, but in case RAM is running low it needs to be read from the flash. Another theory is that you have a hardware issue, may be CPU is used by something else, but RouterOS interprets this as flash activity. :!: Anyway I think you sho...
by Davis
Fri Mar 08, 2013 3:23 pm
Forum: General
Topic: gratuitous ARP reply protection (against ARP poisoning)
Replies: 2
Views: 2326

Re: gratuitous ARP reply protection (against ARP poisoning)

If I got you correctly, you can either set ARP to respond only on an interface, create appropriate static ARP entries or create a bridge with only one interface to prevent ARP redirection on router side and set IP firewall rules to prevent traffic from wrong IP/MAC address combinations from being re...
by Davis
Thu Mar 07, 2013 1:12 pm
Forum: RouterBOARD hardware
Topic: What to do when even NetInstall does not help ?
Replies: 6
Views: 1874

Re: What to do when even NetInstall does not help ?

Try booting with backup bootloader. Here is how from RB450G manual There are two boot loaders present on the NOR flash memory chip. The main one, that is executed by default, and the Backup, which is built-in failsafe. In case something goes wrong in the upgrade process, or you have set some incorre...
by Davis
Wed Mar 06, 2013 12:56 am
Forum: General
Topic: Revert RB751G to default config after custom netinstall
Replies: 7
Views: 2806

Re: Revert RB751G to default config after custom netinstall

@Davis Attached you can find default script for 751U, but AFAIK for 751G is the same. RB751U-2HnD_Default_Config_Script.zip Use it as configure script for Netinstall. HTH, Thank you! But this is output from /system default-configuration print AFAIK this cannot be used as Netinstall configure script...
by Davis
Tue Mar 05, 2013 11:39 pm
Forum: General
Topic: Change "factory-defaults"
Replies: 8
Views: 2488

Re: Change "factory-defaults"

As jgellis stated, you can use netinstall to change default config, however: Users can always use Netinstall to gain access to the router. Users can buy their own routers and replace RouterBOARDs with them Disabling reset jumper won't disable reset button! Sophisticated users can use special softwar...
by Davis
Tue Mar 05, 2013 12:12 am
Forum: General
Topic: Revert RB751G to default config after custom netinstall
Replies: 7
Views: 2806

Re: Revert RB751G to default config after custom netinstall

System reset will always revert to the last configuration applied by Netinstall. If you no longer want your custom config to be the reset state, NetInstall again with either a new custom config, or none if you want a blank slate. /system default-configuration print will show factory default configu...
by Davis
Mon Mar 04, 2013 12:57 am
Forum: General
Topic: Revert RB751G to default config after custom netinstall
Replies: 7
Views: 2806

Revert RB751G to default config after custom netinstall

How to revert RouterBOARD 751G-2HnD to state where default factory settings are applied once reset button is used? I had used Netinstall with custom settings script, so now reset button reverts to settings applied by that script. Do I need to use Netinstall with special factory settings script? If y...
by Davis
Thu Feb 28, 2013 1:40 pm
Forum: RouterBOARD hardware
Topic: New - RB951G-2HnD
Replies: 68
Views: 99532

Re: New - RB951G-2HnD

+1 for solid caps. I think it would be a kind of sign of quality of best MikroTik home WiFi router... Nice that it has 600 MHz CPU - in sophisticated configuration (bridges, many firewall rules, bridge rules, VLAN, NAT) it can achieve at least 100 Mbps WAN to wired LAN or about 80 Mbps WAN to wirele...
by Davis
Wed Mar 14, 2012 7:43 pm
Forum: General
Topic: Rules to stop subnet to subnet traffic
Replies: 14
Views: 4050

Re: Rules to stop subnet to subnet traffic

You can just add firewall rule that stops all forwarding (/ip firewall filter add chain=forward action=drop) and above it you can add rules that allow forwarding between specific subnets (if needed).
by Davis
Wed Mar 14, 2012 4:15 pm
Forum: General
Topic: Two Lan bridged, change default gateway
Replies: 5
Views: 1216

Re: Two Lan bridged, change default gateway

The architecute question - why do you bridge those 2 LANs in separate buildings together? Is there any special applications that need this? This is bad, because network broadcasts/multicasts traveling betwen buildings consume your bandwidth... Usually routed VPN is used in such cases. You must creat...
by Davis
Wed Mar 14, 2012 2:24 pm
Forum: General
Topic: How to make such an address translation with RouterOS?
Replies: 6
Views: 1705

Re: How to make such an address translation with RouterOS?

But I always thought that packets goes through the translator only once...
No, see http://wiki.mikrotik.com/wiki/Manual:Packet_Flow
by Davis
Wed Mar 14, 2012 2:22 pm
Forum: Wireless Networking
Topic: RB751U Wireless Performance
Replies: 27
Views: 14066

Re: RB751U Wireless Performance

What is distance between computer and RB751? If they are near, have you tried to decrease tx power to mode card-rates and value, let's say, 17?
by Davis
Wed Mar 14, 2012 2:03 pm
Forum: General
Topic: How to make such an address translation with RouterOS?
Replies: 6
Views: 1705

Re: How to make such an address translation with RouterOS?

Replace only src-nat rule, leave your dst-nat rule intact (i.e. use these rules): ip fire nat add chain=dst dst-addr=11.11.11.11 proto=tcp dst-port=10001 action=dst-nat to-addr=192.168.1.201 to-port=4899 ip fire nat add chain=src dst-addr=192.168.1.201 proto=tcp dst-port=4899 action=src-nat to-addr=...
by Davis
Wed Mar 14, 2012 1:49 pm
Forum: General
Topic: How to make such an address translation with RouterOS?
Replies: 6
Views: 1705

Re: How to make such an address translation with RouterOS?

This is not Cisco ;) Rewrite source NAT rule as follows
ip fire nat add chain=src dst-addr=192.168.1.201 proto=tcp dst-port=4899 action=src-nat to-addr=192.168.1.1
by Davis
Tue Mar 13, 2012 2:53 pm
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 89164

Re: Feature Request: OpenVPN [ovpn] udp tunnels

I think OpenVPN needs a bit different approach. I think MikroTik can make it as less as possible integrated with everything else (e.g. user specifies OpenVPN instances, for each instance an interface from dropdown and config text is specified, imho all keys, certificates etc. can be stored also in a...
by Davis
Mon Feb 06, 2012 11:31 pm
Forum: Scripting
Topic: Result of command /log get is not string
Replies: 1
Views: 653

Result of command /log get is not string

Problem is the following: :put "$[/log get *0] $[/log get *1]" Prints a huge block of text instead of 2 first lines of the log (ROS v5.12). Is this desired behavior or a bug? If this is desired behavior how can result of /log get be converted to regular string? More about this block of text can be u...
by Davis
Thu Jan 26, 2012 12:38 am
Forum: General
Topic: DHCPoption 121 not working
Replies: 3
Views: 994

Re: DHCPoption 121 not working

If all your clients are Windows computers you can use DHCP option code 249 instead of 121 (this does work on my router with RouterOS 5.12).

Also a question to MikroTik - why DHCP option 121 isn't pushed to clients? It is a bug or is this done intentionally?
by Davis
Mon Oct 24, 2011 1:53 pm
Forum: General
Topic: Bandwidth Test with TCP and Lost Packets count
Replies: 1
Views: 990

Re: Bandwidth Test with TCP and Lost Packets count

Can anyone from MikroTik support answer, please?
by Davis
Fri Oct 21, 2011 4:54 pm
Forum: General
Topic: Bandwidth Test with TCP and Lost Packets count
Replies: 1
Views: 990

Bandwidth Test with TCP and Lost Packets count

How does Bandwidth Test calculate Lost Packets when Protocol is set to TCP?
Does it count all packets lost at Layer 2/3 or it simply takes some metrics of TCP (like dropped connection count), or is this always 0?
by Davis
Thu Aug 11, 2011 7:46 pm
Forum: General
Topic: Apple Products detected as port scanners
Replies: 8
Views: 1886

Re: Apple Products detected as port scanners

What is comment in address list? Let's start by determining which rule has added Apple devices to port-scanners list.
by Davis
Thu Aug 11, 2011 6:41 pm
Forum: General
Topic: Load balancing over Two interface without Masqurading
Replies: 2
Views: 894

Re: Load balancing over Two interface without Masqurading

On Router 1: add route to 10.4.1.0/24 with IP address of Router 2 in 10.10.10.4/30 subnet as gateway add route to 10.6.1.0/24 with IP address of Router 2 in 10.10.10.4/30 subnet as gateway add route to 10.5.1.0/24 with IP address of Router 2 in 10.10.10.8/30 subnet as gateway On Router 2: create rou...
by Davis
Wed Aug 10, 2011 9:24 pm
Forum: General
Topic: PPPoE network design
Replies: 20
Views: 3860

Re: PPPoE network design

If you will use RB1100AH as PPPoE server/concentrator then you don't need to route public subnets anywhere beyond it. But the question is how you will pass PPPoE through your RB1200 routers? PPPoE is layer 2 protocol so it is not going to pass through routers. What is the reason of these RB1200 (iso...
by Davis
Wed Aug 10, 2011 4:58 pm
Forum: General
Topic: Need help about Load lancing between 4DSL connections.
Replies: 5
Views: 690

Re: Need help about Load lancing between 4DSL connections.

Here is similar config with 2 internet links with equal speed: http://wiki.mikrotik.com/wiki/Manual:PCC In your case you will need 6 PCC rules that will divide traffic between 4 connections: / ip firewall mangle add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \ ...
by Davis
Tue Aug 09, 2011 2:09 am
Forum: General
Topic: Printer Routing
Replies: 8
Views: 1318

Re: Printer Routing

Do you have firewall on your Mikrotik that blocks access to File and Printer Sharing on printer computer?
If not, you should be able to access shares on that machine via the router.
by Davis
Mon Aug 08, 2011 2:42 pm
Forum: General
Topic: Two Mikrotik routers, two cisco switсh, trunk links
Replies: 6
Views: 2524

Re: Two Mikrotik routers, two cisco switсh, trunk links

You can also check STP on switches and Mikrotiks - ensure that switches have lower STP bridge IDs than bridges on Mikrotiks (so you won't get situations when link between switches gets disabled by STP and all traffic between switches gets forwarded through one of Mikrotiks). Almost definitely this i...
by Davis
Mon Aug 08, 2011 1:51 pm
Forum: General
Topic: Printer Routing
Replies: 8
Views: 1318

Re: Printer Routing

what i want is for host A and B to be able to print document through the printer machine installed to the window xp. They can surf the internet effectively without issue. Probably you need to connect to printer machine by IP address not by computername. Can you open \\192.168.0.1\ on Host A or Host...
by Davis
Mon Aug 08, 2011 1:34 pm
Forum: General
Topic: Management VLAN over WIFI/MESH
Replies: 6
Views: 2245

Re: Management VLAN over WIFI/MESH

Also make sure that VLAN-mode for switch ports where clients are connected is set to secure so your clients won't be able to connect to VLANs using tagged packets.
by Davis
Mon Aug 08, 2011 11:09 am
Forum: General
Topic: can't get VPN to work behind Cayman dsl modem / router
Replies: 5
Views: 842

Re: can't get VPN to work behind Cayman dsl modem / router

Can you run Packet Sniffer on your home router to see what more ports/protocols L2TP VPN uses?
These may be UDP ports 1701 and 4500.
by Davis
Mon Aug 08, 2011 8:01 am
Forum: General
Topic: How to stop MAC Cloning
Replies: 15
Views: 9410

Re: How to stop MAC Cloning

In Russia some providers use PPTP VPN (warning it uses CPU on VPN server/router) because its more secure than PPPoE. If you don't want any username/password authentication for your users you can use managed switch with MAC filtering (each user then would be connected to his own port on managed switc...
by Davis
Sun Aug 07, 2011 5:27 pm
Forum: General
Topic: New Ethernet port flap issue enquiery, PLS JOIN!
Replies: 247
Views: 85331

Re: New Ethernet port flap issue enquiery, PLS JOIN!

Thanks Ivoshiee. This is the kind of report we are looking for. By reading your post I realize that there were problems in the past with the Ethernet1/PoE port. Our port flap issue is also usually the Ether1/PoE port and we have seen other problems with these in the past. After release of v.4.x the...
by Davis
Sun Aug 07, 2011 4:27 pm
Forum: General
Topic: Transparent Layer 7 shaper config..
Replies: 24
Views: 13904

Re: Transparent Layer 7 shaper config..

If IP address of the bridge is from the same subnet as IP addresses of computers connected through the bridge (or any other subnet that is on the same broadcast domain) and you can't reach bridge IP from other networks (e.g. through the Internet) then on the bridge you should add default route (rout...
by Davis
Sun Aug 07, 2011 2:20 am
Forum: General
Topic: can't get VPN to work behind Cayman dsl modem / router
Replies: 5
Views: 842

Re: can't get VPN to work behind Cayman dsl modem / router

Does Packet Sniffer (with filter on client IP) show any packets from client?
Do you use IPSec with L2TP? If not, AFAIK you should forward port 1701 and ensure that VPN gets encrypted.
by Davis
Sat Aug 06, 2011 7:19 pm
Forum: RouterBOARD hardware
Topic: SOHO wireless router
Replies: 3
Views: 2037

Re: SOHO wireless router

Thanks, looks good, but will there be any models with g/n wireless (because not all clients support 802.11n) and gigabit ethernet?
by Davis
Sat Aug 06, 2011 4:23 pm
Forum: RouterBOARD hardware
Topic: SOHO wireless router
Replies: 3
Views: 2037

SOHO wireless router

Is SOHO Wireless Router (all-in-one solution) planned by MikroTik?
Something for indoor with 5 gigabit ethernet ports, 802.11 b/g/n wireless and optionally USB?
by Davis
Sat Aug 06, 2011 3:30 pm
Forum: General
Topic: Filtering invalid TCP packets
Replies: 0
Views: 879

Filtering invalid TCP packets

I wolud like to make MikroTik router reset every TCP connection that has initiated without its awareness (e.g. by injecting initial SYN packet via another router). I wanted to create filter rules that will: Create resettcp chain that will answer with TCP reset to all TCP packets with flags RST=off a...
by Davis
Tue Aug 02, 2011 1:53 pm
Forum: Beginner Basics
Topic: Failover newbie question
Replies: 12
Views: 2351

Re: Failover newbie question

Thanks for the reply. Just one clarification though. My main line is connected to my Cisco router. When you say "ISP core router" you do mean this one, right? Not something that sits at my ISP's, correct? Also, how would ping help here? Wont it check for the availability of the router (my router) i...
by Davis
Mon Aug 01, 2011 1:46 pm
Forum: Beginner Basics
Topic: Failover newbie question
Replies: 12
Views: 2351

Re: Failover newbie question

If I understood you correctly the answer is yes. If you have 2 upstream routers you can use MikroTik router for failover between them. Simply set up 2 default routes - route with distance 2 through netstick and route with distance 1 and ateway-check ping to your ISP core router. Then add route to yo...