Community discussions

MUM Europe 2020

Search found 34 matches

by karentom
Sat May 12, 2012 12:09 am
Forum: Wireless Networking
Topic: BIG BUG- Unicast key exchange timeout
Replies: 120
Views: 95072

Re: BIG BUG- Unicast key exchange timeout

Anyone, please help. Any opinion is very appreciated! I am googling around and I have found lots of post about this error - log: unicast key exchange timeout, but no solutions - just one to disable TKIP but this does not work. Is there someone from MTik team or other experts that has some experiance...
by karentom
Thu May 10, 2012 9:26 am
Forum: Wireless Networking
Topic: BIG BUG- Unicast key exchange timeout
Replies: 120
Views: 95072

Re: BIG BUG- Unicast key exchange timeout

I post here wireless, debug log and this is typical process of connection break which happens randomly: Here it is: 06:08:45 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected 06:20:27 wireless,debug wlan1: XX:XX:XX:XX:XX:XX attempts to associate 06:20:27 wireless,info XX:XX:XX:XX:XX:XX@wlan1: reassoc...
by karentom
Wed May 09, 2012 12:46 pm
Forum: Wireless Networking
Topic: BIG BUG- Unicast key exchange timeout
Replies: 120
Views: 95072

Re: BIG BUG- Unicast key exchange timeout

I have same/similar issue? Configuration: RB433 latest MTik 5.15 as AP and several wireless clients (win xp, win 7) are connected. One of the clients - new DELL Latitude E5520 with WIFI Intel Centrino Advanced-N 6205 (win xp sp3, latest drivers, latest BIOS) randomly breaks wireless connection and M...
by karentom
Wed Feb 01, 2012 2:31 am
Forum: General
Topic: securing L2TP/IPsec server connection
Replies: 15
Views: 6683

Re: securing L2TP/IPsec server connection

It seems that nobody else is motivated to join the discussion. Hope that somebody except blue and myself will find it interesting enough to participate Maybe this is better than nothing to prevent brute force attackers on L2TP interface this is the concept that peđa published in this link: http://pe...
by karentom
Mon Jan 30, 2012 1:15 pm
Forum: General
Topic: RB433 IRQ missing for ether2 & 3
Replies: 18
Views: 1448

Re: RB433 IRQ missing for ether2 & 3

Do you maybe know how that IC-Plus-175D is named switch1 in "/interface ethernet switch" and in the same time switch0 in "/system resource irq" ?

tnx
by karentom
Mon Jan 30, 2012 12:42 pm
Forum: General
Topic: RB433 IRQ missing for ether2 & 3
Replies: 18
Views: 1448

Re: RB433 IRQ missing for ether2 & 3

Thank you once again. Big help!

Can you, please, recommend ether1 (poe capable) is better for private LAN or for public Internet connection? Regarding choosing what interface will be for LAN and what for Public Internet? Or it is the same?
by karentom
Mon Jan 30, 2012 12:08 pm
Forum: General
Topic: RB433 IRQ missing for ether2 & 3
Replies: 18
Views: 1448

Re: RB433 IRQ missing for ether2 & 3

hedele, thank you very much on your considerations! It is a big help for understanding the situation! ether2 and ether3 are both using the IRQ shown as "switch0" Even if you are not using switching function of ether2 and ether3, they are both connected to the CPU through the onboard switch chip IC-P...
by karentom
Mon Jan 30, 2012 9:50 am
Forum: General
Topic: RB433 IRQ missing for ether2 & 3
Replies: 18
Views: 1448

Re: RB433 IRQ missing for ether2 & 3

Mine does not. But are your interfaces not showing up in winbox? Yours are not listed in IRQ, same as mine? Or...? My ethernet interfaces (all 3, ether1, ether2 and ether3) are normally displayed in ethernet interfaces list and they work properly but they are not listed in IRQ list - only ether1 ha...
by karentom
Sun Jan 29, 2012 6:07 pm
Forum: General
Topic: RB433 IRQ missing for ether2 & 3
Replies: 18
Views: 1448

Re: RB433 IRQ missing for ether2 & 3

Can someone, please, who has RB433 "in her/his hands" report if ether2 & 3 are listed in IRQ list (/system resource irq) or they are not listed?

TNX in advance!
by karentom
Fri Jan 27, 2012 9:38 pm
Forum: General
Topic: RB433 IRQ missing for ether2 & 3
Replies: 18
Views: 1448

Re: RB433 IRQ missing for ether2 & 3

OMG My last hope is that this is a firmware bug or so...!? this is my settings. It is visible that there is no switch configured on ethernet ports and in the same time switc0 is shown. Please provide some help because it is confusing me. [admin@ooo] /interface ethernet switch> print Flags: I - inval...
by karentom
Fri Jan 27, 2012 9:18 pm
Forum: General
Topic: RB433 IRQ missing for ether2 & 3
Replies: 18
Views: 1448

Re: RB433 IRQ missing for ether2 & 3

I did everything that you suggested, even more 1.) reboot - DID IT 2.) hard reboot (disconnect power) - DID IT 3.) check interface list - DID IT 4.) update to 5.12 - DID IT 5.) update firmware to 2.39 - DID IT 6.) run /system reset 7.) even Reset booter configuration through RS232 and nothing helped...
by karentom
Fri Jan 27, 2012 8:22 pm
Forum: General
Topic: RB433 IRQ missing for ether2 & 3
Replies: 18
Views: 1448

Re: RB433 IRQ missing for ether2 & 3

brandonrossl tnak you for help.

This is not normal situation, isnt it?

At the moment the firmware is 2.38 and normis said that 2.39 is not different except added support for new products.

I am going to try your suggested steps. This is so strange situation...
by karentom
Fri Jan 27, 2012 7:56 pm
Forum: General
Topic: RB433 IRQ missing for ether2 & 3
Replies: 18
Views: 1448

Re: RB433 IRQ missing for ether2 & 3

no, on all three of my ether ports master port is set to "none"

I check again, and it is "none" for sure.

hmm :?:
by karentom
Fri Jan 27, 2012 7:37 pm
Forum: General
Topic: securing L2TP/IPsec server connection
Replies: 15
Views: 6683

Re: securing L2TP/IPsec server connection

blue, thanks on your participation!

Same thing as you say is my problem.

I also hope that some profy admin (I can see that there are lots of them here) will give us a hint!
by karentom
Fri Jan 27, 2012 7:30 pm
Forum: General
Topic: RB433 IRQ missing for ether2 & 3
Replies: 18
Views: 1448

RB433 IRQ missing for ether2 & 3

I noticed that ether2 and ether3 are not displayed in the IRQ list on my RB433 MT5.9
Here is SS:
Image

ether1 is displayed but ether2 and ether3 are NOT displayed ant those two (ether2&3) are in use. ether 1 is not in use.
Is this normal?
by karentom
Fri Jan 27, 2012 4:18 pm
Forum: General
Topic: securing L2TP/IPsec server connection
Replies: 15
Views: 6683

Re: securing L2TP/IPsec server connection

Is there any any kind of way to allow only ipsec traffic to go into l2tp interface? I really need this because it seems that someone constantly probing my l2tp interface (udp 1701) and udp 500 as well? I want to stop that. Many thanks! Apologies for second bump. This is going to be the last one if I...
by karentom
Mon Jan 23, 2012 5:10 pm
Forum: General
Topic: securing L2TP/IPsec server connection
Replies: 15
Views: 6683

Re: securing L2TP/IPsec server connection

sorry for self-bump but I can not achieve that only ipsec secured traffic is allowed thru l2tp interface. Is there any way to achieve that, some suggestions? Can I, maybe, mark all ipsec traffic on public interface and only allow those marked packets to go thru 1701 udp?? Think that this is not goin...
by karentom
Fri Jan 20, 2012 1:02 pm
Forum: General
Topic: securing L2TP/IPsec server connection
Replies: 15
Views: 6683

securing L2TP/IPsec server connection

I have l2tp/ipsec server successfully configured on my Mikrotik RB to work with Win client that use IPsec pre shared key configuration. Googling around I have found very interesting tutorial http://www.jacco2.dds.nl/networking/openswan-l2tp.html#Firewallwarning regarding l2tp/ipsec server setup on l...
by karentom
Sat Jan 14, 2012 3:16 am
Forum: General
Topic: firewall filter - missing packets and bytes
Replies: 9
Views: 1291

Re: firewall filter - missing packets and bytes

Yes, that could be interested. From that day when I saw this wired behavior (those 3 addresses in address list and in the same time no traffic in the rule) I was tryeing to replicate that situation but every time when I connect with vpn L2tp/IPsec, traffic is normally shown as expected, but those 3 ...
by karentom
Sat Jan 14, 2012 2:53 am
Forum: General
Topic: v5.11 released
Replies: 173
Views: 45511

Re: v5.11 released

there are no public changes. added support for unannounced products.
Thank you normis on your fast reply!!
May I ask, why then, for example, for RB4XX last version is 2.39 and for RB7XX last one is 2.38 and both are mipsbe?
by karentom
Sat Jan 14, 2012 2:36 am
Forum: General
Topic: firewall filter - missing packets and bytes
Replies: 9
Views: 1291

Re: firewall filter - missing packets and bytes

oh, thought that it is not importnat, there is a nat rule just to reach internet /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out src-address=192.168.X.X/24 Thought that only Filter is important because the first rule in Filter (action=add-src-to-address-list) ...
by karentom
Sat Jan 14, 2012 2:08 am
Forum: General
Topic: firewall filter - missing packets and bytes
Replies: 9
Views: 1291

Re: firewall filter - missing packets and bytes

Thank you in advance!! Here it is, very simple: /ip firewall filter add action=add-src-to-address-list address-list=importantad address-list-timeout=1d chain=input disabled=no dst-port=500 in-interface=pppoe-out protocol=udp src-port=500 add action=accept chain=input disabled=no in-interface=pppoe-o...
by karentom
Fri Jan 13, 2012 1:16 am
Forum: General
Topic: v5.11 released
Replies: 173
Views: 45511

Re: v5.11 released

can you please update http://wiki.mikrotik.com/wiki/RouterBOOT_changelog
for example RB433 now has RouterBoot v2.39 and on the web page there is still 2.37 as the last one described.
Thank you in advance!!
by karentom
Fri Jan 13, 2012 1:09 am
Forum: General
Topic: firewall filter - missing packets and bytes
Replies: 9
Views: 1291

Re: firewall filter - missing packets and bytes

Can someone please provide some thoughts.
Is it possible that firewall filter rule is triggered and in the same time that traffic is shown as zero (0) on that rule??

I think that this is security hole and possible bug!?

Any kind of support would be very appreciated!
by karentom
Tue Jan 10, 2012 2:48 am
Forum: General
Topic: monitoring service provider for MikroTik
Replies: 0
Views: 455

monitoring service provider for MikroTik

I was trying to setup some monitoring service (beside Dude) to watch status of one of my MT routers. For example, I was trying to setup Pingdom service (www.pingdom.com) to monitor if MT is up and online and I did not have any success. Nothing was successful (nither tcp, udp response from MT...) if ...
by karentom
Wed Jan 04, 2012 6:02 pm
Forum: General
Topic: firewall filter - missing packets and bytes
Replies: 9
Views: 1291

Re: firewall filter - missing packets and bytes

I use mikrotik for several years (two instances: one in my office (dedicated server) and other at home (RB433)) and I never saw this happened until now. Can someone from MT support comment if this is possible - that some filter rule is triggered and it executes his function (add-src-to-address-list)...
by karentom
Tue Jan 03, 2012 8:13 pm
Forum: General
Topic: Wifi and ether9 same subnet?
Replies: 5
Views: 970

Re: Wifi and ether9 same subnet?

you normaly can have wlan in one subnet and ether9 in other. You can set wlan ip address as gateway for wlan clients and ether9 ip address as gateway for clients connected to ether9 and they should comunicate to each other without a problem
by karentom
Tue Jan 03, 2012 6:54 pm
Forum: General
Topic: firewall filter - missing packets and bytes
Replies: 9
Views: 1291

firewall filter - missing packets and bytes

I added this firewall filter action to see all addresses that try to establish udp connection to the mikrotik udp port 500 /ip firewall filter add action=add-src-to-address-list address-list=important \ address-list-timeout=1d chain=input disabled=no dst-port=500 \ in-interface=pppoe-out1 protocol=u...
by karentom
Mon Jan 02, 2012 6:10 pm
Forum: General
Topic: MT OpenVPN different MAC after reboot
Replies: 1
Views: 367

Re: MT OpenVPN different MAC after reboot

sorry for bumping, but can someone please confirm or deny that this situation is the same at her/him?
by karentom
Fri Dec 30, 2011 6:23 pm
Forum: General
Topic: protecting my network from outside (especially ISP)
Replies: 8
Views: 1812

Re: protecting my network from outside (especially ISP)

I've always wondered if the related rule allows the host you are exchanging traffic with open access through the firewall or it's just to allow replies to your request Interesting question, I can not provide any positive answer. It seems that difference between "established" vs "related" is in belo...
by karentom
Fri Dec 30, 2011 6:14 pm
Forum: General
Topic: MT OpenVPN different MAC after reboot
Replies: 1
Views: 367

MT OpenVPN different MAC after reboot

Hello. Noticed that after each restart of Mikrotik, opevpn server has different MAC address (every time changes). Is this suppose to be lake that?
by karentom
Fri Dec 30, 2011 2:42 pm
Forum: General
Topic: protecting my network from outside (especially ISP)
Replies: 8
Views: 1812

Re: protecting my network from outside (especially ISP)

@SurferTim thank you once again, even on that extra know-how regarding caching hackers ;-) @dragon2611 yes, a saw around on wiki.mikrotik and googling around that this, what you are talking about, is widely implemented practice, but I wanted just 99% secure (100% is impossible when online :-) ) and ...
by karentom
Fri Dec 30, 2011 1:46 pm
Forum: General
Topic: protecting my network from outside (especially ISP)
Replies: 8
Views: 1812

Re: protecting my network from outside (especially ISP)

Oh, many tnx!
I can not test this from ISP side but if you say so :-) I hope it is going to work. So this is going to block all attempts to establish connection (this is that connection-state=new).
That is going to be ok for all public side connection attempts to my LAN (spoof...)?
by karentom
Fri Dec 30, 2011 1:08 pm
Forum: General
Topic: protecting my network from outside (especially ISP)
Replies: 8
Views: 1812

protecting my network from outside (especially ISP)

Hello! This is my firs post so please let me say hello to all! I am Mikrotik user (two routers) for several years but I am no expert so please if someone can give me a sugeston. I want to protect my local network from outside, especially form ISP side because this is exposed side if someone knows my...