Anyone, please help. Any opinion is very appreciated! I am googling around and I have found lots of post about this error - log: unicast key exchange timeout, but no solutions - just one to disable TKIP but this does not work. Is there someone from MTik team or other experts that has some experiance...
I post here wireless, debug log and this is typical process of connection break which happens randomly: Here it is: 06:08:45 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected 06:20:27 wireless,debug wlan1: XX:XX:XX:XX:XX:XX attempts to associate 06:20:27 wireless,info XX:XX:XX:XX:XX:XX@wlan1: reassoc...
I have same/similar issue? Configuration: RB433 latest MTik 5.15 as AP and several wireless clients (win xp, win 7) are connected. One of the clients - new DELL Latitude E5520 with WIFI Intel Centrino Advanced-N 6205 (win xp sp3, latest drivers, latest BIOS) randomly breaks wireless connection and M...
It seems that nobody else is motivated to join the discussion. Hope that somebody except blue and myself will find it interesting enough to participate Maybe this is better than nothing to prevent brute force attackers on L2TP interface this is the concept that peđa published in this link: http://pe...
Can you, please, recommend ether1 (poe capable) is better for private LAN or for public Internet connection? Regarding choosing what interface will be for LAN and what for Public Internet? Or it is the same?
hedele, thank you very much on your considerations! It is a big help for understanding the situation! ether2 and ether3 are both using the IRQ shown as "switch0" Even if you are not using switching function of ether2 and ether3, they are both connected to the CPU through the onboard switch...
Mine does not. But are your interfaces not showing up in winbox? Yours are not listed in IRQ, same as mine? Or...? My ethernet interfaces (all 3, ether1, ether2 and ether3) are normally displayed in ethernet interfaces list and they work properly but they are not listed in IRQ list - only ether1 ha...
OMG My last hope is that this is a firmware bug or so...!? this is my settings. It is visible that there is no switch configured on ethernet ports and in the same time switc0 is shown. Please provide some help because it is confusing me. [admin@ooo] /interface ethernet switch> print Flags: I - inval...
I did everything that you suggested, even more 1.) reboot - DID IT 2.) hard reboot (disconnect power) - DID IT 3.) check interface list - DID IT 4.) update to 5.12 - DID IT 5.) update firmware to 2.39 - DID IT 6.) run /system reset 7.) even Reset booter configuration through RS232 and nothing helped...
Is there any any kind of way to allow only ipsec traffic to go into l2tp interface? I really need this because it seems that someone constantly probing my l2tp interface (udp 1701) and udp 500 as well? I want to stop that. Many thanks! Apologies for second bump. This is going to be the last one if I...
sorry for self-bump but I can not achieve that only ipsec secured traffic is allowed thru l2tp interface. Is there any way to achieve that, some suggestions? Can I, maybe, mark all ipsec traffic on public interface and only allow those marked packets to go thru 1701 udp?? Think that this is not goin...
I have l2tp/ipsec server successfully configured on my Mikrotik RB to work with Win client that use IPsec pre shared key configuration. Googling around I have found very interesting tutorial http://www.jacco2.dds.nl/networking/openswan-l2tp.html#Firewallwarning regarding l2tp/ipsec server setup on l...
Yes, that could be interested. From that day when I saw this wired behavior (those 3 addresses in address list and in the same time no traffic in the rule) I was tryeing to replicate that situation but every time when I connect with vpn L2tp/IPsec, traffic is normally shown as expected, but those 3 ...
there are no public changes. added support for unannounced products.
Thank you normis on your fast reply!!
May I ask, why then, for example, for RB4XX last version is 2.39 and for RB7XX last one is 2.38 and both are mipsbe?
oh, thought that it is not importnat, there is a nat rule just to reach internet /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out src-address=192.168.X.X/24 Thought that only Filter is important because the first rule in Filter (action=add-src-to-address-list) ...
Thank you in advance!! Here it is, very simple: /ip firewall filter add action=add-src-to-address-list address-list=importantad address-list-timeout=1d chain=input disabled=no dst-port=500 in-interface=pppoe-out protocol=udp src-port=500 add action=accept chain=input disabled=no in-interface=pppoe-o...
can you please update http://wiki.mikrotik.com/wiki/RouterBOOT_changelog
for example RB433 now has RouterBoot v2.39 and on the web page there is still 2.37 as the last one described.
Thank you in advance!!
Can someone please provide some thoughts.
Is it possible that firewall filter rule is triggered and in the same time that traffic is shown as zero (0) on that rule??
I think that this is security hole and possible bug!?
I was trying to setup some monitoring service (beside Dude) to watch status of one of my MT routers. For example, I was trying to setup Pingdom service (www.pingdom.com) to monitor if MT is up and online and I did not have any success. Nothing was successful (nither tcp, udp response from MT...) if ...
I use mikrotik for several years (two instances: one in my office (dedicated server) and other at home (RB433)) and I never saw this happened until now. Can someone from MT support comment if this is possible - that some filter rule is triggered and it executes his function (add-src-to-address-list)...
you normaly can have wlan in one subnet and ether9 in other. You can set wlan ip address as gateway for wlan clients and ether9 ip address as gateway for clients connected to ether9 and they should comunicate to each other without a problem
I added this firewall filter action to see all addresses that try to establish udp connection to the mikrotik udp port 500 /ip firewall filter add action=add-src-to-address-list address-list=important \ address-list-timeout=1d chain=input disabled=no dst-port=500 \ in-interface=pppoe-out1 protocol=u...
I've always wondered if the related rule allows the host you are exchanging traffic with open access through the firewall or it's just to allow replies to your request Interesting question, I can not provide any positive answer. It seems that difference between "established" vs "rela...
@SurferTim thank you once again, even on that extra know-how regarding caching hackers ;-) @dragon2611 yes, a saw around on wiki.mikrotik and googling around that this, what you are talking about, is widely implemented practice, but I wanted just 99% secure (100% is impossible when online :-) ) and ...
Oh, many tnx!
I can not test this from ISP side but if you say so I hope it is going to work. So this is going to block all attempts to establish connection (this is that connection-state=new).
That is going to be ok for all public side connection attempts to my LAN (spoof...)?
Hello! This is my firs post so please let me say hello to all! I am Mikrotik user (two routers) for several years but I am no expert so please if someone can give me a sugeston. I want to protect my local network from outside, especially form ISP side because this is exposed side if someone knows my...