MikroTik

karentom

Anyone, please help. Any opinion is very appreciated! I am googling around and I have found lots of post about this error - log: unicast key exchange timeout, but no solutions - just one to disable TKIP but this does not work. Is there someone from MTik team or other experts that has some experiance...

karentom

I post here wireless, debug log and this is typical process of connection break which happens randomly: Here it is: 06:08:45 wireless,info XX:XX:XX:XX:XX:XX@wlan1: connected 06:20:27 wireless,debug wlan1: XX:XX:XX:XX:XX:XX attempts to associate 06:20:27 wireless,info XX:XX:XX:XX:XX:XX@wlan1: reassoc...

karentom

I have same/similar issue? Configuration: RB433 latest MTik 5.15 as AP and several wireless clients (win xp, win 7) are connected. One of the clients - new DELL Latitude E5520 with WIFI Intel Centrino Advanced-N 6205 (win xp sp3, latest drivers, latest BIOS) randomly breaks wireless connection and M...

karentom

It seems that nobody else is motivated to join the discussion. Hope that somebody except blue and myself will find it interesting enough to participate Maybe this is better than nothing to prevent brute force attackers on L2TP interface this is the concept that peđa published in this link: http://pe...

karentom

Do you maybe know how that IC-Plus-175D is named switch1 in "/interface ethernet switch" and in the same time switch0 in "/system resource irq" ?

tnx

karentom

Thank you once again. Big help!

Can you, please, recommend ether1 (poe capable) is better for private LAN or for public Internet connection? Regarding choosing what interface will be for LAN and what for Public Internet? Or it is the same?

karentom

hedele, thank you very much on your considerations! It is a big help for understanding the situation! ether2 and ether3 are both using the IRQ shown as "switch0" Even if you are not using switching function of ether2 and ether3, they are both connected to the CPU through the onboard switch...

karentom

Mine does not. But are your interfaces not showing up in winbox? Yours are not listed in IRQ, same as mine? Or...? My ethernet interfaces (all 3, ether1, ether2 and ether3) are normally displayed in ethernet interfaces list and they work properly but they are not listed in IRQ list - only ether1 ha...

karentom

Can someone, please, who has RB433 "in her/his hands" report if ether2 & 3 are listed in IRQ list (/system resource irq) or they are not listed?

TNX in advance!

karentom

OMG My last hope is that this is a firmware bug or so...!? this is my settings. It is visible that there is no switch configured on ethernet ports and in the same time switc0 is shown. Please provide some help because it is confusing me. [admin@ooo] /interface ethernet switch> print Flags: I - inval...

karentom

I did everything that you suggested, even more 1.) reboot - DID IT 2.) hard reboot (disconnect power) - DID IT 3.) check interface list - DID IT 4.) update to 5.12 - DID IT 5.) update firmware to 2.39 - DID IT 6.) run /system reset 7.) even Reset booter configuration through RS232 and nothing helped...

karentom

brandonrossl tnak you for help.

This is not normal situation, isnt it?

At the moment the firmware is 2.38 and normis said that 2.39 is not different except added support for new products.

I am going to try your suggested steps. This is so strange situation...

karentom

no, on all three of my ether ports master port is set to "none"

I check again, and it is "none" for sure.

hmm

karentom

blue, thanks on your participation!

Same thing as you say is my problem.

I also hope that some profy admin (I can see that there are lots of them here) will give us a hint!

karentom

I noticed that ether2 and ether3 are not displayed in the IRQ list on my RB433 MT5.9
Here is SS:

ether1 is displayed but ether2 and ether3 are NOT displayed ant those two (ether2&3) are in use. ether 1 is not in use.
Is this normal?

karentom

Is there any any kind of way to allow only ipsec traffic to go into l2tp interface? I really need this because it seems that someone constantly probing my l2tp interface (udp 1701) and udp 500 as well? I want to stop that. Many thanks! Apologies for second bump. This is going to be the last one if I...

karentom

sorry for self-bump but I can not achieve that only ipsec secured traffic is allowed thru l2tp interface. Is there any way to achieve that, some suggestions? Can I, maybe, mark all ipsec traffic on public interface and only allow those marked packets to go thru 1701 udp?? Think that this is not goin...

karentom

I have l2tp/ipsec server successfully configured on my Mikrotik RB to work with Win client that use IPsec pre shared key configuration. Googling around I have found very interesting tutorial http://www.jacco2.dds.nl/networking/openswan-l2tp.html#Firewallwarning regarding l2tp/ipsec server setup on l...

karentom

Yes, that could be interested. From that day when I saw this wired behavior (those 3 addresses in address list and in the same time no traffic in the rule) I was tryeing to replicate that situation but every time when I connect with vpn L2tp/IPsec, traffic is normally shown as expected, but those 3 ...

karentom

there are no public changes. added support for unannounced products.

Thank you normis on your fast reply!!
May I ask, why then, for example, for RB4XX last version is 2.39 and for RB7XX last one is 2.38 and both are mipsbe?

karentom

oh, thought that it is not importnat, there is a nat rule just to reach internet /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out src-address=192.168.X.X/24 Thought that only Filter is important because the first rule in Filter (action=add-src-to-address-list) ...

karentom

Thank you in advance!! Here it is, very simple: /ip firewall filter add action=add-src-to-address-list address-list=importantad address-list-timeout=1d chain=input disabled=no dst-port=500 in-interface=pppoe-out protocol=udp src-port=500 add action=accept chain=input disabled=no in-interface=pppoe-o...

karentom

can you please update http://wiki.mikrotik.com/wiki/RouterBOOT_changelog
for example RB433 now has RouterBoot v2.39 and on the web page there is still 2.37 as the last one described.
Thank you in advance!!

karentom

Can someone please provide some thoughts.
Is it possible that firewall filter rule is triggered and in the same time that traffic is shown as zero (0) on that rule??

I think that this is security hole and possible bug!?

Any kind of support would be very appreciated!

karentom

I was trying to setup some monitoring service (beside Dude) to watch status of one of my MT routers. For example, I was trying to setup Pingdom service (www.pingdom.com) to monitor if MT is up and online and I did not have any success. Nothing was successful (nither tcp, udp response from MT...) if ...

karentom

I use mikrotik for several years (two instances: one in my office (dedicated server) and other at home (RB433)) and I never saw this happened until now. Can someone from MT support comment if this is possible - that some filter rule is triggered and it executes his function (add-src-to-address-list)...

karentom

you normaly can have wlan in one subnet and ether9 in other. You can set wlan ip address as gateway for wlan clients and ether9 ip address as gateway for clients connected to ether9 and they should comunicate to each other without a problem

karentom

I added this firewall filter action to see all addresses that try to establish udp connection to the mikrotik udp port 500 /ip firewall filter add action=add-src-to-address-list address-list=important \ address-list-timeout=1d chain=input disabled=no dst-port=500 \ in-interface=pppoe-out1 protocol=u...

karentom

sorry for bumping, but can someone please confirm or deny that this situation is the same at her/him?

karentom

I've always wondered if the related rule allows the host you are exchanging traffic with open access through the firewall or it's just to allow replies to your request Interesting question, I can not provide any positive answer. It seems that difference between "established" vs "rela...

karentom

Hello. Noticed that after each restart of Mikrotik, opevpn server has different MAC address (every time changes). Is this suppose to be lake that?

karentom

@SurferTim thank you once again, even on that extra know-how regarding caching hackers ;-) @dragon2611 yes, a saw around on wiki.mikrotik and googling around that this, what you are talking about, is widely implemented practice, but I wanted just 99% secure (100% is impossible when online :-) ) and ...

karentom

Oh, many tnx!
I can not test this from ISP side but if you say so

I hope it is going to work. So this is going to block all attempts to establish connection (this is that connection-state=new).
That is going to be ok for all public side connection attempts to my LAN (spoof...)?

karentom

Hello! This is my firs post so please let me say hello to all! I am Mikrotik user (two routers) for several years but I am no expert so please if someone can give me a sugeston. I want to protect my local network from outside, especially form ISP side because this is exposed side if someone knows my...

Search found 34 matches

Re: BIG BUG- Unicast key exchange timeout

Re: BIG BUG- Unicast key exchange timeout

Re: BIG BUG- Unicast key exchange timeout

Re: securing L2TP/IPsec server connection

Re: RB433 IRQ missing for ether2 & 3

Re: RB433 IRQ missing for ether2 & 3

Re: RB433 IRQ missing for ether2 & 3

Re: RB433 IRQ missing for ether2 & 3

Re: RB433 IRQ missing for ether2 & 3

Re: RB433 IRQ missing for ether2 & 3

Re: RB433 IRQ missing for ether2 & 3

Re: RB433 IRQ missing for ether2 & 3

Re: RB433 IRQ missing for ether2 & 3

Re: securing L2TP/IPsec server connection

RB433 IRQ missing for ether2 & 3

Re: securing L2TP/IPsec server connection

Re: securing L2TP/IPsec server connection

securing L2TP/IPsec server connection

Re: firewall filter - missing packets and bytes

Re: v5.11 released

Re: firewall filter - missing packets and bytes

Re: firewall filter - missing packets and bytes

Re: v5.11 released

Re: firewall filter - missing packets and bytes

monitoring service provider for MikroTik

Re: firewall filter - missing packets and bytes

Re: Wifi and ether9 same subnet?

firewall filter - missing packets and bytes

Re: MT OpenVPN different MAC after reboot

Re: protecting my network from outside (especially ISP)

MT OpenVPN different MAC after reboot

Re: protecting my network from outside (especially ISP)

Re: protecting my network from outside (especially ISP)

protecting my network from outside (especially ISP)