Community discussions

Search found 58 matches

by g18c
Wed Oct 17, 2018 11:29 pm
Forum: Wireless Networking
Topic: Trouble when updating to firmware 6.39. or newer while using Ascom i62 VoWiFi phones.
Replies: 7
Views: 1457

Re: Trouble when updating to firmware 6.39. or newer while using Ascom i62 VoWiFi phones.

Even on latest firmware, still same issue... I am stuck with a phone cannot use :( No other issue with any other device on Mikrotik, all other devices are rock solid performance on Mikrotik, standalone or CAPsMAN, everything i have ever tried works (except this ASCOM device). Is this a Mikrotik or A...
by g18c
Tue Jul 10, 2018 8:53 am
Forum: Forwarding Protocols
Topic: Having ospf loopback and assigned PPP local-address the same
Replies: 4
Views: 643

Re: Having ospf loopback and assigned PPP local-address the same

Thanks Japress, so each {source,dest} IP should be unique? I see when a PPP server is defined you can set the local server address to something common i.e. 172.16.1.1, and assign remote peers DHCP pool. Then i can keep the loop back address seperate and dedicated per node. Just want to cut down on a...
by g18c
Sat Jun 30, 2018 7:02 pm
Forum: Forwarding Protocols
Topic: Having ospf loopback and assigned PPP local-address the same
Replies: 4
Views: 643

Re: Having ospf loopback and assigned PPP local-address the same

Hi all, anyone able to comment please? Any suggestion from Mikrotik?
by g18c
Sun Jun 24, 2018 3:09 am
Forum: Forwarding Protocols
Topic: Having ospf loopback and assigned PPP local-address the same
Replies: 4
Views: 643

Having ospf loopback and assigned PPP local-address the same

Dear all, i have OSPF running but need to check if doing this OK. I have a remote-PPP-server that has a local loopback interface for OSPF with IP 10.255.255.2. On this server, I have secret with a local IP of 10.255.255.2, and remote IP of 10.255.255.1. I have another-server that dials in to the abo...
by g18c
Sun Apr 29, 2018 7:23 pm
Forum: Wireless Networking
Topic: Trouble when updating to firmware 6.39. or newer while using Ascom i62 VoWiFi phones.
Replies: 7
Views: 1457

Re: Trouble when updating to firmware 6.39. or newer while using Ascom i62 VoWiFi phones.

Able to reproduce this, it is not just CAPsMAN it seems to be with standard access points running 6.40 onwards, after some time the device stops responding to wireless but shows registered on the wifi clients table.

It is also not responding to DHCP requests.
by g18c
Sun Apr 29, 2018 12:11 am
Forum: Wireless Networking
Topic: Trouble when updating to firmware 6.39. or newer while using Ascom i62 VoWiFi phones.
Replies: 7
Views: 1457

Re: Trouble when updating to firmware 6.39. or newer while using Ascom i62 VoWiFi phones.

I am seeing the same issue with i62 talker and capsman - any updates?
by g18c
Sat Jan 27, 2018 8:11 am
Forum: Wireless Networking
Topic: Override channel selection CAPsMAN
Replies: 0
Views: 315

Override channel selection CAPsMAN

Hi all, i have CAPsMAN running and for the most part works fine. I am finding however that channel selection can be a bit hit and miss (some 2GHz APs are selecting the same channel - i had defined 1, 6 and 11 for these). Is there any way with the setup (where i have defined the channels available, a...
by g18c
Fri Jan 26, 2018 2:35 am
Forum: Wireless Networking
Topic: Caps selecting same channel
Replies: 31
Views: 7280

Re: Caps selecting same channel

I am also seeing this, after reboot both AP come up on same channel on 40MHz... unless i have screwed up the channel selection list - either way, hitting Reselect Channel it will then pick a separate channel.

It is OK on 20MHz though.

Image
by g18c
Sun Apr 16, 2017 9:21 pm
Forum: Wireless Networking
Topic: Apple Macbook 2012 not connecting to 5GHz AC
Replies: 1
Views: 432

Apple Macbook 2012 not connecting to 5GHz AC

I have a CAPSMAN network of around 5 APs, in tunnel mode, and is working fine with both 2GHz and 5GHz networks (for most devices except a Macbook 2012 on 5GHz). The Macbook can connect to the 2GHz network but not the 5GHz. All other devices (iPhone 7, iPad, Windows laptops etc) can connect OK on bot...
by g18c
Sun Jan 24, 2016 12:10 pm
Forum: General
Topic: FCS RX CCR1036 to Juniper when set to manual negotiation (auto is fine)
Replies: 1
Views: 353

FCS RX CCR1036 to Juniper when set to manual negotiation (auto is fine)

I have a CCR1036 connected to my IP transit via ethernet, the provider on hte other side is a Juniper device (from Wireshark traces i can see is a Juniper MAC). The provider tells me to set manually (not auto-neg) the speed to 100Mbps (tx/rx flow control set to off). However, when set manually i sta...
by g18c
Sun Aug 16, 2015 7:26 pm
Forum: Wireless Networking
Topic: Only able to ping WiFi AP for about 90 seconds, then is full access after
Replies: 0
Views: 379

Only able to ping WiFi AP for about 90 seconds, then is full access after

I have 3 x RB951Ui-2HnD router board (RB) running 6.31 with a wlan1 bridge with ethernet 2. STP is disabled on the Mikroti bridge (protocol mode set to None). I have a HP ProCurve 2520-24-PoE switch (flat, no config) connecting to the RB951's (I have tried with the ProCurve having Spanning Tree both...
by g18c
Thu Aug 06, 2015 12:07 am
Forum: General
Topic: Calea sniffing rules
Replies: 1
Views: 841

Calea sniffing rules

I added the below rules: /ip firewall calea add action=sniff chain=forward sniff-id=100 sniff-target=192.168.1.222 sniff-target-port=5555 add action=sniff chain=forward sniff-id=100 sniff-target=192.168.1.222 sniff-target-port=5555 add chain=forward sniff-target=192.168.1.222 sniff-target-port=5555 ...
by g18c
Sat Jun 13, 2015 8:18 am
Forum: General
Topic: cap2N PoE with HP2530-24-PoE switch not working
Replies: 2
Views: 817

Re: cap2N PoE with HP2530-24-PoE switch not working

Thanks do you know of any 3rd party adapter that is readily available on Amazon.com would work?

The ubiquiti converters do not work so need oher vendor please.
by g18c
Thu Jun 11, 2015 5:54 pm
Forum: General
Topic: cap2N PoE with HP2530-24-PoE switch not working
Replies: 2
Views: 817

cap2N PoE with HP2530-24-PoE switch not working

I have a HP2530-24-PoE that supplues PoE+ (output at switch is 55V). According to this http://routerboard.com/RBcAP2n it should power up, but does not. I also tried Ubiquiti INS-8023AF-I 802.3AF Passive PoE to 802.3AF Indoor Adapter but again this does not work. The only way to get it to work is by ...
by g18c
Wed Jun 10, 2015 8:07 am
Forum: General
Topic: Slow DHCP/Connection to WiFi network on a VLAN when spanning tree is enabled
Replies: 5
Views: 1181

Re: Slow DHCP/Connection to WiFi network on a VLAN when spanning tree is enabled

I am using STP as with RSTP ports shutdown even though there is no loop seems to be a compatibility issue between the HP ProCurve and Mikrotik when using RSTP
by g18c
Tue Jun 09, 2015 9:33 am
Forum: General
Topic: Slow DHCP/Connection to WiFi network on a VLAN when spanning tree is enabled
Replies: 5
Views: 1181

Re: Slow DHCP/Connection to WiFi network on a VLAN when spanning tree is enabled

Many thanks, I believe the default Mikrotik is 0x8000, my HP2530 switch is 1 decimal (0x0001) with the lowest priority should be elected as the master?
by g18c
Mon Jun 08, 2015 7:00 pm
Forum: General
Topic: Slow DHCP/Connection to WiFi network on a VLAN when spanning tree is enabled
Replies: 5
Views: 1181

Re: Slow DHCP/Connection to WiFi network on a VLAN when spanning tree is enabled

One thing I am seeing is the Mikrotiks are declaring themselves as the root bridge (running STP), the HP ProCurve 2530 running MSTP has the lowest priority but this is being ignored.

Anyone know please why is the spanning tree root not being assigned to the switch?
by g18c
Fri Jun 05, 2015 12:40 am
Forum: General
Topic: Slow DHCP/Connection to WiFi network on a VLAN when spanning tree is enabled
Replies: 5
Views: 1181

Slow DHCP/Connection to WiFi network on a VLAN when spanning tree is enabled

Dear all, I am having some slow initial connection issues with Mikrotik and think I have narrowed it down to spanning tree. A quick rundown of my setup: I have two a CAP2N which is running two wireless networks (corp and guest). I have created two VLANs GUEST_VLAN60 and CORP_VLAN61 for the wireless ...
by g18c
Mon May 11, 2015 11:34 pm
Forum: General
Topic: CAPsMAN VLAN trunk to AP
Replies: 2
Views: 1638

CAPsMAN VLAN trunk to AP

Hi all, I have setup a basic CAPsMAN setuup with a single SSID network. What I would like to do is provide multiple SSID from one AP (Corp, Guest, Services), and connect each AP to a switch whose port is a configured as a trunk (CorpVLAN #10, GuestVLAN #20, ServicesVLAN#30). So far I setup the port ...
by g18c
Thu Aug 28, 2014 1:06 pm
Forum: General
Topic: L2TP/IPSec for Road Warrior
Replies: 93
Views: 35290

Re: L2TP/IPSec for Road Warrior

Same issue for me, did anyone have an update from Mikrotik?
by g18c
Thu Aug 28, 2014 12:59 pm
Forum: General
Topic: IPSEC, remote network can only have 1 client connected
Replies: 1
Views: 457

IPSEC, remote network can only have 1 client connected

I am using VPN phones that connect over a IPSEC tunnel. The first phone works, but when i connect a second phone to the Mikrotik VPN (from behind the same router and on the same network as the other phone - same public IP), the first client looses connectivity. So i can only ever have one client fro...
by g18c
Wed Aug 06, 2014 5:23 pm
Forum: General
Topic: Secure PPOE WAN
Replies: 1
Views: 501

Secure PPOE WAN

If I have a PPOE dialout for my WAN connection on ether1-gateway, how can i secure it? As a default policy (last) do i drop all packets coming on ehter1-gateway, or pppoe-gateway (since that is the interfacae that provides the internet)? Will Mikrotik know enough that the pppoe-gateway runs over eth...
by g18c
Thu Jul 31, 2014 5:21 pm
Forum: General
Topic: PPTP VPN Different subnet groups per User
Replies: 1
Views: 1153

PPTP VPN Different subnet groups per User

I would like to run up a PPTP VPN and have a number of users - depending on the user depends on the acces they have, i.e.: Mikrotik LAN_A = 192.168.10/24 Mikrotik LAN_B = 192.168.20/24 I'm thinking to setup two IP Pools, and then implement firewall rules source/destination to filter packets: Restric...
by g18c
Tue Feb 04, 2014 2:19 pm
Forum: General
Topic: Wireless disconnected for all users, extensive data loss
Replies: 1
Views: 1203

Wireless disconnected for all users, extensive data loss

Hi, all of a sudden Wireless drops for all users and an error is shown in the log - "disconnected, extensive data loss".

Reboot of the router and it is OK again.

It is a GrooveA 52HPn running firmware v6.6.

Any ideas as to the cause and how to diagnose?
by g18c
Wed Nov 06, 2013 3:42 pm
Forum: General
Topic: CCR missing bandwidth speed limit settings, exists on RB1000
Replies: 3
Views: 1278

Re: CCR missing bandwidth speed limit settings, exists on RB

I checked with simple queues, and the queue per machine by IP address was created. We made 4 queues, each with a unlimited burst 3Mbps/3Mbps for Tx/Rx. When all 4 machines are running they are all limited to 3Mbps, and the total bandwidth on the uplink goes to 12Mbps. I want to restrict the actual t...
by g18c
Sun Nov 03, 2013 8:04 pm
Forum: General
Topic: CCR missing bandwidth speed limit settings, exists on RB1000
Replies: 3
Views: 1278

CCR missing bandwidth speed limit settings, exists on RB1000

I have just got my new CCR 1036 12G-4S. Under the network Ethernet Interface, I cannot find the setting to limit bandwidth (integer/integer; Default: unlimited/unlimited). This exists on my RB1000AH, but not here - any ideas? I need to limit my up-link connection to the ISP at 10Mbps, if i go over t...
by g18c
Thu Oct 17, 2013 12:16 am
Forum: Wireless Networking
Topic: Wireless bridge, only 15 meters but bad signal -90
Replies: 7
Views: 2414

Re: Wireless bridge, only 15 meters but bad signal -90

Line of sight without obstructions I have to reduce the tx power to get a signal of around 60, transfer runs at around 65Mbps from laptop to laptop with test http transfer, i know the link is good as the groove shows WiFi plus all bars for signal. Through windows the WiFi link goes on very occasiona...
by g18c
Thu Oct 17, 2013 12:11 am
Forum: Wireless Networking
Topic: Wireless bridge, only 15 meters but bad signal -90
Replies: 7
Views: 2414

Re: Wireless bridge, only 15 meters but bad signal -90

Yes, they work really well. I have other Mikrotiks inside the building and they provide WiFi through walls similar distance so for sure open air line of sight is still powerful. Unfortunately in this instance it has to be through the windows as can't mount kit outside (landlord may complain plus may...
by g18c
Wed Oct 16, 2013 9:42 pm
Forum: Wireless Networking
Topic: Wireless bridge, only 15 meters but bad signal -90
Replies: 7
Views: 2414

Re: Wireless bridge, only 15 meters but bad signal -90

Would it help by going 5GHz or setting up directional antennas?
by g18c
Sun Oct 13, 2013 8:19 pm
Forum: Wireless Networking
Topic: Wireless bridge, only 15 meters but bad signal -90
Replies: 7
Views: 2414

Wireless bridge, only 15 meters but bad signal -90

Hi all, I am using two Grooves and able to setup a wireless bridge (bridge, station), using nv2 protocol. When testing within the same room I am able to get a strong link in the same room and transfer at 65Mbps between two computers. I then mounted the Grooves to the windows with double sided gorill...
by g18c
Sat Oct 12, 2013 5:06 pm
Forum: General
Topic: Rx/Tx interface limit being reset - need to rate limit Wifi
Replies: 1
Views: 828

Re: Rx/Tx interface limit being reset - need to rate limit W

just to bump and ask if anyone else has seen the same resetting of interface bandwidth limits?
by g18c
Sat Oct 12, 2013 9:26 am
Forum: General
Topic: Wireless bridge with nv2 - transfer rate of 45Mbps normal?
Replies: 3
Views: 3195

Re: Wireless bridge with nv2 - transfer rate of 45Mbps norma

Thanks for the reply, OK so now I am using bridge with station-bridge mode for wifi, and just bridging in the wireless+ethernet on each mikrotik. I set the tx power on both so that tx/rx signal is around -60dB. The speed is now 55Mbps so a 10Mbps improvement from before, I notice the CPU usage is ru...
by g18c
Fri Oct 11, 2013 11:18 pm
Forum: General
Topic: Wireless bridge with nv2 - transfer rate of 45Mbps normal?
Replies: 3
Views: 3195

Wireless bridge with nv2 - transfer rate of 45Mbps normal?

Hi i am using the following tutorial to bridge two networks: http://wiki.mikrotik.com/wiki/Transparently_Bridge_two_Networks_without_using_WDS_(EoIP) Currently i am testing in the same room with 10 metres separation between 2 grooves, I am using nv2 protocol, band 2Ghz-N only, 2GHz antennas, 20MHz/4...
by g18c
Fri Oct 11, 2013 7:48 am
Forum: General
Topic: Rx/Tx interface limit being reset - need to rate limit Wifi
Replies: 1
Views: 828

Rx/Tx interface limit being reset - need to rate limit Wifi

Hi have a RB751, with Wifi and ports 1-5 bridged together (port 2 is master port to which 3-5 are slaved), and the following is defined in the bridge: port1, port2, wifi. The board is configured in bridged mode. I have an up-link cable from port 1 of the RB751 to a second Mikrotik which is acting as...
by g18c
Thu Sep 19, 2013 9:35 am
Forum: General
Topic: Managing burstable bandwidth
Replies: 1
Views: 917

Managing burstable bandwidth

Dear Mikrotik users, I have a good basic understanding of Mikrotik but things like queues i am not sure on. I need to: Setup WAN port for 10Mbps maximum (we must not go over this WAN bandwidth otherwise we will be charged) Setup queue for Machine A – 1Mbps committed bandwidth, 5Mbps burstable (maxim...
by g18c
Mon Aug 05, 2013 1:30 pm
Forum: General
Topic: Cant find /ip ipsec policy group
Replies: 1
Views: 494

Cant find /ip ipsec policy group

Hi I am running 5.24, and I am following the L2TP instructions where it mentions: /ip pool add name=RW-vpn ranges=192.168.250.2-192.168.250.254 /ip ipsec mode-cfg add address-pool=RW-vpn name=RW-cfg split-include=\ 192.168.254.0/24,192.168.253.0/24 /ip ipsec policy group add name=RoadWarrior I cant ...
by g18c
Mon Jan 21, 2013 7:54 am
Forum: General
Topic: IPSEC tunnel issues - SAs need flushing from time to time
Replies: 23
Views: 5365

Re: IPSEC tunnel issues - SAs need flushing from time to tim

Thanks for the no idle script.

More importantly does anyone know the reason this is required?

How can i file a bug for my issue of drops between mikrotik devices using ipsec?

Regards

Chris
by g18c
Wed Jan 16, 2013 4:26 pm
Forum: General
Topic: IPSEC tunnel issues - SAs need flushing from time to time
Replies: 23
Views: 5365

Re: IPSEC tunnel issues - SAs need flushing from time to tim

Glad the Cisco has some light shed on it - but any idea about my OP and Mikrotik to Mikrotik? :)
by g18c
Wed Jan 16, 2013 12:54 pm
Forum: General
Topic: IPSEC tunnel issues - SAs need flushing from time to time
Replies: 23
Views: 5365

Re: IPSEC tunnel issues - SAs need flushing from time to tim

hi @mrz, mine is set to level=require.

This is for native Mikrotik RB1100AH to Mikrotik RB751.

Should I also set this to unique for Mikrotik-to-Mikrotik tunnels?
by g18c
Wed Jan 16, 2013 12:20 pm
Forum: General
Topic: IPSEC tunnel issues - SAs need flushing from time to time
Replies: 23
Views: 5365

Re: IPSEC tunnel issues - SAs need flushing from time to tim

Thanks for the reply :D What is not good is that you have the same issue as me, but I understand you run Mikrotik to Cisco, from your post I understand it was OK before 5.12 with the exact same config? I have triple checked the configuration, it is set as per the guides on the wiki and from other si...
by g18c
Tue Jan 15, 2013 7:10 pm
Forum: General
Topic: IPSEC tunnel issues - SAs need flushing from time to time
Replies: 23
Views: 5365

Re: IPSEC tunnel issues - SAs need flushing from time to tim

Bump - hopefully someone can advise on this?

It is possible to pay Mikrotik for support for this intermittent connectivity issue?
by g18c
Fri Jan 04, 2013 9:38 pm
Forum: General
Topic: IPSEC tunnel issues - SAs need flushing from time to time
Replies: 23
Views: 5365

Re: IPSEC tunnel issues - SAs need flushing from time to tim

Hi i tried that but link is still unstable. Seems whenerver its idle after some time can no longer ping the other side.

Any other ideas?
by g18c
Tue Jan 01, 2013 6:39 pm
Forum: General
Topic: IPSEC tunnel issues - SAs need flushing from time to time
Replies: 23
Views: 5365

Re: IPSEC tunnel issues - SAs need flushing from time to tim

Just to update, the link has been idle for some time and checking pings just now I get time out. I could see that there were installed SAs both outbound and inbound, an additional duplicate set with different SPIs has now been created. The 'Current Bytes' field for the new SAs is incrementing whilst...
by g18c
Sun Dec 30, 2012 7:28 pm
Forum: General
Topic: IPSEC tunnel issues - SAs need flushing from time to time
Replies: 23
Views: 5365

IPSEC tunnel issues - SAs need flushing from time to time

After the IPSEC tunnel is established between two sites (both Mikrotik) it works fine during testing. Then after a day or so it stops working until we flush the Installed SAs on both sides. On flushing SAs and pinging across once more, the VPN comes up without any issue. I am using SNTP for both sit...
by g18c
Sun Dec 02, 2012 2:58 pm
Forum: General
Topic: Link aggregation of ports to increase bandwidth
Replies: 2
Views: 1718

Link aggregation of ports to increase bandwidth

I have a managed L2 switch, and currently running a 802.1Q trunk (with about 6 VLANs on this) between the switch and Mikrotik's port number 10.

I would like to increase bandwidth between the switch and Mikrotik, but still have VLANs.

Any advice on how can I do this please?
by g18c
Mon Oct 08, 2012 8:07 pm
Forum: General
Topic: Multiple L2TP secrets
Replies: 2
Views: 1218

Multiple L2TP secrets

Hi, I have two sets of VPN users VPN_A and VPN_B.

I set the secret by IP -> IPsec -> Peers -> Add New, and set the 'generate policy' to true, 'address to 0.0.0.0/0' and 'secret'.

I would like to give each user group (VPN_A and VPN_B) a different L2TP secret, is this possible?

Thanks,

Chris
by g18c
Sun Jul 22, 2012 10:08 pm
Forum: Beginner Basics
Topic: Enable ping on WAN
Replies: 5
Views: 30113

Re: Enable ping on WAN

I feel very silly now :shock: the IP address (which should be static) changed... i can now ping.

Is there a better way to restrict to accept just ping only as i know ICMP can contain lots of other things that may be used to attack the router?

Thanks,

Chris
by g18c
Sun Jul 22, 2012 9:13 pm
Forum: Beginner Basics
Topic: Enable ping on WAN
Replies: 5
Views: 30113

Re: Enable ping on WAN

Hi yes, it seems to be growing but its hard to tell... there is a lot of traffic. Any other tools i could use like a network latency test tool (we are experiencing latency issues a ping would be the best way to tell). I am trying to work out if the router is causing an issue, our server, or if its t...
by g18c
Sun Jul 22, 2012 9:00 pm
Forum: Beginner Basics
Topic: Enable ping on WAN
Replies: 5
Views: 30113

Enable ping on WAN

Hi, I have created a firewall filter rule to: accept input protocol=icmp in-interface=ether2_wan

But pinging the WAN ip from outside i dont get replies. Anything i am missing?

Regards,

Chris
by g18c
Wed Jul 18, 2012 5:37 pm
Forum: General
Topic: L2TP, Multiple VLANs, use RADIUS to assign user to VLAN
Replies: 2
Views: 1688

Re: L2TP, Multiple VLANs, use RADIUS to assign user to VLAN

Hi thanks for the reply, I am looking into this and would appreciate some pointers: I am adding the following chain below: [MikroTik] ip firewall> add chain=vlan72 out-interface=LAB2_VLAN [MikroTik] ip firewall> add chain=vlan72 in-interface=LAB2_VLAN Under the radius documentation it says: Filter-I...
by g18c
Tue Jul 10, 2012 5:55 pm
Forum: General
Topic: L2TP, Multiple VLANs, use RADIUS to assign user to VLAN
Replies: 2
Views: 1688

L2TP, Multiple VLANs, use RADIUS to assign user to VLAN

I have a Mikrotik 5.16 box and a Windows 2008 R2 server. I also have multiple internal VLANs VLANA - 192.168.100.0/24 VLANB - 192.168.101.0/24 VLANC - 192.168.102.0/24 I would like to assign different PPP dial-in users to different subnets (depending on some group membership which I can play around ...
by g18c
Tue May 29, 2012 4:29 pm
Forum: Beginner Basics
Topic: Set port's primary VLAN for untagged frames
Replies: 2
Views: 2407

Set port's primary VLAN for untagged frames

Hi, with HP ProCurve swiches i can assign ports to carry an untagged packets (which get placed on the untagged vlan) and a number of untagged VLANs.

Is there any way i can assign a port to carry tagged and untagged frames, and if untagged place in a specific VLAN?

Thanks,

Chris
by g18c
Tue May 29, 2012 10:48 am
Forum: General
Topic: IPSEC VPN Client only allow access to one VLAN not all
Replies: 3
Views: 1937

Re: IPSEC VPN Client only allow access to one VLAN not all

Hi vik988 thanks for the reply. I can see on Shrew Soft VPN client (pure IPSEC client) that when the tunnel is up, on the client software it only shows the remote server endpoint IP... it doesnt show any locally allocated address. If you are referring to a remote pool, would this be a PPP pool such ...
by g18c
Tue May 29, 2012 9:22 am
Forum: General
Topic: IPSEC VPN Client only allow access to one VLAN not all
Replies: 3
Views: 1937

IPSEC VPN Client only allow access to one VLAN not all

Hi, I have two internal VLANs and one internet connection: dynamic internet IP => WAN 192.168.100.0/24 => LAB_A 192.168.101.0/24 => LAB_B I would like external users to be able to connect in from their remote location (they will be behind another firewall, probably on a generic address like 192.168....
by g18c
Tue May 29, 2012 8:53 am
Forum: Beginner Basics
Topic: how to isolate vlan
Replies: 10
Views: 17844

Re: how to isolate vlan

Thanks CelticComms, really good info in a couple of paragraphs! I didnt read that in the getting started guide, would be good if it were there. Any other rules (such as preventing non-routable destination addresses come in from the WAN), flood attack prevention etc? Basically any other rules/setting...
by g18c
Mon May 28, 2012 11:41 pm
Forum: Beginner Basics
Topic: how to isolate vlan
Replies: 10
Views: 17844

Re: how to isolate vlan

Hi, i also had the same issue my VLANs were forwarding and also everything seems to be accepted by default, is there a default recommended setup to only allow associated connections etc?

Many thanks
by g18c
Sun May 27, 2012 5:49 pm
Forum: General
Topic: Mobile Users IPSEC
Replies: 16
Views: 2688

Re: Mobile Users IPSEC

Hi I am also doing the same and managed to get this working with static IP addresses on the client. However, in some cases the remote end will be on a network with dynamically assigned address and the above will not work. I can see the reply: "If client address is unknown then set 0.0.0.0/0 as peers...
by g18c
Sat May 26, 2012 11:26 pm
Forum: Beginner Basics
Topic: Default Firewall Script for 1100AHX2 - WAN is routing to LAN
Replies: 0
Views: 1918

Default Firewall Script for 1100AHX2 - WAN is routing to LAN

Hi, i got my routerboard 1100AHX2 firmware 5.12, and i have setup multiple VLANs for routing between subnets. Internally i can ping different subnets OK, but firewall is not running yet. The system default for the 1100AHX2 seems to have no firewall rules set, is this normal? I added some default fir...