Community discussions

MikroTik App

Search found 56 matches

by vovan700i
Thu Jun 06, 2024 1:54 pm
Forum: Containers
Topic: Execute commands inside containers from RouterOS scripts
Replies: 1
Views: 435

Re: Execute commands inside containers from RouterOS scripts

Surprised to see no comments from the community members. FYI, the support team says in SUP-154483 they "will consider it and may be will implement it in future". If anyone is interested in this feature, please share your opinion here and/or create a new ticket to let MikroTik know.
by vovan700i
Fri May 31, 2024 8:46 pm
Forum: Announcements
Topic: v7.15.1 [stable] is released!
Replies: 311
Views: 57737

Re: v7.15 [stable] is released!

!) system - added support for AMPERE (R) and ARM64 CHR installations (new ARM64 CHR image available);
--> So ROS will run on Raspberry Pi? That would be nice :)
Does it also mean ZeroTier finally comes to CHR? Has anybody tried to install zerotier.npk on ARM64 CHR?
by vovan700i
Thu May 30, 2024 5:10 pm
Forum: General
Topic: HOWTO: Import ZeroTier Members into Mikrotik DNS using $ZT2DNS
Replies: 3
Views: 941

Re: HOWTO: Import ZeroTier Members into Mikrotik DNS using $ZT2DNS

Hi @Amm0, Thank you for sharing your script. I'm trying to solve a similar problem and I've noticed you only take into account IPv4 addresses, while 6PLANE and RFC4193 IPv6, if any, are ignored. While it's quite easy to generate the latter with network->id and member->config->address (assuming there...
by vovan700i
Thu May 23, 2024 4:13 pm
Forum: Containers
Topic: Execute commands inside containers from RouterOS scripts
Replies: 1
Views: 435

Execute commands inside containers from RouterOS scripts

Hi, Idea. Be able to execute commands inside containers from RouterOS scripts/console. It could look like :local result [/container exec 0 command="some_Linux_command --with arguments"]; :put $result Use cases. Change config files and/or run additional binaries dynamically based on RouterO...
by vovan700i
Wed May 22, 2024 10:36 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 17
Views: 919

Re: Stopped containers respond to ping

Take container.npk on its own merits. Use it like it was intended, not like "Docker in a Router". If something is little, it doesn’t automatically mean it should be treated as true and correct. I explained in multiple messages above my view on containers and veths. Unfortunately, it doesn...
by vovan700i
Wed May 22, 2024 10:28 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 17
Views: 919

Re: Stopped containers respond to ping

Honestly, OP did not explain why pinging a container is even useful or what problem should be solved. Even in full-blown Openshift/Kubernetes environments my healthchecks target against the exposed service and not a dumb, stupid ping that tells you nothing about the container/service health. Contai...
by vovan700i
Wed May 22, 2024 10:26 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 17
Views: 919

Re: Stopped containers respond to ping

@vovan700i If you really want to achieve this for some reason, you may try with workaround and create short interval scheduler script which checks if container is running and if not disables its VETH interface. Ofc. for next container start VETH first needs to be enabled again while such scheduler ...
by vovan700i
Wed May 22, 2024 9:11 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 17
Views: 919

Re: Stopped containers respond to ping

A couple of last messages made me think about another issue of only one veth allowed per container. MikroTik seems to think of veth as a parent entity, and containers as child entities. This way, if a child entity stops, no parent entity should be stopped. It also means that a child entity can have ...
by vovan700i
Wed May 22, 2024 8:29 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 17
Views: 919

Re: Stopped containers respond to ping

Part of your misapprehension is assuming there is a 1:1 correspondence between IPs and containers. There isn't, and there should not be.
Thanks for contributing your time to this issue and writing such a long message. I appreciate your opinion.
by vovan700i
Wed May 22, 2024 8:19 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 17
Views: 919

Re: Stopped containers respond to ping

Apples and oranges. Veth interface is something else then a container. Stopped containers do NOT respond to ping. Veth interface does. So technically you're barking against the wrong tree, if you get my analogy ... I liked your analogy!) Let’s put it this way. I think, RouterOS container system arc...
by vovan700i
Wed May 22, 2024 7:17 pm
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 343
Views: 108746

Re: v7.15rc [testing] is released!

Still it seems better to match for multicast or broadcast when that is what you are after, instead of !local. I tend to agree, however if packets with dst-address-type=local are matched by dst-address-type=!local rule, then dst-address-type=local rule matches no packets at all, and I can't drop tcp...
by vovan700i
Wed May 22, 2024 5:26 pm
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 343
Views: 108746

Re: v7.15rc [testing] is released!

Actually this example of a firewall rule seems to point out a basic misunderstanding of what the "input" chain is... (and maybe as well of what "local" addresses are) Could you please elaborate on what misunderstanding you can see? My understanding is dst-address-type=local shou...
by vovan700i
Wed May 22, 2024 4:21 pm
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 343
Views: 108746

Re: v7.15rc [testing] is released!

Hi, I have an issue with VRF & firewall rules in v7.15: src/dst-address-type=!local matches local addresses. Suppose you have a few WAN interfaces, one of them assigned to a separate VRF, and you would like to filter packets based on whether they have a local address as destination or not. Then ...
by vovan700i
Wed May 22, 2024 3:53 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 17
Views: 919

Re: Stopped containers respond to ping

If you have two containers running on the same VETH and stop one, should its IP go on pinging?
Didn't know it's possible to run 2 containers on the same veth. What's the use of such a setup?
by vovan700i
Wed May 22, 2024 3:48 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 17
Views: 919

Re: Stopped containers respond to ping

It's the VETH that responds to pings, because it owns the IP you're pinging. Since the VETH lifetime is independent of any containers attached to it, it responds to pings as long as it is up. Yes, you are right, that's what the support is using for their defence. Then, please, answer one question: ...
by vovan700i
Wed May 22, 2024 12:17 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 17
Views: 919

Stopped containers respond to ping

Hi, This is a discussion I would like to start following my ticket SUP-153396. Issue. Take a CHR or a real device with RouterOS v7.15 or older. Add any container (e.g. alpine) and start it. Make sure it responds to pings from the host and/or other machines. Then stop it and try to ping it again - yo...
by vovan700i
Tue May 21, 2024 5:54 pm
Forum: RouterOS beta
Topic: 802.1AE MACsec Progress or Examples ?
Replies: 44
Views: 20067

Re: 802.1AE MACsec Progress or Examples ?

even if it remotely possible don't do it because macsec and vxlan encapsulation/decapsulation is process by CPU for now, some of the marvel hardware is capable but the codebase of mikrotik does not support it that's what I'm reading here in the forum all the time look at what post https://forum.mik...
by vovan700i
Tue May 21, 2024 2:02 pm
Forum: RouterOS beta
Topic: 802.1AE MACsec Progress or Examples ?
Replies: 44
Views: 20067

Re: 802.1AE MACsec Progress or Examples ?

Hi, I noticed MACsec is only available for ethernet interfaces (as of v7.15 and as per the official docs). But what if I would like to secure L2 traffic going through one of my VXLAN interfaces (unicast)? It would be pretty useful to have such a feature. I submitted a ticket (SUP-147160) about it 2 ...
by vovan700i
Sat May 18, 2024 9:10 pm
Forum: Containers
Topic: Tailscale container: iptables not working
Replies: 4
Views: 2361

Re: Tailscale container: iptables not working

Did you get a response from Microtik on the request to have an option to allow access to iptables / nftables from containers? Actually, iptables / nftables rules are partially allowed in containers. E.g. you can use basic filter and nat rules. However, MikroTik never disclosed what is allowed and w...
by vovan700i
Sat Apr 27, 2024 2:57 pm
Forum: Containers
Topic: IPv6 default route not added on a container instance Topic is solved
Replies: 2
Views: 4197

Re: IPv6 default route not added on a container instance Topic is solved

Hi, Your IPv6 netmask might be the root of the problem. What if you replace /128 with /64 for this veth? Naturally, your router must also have fd08:192:168:8::1/64 assigned on the bridge this veth is a port of. [@MikroTik] > interface/veth/print detail 0 R name="veth1" address=192.168.8.5/...
by vovan700i
Tue Apr 02, 2024 2:32 pm
Forum: Containers
Topic: Tailscale container: iptables not working
Replies: 4
Views: 2361

Re: Tailscale container: iptables not working

Were you lucky with yours?
As mentioned above, I approached the support and received a confirmation of this issue. You may also submit a new ticket and tell them you are interested in allowing iptables inside containers as well.
by vovan700i
Tue Mar 26, 2024 4:49 pm
Forum: Forwarding Protocols
Topic: VRF Route Leaking between VRF network and Main [SOLVED]
Replies: 16
Views: 3456

Re: VRF Route Leaking between VRF network and Main [SOLVED]

In Ros v7.14.1 Route leaking between VRF is so easy I just follow the Simple VRF Setup in the mikrotik documents and it works like a charm, however the docs never mentioned or give a snippet config on how to leak between the VRF network with the Main routing table on the Provider Router I submitted...
by vovan700i
Thu Dec 28, 2023 2:05 pm
Forum: Containers
Topic: need iptables in a container
Replies: 2
Views: 1900

Re: need iptables in a container

I described a similar problem here. According to the support, iptables is currently unavailable for third-party code. But they may eventually allow it. Please submit a ticket via the support portal.
by vovan700i
Thu Dec 28, 2023 2:01 pm
Forum: Containers
Topic: Tailscale container: iptables not working
Replies: 4
Views: 2361

Tailscale container: iptables not working

Hi, I’m trying to run an official Tailscale container . The Tailscale software works correct, but in order to enable proper forwarding it tries to create a firewall rule inside the container and fails. Command: iptables -t filter -A ts-forward -i tailscale0 -j MARK --set-mark 0x40000/0xff0000 --wait...
by vovan700i
Sat Dec 23, 2023 7:55 pm
Forum: General
Topic: Wrong traceroute with IPv6 netmap (SNAT+DNAT)
Replies: 4
Views: 799

Re: Wrong traceroute with IPv6 netmap (SNAT+DNAT)

@mkx, thank you for the link. You are right, DST-NAT is the last step in prerouting, TTL check is the first step in forward. Thus, if a packet with 2001:db8:0:0:fd::2 as destination and TTL=1 (actually, hop limit) arrives, it is first changed to have fd01: 2345::2 as destination, then the router sub...
by vovan700i
Fri Dec 22, 2023 3:05 pm
Forum: General
Topic: Wrong traceroute with IPv6 netmap (SNAT+DNAT)
Replies: 4
Views: 799

Re: Wrong traceroute with IPv6 netmap (SNAT+DNAT)

It's the same with IPv4 NAT Don't have a bunch of public IPv4 addresses on one server to test, but thanks for confirming. And it's completely correct as far as NAT works: dst-nat replaces DST address on "forward" packets and SRC address on "return" packets (and possibly same for...
by vovan700i
Fri Dec 22, 2023 2:25 pm
Forum: General
Topic: Block of public IP's and NAT on same router
Replies: 3
Views: 597

Re: Block of public IP's and NAT on same router

Yes, it is possible as long as you adjust your firewall rules accordingly (e.g. hide the computers on the internal range behind a single public address leaving all other addresses for the router, or even route some of your public addresses to other machines).
by vovan700i
Fri Dec 22, 2023 2:07 pm
Forum: Beginner Basics
Topic: Wireguard guru needed [SOLVED]
Replies: 54
Views: 7278

Re: Wireguard guru needed [SOLVED]

Wireguard connection is working without a problem, So, it seems a wireguard guru is no longer needed. whole 192.168.88.0/24 subnet needs to be accessible by one or more PCs on 192.168.100.0/24 subnet but 192.168.100.0/24 subnet shouldn't be accessible by any device on 192.168.88.0/24 subnet This is...
by vovan700i
Fri Dec 22, 2023 12:27 pm
Forum: General
Topic: Wrong traceroute with IPv6 netmap (SNAT+DNAT)
Replies: 4
Views: 799

Wrong traceroute with IPv6 netmap (SNAT+DNAT)

Hi, Consider the following setup: a MikroTik router (v7.12.1) having a GUA (e.g. 2001:db8::2/64) on its WAN and a ULA (e.g. fd01: 2345::1/80) on its LAN; a local client having a ULA (e.g. fd01: 2345::2/80). What I would like to achieve is NPTv6 for the LAN subnet, i.e. the packet forwarded to public...
by vovan700i
Fri Dec 08, 2023 9:25 pm
Forum: Announcements
Topic: v7.13rc [testing] is released!
Replies: 178
Views: 53612

Re: v7.13rc [testing] is released!

Hi,

Would like to note that the bug with non-working mangle mark routing rules with VxLAN described by esipoko in April and by me in December is still in place as of 7.13rc3. Wish it could be fixed in 7.13 stable. SUP-136716
by vovan700i
Fri Dec 08, 2023 6:59 pm
Forum: General
Topic: VXLAN NAT Problem [SOLVED]
Replies: 19
Views: 6160

Re: VXLAN NAT Problem [SOLVED]

Hi @esipoko,

I can confirm the bug you explained exists as of 7.12.1. Described it here and reported to the support (SUP-136716).
by vovan700i
Wed Dec 06, 2023 10:56 am
Forum: General
Topic: Routing rule VS mangle mark routing
Replies: 9
Views: 3922

Re: Routing rule VS mangle mark routing

but with no vxlans That is a key, thanks! I replaced vxlan with eoip and mangle mark routing now works. So, it seems to be a vxlan bug, will report to MikroTik support soon. UPD: SUP-136716 + reply on 27 December 2023: We have managed to reproduce the issue locally in our labs and look forward to f...
by vovan700i
Wed Dec 06, 2023 10:38 am
Forum: General
Topic: Routing rule VS mangle mark routing
Replies: 9
Views: 3922

Re: Routing rule VS mangle mark routing

I built an approximation to this, but with no vxlans (just used another bridge, and ether2 as wan2) First of all, thank you for your effort. It seemed to mostly work, but the vrf-wan2 being a vrf made it quite painful. I seemed to need to reboot whenever I had done more than a couple of changes. I ...
by vovan700i
Wed Dec 06, 2023 10:06 am
Forum: General
Topic: Routing rule VS mangle mark routing
Replies: 9
Views: 3922

Re: Routing rule VS mangle mark routing

I use domain based vpn with mangle (mark routing). Additionally you have to add ip-route rule to route (what you marked with mangle) to vpn gateway. Example: /ip firewall mangle: add action=mark-routing chain=prerouting dst-address=!192.168.2.0/24 \ dst-address-list=!LIST new-routing-mark=ipsec pas...
by vovan700i
Tue Dec 05, 2023 9:38 pm
Forum: General
Topic: Routing rule VS mangle mark routing
Replies: 9
Views: 3922

Re: Routing rule VS mangle mark routing

Created an empty CHR and tested the same config. Sadly, the problem persists: route rule works, mangle mark routing doesn't work. /interface bridge add ingress-filtering=no name=bridge vlan-filtering=yes /interface bridge port add bridge=bridge interface=ether1 pvid=17 /interface bridge vlan add bri...
by vovan700i
Tue Dec 05, 2023 5:46 pm
Forum: General
Topic: Routing rule VS mangle mark routing
Replies: 9
Views: 3922

Re: Routing rule VS mangle mark routing

Maybe. but we can't see what you have missed if you do not post more of your configuration. Post the rest of your config when you are trying to use mangle rules so we can see where there might be an error. Fair enough. Below is a list of other relevant commands for simplicity. All drop/reject filte...
by vovan700i
Tue Dec 05, 2023 3:39 pm
Forum: General
Topic: Routing rule VS mangle mark routing
Replies: 9
Views: 3922

Routing rule VS mangle mark routing

Hi, According to the docs , one can use any or both of the following methods for policy routing: routing rule, e.g. /routing rule add action=lookup dst-address=9.9.9.9/32 src-address=192.168.2.0/24 table=vrf-wan2 mangle mark routing, e.g. /ip firewall mangle add action=mark-routing chain=prerouting ...
by vovan700i
Mon Dec 04, 2023 10:35 am
Forum: Containers
Topic: Containers broken after restore from backup
Replies: 5
Views: 2559

Re: Containers broken after restore from backup

Has anyone run into this? Yes, I also experienced it. After a config reset the host (e.g. 7.12.1) boots with all containers stopped and they won't start until I delete and re-create them manually. What is more, when copying a container in winbox, it misses a remote image, so I must type it myself e...
by vovan700i
Mon Dec 04, 2023 10:24 am
Forum: Containers
Topic: container ipv6 gw not work
Replies: 2
Views: 2354

Re: container ipv6 gw not work

As of 7.12.1 I have IPv6 in containers working stable. Tested both from inside (/container shell 0, then ping 2001:4860:4860::8888, for example) and outside (ping container address from a third machine connected to the host). Look at your filter/nat firewall config and test it on real machines befor...
by vovan700i
Mon Dec 04, 2023 10:11 am
Forum: Containers
Topic: Caddy reverse proxy with automatic lets encrypt.
Replies: 2
Views: 3612

Re: Caddy reverse proxy with automatic lets encrypt.

I use Caddy with automatic LE certificates running on top of RouterOS in container, it works like a charm. In fact, the only thing I needed for certificates to work is the following lines in config (inside each domain section or separately with imports followed): tls { dns cloudflare MY_TOKEN } Be a...
by vovan700i
Thu Oct 12, 2023 11:01 am
Forum: RouterOS beta
Topic: Static DNS FWD entries using DoH not working [SOLVED]
Replies: 18
Views: 12660

Re: Static DNS FWD entries using DoH not working [SOLVED]

@gfunkdave, thank you. It would be nice if they could implement DoH with static FWD entries. Supported the community effort with my SUP-130888.
by vovan700i
Wed Aug 09, 2023 10:23 pm
Forum: Announcements
Topic: v7.11rc is released!
Replies: 195
Views: 50750

Re: v7.11rc is released!

Hello, I have 4 DAC-SFP+ in my Mikrotik switch which are shown with a temperature of 255C. I can set the value to disable them to 256, so they are working perfectly fine. But the fans of the whole switch are running in maximum speed. The switch is in my living room, so it is really anoying. mikroti...
by vovan700i
Tue Jul 18, 2023 7:08 pm
Forum: Announcements
Topic: v7.11beta [testing] is released!
Replies: 373
Views: 109126

Re: v7.11beta [testing] is released!

Done! Look under Tips and Tricks section. Hi @antonsb , thank you for implementing IPv6 for containers, it is highly appreciated. The following issues occurred for me on RB5009 with v7.11b5: 1) I added an IPv6 address and an IPv6 gateway to the existing veth interface using the following command. I...
by vovan700i
Fri Jul 14, 2023 4:00 pm
Forum: Containers
Topic: IPv6 in containers
Replies: 11
Views: 6185

Re: IPv6 in containers

@biomesh , thank you for confirmation. does not seem like veth bug to me - this is container that answers, that such entry is already in place. @antonsb , well, you are technically right, it is a container that answers that an address/route is already in place. I mean that no addresses/routes assig...
by vovan700i
Fri Jul 14, 2023 12:46 pm
Forum: Containers
Topic: IPv6 in containers
Replies: 11
Views: 6185

Re: IPv6 in containers

next beta will have ipv6 support for veth
Wow, it was quick, thank you, @antonsb!

Could you please also check/confirm a veth bug I mentioned above?
by vovan700i
Fri Jul 14, 2023 11:45 am
Forum: Containers
Topic: IPv6 in containers
Replies: 11
Views: 6185

Re: IPv6 in containers

@biomesh , thanks for sharing your solution. It is universal and works pretty fine. However, it may be a little too complex to recreate and recompile multiple containers, track new versions and support all relevant platforms, at least for me. Based on your idea I can see another possible workaround...
by vovan700i
Thu Jul 13, 2023 11:50 pm
Forum: Containers
Topic: IPv6 in containers
Replies: 11
Views: 6185

IPv6 in containers

Hi all, I would like to (re)open discussion of IPv6 in containers. In my view, as of now (stable v7.10.2) the problem has at least two sides: 1) No address. It is not possible to assign one or more IPv6 addresses to a container's virtual ethernet interface (veth) since /interface/veth explicitly exp...
by vovan700i
Thu Jun 15, 2023 8:56 pm
Forum: Announcements
Topic: v7.10, 7.10.1 and more [stable] are released!
Replies: 366
Views: 132695

Re: v7.10 [stable] is released!

*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices; *) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch; *) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch; *) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332...
by vovan700i
Fri Feb 15, 2019 5:18 pm
Forum: RouterBOARD hardware
Topic: Passive PoE: MikroTik and Ubiquiti
Replies: 6
Views: 7910

Re: Passive PoE: MikroTik and Ubiquiti

Hi, it‘s passive mode. In the hEX the POE is „forced-on“. All of my devices Support 24V passive POE. And the hEX POE comes with a 24V power source. Good, thank you for clarification! BTW, I found in the wiki (https://wiki.mikrotik.com/wiki/Manual:PoE-Out): MikroTik uses RJ45 mode B pinout for power...
by vovan700i
Fri Feb 15, 2019 4:06 pm
Forum: RouterBOARD hardware
Topic: Passive PoE: MikroTik and Ubiquiti
Replies: 6
Views: 7910

Re: Passive PoE: MikroTik and Ubiquiti

Hi, can‘t speak for the CRS328 but I am powering a UBNT G3 Dome Camera, a UAP-AC-LR and a UAP-AC-M by a hEX-POE (RB960PGS). No Problems so far since 6 months. Thank you for sharing your experience! I guess you use 802.3af/A PoE (Pairs 1, 2+; 3, 6 Return) which is supported by all the devices you me...
by vovan700i
Fri Feb 15, 2019 2:07 pm
Forum: RouterBOARD hardware
Topic: Passive PoE: MikroTik and Ubiquiti
Replies: 6
Views: 7910

Passive PoE: MikroTik and Ubiquiti

Hi, I would like to know whether anyone managed to connect UVC-G3 (non-AF) cameras or any other Passive PoE-in capable device by Ubiquiti to CRS328-24P-4S+RM or any other Passive PoE-out capable device by MikroTik. Are Passive PoE technologies used by MikroTik and Ubiquiti intercompatible? To be mor...
by vovan700i
Wed Jan 09, 2019 11:32 am
Forum: Wireless Networking
Topic: WAP ac 5GHz issues with iPhone XS
Replies: 143
Views: 44486

Re: WAP ac 5GHz issues with iPhone XS

I have RB962UiGS-5HacT2HnT with RouterOS 6.43.8 and a new iPad Pro 11'' 2018 (MTXP2LLA, latest iOS) and confirm the issue discussed above. The iPad connects to my 5GHz-AC network successfully, but Safari stops loading pages shortly afterwards while the connection seems to be active. All my other App...
by vovan700i
Wed Jun 21, 2017 10:28 am
Forum: General
Topic: OpenVPN server in tap/ethernet mode - netmask handling issue
Replies: 1
Views: 4419

Re: OpenVPN server in tap/ethernet mode - netmask handling issue

Update: The official comment from Emils, MikroTik support: The server side will use /32 regardless of what netmask you specify under OVPN server settings so that the router knows which client has which address. There should be no issues in such configuration. Although I find more logic in applying ...
by vovan700i
Mon Jun 19, 2017 11:27 am
Forum: General
Topic: OpenVPN server in tap/ethernet mode - netmask handling issue
Replies: 1
Views: 4419

OpenVPN server in tap/ethernet mode - netmask handling issue

Hello everyone, I have several MikroTik routers (both hardware and CHR) with the latest stable firmware (currently, 6.39.2). I have set up an OpenVPN server on one of them and clients on the others. For my purposes I want tunnels to be established in tap/ethernet mode with /30 ipv4 netmask. The clie...
by vovan700i
Fri Feb 19, 2016 11:21 am
Forum: General
Topic: Cloud Hosted Router: L2TP/IPsec server behind 1:1 NAT on Amazon EC2
Replies: 2
Views: 2835

Cloud Hosted Router: L2TP/IPsec server behind 1:1 NAT on Amazon EC2

I'm trying to set a L2TP/IPsec server on CHR running on Amazon EC2. I've already made PPTP and pure L2TP connections work, but I'm currently facing a problem with L2TP/IPsec which I believe is caused by the fact EC2 virtual machines run behind one-to-one NAT (the machine is provided with a private a...