Community discussions

MUM Europe 2020

Search found 28 matches

by gcser
Fri Oct 18, 2019 4:07 pm
Forum: General
Topic: IPSEC with 2 WAN interfaces
Replies: 4
Views: 481

Re: IPSEC with 2 WAN interfaces

Ok, I check it again, it is a quite complicated config. Thank you!
by gcser
Fri Oct 18, 2019 3:28 pm
Forum: General
Topic: IPSEC with 2 WAN interfaces
Replies: 4
Views: 481

Re: IPSEC with 2 WAN interfaces

I've tried both methods. Mangle->Output->if src-address=2.2.2.2 then mark routing to ISP2. No success.
Routing lookup (as you mentioned) no success.
Despite of these settings, the router wants to route the ipsec traffic always to ISP1. Very strange....
by gcser
Fri Oct 18, 2019 1:44 pm
Forum: General
Topic: IPSEC with 2 WAN interfaces
Replies: 4
Views: 481

IPSEC with 2 WAN interfaces

Hello, I have a router with 2 WAN interfaces (and many LAN interfaces...). WAN1 (1.1.1.2) -> ISP1, WAN2 (2.2.2.2) -> ISP2. In the routing table, there are 2 default gateways: 0.0.0.0 Gw=1.1.1.1, 0.0.0.0 (routing-mark=to-ISP2) Gw=2.2.2.1 I have an IPSEC site-to-site tunnel between local address=2.2.2...
by gcser
Thu Sep 12, 2019 11:06 pm
Forum: General
Topic: Redundant routers/switches
Replies: 11
Views: 1119

Re: Redundant routers/switches

10GB. Currently the 3 CRS are in router mode, but configured all ports in one bridge with VLAN support. I would try the switch mode of the CRS, but I caanot find any setting for default gw for managing the switch remotly.
by gcser
Thu Sep 12, 2019 4:40 pm
Forum: General
Topic: Redundant routers/switches
Replies: 11
Views: 1119

Re: Redundant routers/switches

And what about the uplinks? Using VRRP, how should I configure the 3rd switch? Bridging?
by gcser
Thu Sep 12, 2019 4:08 pm
Forum: General
Topic: Redundant routers/switches
Replies: 11
Views: 1119

Re: Redundant routers/switches

I'm not sure, but as I know, LACP cannot be set when there is only 1 connection between switches (sw1->sw3 and sw2->sw3). How to set LACP in this scenario?
by gcser
Thu Sep 12, 2019 2:39 pm
Forum: General
Topic: Redundant routers/switches
Replies: 11
Views: 1119

Re: Redundant routers/switches

Thank you, I try this configuration. :)
by gcser
Thu Sep 12, 2019 1:10 pm
Forum: General
Topic: Redundant routers/switches
Replies: 11
Views: 1119

Redundant routers/switches

Hello, See the scenario: I have 2 Hyper-V servers, 2 network cards in each. They are configured as "switch independent teaming" mode: Hyper-V_sm.jpg The 2 CRS (1 and 2) configured as bridges. Each CRS has an uplink to the third router. I found no information about how to configure the third CRS? How...
by gcser
Wed Nov 15, 2017 3:39 pm
Forum: The Dude
Topic: Dude 6 backup fails (6.40.5)
Replies: 5
Views: 711

Re: Dude 6 backup fails (6.40.5)

In my case, the backup starts without error, but before it finishing, I get the autosupout file.

Thank you for your help, I send the rif to the support...
by gcser
Wed Nov 15, 2017 3:20 pm
Forum: The Dude
Topic: Dude 6 backup fails (6.40.5)
Replies: 5
Views: 711

Re: Dude 6 backup fails (6.40.5)

It is an Alix 1C ITX board, x86 architecture.

Disk is almost empty, I have 1GB free space. The system backup runs without error, only the dude export fails.
by gcser
Wed Nov 15, 2017 1:01 pm
Forum: The Dude
Topic: Dude 6 backup fails (6.40.5)
Replies: 5
Views: 711

Dude 6 backup fails (6.40.5)

Hi Guys, I have a dude install. When I export the dude database (/dude export-db backup-file=dude), the export does not generate any file, instead of an autosupot.rif file is created. The log doesn't contains any error message. I have no idea, what could be the problem. Has anybody experienced this ...
by gcser
Mon Apr 15, 2013 5:47 pm
Forum: Wireless Networking
Topic: ROS RC12 NAT problem
Replies: 7
Views: 1179

Re: ROS RC12 NAT problem

Hi,

It was my mistake :D . In the forward chain there was a filter rule :D Sorry
by gcser
Sun Apr 07, 2013 4:01 pm
Forum: Wireless Networking
Topic: ROS RC12 NAT problem
Replies: 7
Views: 1179

Re: ROS RC12 NAT problem

Sorry about it, but this is a core router of many companies, I'm not allowed to put the whole config to here... Tomorrow I build up a test environment with 3 routers, set up just these rules for this situation, and I will test it. I will be back with my experiences.
by gcser
Sun Apr 07, 2013 3:15 pm
Forum: Wireless Networking
Topic: ROS RC12 NAT problem
Replies: 7
Views: 1179

Re: ROS RC12 NAT problem

My NAT rules are very complex, the important rule is here (this rule is at the top of the rule set): add action=src-nat chain=srcnat \ dst-address-list=NONAT_ADDRESSES src-address=10.10.11.0/24 \ to-addresses=10.10.10.253 dst address list with name "NONAT_ADDRESSES" contains: add address=192.168.206...
by gcser
Sun Apr 07, 2013 10:52 am
Forum: Wireless Networking
Topic: ROS RC12 NAT problem
Replies: 7
Views: 1179

Re: ROS RC12 NAT problem

The strange thing, that the ping works well. If the far end has some routing problem, ping wouldn't work. I have the feeling, that the rc12 has some bug. I have 4 log rule at the beginning of the forward chain: 1. icmp to the other end, 2. icmp from the other end, 3. dst port 80 to the other end, 4....
by gcser
Sat Apr 06, 2013 9:43 pm
Forum: Wireless Networking
Topic: ROS RC12 NAT problem
Replies: 7
Views: 1179

ROS RC12 NAT problem

Hi Folks, I have the following config: Private net 1: 10.10.11.0/24 Private net 2: 10.10.10.0/24 Private net 3: 192.168.206.0/24 Private net 2 and 3 connected by IPSEC. Net 1 and net 2 is connected by PPTP. On net 2 router there is an src-nat rule: if src address is 10.10.11.0/24 then src-nat to 10....
by gcser
Mon Jul 30, 2012 1:59 pm
Forum: General
Topic: Forwarding problem
Replies: 7
Views: 596

Re: Forwarding problem

I think I found the solution: the dnat rule works when I remove the input interface restriction from the rule.

Thank you for the ideas! :)
by gcser
Mon Jul 30, 2012 12:57 pm
Forum: General
Topic: Forwarding problem
Replies: 7
Views: 596

Re: Forwarding problem

Thanks for the help. But the problem is more complex, because I wrote just an example, but there are other services: for example, I have the same problem with the e-mail servers (LAN1 and LAN2 have an internal mail server, when LAN1 wants to send an email to LAN2, the MX record of the LAN2 will be t...
by gcser
Mon Jul 30, 2012 12:31 pm
Forum: General
Topic: Forwarding problem
Replies: 7
Views: 596

Re: Forwarding problem

Yes, you are right, all traffic is blocked between the 2 LANs. My big problem is that the name server resolves the external ip address of the LAN1. From LAN2, this public ip is on the same router (but on the other interface), and as I can see, the router interprets this traffic as INPUT. But in this...
by gcser
Mon Jul 30, 2012 10:29 am
Forum: General
Topic: Forwarding problem
Replies: 7
Views: 596

Forwarding problem

Hello, I have the following situation: ETH1: 1.1.1.1 (LAN1) ETH2: 1.1.2.1 (LAN2) ETH10: WAN (2 public ip, one for LAN1, the other is for LAN2) ETH1->ETH10 src-nat to public ip1 ETH2->ETH10 src-nat to public ip2 LAN1 and LAN2 is separated, no traffic is allowed between them. There is a hosted server ...
by gcser
Thu Jun 16, 2011 4:51 pm
Forum: General
Topic: Tagged and untagged traffic
Replies: 0
Views: 511

Tagged and untagged traffic

Hello guys, I have the following scenario: MT1 <-> Unmanaged switch <-> MT2 <-> Internet MT1: 2 Virtual APs + 1 LAN port (RB411AH), names: OFFICE, GUEST MT2: 2 LAN ports (1 for LAN, 1 for Internet) Unmanaged switch: connect office network (computers, printers...) MT1 and MT2 have a VLAN interface (V...
by gcser
Mon Apr 16, 2007 9:19 pm
Forum: General
Topic: IPSEC trough Hotspot
Replies: 0
Views: 522

IPSEC trough Hotspot

I try to establish an IPSEC VPN connection over an MT Hotspot (authenticate myself in a browser, and try to start my Ciso VPN client). It seems that MT does not pass trough the VPN traffic (over normal MT router without hotspot it works well, even if NAT is used). How can I configure my MT hotspot t...
by gcser
Thu Feb 22, 2007 3:11 pm
Forum: General
Topic: Ethernet card: no link in Mikrotik OS
Replies: 6
Views: 1198

You are right... Compaq Deskpro EN BIOS error. No BIOS upgrade, so I need to search for an another PC.
by gcser
Thu Feb 22, 2007 11:13 am
Forum: General
Topic: Ethernet card: no link in Mikrotik OS
Replies: 6
Views: 1198

Ethernet card: no link in Mikrotik OS

Hello,

I set up a PC with 2 ethernet cards (same type). The physical links ok (leds on the cards), but MT says that on one of the two cards there is no link. I replaced the network card, the result is the same. The other network card works well.

Any idea?

Gabor
by gcser
Sun Feb 11, 2007 3:17 pm
Forum: General
Topic: Hotspot DNS problem
Replies: 3
Views: 955

I have a dot in the name ("fagus.hotspot"). I tried to change the name, no success...
It seems that the problem could be related to ipv6, because on the clients there were ipv6 protocoll installed. But after disabling it the problem remained...
by gcser
Sat Feb 10, 2007 8:26 pm
Forum: General
Topic: Hotspot DNS problem
Replies: 3
Views: 955

Hotspot DNS problem

Hello, I've set up a hotspot, it works well, except on some computers. I have a very strange problem: some of the clients cannot resolve the name of the hotspot gateway. Ping <gateway name> -->Cannot resolve the name, error BUT!!! nslookup <gateway name> -->WORKS ip -a <ip of hs gateway> -->WORKS, g...
by gcser
Mon Nov 20, 2006 11:29 am
Forum: General
Topic: Freeradius and the Realm attribute
Replies: 1
Views: 888

Freeradius and the Realm attribute

Hello Guys, I have a freeradius server + mysql backend, and I would like to use the MT's realm. In the documentationof MT: realm (text) - explicitly stated realm (user domain), so the users do not have to provide proper ISP domain name in user name How does it work? I thought that the MT automatical...
by gcser
Sun May 14, 2006 1:10 am
Forum: General
Topic: Filtering pptp clients
Replies: 0
Views: 493

Filtering pptp clients

I created a pptp server, added clients. The connection works fine, but how can I setup my firewall to route traffic between the dynamic pptp interface and the lan? The rules I created for the pptp connection will be invalid after I disconnect the client...