Community discussions

Search found 28 matches

by sx10
Wed Jul 26, 2017 7:19 pm
Forum: Announcements
Topic: v6.40 [current]
Replies: 101
Views: 22360

Re: v6.40 [current]

Is it possible to post here new defconf? I want to check how is it different from 6.39. Thanks. can't "/sys default-configuration pr file=bla-bla" help? No this doesn't show the actual configuration, just the script. I'm interested in seeing the new default firewall config, especially for ipv6, but...
by sx10
Fri Apr 14, 2017 7:12 pm
Forum: General
Topic: CVE-2016-10229
Replies: 0
Views: 533

CVE-2016-10229

Is RouterOS vulnerable to this recently published UDP vulnerability? My understanding is that you're based on kernel 3.3 which is vulnerable. If it's been fixed can you let us know in which version? Thanks. http://www.securityfocus.com/bid/97397 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201...
by sx10
Sun Nov 06, 2016 12:27 am
Forum: General
Topic: IPsec failover
Replies: 2
Views: 1471

Re: IPsec failover

Does anyone have a better answer for the original poster's question? Specifically in a Cisco to mikrotik tunnel with redundant wan links. Simply adding a second peer with a different local address doesn't do anything, its the /ipsec policy entry that needs to have the backup SA Src address. The only...
by sx10
Mon Mar 07, 2016 8:41 pm
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 104778

Re: v6.35rc [release candidate] is released, new wireless package!

6.35rc19 has been released!

What's new in 6.35rc19 (2016-Mar-04 11:46):

*) ppp - fixed ppp crash (make it work with Windows clients);
Do you have details on this PPP fix? I've had a mysterious random disconnect issue with windows VPNs since 6.30 or so.
by sx10
Thu Jan 14, 2016 6:56 pm
Forum: General
Topic: 6.34 release candidate version topic!
Replies: 201
Views: 42887

Re: 6.34 release candidate version topic!

I'm really excited to see all these great enhancements and fixes, but is there any end in sight for 6.34? It's been in RC for over 2 months and you're still adding new features. I'd really like to get some of these enhancements in production. Any plans for a release date?
by sx10
Thu Dec 31, 2015 6:51 pm
Forum: General
Topic: Winbox Secure Mode, TLS encryption version
Replies: 6
Views: 3452

Re: Winbox Secure Mode, TLS encryption version

For anyone that finds this thread, the TLS 1.0 issue has been fixed in the 6.34 rc builds.
by sx10
Thu Dec 31, 2015 6:48 pm
Forum: General
Topic: 6.34 release candidate version topic!
Replies: 201
Views: 42887

Re: 6.34 release candidate version topic!

6.34rc23 version is released. Changes since previous version: *) crypto - fixed kernel failure in talitos HW encryption; Do you have any details on this? I reported an issue with kernel failures on tile when using AES GCM (back on 11/19) and I'm wondering if this is related. I never heard back from...
by sx10
Wed Dec 02, 2015 5:17 pm
Forum: General
Topic: Winbox Secure Mode, TLS encryption version
Replies: 6
Views: 3452

Re: Winbox Secure Mode, TLS encryption version

It does not use any of the above. TLS was used in early versions. Now Winbox Secure mode uses a custom modified and improved RC4-drop3072
My issue is with SSTP, not Winbox. Guess I didn't read the subject line, but TLS 1.0 is still enabled on SSTP server.
by sx10
Tue Dec 01, 2015 8:38 pm
Forum: General
Topic: Winbox Secure Mode, TLS encryption version
Replies: 6
Views: 3452

Re: Winbox Secure Mode, TLS encryption version

Also going through PCI 3.1 and getting dinged for TLS 1.0 on mikrotik SSTP. It looks like the latest ROS versions 6.30+ support TLS 1.2 and have all the necessary mitigations, we just aren't able to disable TLS 1.0. It seems like they should be able to give us a checkbox for "Force TLS 1.2" just lik...
by sx10
Fri Apr 24, 2015 1:20 am
Forum: Announcements
Topic: RouterOS v6.28 released
Replies: 229
Views: 61632

Re: RouterOS v6.28 released

Is there a problem with the release candidate changelog on the download page? I see we are up to 6.29 RC10 but the changelog hasn't been updated in weeks (still 6.28 rc20).
by sx10
Fri Mar 13, 2015 8:56 am
Forum: RouterBOARD hardware
Topic: PoE out question
Replies: 0
Views: 313

PoE out question

I have a question about PoE that I couldn't find elsewhere on the forum. Are all Mikrotik PoE products compatible? I want to confirm that a gigabit device like the new 260gsp can power 100 meg devices like the cap2n and the rb951.

Thanks,
Greg
by sx10
Wed Jan 21, 2015 9:01 pm
Forum: General
Topic: Interface queue type
Replies: 7
Views: 4502

Re: Interface queue type

Yes I did read the wiki page. Still no explanation on pros and cons of ethernet-default and why it is so much faster than hardware-only.
by sx10
Wed Jan 21, 2015 6:25 pm
Forum: General
Topic: Interface queue type
Replies: 7
Views: 4502

Re: Interface queue type

I appreciate your input, but this doesn't answer either of my questions. It also doesn't explain why on a device like the 493 with two switch chips I'm seeing faster switching performance with ethernet-default turned on. I'd really appreciate it if Mikrotik can provide a more detailed explanation on...
by sx10
Wed Jan 21, 2015 9:31 am
Forum: General
Topic: Interface queue type
Replies: 7
Views: 4502

Re: Interface queue type

In this situation I'm trying out a CRS because it is primarily a switch and I do need the 8 gigiabit ports on a single switch chip. However I also need routing on one port so I figured it was simpler to just use one device, since it's perfectly capable of that function. I know a CCR may be better su...
by sx10
Wed Jan 21, 2015 9:04 am
Forum: General
Topic: Interface queue type
Replies: 7
Views: 4502

Interface queue type

I'm having trouble finding documentation about interface queues, but I found that they can make a shocking difference in performance. So shocking that I almost wrote off a new CRS210 as useless... So I bought a new CRS210 and configured it as a home router with one ether port taken out of the switch...
by sx10
Wed Sep 25, 2013 8:48 pm
Forum: General
Topic: Graphing ipv6 traffic
Replies: 0
Views: 429

Graphing ipv6 traffic

I'm looking for a way to separate ipv4 and ipv6 traffic into queues so I can keep track and graph them. I tried using mangle to tag all packets and assign them to queues but it doesn't appear to work. This is what I'm trying. Any suggestions? /ip firewall mangle add action=mark-packet chain=forward ...
by sx10
Wed Jun 12, 2013 8:43 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 53641

Re: RouterOS 6.1 released

Anyone having trouble with routerboot upgrade? It shows I am out of date but upgrading does not change the current version. No error message, nothing in log.
by sx10
Mon Mar 18, 2013 8:06 am
Forum: General
Topic: some one help me to config IKEv2 VPN service on mikrotik
Replies: 6
Views: 15895

Re: some one help me to config IKEv2 VPN service on mikrotik

I didn't think IKEv2 was supported on ros. I wish it was so if anyone knows how that would be great, I've got some non ros devices I'd love to connect with v2.
by sx10
Fri Mar 15, 2013 11:53 pm
Forum: Beginner Basics
Topic: ccr dot1q access vlan
Replies: 2
Views: 1757

Re: ccr dot1q access vlan

Looks the same as the way I do it. I have vlans over a dot1q trunk on my CCR and it's working fine, but I use bridges to trunk on multiple ports. What's on your other end, how is it configured? /interface bridge add l2mtu=1590 name=bridge-trunk /interface bridge port add bridge=bridge-trunk interfac...
by sx10
Sun Mar 10, 2013 10:07 pm
Forum: General
Topic: https not working over sstp vpn
Replies: 4
Views: 1576

Re: https not working over sstp vpn

I found the solution for this, in case anyone else has the problem. The problem was on the client machines, not in routeros. If you have the "DNE LightWeight Filter" installed (which is installed by many vpn clients such as Sonicwall GLobalVPN) it must be the latest version or else it breaks the SST...
by sx10
Thu Mar 07, 2013 10:17 am
Forum: General
Topic: https not working over sstp vpn
Replies: 4
Views: 1576

Re: https not working over sstp vpn

I'm still stumped. And it's not just https connections that aren't working, all connections are getting corrupted through the SSTP vpn. Web pages won't load or will just be gibberish. I've tried connecting from multiple client devices and the sstp vpn connects fine, I have the certificates and clock...
by sx10
Mon Mar 04, 2013 6:08 pm
Forum: General
Topic: https not working over sstp vpn
Replies: 4
Views: 1576

Re: https not working over sstp vpn

Yes I'm running SSTP on port 443. I'm using all the defaults and settings from the SSTP remote client example on the wiki.
by sx10
Mon Mar 04, 2013 10:05 am
Forum: General
Topic: https not working over sstp vpn
Replies: 4
Views: 1576

https not working over sstp vpn

I just setup sstp server using self signed certificate and ca per the instructions on the wiki, using CCR running 6.0rc9. I can connect and see the remote network fine, but ssl connections through the VPN are not working. I'm connecting with a windows 7 client. Any http connections work fine, telnet...
by sx10
Tue Feb 12, 2013 7:44 pm
Forum: Beginner Basics
Topic: VPN advice
Replies: 3
Views: 733

Re: VPN advice

My site to site links will be between a CCR at the main location and RB2011s and RB750s at the remote ends over 50/10mb connections. We are replacing some old Sonicwall devices with routerboards.

Client connections will be for around 10 users.
by sx10
Tue Feb 12, 2013 12:17 am
Forum: Beginner Basics
Topic: VPN advice
Replies: 3
Views: 733

VPN advice

Can I get some advice on VPN connectivity with RouterOS? I'm looking to setup both static site to site connections between routerOS devices and dynamic client connections from Windows machines. I tried going through the site to site ipsec tunnel example on the wiki but was unable to get it working, ...
by sx10
Fri Jan 18, 2013 8:25 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013903

Re: CLOUD CORE ROUTER

Is anyone currently using the latest rc7 build? My current rc7 build (jan 14th) works great. Just worried about upgrading now :D
The official RC7 is working great, so far I haven't had any more "router was rebooted" messages.
by sx10
Fri Jan 04, 2013 9:24 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013903

Re: CLOUD CORE ROUTER

Installed our first CCR this morning. Plug in one ethernet cable, all is good. Switch over the remaining cables from our RB1100AHx2 and the CCR starts rebooting. Remove cables, CCR stays up. CCR has RC6 on it. There is no watchdog IP address on this router. Power cables were swapped, different powe...
by sx10
Fri Jan 04, 2013 5:53 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013903

Re: CLOUD CORE ROUTER

Installed our first CCR this morning. Plug in one ethernet cable, all is good. Switch over the remaining cables from our RB1100AHx2 and the CCR starts rebooting. Remove cables, CCR stays up. CCR has RC6 on it. There is no watchdog IP address on this router. Power cables were swapped, different powe...