Community discussions

MikroTik App

Search found 580 matches

  • 1
  • 2
by mikruser
Mon Nov 07, 2022 10:15 pm
Forum: General
Topic: CCR1036/RB3011 IPsec throughput issue
Replies: 4
Views: 589

Re: CCR1036/RB3011 IPsec throughput issue

mcdouglas
This is a known issue on MT hardware routers with ipsec tunnels and high-latency link: viewtopic.php?t=146665#p769858
You must use a CHR - this software router do not have this issue.
by mikruser
Mon Jul 25, 2022 10:44 am
Forum: RouterBOARD hardware
Topic: hardware req: 2 port gigabit ARM 'shaper'
Replies: 20
Views: 2444

Re: hardware req: 2 port gigabit ARM 'shaper'

why do you need a general purpose processor if you plan to execute only one function? shaping is a very simple task, and can be done entirely in hardware. moreover, most switches have this functionality and run it at wire speed. You've completely missed the point. fq_codel shaper. This is not a har...
by mikruser
Sat Jul 23, 2022 11:59 am
Forum: RouterBOARD hardware
Topic: hardware req: 2 port gigabit ARM 'shaper'
Replies: 20
Views: 2444

Re: hardware req: 2 port gigabit ARM 'shaper'

ARM CPU, RB5009 level for shaping duty.
why do you need a general purpose processor if you plan to execute only one function?
shaping is a very simple task, and can be done entirely in hardware.
moreover, most switches have this functionality and run it at wire speed.
by mikruser
Tue Apr 05, 2022 2:52 pm
Forum: General
Topic: VPN with high latency (220ms RTT)
Replies: 2
Views: 1412

Re: VPN with high latency (220ms RTT)

Hi.
We have 220ms R.T.T. between Malaysia and England.
Any tips for VPN passing SMB?
My advice - use a CHR.
MT hardware routers have a issue with speed on vpn high latency link: viewtopic.php?t=146665#p769858
by mikruser
Sat Mar 26, 2022 9:58 am
Forum: Virtualization
Topic: Does CHR support Intel Crypto Acceleration?
Replies: 0
Views: 2557

Does CHR support Intel Crypto Acceleration?

Hello,
Does CHR support Intel Crypto Acceleration? (for example VAES and SHA extensions)
by mikruser
Tue Mar 15, 2022 2:21 pm
Forum: General
Topic: Feature requests
Replies: 1739
Views: 624816

Re: Feature requests

Please add more detailed description to log
for example, now I see:

address list entry changed by admin
filter rule changed by admin


I need to know which entry and which rule was changed
by mikruser
Tue Mar 01, 2022 2:58 pm
Forum: RouterBOARD hardware
Topic: Why Mikrotik does not produce the routers on x86 processors?
Replies: 37
Views: 18844

Re: Why Mikrotik does not produce the routers on x86 processors?

the improvements in IPSEC performance are from ASIC Hardware Acceleration Built in the SOC
there is no General Purpose CORE, not ARM, not x86, not MIPS, no POWER PC, capable of this kind of IPSEC performance by their own
even when using CPU (AES-NI), speed reaches almost 30Gbps.
by mikruser
Mon Feb 28, 2022 6:23 pm
Forum: RouterBOARD hardware
Topic: Why Mikrotik does not produce the routers on x86 processors?
Replies: 37
Views: 18844

Re: Why Mikrotik does not produce the routers on x86 processors?

Single-core IPsec tunnels performance on Intel Xeon D-2798NX
sm.018.800.png
by mikruser
Thu Jan 20, 2022 11:56 pm
Forum: RouterBOARD hardware
Topic: Why Mikrotik does not produce the routers on x86 processors?
Replies: 37
Views: 18844

Re: Why Mikrotik does not produce the routers on x86 processors?

But for many ports, power consumption and form factor - ARM and network SoCs beats x86. only if they are modern ARM... latest smartphones use new Cortex-X2 @3GHz latest MT routers use old Cortex-A72 @1.4-2GHz apparently, the MT's engineers believe that the speed of the tunnel is less important than...
by mikruser
Wed Dec 29, 2021 11:08 am
Forum: RouterBOARD hardware
Topic: Which MT router has a hardware bandwidth shaper?
Replies: 17
Views: 6154

Re: Which MT router has a hardware bandwidth shaper?

tangent
Do you accuse MT of lying?
by mikruser
Wed Dec 29, 2021 12:43 am
Forum: RouterBOARD hardware
Topic: Which MT router has a hardware bandwidth shaper?
Replies: 17
Views: 6154

Re: Which MT router has a hardware bandwidth shaper?

tangent
Then your hardware is not among those with this feature.
Do you accuse MT of lying?
by mikruser
Wed Dec 29, 2021 12:15 am
Forum: RouterBOARD hardware
Topic: Which MT router has a hardware bandwidth shaper?
Replies: 17
Views: 6154

Re: Which MT router has a hardware bandwidth shaper?

maybe you won't make such stupid assumptions?
by mikruser
Tue Dec 28, 2021 11:00 pm
Forum: RouterBOARD hardware
Topic: Which MT router has a hardware bandwidth shaper?
Replies: 17
Views: 6154

Re: Which MT router has a hardware bandwidth shaper?

Switch-Port also do not have these settings
Image3.png
by mikruser
Tue Dec 28, 2021 9:50 pm
Forum: RouterBOARD hardware
Topic: Which MT router has a hardware bandwidth shaper?
Replies: 17
Views: 6154

Re: Which MT router has a hardware bandwidth shaper?

as I wrote above, I have routers with atheros8327 chip, but Winbox do not have rate limits settings (as described on MT site)
Image1.png
Image2.png
by mikruser
Tue Dec 28, 2021 11:58 am
Forum: RouterBOARD hardware
Topic: Which MT router has a hardware bandwidth shaper?
Replies: 17
Views: 6154

Re: Which MT router has a hardware bandwidth shaper?

None of them do.
but what about routers with switch chip?
many chips have this capability:
switch.png
https://help.mikrotik.com/docs/display/ ... p+Features

But i do not see "bandwidth property" in Interface-Ethernet on my routers
by mikruser
Tue Dec 28, 2021 12:22 am
Forum: RouterBOARD hardware
Topic: Which MT router has a hardware bandwidth shaper?
Replies: 17
Views: 6154

Which MT router has a hardware bandwidth shaper?

Hello,
Which MT router has a hardware bandwidth shaper (limiter)? (a shaper that runs at wire speed and does not load the processor)
by mikruser
Tue Dec 21, 2021 11:08 pm
Forum: General
Topic: Forum is suddenly slow
Replies: 12
Views: 2112

Re: Forum is suddenly slow

Keep believing in regular "power failure"
by mikruser
Tue Dec 21, 2021 10:46 pm
Forum: General
Topic: Forum is suddenly slow
Replies: 12
Views: 2112

Re: Forum is suddenly slow

Recently on a forum, one MT employee said that they have converted most of their equipment to v7
Coincidence? I don't think so.
by mikruser
Mon Dec 20, 2021 9:45 pm
Forum: General
Topic: After Upgrade from 6.49.1 to 7.1 ipsec Site-Site not working
Replies: 45
Views: 23366

Re: After Upgrade from 6.49.1 to 7.1 ipsec Site-Site not working

No. They already celebrate Christmas and annual bonuses.
by mikruser
Sun Dec 12, 2021 10:47 pm
Forum: General
Topic: RouterOS 7.1 stable performance DROP
Replies: 19
Views: 6465

Re: RouterOS 7.1 stable performance DROP

Yeah, well... They should go build their own router OS, with blackjack and routing cache! In fact, forget the cache!
by mikruser
Sun Dec 12, 2021 3:53 pm
Forum: General
Topic: RouterOS 7.1 stable performance DROP
Replies: 19
Views: 6465

Re: RouterOS 7.1 stable performance DROP

If Mikrotik really has its own OS (and not just another Linux clone), they must return routing cache.
60% of the difference in performance is completely unacceptable!
by mikruser
Sat Dec 11, 2021 7:24 pm
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 146166

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

IPANetEngineer Have to disagree, I've put MIkroTik CCRs into plenty of large enterprises for critical roles. In one specific example, we put 4 MikroTik routers into the flagship data center of a 19 billion dollar publicly traded company This does not mean anything other than that you like to take ri...
by mikruser
Tue Dec 07, 2021 9:59 pm
Forum: General
Topic: Feature requests
Replies: 1739
Views: 624816

Re: Feature requests

show packets that match this rule
by mikruser
Tue Dec 07, 2021 4:27 pm
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 146166

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

Something is obviously rotten on the CCR2004 platform, and i don't understand why this issue hasn't been fixed for more than a year. As of now i have no idea whether i need to buy other CCR's or to completely switch to another brand, this is unacceptable, and of course noticeable for our customers....
by mikruser
Mon Dec 06, 2021 7:29 pm
Forum: General
Topic: Feature requests
Replies: 1739
Views: 624816

Re: Feature requests

Please add "Packet Sniffer" and/or "Torch" buttons to the firewall rule box.
by mikruser
Sun Dec 05, 2021 4:20 pm
Forum: General
Topic: Feature Request: Hardware NAT
Replies: 20
Views: 11349

Re: Feature Request: Hardware NAT

Hardware accelerated NAT has long existed in MT routers for example RB750Gr3 based on MT7621A https://www.mediatek.com/products/homeNetworking/mt7621 or RB3011 based on IPQ8064 https://www.qualcomm.com/products/ipq8064 https://people.netfilter.org/pablo/netdev0.1/slides/IPQ806x-Hardware-acceleration...
by mikruser
Wed Dec 01, 2021 4:13 pm
Forum: RouterBOARD hardware
Topic: Why Mikrotik does not produce the routers on x86 processors?
Replies: 37
Views: 18844

Re: Why Mikrotik does not produce the routers on x86 processors?

Given that the whole pc industry is now starting to pivot to ARM, Mikrotik might have chosen the correct path . ARM also has modern fast cores https://www.arm.com/products/silicon-ip-cpu/neoverse/neoverse-n2 and DPU based on this cores https://www.marvell.com/content/dam/marvell/en/public-collatera...
by mikruser
Wed Dec 01, 2021 1:03 pm
Forum: RouterBOARD hardware
Topic: Why Mikrotik does not produce the routers on x86 processors?
Replies: 37
Views: 18844

Re: Why Mikrotik does not produce the routers on x86 processors?

Mikrotik continues to ignore fast x86, and still releases routers on old slow cores from the past: CCR2116 (Annapurna Labs Alpine AL73400, based on ARM Cortex-A72 from 2016) CCR2004 (Annapurna Labs Alpine AL324, based on ARM Cortex-A57 from 2012) CCR10XX (Tilera TILE-Gx from 2012) RB5009 (Marvell Ar...
by mikruser
Tue Nov 30, 2021 12:52 pm
Forum: General
Topic: L2TP/IPsec VPN server to Windows Client
Replies: 4
Views: 3123

Re: L2TP/IPsec VPN server to Windows Client

I have played around with various security settings on server with no luck.
create ipsec proposal sha1/aes-128 cbc and profile with DH Group: ecp256
by mikruser
Wed Nov 24, 2021 6:10 pm
Forum: General
Topic: Why tool traceroute limited to 14 hops?
Replies: 10
Views: 1792

Re: Why tool traceroute limited to 14 hops?

I have no idea why the developers of the ROS did this. It is probably very alternatively gifted people.
by mikruser
Wed Nov 24, 2021 5:13 pm
Forum: General
Topic: Why tool traceroute limited to 14 hops?
Replies: 10
Views: 1792

Re: Why tool traceroute limited to 14 hops?

In the case where you thought it was limited to 14 hops, were the last 5 timeouts too?
Yes
by mikruser
Wed Nov 24, 2021 4:34 pm
Forum: General
Topic: Why tool traceroute limited to 14 hops?
Replies: 10
Views: 1792

Re: Why tool traceroute limited to 14 hops?

its limited sometime even to 9 hops [admin@MikroTik] > tool traceroute 143.204.98.14 # ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV STATUS 1 100.83.103.65 0% 5 0.2ms 0.2 0.2 0.3 0 2 213.239.229.157 0% 5 0.3ms 2.5 0.3 7.9 2.8 3 213.239.245.254 0% 5 4.1ms 9.2 3.5 22.9 7.4 4 52.46.167.208 0% 5 3.8ms 3...
by mikruser
Wed Nov 24, 2021 3:19 pm
Forum: General
Topic: Why tool traceroute limited to 14 hops?
Replies: 10
Views: 1792

Why tool traceroute limited to 14 hops?

Hello,

Why
New Terminal > tool traceroute host
limited to 14 hops?
by mikruser
Wed Nov 24, 2021 1:35 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx4 IPsec site-to-site performance
Replies: 4
Views: 5003

Re: RB1100AHx4 IPsec site-to-site performance

You can create a ticket to technical support (but I know in advance that they will answer you) "Adding or enabling any additional RouterOS feature apart from IPsec policies can reduce the throughput significantly." (c) emils You can read https://forum.mikrotik.com/viewtopic.php?t=97880 and...
by mikruser
Mon Nov 22, 2021 10:22 pm
Forum: General
Topic: Router unstable with fasttrack on
Replies: 17
Views: 4828

Re: Router unstable with fasttrack on

Mikrotik has not tested new versions of ROS on old hardware for a long time.
by mikruser
Thu Nov 18, 2021 2:55 pm
Forum: General
Topic: Hardware for 10Gbps bandwidth test
Replies: 8
Views: 3186

Re: Hardware for 10Gbps bandwidth test

[quote=mkx post_id=881758 time=1632373772 user_id=87277]
One of problems with btest is that it uses single core
[/quote]

You are wrong.
Tools - Bandwidth Test has been using multicore for a long time.
by mikruser
Thu Nov 18, 2021 2:50 pm
Forum: General
Topic: 100% CPU on MIPS 24kc V7.4
Replies: 5
Views: 2901

Re: 100% CPU on MIPS 24kc V7.4

This is a known issue that hasn't been fixed in years:
viewtopic.php?t=56656
viewtopic.php?t=59064
viewtopic.php?t=59185
by mikruser
Wed Nov 17, 2021 3:09 pm
Forum: General
Topic: AES-GCM HW acceleration in CCR
Replies: 12
Views: 3649

Re: AES-GCM HW acceleration in CCR

another example of idiotic tech support (they did not answer the question, and forcibly closed the ticket): >>Hello, >>Why CCR10xx do not support aes-gcm hardware acceleration? Emīls Z.2 days ago 8:57 AM Hello, Thank you for your question, however not sure what answer do you expect. It is either a s...
by mikruser
Tue Nov 16, 2021 2:27 pm
Forum: General
Topic: Propose Mikrotik to adopt TailScale VPN similar to ZeroTierOne VPN
Replies: 55
Views: 18829

Re: Propose Mikrotik to adopt TailScale VPN similar to ZeroTierOne VPN

I have already suggested a solution similar to DMVPN
viewtopic.php?t=160274
and ticket SUP-65537
but i got answer:
Hello,
This functionality is available in RouterOS using ZeroTier.
by mikruser
Sat Nov 13, 2021 12:49 am
Forum: General
Topic: Why Fast Path not supported with hardware accelerated IPsec?
Replies: 3
Views: 1759

Re: Why Fast Path not supported with hardware accelerated IPsec?

EoIP, GRE, IPIP, L2TP, PPPoE also do (de- & encapsulation), but FastPath/FastTrack supported
SNAT, DNAT also do packet processing, but FastPath/FastTrack supported

In that case, why not support FastTrack with hardware accelerated IPsec?
by mikruser
Thu Nov 11, 2021 3:37 pm
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 148
Views: 44633

Re: Feature Request: IPSEC Improvements

I exclusively use GRE/IPsec and I do not have that experience.
Can you provide proof in the form of test results on a gigabit network? (gre+ipsec vs. pure ipsec tunnel mode, file copy throughput results and profile results)
by mikruser
Thu Nov 11, 2021 1:45 pm
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 148
Views: 44633

Re: Feature Request: IPSEC Improvements

The overhead for IPIP/IPsec and "VTI" is exactly the same. IPsec test results for MT routers are shown for IPsec in tunnel mode https://mikrotik.com/product/RB750Gr3#fndtn-testresults https://mikrotik.com/product/RB3011UiAS-RM#fndtn-testresults https://mikrotik.com/product/hap_ac2#fndtn-t...
by mikruser
Wed Nov 10, 2021 1:39 pm
Forum: General
Topic: AES-GCM HW acceleration in CCR
Replies: 12
Views: 3649

Re: AES-GCM HW acceleration in CCR

I can't see any real "hardware module" on the Tilera CPU for AES, so I assume that it's just "hand optimized" assembly in which case I'd expect adding GCM to be possible. You are wrong, Tilera CPU have hardware accelerators (MiCA), and GCM mode supported see processor architectu...
by mikruser
Mon Nov 08, 2021 4:46 pm
Forum: Beginner Basics
Topic: add a rule to position N counting from the bottom
Replies: 1
Views: 828

add a rule to position N counting from the bottom

Hello,

"add ... place-before=N"
this command adds a rule to position N (counting from the top)

But how do you add a rule to position N counting from the bottom?
by mikruser
Tue Nov 02, 2021 12:47 pm
Forum: Virtualization
Topic: CHR Auto Negotiation: Incomplete
Replies: 1
Views: 5766

CHR Auto Negotiation: Incomplete

Hello,
Why on all CHR routers Status Auto Negotiation = Incomplete?
chr_ether_an.png
by mikruser
Fri Oct 29, 2021 5:53 pm
Forum: Beginner Basics
Topic: Fasttrack and Fastpath
Replies: 1
Views: 794

Fasttrack and Fastpath

Hello, This document says https://mum.mikrotik.com/presentations/UA15/presentation_3077_1449654925.pdf FastPath + Conntrack = FastTrack Fasttrack is a part of FastPath, it has the same requirements but this is what I see on my router: ccr_fasttrack.png how does fasttrack work without fastpath? or is...
by mikruser
Thu Oct 28, 2021 3:21 pm
Forum: General
Topic: How does AutoMTU work for VPN tunnels?
Replies: 5
Views: 2039

Re: How does AutoMTU work for VPN tunnels?

25/10/2021
Does this issue affect all routers on the ARM?
Will this issue be fixed in ROS 7?

Olga Ļ. 25/Oct/21
Hello!
Such behavior is on part of ARM and ARM 64 boards.
It is expected behavior, it will not be changed in ROS 7.
by mikruser
Thu Oct 28, 2021 12:40 pm
Forum: General
Topic: How does AutoMTU work for VPN tunnels?
Replies: 5
Views: 2039

Re: How does AutoMTU work for VPN tunnels?

finally, two years later, I got the right answer from tech support. but first read the story and appreciate how much effort and time it took me to get this answer: 23/12/2019 Actual MTU on VPN tunnels Hello, How does AutoMTU (Actual MTU) work for VPN tunnels? For example: i have gre+ipsec tunnels sh...
by mikruser
Wed Oct 27, 2021 2:23 pm
Forum: General
Topic: IPSEC performance problem
Replies: 17
Views: 5967

Re: IPSEC performance problem

I cannot imagine Mikrotik intentionally publishing inflated test results Be sure they do it. They use a few tricks to mislead: 1) they use UDP instead of TCP, despite the fact that ALL file transfer protocols (FTP, HTTP, SCP, SFTP, SMB) use TCP. VPN tunnels on Mikrotik hardware routers shows good s...
by mikruser
Wed Oct 27, 2021 1:51 pm
Forum: RouterBOARD hardware
Topic: Suggestion: add to "Test results" page also throughput results for TCP single stream
Replies: 0
Views: 1853

Suggestion: add to "Test results" page also throughput results for TCP single stream

Hello, Suggestion: add to "Test results" page for each router also throughput results for TCP single stream. This would be very useful information since ALL file transfer protocols (FTP, HTTP, SCP, SFTP, SMB) use TCP. (also please add in the description to the existing results that they we...
by mikruser
Mon Oct 25, 2021 7:26 pm
Forum: General
Topic: Single TCP Connection issue
Replies: 17
Views: 3233

Re: Single TCP Connection issue

However both 1036 and 2004 have the very same issue.
Yes, all hardware routers have same issue.
CHR do not have this issue: viewtopic.php?t=146665#p770846
by mikruser
Mon Oct 25, 2021 6:41 pm
Forum: General
Topic: Single TCP Connection issue
Replies: 17
Views: 3233

Re: Single TCP Connection issue

how can I solve this issue?
Try replacing hardware routers with CHR routers.
by mikruser
Mon Oct 25, 2021 12:15 am
Forum: General
Topic: Slow speed through gre+ipsec tunnel
Replies: 15
Views: 10690

Re: Slow speed through gre+ipsec tunnel

Issue still not fixed in 6.49 :(
by mikruser
Fri Oct 22, 2021 5:07 pm
Forum: General
Topic: Feature requests
Replies: 1739
Views: 624816

Re: Feature requests

No, IPIP uses IPsec in Transport Mode
by mikruser
Fri Oct 22, 2021 3:51 pm
Forum: General
Topic: Feature requests
Replies: 1739
Views: 624816

Re: Feature requests

Feature request: network interfaces for IPsec in Tunnel mode.
by mikruser
Tue Oct 12, 2021 2:49 pm
Forum: General
Topic: Feature requests
Replies: 1739
Views: 624816

Re: Feature requests

As i see in https://wiki.mikrotik.com/wiki/Manual:IP/Route#Multipath_.28ECMP.29_routes "packets with the same source address, destination address, source interface, routing mark and ToS are sent to the same gateway. This means that ECMP route does not perform pure per-connection balancing"...
by mikruser
Tue Sep 21, 2021 6:14 pm
Forum: General
Topic: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?
Replies: 12
Views: 5484

Re: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?

tdw It could be that the DF bit is not propagated from inner traffic to the outer traffic Oh, i found my very old post about this issue: https://forum.mikrotik.com/viewtopic.php?t=109241 Mikrotik fixed this issue for gre tunnels (Dont Fragment:inherit setting), but for l2tp tunnels this issue still ...
by mikruser
Tue Sep 21, 2021 5:02 pm
Forum: General
Topic: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?
Replies: 12
Views: 5484

Re: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?

tdw
My question is why mturoute show incorrect Path MTU?
Looks like the Mikrotik router is fragmenting the packet (even if DF bit set), but does not report about it.
by mikruser
Tue Sep 21, 2021 3:16 pm
Forum: Virtualization
Topic: CHR Total Memory
Replies: 4
Views: 5600

Re: CHR Total Memory

The hypervisor will also reserve some memory for video RAM.
No, VM have setting Video card - Total video memory = 4 MB
by mikruser
Tue Sep 21, 2021 2:19 pm
Forum: General
Topic: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?
Replies: 12
Views: 5484

Re: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?

rextender
Noob, don't mess up my threads with your bullshit. First, learn how mturoute works.
by mikruser
Tue Sep 21, 2021 2:09 pm
Forum: General
Topic: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?
Replies: 12
Views: 5484

How to determine the real (actual) MTU of the L2TP+IPsec tunnel?

Hello,

How to determine the real (actual) MTU of the L2TP+IPsec tunnel?
L2TP have "Max MTU" setting, but it is "fake" MTU.
For example - for L2TP+IPsec tunnel i set too big "Max MTU" =1460, and mturoute show Path MTU =1460. But this is unreal!
by mikruser
Thu Sep 09, 2021 7:45 pm
Forum: General
Topic: Suggestion: Route - Check Gateway based on link quality
Replies: 0
Views: 621

Suggestion: Route - Check Gateway based on link quality

Hello,

Please add to Route - Check Gateway not only "ping", but also "%packet loss".
For example - I need the route to switch when the loss reaches 10%
by mikruser
Fri Aug 20, 2021 6:24 pm
Forum: Virtualization
Topic: CHR Total Memory
Replies: 4
Views: 5600

CHR Total Memory

Hello,

I have CHR installed from OVA template (https://mikrotik.com/download)
vSphere Client show VM Memory: 128 MB
but Winbox show System - Resources - Total Memory: 96 MB
why is there less memory?
by mikruser
Tue Aug 10, 2021 12:41 pm
Forum: General
Topic: How to use one Identity for multiple Peers?
Replies: 2
Views: 808

How to use one Identity for multiple Peers?

Hello,

I have multiple Peers, but I do not need multiple Identities (since all settings are the same). I need one Identity for multiple Peers.
How to do it?
by mikruser
Mon Aug 09, 2021 7:16 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91269

Re: MikroTik RB5009UG+S+IN

Marvell Armada 7040 have Security Engine (hardware crypto engine) with multiple algorithm capabilities https://www.marvell.com/content/dam/marvell/en/public-collateral/embedded-processors/marvell-embedded-processors-armada-7040-product-brief-2017-12.pdf https://csrc.nist.gov/projects/cryptographic-a...
by mikruser
Fri May 14, 2021 1:27 pm
Forum: General
Topic: Tunnel limit throughput to TCP connection socket
Replies: 3
Views: 740

Re: Tunnel limit throughput to TCP connection socket

It is very likely that you also encountered a known bug with MT hardware routers: https://forum.mikrotik.com/viewtopic.php?t=146665#p769858 You can replace hardware routers to CHR (CHR do not affected by this issue). Also please create ticket to MT support https://help.mikrotik.com/servicedesk/servi...
by mikruser
Thu May 13, 2021 6:26 pm
Forum: General
Topic: Tunnel limit throughput to TCP connection socket
Replies: 3
Views: 740

Re: Tunnel limit throughput to TCP connection socket

what rtt between routers?
by mikruser
Wed May 05, 2021 10:37 pm
Forum: General
Topic: How long does it take for MT tech support to respond?
Replies: 18
Views: 2520

Re: How long does it take for MT tech support to respond?

anav The point is that the problem described in the ticket is easy to reproduce. It was studied not only by me, but also by the user KENYx120, for example: https://forum.mikrotik.com/viewtopic.php?t=146665#p769858 Let's do an experiment - you will also reproduce this issue on your hardware, and cre...
by mikruser
Wed May 05, 2021 6:52 pm
Forum: General
Topic: How long does it take for MT tech support to respond?
Replies: 18
Views: 2520

Re: How long does it take for MT tech support to respond?

First accused me of lying, and then writes "I never offended you".
It looks like the troll is you.
by mikruser
Wed May 05, 2021 6:26 pm
Forum: General
Topic: How long does it take for MT tech support to respond?
Replies: 18
Views: 2520

Re: How long does it take for MT tech support to respond?

You're stupid? why did you decide that I should post my personal mail-address on a public forum?
by mikruser
Wed May 05, 2021 5:38 pm
Forum: General
Topic: How long does it take for MT tech support to respond?
Replies: 18
Views: 2520

Re: How long does it take for MT tech support to respond?

>>It's your point of view or it can be a lie. Proof - see screenshot they did not respond to my last message and they did not explain why the ticket was closed. sup.png >>This is user forum, complain directly with mikrotik How do you propose to communicate with them if they refuse to solve the issu...
by mikruser
Wed May 05, 2021 3:42 pm
Forum: General
Topic: How long does it take for MT tech support to respond?
Replies: 18
Views: 2520

Re: How long does it take for MT tech support to respond?

Today MT tech support just closed the ticket without solving it and without explanation!
MT, what's happening??? This is absolutely unacceptable behavior of tech support for a company that claims to the corporate market!
by mikruser
Fri Apr 23, 2021 1:22 pm
Forum: General
Topic: How long does it take for MT tech support to respond?
Replies: 18
Views: 2520

Re: How long does it take for MT tech support to respond?

What are you trying to achieve here?
I am trying to solve the issue described in the ticket.

You have lots of similar tickets already open
No, only SUP-44879 wait for support.

Please wait for the rest of your tickets to be dealt with.
I do not have other tickets for support.
by mikruser
Thu Apr 22, 2021 12:38 pm
Forum: General
Topic: How long does it take for MT tech support to respond?
Replies: 18
Views: 2520

Re: How long does it take for MT tech support to respond?

And what should I do? Create a ticket again?
by mikruser
Tue Apr 20, 2021 3:03 pm
Forum: General
Topic: How long does it take for MT tech support to respond?
Replies: 18
Views: 2520

How long does it take for MT tech support to respond?

Hello,
How long does it take for MT tech support to respond?
I created a request a month ago but still no response.
by mikruser
Mon Mar 22, 2021 4:03 pm
Forum: Virtualization
Topic: How to change x86 to CHR?
Replies: 3
Views: 6560

Re: How to change x86 to CHR?

I thought that due to the fact that they are using the same distribution package, it would be enough to simply replace the license key
by mikruser
Mon Mar 22, 2021 11:40 am
Forum: Virtualization
Topic: How to change x86 to CHR?
Replies: 3
Views: 6560

Re: How to change x86 to CHR?

Answer from MT support: ............ Olga Ļ.4 hours ago Hello! If you want to use CHR you should use CHR image for this. It is not possible to make CHR from x86 disk (image). You can download the images here: https://mikrotik.com/download ........... I am very surprised by this answer, because Route...
by mikruser
Mon Mar 15, 2021 6:02 pm
Forum: Virtualization
Topic: SR-IOV work in CHR ?
Replies: 5
Views: 10906

Re: SR-IOV work in CHR ?

Any news about SR-IOV support?
by mikruser
Thu Mar 11, 2021 1:47 pm
Forum: Virtualization
Topic: How to change x86 to CHR?
Replies: 3
Views: 6560

How to change x86 to CHR?

Hello, I have VM with x86 ROS: [admin@MikroTik] /system resource> print uptime: 20m29s version: 6.47.9 (long-term) build-time: Feb/08/2021 12:48:33 free-memory: 103.7MiB total-memory: 128.0MiB cpu: Intel(R) cpu-count: 2 cpu-frequency: 2533MHz cpu-load: 0% free-hdd-space: 215.0MiB total-hdd-space: 24...
by mikruser
Wed Mar 10, 2021 12:04 pm
Forum: RouterBOARD hardware
Topic: MT support refused to fix issues
Replies: 15
Views: 3780

Re: MT support refused to fix issues

Another example: SUP-22475
They simply refused to fix the problem and forcibly closed the request.
by mikruser
Tue Mar 09, 2021 2:09 pm
Forum: General
Topic: NetFlow. No longer showing NAT'd destination address - Something chnaged
Replies: 35
Views: 10810

Re: NetFlow. No longer showing NAT'd destination address - Something chnaged

I absolutely do not care if there are any fields there or not.
I say that after a certain version of the ROS there was a issue.
by mikruser
Tue Mar 09, 2021 12:00 pm
Forum: General
Topic: NetFlow. No longer showing NAT'd destination address - Something chnaged
Replies: 35
Views: 10810

Re: NetFlow. No longer showing NAT'd destination address - Something chnaged

Chupaka You may simply sniff your Traffic Flow packets and check with WireShark if there are postNATSourceIPv4Address, postNATDestinationIPv4Address, postNAPTSourceTransportPort and postNAPTDestinationTransportPort fields. These fields are present, but issue is also present even with latest version...
by mikruser
Wed Mar 03, 2021 4:47 pm
Forum: RouterBOARD hardware
Topic: MT support refused to fix issues. And lies. Again.
Replies: 2
Views: 1946

MT support refused to fix issues. And lies. Again.

MT hardware routers have old issue with low and unstable speed via VPN tunnel on high latency WAN link: https://forum.mikrotik.com/viewtopic.php?f=2&t=146665 I also create ticket SUP-22475, but MT support refused to fix issue. Do you want to know what reason they gave? .......... Hello, There is...
by mikruser
Tue Feb 16, 2021 2:41 pm
Forum: General
Topic: L2TP/IPSec VPN performance on 1G links
Replies: 4
Views: 8629

Re: L2TP/IPSec VPN performance on 1G links

vikinggeek
Its known issue with Mikrotik RouterBoards: viewtopic.php?t=146665#p769858
You should contact technical support or replace hardware router to CHR.
by mikruser
Mon Feb 15, 2021 11:54 am
Forum: General
Topic: EOIP TCP problem
Replies: 17
Views: 4534

Re: EOIP TCP problem

this is a known problem with mikrotik routers on high latency links.
this has been discussed many times on the forum.
you must contact support.
by mikruser
Tue Feb 09, 2021 1:14 pm
Forum: RouterBOARD hardware
Topic: bridge hardware offload [SOLVED]
Replies: 2
Views: 2011

Re: bridge hardware offload [SOLVED]

Thanks, after set STP Protocol mode = none, hw offload is active.
by mikruser
Tue Feb 09, 2021 12:41 pm
Forum: RouterBOARD hardware
Topic: bridge hardware offload [SOLVED]
Replies: 2
Views: 2011

bridge hardware offload [SOLVED]

RB750Gr3, hardware offload enabled for bridge ports ether2 and ether3.
Why hardware offload is inactive?
image_750gr3_bridge.png
by mikruser
Fri Feb 05, 2021 5:54 pm
Forum: General
Topic: National letters in Winbox
Replies: 0
Views: 501

National letters in Winbox

Hello,

How to enter non-english letters to Winbox?
Tried copy-paste, but got ????????.??
by mikruser
Mon Feb 01, 2021 4:33 pm
Forum: General
Topic: ROS speed degrade on high-latency WAN
Replies: 4
Views: 1329

Re: ROS speed degrade on high-latency WAN

This topic not about IPsec.
Try without a tunnel.
1) do not use fasttrack
2) one side should be Tile (CCR) or ARM (RB3011)
3) both PC should be Windows
4) for testing: copy big file via shared folder
by mikruser
Sat Jan 30, 2021 12:15 pm
Forum: RouterBOARD hardware
Topic: MT support refused to fix issues
Replies: 15
Views: 3780

Re: MT support refused to fix issues

True, sometimes they answer "No, will not fix it until v7", or "will fix in the future" - and future is one year from now. One year - is still optimistic. Issue with CCR Ipsec packet reordering they fixes ~5 years (and for a long time did not even admit that there was a problem)...
by mikruser
Fri Jan 29, 2021 6:06 pm
Forum: RouterBOARD hardware
Topic: MT support refused to fix issues
Replies: 15
Views: 3780

Re: MT support refused to fix issues

blingblouw

this issue: viewtopic.php?f=2&t=171165

(and I very much suspect that my other problem is caused by the same reasons viewtopic.php?t=146665 )
by mikruser
Fri Jan 29, 2021 5:34 pm
Forum: RouterBOARD hardware
Topic: MT support refused to fix issues
Replies: 15
Views: 3780

Re: MT support refused to fix issues

Paternoot The way to do this is taking out everything that has nothing to do with the problem - a router with minimal configuration. I already wrote why this is impossible. I also tested on RB3011 with simple configuration and sent them the result, but they ignored it for contrived reasons. Usually ...
by mikruser
Fri Jan 29, 2021 1:26 pm
Forum: RouterBOARD hardware
Topic: MT support refused to fix issues
Replies: 15
Views: 3780

Re: MT support refused to fix issues

You do have a lot of other configuration on the device. Any router in real life have some configuration. Your routers are not designed for this? Do they only work with very basic configuration? Why then there is no warning about this on the site? We asked if you can test with basic config, you refu...
by mikruser
Fri Jan 29, 2021 1:08 pm
Forum: RouterBOARD hardware
Topic: MT support refused to fix issues
Replies: 15
Views: 3780

Re: MT support refused to fix issues

We have requested several things for you to test, but have not received results. I sent you everything I could. what other things do you want? Also, can you test the same installation with another, computer, cables, etc maybe you will read the entire conversation with technical support? I tested di...
by mikruser
Fri Jan 29, 2021 12:26 pm
Forum: RouterBOARD hardware
Topic: MT support refused to fix issues
Replies: 15
Views: 3780

Re: MT support refused to fix issues

SUP-37480
by mikruser
Fri Jan 29, 2021 12:21 pm
Forum: General
Topic: Slow speed through gre+ipsec tunnel
Replies: 15
Views: 10690

Re: Slow speed through gre+ipsec tunnel

KENYx120 Have same issue (support ticket SUP-3459) with IPSec between CCR1036 (ROS/ROB 6.44.6) and StrongSwan on CentOS 7 connected to 1Gbp/s links with 300Mbit/s ISP (download/upload) throughput. Latensy between sides abount 18.0ms. did you get a response from technical support? or did they refuse...
by mikruser
Fri Jan 29, 2021 12:06 pm
Forum: RouterBOARD hardware
Topic: MT support refused to fix issues
Replies: 15
Views: 3780

MT support refused to fix issues

What is MT technical support (https://help.mikrotik.com/servicedesk/servicedesk) for?
I created a request.
They simply refused to fix the problem and forcibly closed the request.
by mikruser
Mon Jan 25, 2021 1:36 pm
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 2736

Re: Decrease in software quality from mikrotik?

Yes, RouterOS has low quality. I also have some issues ( https://forum.mikrotik.com/viewtopic.php?f=2&t=171165 https://forum.mikrotik.com/viewtopic.php?t=146665 ) MT support is also very bad - they refuse to admit there is a problem. After replacing device to another vendor all problems disappea...
by mikruser
Fri Jan 22, 2021 6:14 pm
Forum: General
Topic: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]
Replies: 115
Views: 29893

Re: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]

pe1chl You are very inattentively reading what they write to you (or deliberately divert the conversation in the other direction). The system is characterized not by the error, but by the reaction to it. 1) a good company would remove the buggy firmware from Downloads ASAP (to minimize problems for ...
by mikruser
Fri Jan 22, 2021 11:28 am
Forum: General
Topic: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]
Replies: 115
Views: 29893

Re: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]

a MONTH(!!!) has passed since the bugged version 6.48 appeared! this version remains presented on the download page!
there are still no fixes!
in my opinion this is an EPIC FAIL!
such a company should leave the market.
by mikruser
Wed Jan 13, 2021 12:51 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 295
Views: 126857

Re: v6.48 [stable] is released!

Mountaineer I'm sticking to Long Term for future upgrades to any critical equipment. Mikrotik is not intended for use in any critical equipment or enterprise. Repeatedly spoken about this, for example https://forum.mikrotik.com/viewtopic.php?f=2&t=165391 Why hasn't this release been removed from...
by mikruser
Fri Jan 08, 2021 2:44 pm
Forum: General
Topic: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]
Replies: 115
Views: 29893

Re: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]

What about the story with "stable" version 6.48? They released a buggy version a week before the new year, and there is still no fix!
They haven't even removed it from the download page!
by mikruser
Mon Dec 28, 2020 5:51 pm
Forum: General
Topic: ROS speed degrade on high-latency WAN
Replies: 4
Views: 1329

Re: CCR1009 speed degrade on high-latency WAN

I tested also on RB3011 and it has the same problem: >iperf-2.0.14a-Dec14_20-win.exe -c x.x.x.x -w 1024K -e -i 1 -t 20 ------------------------------------------------------------ Client connecting to x.x.x.x, TCP port 5001 with pid 17972 (1 flows) Write buffer size: 131072 Byte TCP window size: 1.0...
by mikruser
Mon Dec 28, 2020 1:46 pm
Forum: General
Topic: ROS speed degrade on high-latency WAN
Replies: 4
Views: 1329

ROS speed degrade on high-latency WAN

Hello, I have WAN link 200Mbps to remote Windows server with latency 37 ms. With direct connected PC over WAN iperf show good speed in both directions: >iperf-2.0.14a-Dec14_20-win.exe -c x.x.x.x -w 1024K -e -i 1 -r ------------------------------------------------------------ Server listening on TCP ...
by mikruser
Sat Dec 26, 2020 12:56 am
Forum: RouterBOARD hardware
Topic: Why hAPac2 and RB3011 have identical ipsec test results?
Replies: 1
Views: 938

Why hAPac2 and RB3011 have identical ipsec test results?

Hello,
Why hAPac2 and RB3011 have identical ipsec test results?
https://mikrotik.com/product/hap_ac2#fndtn-testresults
https://mikrotik.com/product/RB3011UiAS ... estresults
hapac2_rb3011_ipsec_test_results.png
by mikruser
Thu Dec 24, 2020 11:17 pm
Forum: General
Topic: Slow speed through gre+ipsec tunnel
Replies: 15
Views: 10690

Re: Slow speed through gre+ipsec tunnel

Issue still not fixed on 6.48:
image_bwtest_tcp_ccr_648.png
mikrotik technical support is silent...
by mikruser
Thu Dec 24, 2020 5:45 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 295
Views: 126857

Re: v6.48 [stable] is released!

why are you upgrading to beta-version?
it has been repeatedly said that
"long-term" = Stable
"stable" = Beta
"testing" = Alpha
by mikruser
Wed Dec 23, 2020 12:50 am
Forum: General
Topic: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]
Replies: 115
Views: 29893

Re: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]

Mikrotik cannot be used in enterprise. Its only for home with low-speed wan. Its too bugged and have very poor support. For example - see CCR\GRE\IPSEC saga: https://forum.mikrotik.com/viewtopic.php?t=84465 https://forum.mikrotik.com/viewtopic.php?t=87892 https://forum.mikrotik.com/viewtopic.php?t=8...
by mikruser
Tue Dec 15, 2020 9:31 pm
Forum: General
Topic: OpenVPN Maximum Speed
Replies: 4
Views: 6503

Re: OpenVPN Maximum Speed

Only ipsec hardware accelerated, not openvpn. Avoid using openvpn.
by mikruser
Tue Dec 15, 2020 6:16 pm
Forum: General
Topic: 100% CPU usage at random times
Replies: 10
Views: 10214

Re: 100% CPU usage at random times

This is a widespread problem on older models. But Mikrotik team does not want to solve this problem (
viewtopic.php?t=56656
viewtopic.php?t=59185
by mikruser
Sun Dec 13, 2020 2:03 pm
Forum: Virtualization
Topic: Why RouterOS CHR and x86 use the same distribution package?
Replies: 5
Views: 7082

Re: Why RouterOS CHR and x86 use the same distribution package?

but distributions cannot be the same:
CHR should contain only virtual device drivers and VMware tools.
x86 should contain a large number of real device drivers.
by mikruser
Thu Dec 10, 2020 6:38 pm
Forum: Virtualization
Topic: Why RouterOS CHR and x86 use the same distribution package?
Replies: 5
Views: 7082

Why RouterOS CHR and x86 use the same distribution package?

Hello, Why RouterOS CHR and x86 use the same distribution package? https://mikrotik.com/download/ : x86 Main =https://download.mikrotik.com/routeros/6.47.8/routeros-x86-6.47.8.npk CHR Main=https://download.mikrotik.com/routeros/6.47.8/routeros-x86-6.47.8.npk x86 Extra =https://download.mikrotik.com/...
by mikruser
Fri Nov 27, 2020 8:16 pm
Forum: General
Topic: How does AutoMTU work for VPN tunnels?
Replies: 5
Views: 2039

Re: How does AutoMTU work for VPN tunnels?

6.47.8 still have this issue!
by mikruser
Fri Nov 27, 2020 8:13 pm
Forum: General
Topic: Why Mikrotik forcibly reset my password for forum account????
Replies: 1
Views: 535

Why Mikrotik forcibly reset my password for forum account????

Why Mikrotik forcibly reset my password for forum account????
I have been using this account for many years, and suddenly the password stopped working!
you have nothing else to do there ???
by mikruser
Thu Aug 13, 2020 1:42 pm
Forum: RouterBOARD hardware
Topic: CCR2004 : BGP Benchmarks
Replies: 43
Views: 24874

Re: CCR2004 : BGP Benchmarks

BGP Insertion (4xFullviews, ~3,2M routes) : 1. RB4011 : 3m45s 2. CCR2004 : 5m38s 3. CCR1016 : 10m09s 4. CCR1009 : 10m45s BGP Removal (4xFullviews, ~3,2M routes) : 1. CCR1016 : 3m18s 2. CCR1009 : 3m25s 3. RB4011 : 8m25s 4. CCR2004 : 19m58s SUGGESTION: These numbers also should be published on Test r...
by mikruser
Fri Aug 07, 2020 7:05 pm
Forum: General
Topic: Suggestion: Address List in Routes
Replies: 1
Views: 803

Suggestion: Address List in Routes

Hello,

please add ability to use Address List in Dst.Address in Routes
by mikruser
Wed Aug 05, 2020 2:42 pm
Forum: General
Topic: How does AutoMTU work for VPN tunnels?
Replies: 5
Views: 2039

Re: How does AutoMTU work for VPN tunnels?

Any ideas?
by mikruser
Tue Aug 04, 2020 3:48 pm
Forum: General
Topic: What TCP Congestion Control algorithm is used in Bandwidth Test-tcp?
Replies: 0
Views: 678

What TCP Congestion Control algorithm is used in Bandwidth Test-tcp?

Hello,

What TCP Congestion Control algorithm is used in Tools-Bandwidth Test-tcp?
by mikruser
Mon Aug 03, 2020 6:22 pm
Forum: RouterBOARD hardware
Topic: Why Mikrotik puts only 16MB flash on many devices? (not enough space for upgrade)
Replies: 16
Views: 5475

Re: Why Mikrotik puts only 16MB flash on many devices? (not enough space for upgrade)

Paternot
Can you provide proof that chip IPQ-4018 (and other) has a 16MB flash limitation?

krafg
I use System-Packages-Check for updates-Download&install
by mikruser
Mon Aug 03, 2020 5:35 pm
Forum: General
Topic: NetFlow. No longer showing NAT'd destination address - Something chnaged
Replies: 35
Views: 10810

Re: NetFlow. No longer showing NAT'd destination address - Something chnaged

I dont known why Mikrotik support talk about "NAT events". Answer from ManageEngine Netflow Analyzer developers: Hi , Mikrotik device do not send NAT information in the netflow packets. If the device can send NAT information over the flows, we will be able to show you the details. How happ...
by mikruser
Mon Aug 03, 2020 4:35 pm
Forum: RouterBOARD hardware
Topic: Why Mikrotik puts only 16MB flash on many devices? (not enough space for upgrade)
Replies: 16
Views: 5475

Re: Why Mikrotik puts only 16MB flash on many devices? (not enough space for upgrade)

>>If you could remove packages, it means you put them there. Yes, i always install Extra packages zip from https://mikrotik.com/download >>I can just suggest that you do not install extra packages on small NAND devices. In this case remove Extra packages zip for these devices from https://mikrotik....
by mikruser
Mon Aug 03, 2020 12:14 pm
Forum: RouterBOARD hardware
Topic: Why Mikrotik puts only 16MB flash on many devices? (not enough space for upgrade)
Replies: 16
Views: 5475

Re: Why Mikrotik puts only 16MB flash on many devices? (not enough space for upgrade)

I already solving this issue by deleting unused packages via System-Packages-Uninstall.

but that doesn't remove the question of why you're saving 50 cents on the cost of creating problems for users.
by mikruser
Mon Aug 03, 2020 12:00 pm
Forum: General
Topic: NetFlow. No longer showing NAT'd destination address - Something chnaged
Replies: 35
Views: 10810

Re: NetFlow. No longer showing NAT'd destination address - Something chnaged

Chupaka I think you should ask Netflow Analyzer if they support necessary fields I asked Mikrotik support. First they blamed the analyzing software, but then they admitted: we currently don't have NAT events available in current stable/long-term releases. We are working to implement the support for...
by mikruser
Mon Aug 03, 2020 12:17 am
Forum: General
Topic: L2TP not connecting on Windows client
Replies: 6
Views: 11825

Re: L2TP not connecting on Windows client

Set these values:
Proposal: aes-128cbc/sha1/modp1024
Profile: sha1/aes-128/ecp256
by mikruser
Mon Aug 03, 2020 12:01 am
Forum: RouterBOARD hardware
Topic: Why Mikrotik puts only 16MB flash on many devices? (not enough space for upgrade)
Replies: 16
Views: 5475

Why Mikrotik puts only 16MB flash on many devices? (not enough space for upgrade)

32/64MB chips are very very cheap, but Mikrotik puts only 16MB. Why???
On hEX, hAPac2 i get errors:
system, error: not enough space for upgrade
by mikruser
Sat Aug 01, 2020 10:40 pm
Forum: RouterBOARD hardware
Topic: Question about IPsec test results
Replies: 4
Views: 2331

Re: Question about IPsec test results

floaty
in a stream-cipher with an pre-shared or diffie-hellman'ed key, should the cpu-load for de- & encrypt pretty much the same
No. In aes-cbc mode decryption is much faster than encryption.
by mikruser
Sat Aug 01, 2020 5:50 pm
Forum: General
Topic: Suggestion: redesign Tools-Profile in Winbox
Replies: 2
Views: 1236

Re: Suggestion: redesign Tools-Profile in Winbox

no problem. this compact table may fit on full-hd screen even with CCR1072.

(currently many-rows table should have 1008 rows for 13 services on 72 cores. it doesn't fit on any monitors)
by mikruser
Sat Aug 01, 2020 4:38 am
Forum: General
Topic: Suggestion: redesign Tools-Profile in Winbox
Replies: 2
Views: 1236

Suggestion: redesign Tools-Profile in Winbox

Hello,
Instead of many-rows table
image_profile.png
you can use this compact and more informative table:
image_profile_suggestion.png
by mikruser
Thu Jul 30, 2020 1:56 pm
Forum: RouterBOARD hardware
Topic: Question about IPsec test results
Replies: 4
Views: 2331

Question about IPsec test results

Hello,

https://mikrotik.com/product/RB3011UiAS ... estresults
https://mikrotik.com/product/CCR1009-7G ... estresults

these IPsec test results throughput are for encryption or for decryption?
by mikruser
Wed Jul 22, 2020 3:04 pm
Forum: General
Topic: Rename Address-List
Replies: 5
Views: 5760

Re: Rename Address-List

changeip
your code do not work.

Also have this question - how to rename address list via Winbox?
by mikruser
Sun Jul 19, 2020 1:20 pm
Forum: General
Topic: How to set Pref.Source for dynamic routes?
Replies: 1
Views: 947

How to set Pref.Source for dynamic routes?

Hello,
How to set Pref.Source for dynamic routes type DAS (dynamic active static)? (for example pptp/l2tp/sstp)
by mikruser
Wed Jul 15, 2020 11:29 pm
Forum: General
Topic: Slow speed through gre+ipsec tunnel
Replies: 15
Views: 10690

Re: Slow speed through gre+ipsec tunnel

Issue is still observed on 6.47.1:
image_bwtest_tcp_ccr_6471.png
first graph - test from ccr to chr public ip
second graph - test from ccr to chr private ip (via tunnel)
by mikruser
Tue Jul 14, 2020 7:10 pm
Forum: General
Topic: Why Mikrotik OVPN Server do not support AES-128-GCM cipher?
Replies: 0
Views: 811

Why Mikrotik OVPN Server do not support AES-128-GCM cipher?

Hello,

Why Mikrotik OVPN Server do not support AES-128-GCM cipher?
by mikruser
Mon Jul 13, 2020 12:04 pm
Forum: General
Topic: Feature Request for Bandwidth Test
Replies: 0
Views: 668

Feature Request for Bandwidth Test

Hello,

Please add to Bandwidth Test:

TCP Retransmissions count and %
out-of-order packets count and %
duplicate packets count and %
fix Lost Packets info for correct results
more protocols for test (example: gre, sctp)
interface selection for the test
by mikruser
Fri Jul 10, 2020 1:50 pm
Forum: General
Topic: Why UDP Bandwidth Test always show Lost Packets = 0?
Replies: 4
Views: 2406

Re: Why UDP Bandwidth Test always show Lost Packets = 0?

So you say that the mikrotik developers created a fake Bandwidth Test udp with a fake "Lost Packets" field?
by mikruser
Fri Jul 10, 2020 12:11 pm
Forum: General
Topic: Why UDP Bandwidth Test always show Lost Packets = 0?
Replies: 4
Views: 2406

Why UDP Bandwidth Test always show Lost Packets = 0?

Hello,

I already tested the channels using tcp test: viewtopic.php?f=2&t=163469
and the results looks like there are packet loss.
But why UDP Bandwidth Test do not show packet loss?
by mikruser
Fri Jul 10, 2020 12:52 am
Forum: General
Topic: Strange TCP Bandwidth Test
Replies: 1
Views: 1123

Strange TCP Bandwidth Test

Hello,

Why TCP Bandwidth Test is sawtooth graph?

To 100M ISP1 WAN link:
image_bwtest_tcp_100M.png
To 200M ISP2 WAN link:
image_bwtest_tcp_200M.png

UDP test perfectly smooth with 0 lost packets even at full link speed.
by mikruser
Thu Jul 09, 2020 8:30 pm
Forum: General
Topic: Feature Request: IPerf
Replies: 70
Views: 23975

Re: Feature Request: IPerf

+1 for iperf with charts
by mikruser
Thu Jul 09, 2020 4:36 pm
Forum: General
Topic: Is it possible to use source based routing without Mangle?
Replies: 16
Views: 7301

Re: Is it possible to use source based routing without Mangle?

Now I'm using this Mangle rule:
add action=mark-routing chain=prerouting dst-address-list=!LAN_private new-routing-mark=to_ISP3 passthrough=no src-address=192.168.0.1
by mikruser
Thu Jul 09, 2020 2:55 pm
Forum: General
Topic: Is it possible to use source based routing without Mangle?
Replies: 16
Views: 7301

Re: Is it possible to use source based routing without Mangle?

I already wrote what I want - I need the default route for packets from 192.168.0.1
by mikruser
Thu Jul 09, 2020 2:25 pm
Forum: General
Topic: ipv4 neighbor table overflow
Replies: 11
Views: 17383

Re: ipv4 neighbor table overflow

I also have this issuue! (CHR v6.45.9)
by mikruser
Thu Jul 09, 2020 1:23 pm
Forum: General
Topic: Is it possible to use source based routing without Mangle?
Replies: 16
Views: 7301

Re: Is it possible to use source based routing without Mangle?

in this case, the use of Route Rules is not suitable, and I am forced to use the mangle.
by mikruser
Thu Jul 09, 2020 1:13 pm
Forum: General
Topic: Is it possible to use source based routing without Mangle?
Replies: 16
Views: 7301

Re: Is it possible to use source based routing without Mangle?

see my first message with image - I need default route with source based routing.
by mikruser
Thu Jul 09, 2020 12:23 pm
Forum: General
Topic: Is it possible to use source based routing without Mangle?
Replies: 16
Views: 7301

Re: Is it possible to use source based routing without Mangle?

but routing rule doesn't work as expected with the default route (dst.address=0.0.0.0/0). I expected to see specific routes (in Routes tab in main table) first, and only if no specific route is found will the default route rule be used. but this rule sends absolutely all packets from 192.168.0.1 to ...
by mikruser
Wed Jul 08, 2020 11:33 pm
Forum: General
Topic: How to create multichannel VPN tunnel?
Replies: 6
Views: 2097

Re: How to create multichannel VPN tunnel?

In that case, why I do not get a speed boost (through using SMB Multichannel) when I copy a file through a tunnel?
by mikruser
Wed Jul 08, 2020 11:18 pm
Forum: General
Topic: Is it possible to use source based routing without Mangle?
Replies: 16
Views: 7301

Re: Is it possible to use source based routing without Mangle?

Mikrotik Wiki do not have information about "Rules" tab settings for unknown reasons (https://wiki.mikrotik.com/wiki/Manual:IP/Route)
can you give more information?
by mikruser
Wed Jul 08, 2020 10:54 pm
Forum: General
Topic: Is it possible to use source based routing without Mangle?
Replies: 16
Views: 7301

Is it possible to use source based routing without Mangle?

Hello,

Is it possible to use source based routing without Mangle and marking?
I just need to add a field "Src.Address" to the standard Route form:
image_source_based_routing.png
by mikruser
Wed Jul 08, 2020 4:42 pm
Forum: RouterBOARD hardware
Topic: Fancon IRQ
Replies: 7
Views: 3190

Fancon IRQ

Hello,

is it normal for a Fancon to generate so many IRQ? ~1400 per "tick".
image_fancon_irq_ccr.png

CCR1009, v6.47
by mikruser
Tue Jul 07, 2020 9:07 pm
Forum: General
Topic: How to create multichannel VPN tunnel?
Replies: 6
Views: 2097

Re: How to create multichannel VPN tunnel?

>>you may try to spread the traffic among multiple tunnels but many tunnels will require many public ip-addresses... and I may need 8 or 16 connections to fully utilize wan link... maybe there's a way to create tunnels not on different ip-addresses, but on different ports of the same address? >>You...
by mikruser
Tue Jul 07, 2020 4:46 pm
Forum: General
Topic: How to create multichannel VPN tunnel?
Replies: 6
Views: 2097

How to create multichannel VPN tunnel?

Hello, We have two offices connected via high latency high speed WAN links. This WAN links show good speed only with multiple connections. Offices connected via GRE+Ipsec tunnel. For file copy we use Windows10 PC's with network adapter that support Receive Side Scaling (RSS) and SMB Multichannel (4 ...
by mikruser
Sat Jul 04, 2020 12:30 am
Forum: Wireless Networking
Topic: hap ac2 do not see my AP in 5GHz band
Replies: 1
Views: 1150

hap ac2 do not see my AP in 5GHz band

Hello,
I have WiFi on Ubiquiti AP Pro (one SSID on 2.4 and 5GHz).
Any device work without problem on both band.
But Mikrotik hap ac2 (station mode) do not see my SSID on 5 GHz band.
Why?
by mikruser
Fri Jul 03, 2020 3:51 pm
Forum: General
Topic: Suggestion: Ethernet Cable Test analog signal information
Replies: 2
Views: 1009

Suggestion: Ethernet Cable Test analog signal information

Hello,
Please add to Ethernet Cable Test analog signal information like signal strength, signal-to-noise ratio, etc. for each pair. (like Fluke tester)
by mikruser
Thu Jul 02, 2020 7:15 pm
Forum: General
Topic: How do you check some port for availability from a router?
Replies: 7
Views: 9079

Re: How do you check some port for availability from a router?

that you don't understand?
You're on a mikrotik router (for example via winbox).
Now you need to check for port availability at some address (for example 1.2.3.4:945 or 5.6.7.8:1843)
by mikruser
Thu Jul 02, 2020 4:47 pm
Forum: General
Topic: How do you check some port for availability from a router?
Replies: 7
Views: 9079

Re: How do you check some port for availability from a router?

You do not understand the question.
by mikruser
Thu Jul 02, 2020 3:40 pm
Forum: General
Topic: How do you check some port for availability from a router?
Replies: 7
Views: 9079

How do you check some port for availability from a router?

Hello,

how do you check some ip:port for availability from a mikrotik router?
by mikruser
Tue May 19, 2020 5:23 pm
Forum: General
Topic: Why hashing done in software?
Replies: 0
Views: 780

Why hashing done in software?

Hello,

https://wiki.mikrotik.com/wiki/Manual:I ... celeration
x86 (AES-NI) ***
*** AES-CBC and AES-CTR only encryption is accelerated, hashing done in software.


Why hashing is not hardware accelerated?
AMD CPU support SHA extensions: https://en.wikipedia.org/wiki/Intel_SHA_extensions
by mikruser
Thu May 07, 2020 1:11 am
Forum: General
Topic: High CPU usage
Replies: 6
Views: 2385

Re: High CPU usage

I know what's loading the CPU.
My question is, why so much?
One EPYC Rome core can do 1.7 GBytes/s AES encryption.
Two cores can 2*1.7*8=27 Gbits/s
My traffic is very small, only 0.5 Gbit/s
CPU load caused by encryption should be lower than 2%
by mikruser
Wed May 06, 2020 4:59 pm
Forum: General
Topic: High CPU usage
Replies: 6
Views: 2385

High CPU usage

Hello,

I have ESXi 6.7U3 host with AMD EPYC 7502P processor, and VM (2 vCPU) with CHR 6.45.8
On CHR created vpn-tunnel GRE+IPsec (aes-128 ctr sha1)

When i do vMotion via this tunnel at speed 500 Mbit/s, this cause VM CPU usage 45%

Why CPU usage so high?
by mikruser
Thu Apr 23, 2020 2:06 am
Forum: General
Topic: FEATURE REQUEST: Dynamically created VPN+routes (each to each)
Replies: 1
Views: 1530

FEATURE REQUEST: Dynamically created VPN+routes (each to each)

For example - you have multiple offices: HQ-office and branch-offices, each office have piblic IP and private subnet. Very simple solution: HQ-office Mikrotik (master) and branch-offices Mikrotik (slave) have this table: public_ip, private_subnet 1.1.1.1, 192.168.1.0/24 2.2.2.2, 192.168.2.0/24 ........
by mikruser
Thu Feb 13, 2020 7:31 pm
Forum: General
Topic: Suggestion: view packets on Rule
Replies: 0
Views: 1833

Suggestion: view packets on Rule

Hello,

Please add button "View packets" (like Torch or Sniffer) on Rule Statistics tab!
by mikruser
Fri Jan 31, 2020 6:17 pm
Forum: General
Topic: How to disable promiscuous mode?
Replies: 2
Views: 1877

How to disable promiscuous mode?

Hello,
How to disable promiscuous mode on ether1?
by mikruser
Wed Jan 29, 2020 12:57 pm
Forum: Announcements
Topic: v6.45.8 [long-term] is released!
Replies: 86
Views: 91244

Re: v6.45.8 [long-term] is released!

there are no other versions between them
Image_.png
by mikruser
Wed Jan 29, 2020 11:48 am
Forum: Announcements
Topic: v6.45.8 [long-term] is released!
Replies: 86
Views: 91244

Re: v6.45.8 [long-term] is released!

>>Changes since 6.45.7
previous version was 6.44.6
by mikruser
Tue Jan 28, 2020 5:53 pm
Forum: General
Topic: NetFlow. No longer showing NAT'd destination address - Something chnaged
Replies: 35
Views: 10810

Re: NetFlow. No longer showing NAT'd destination address - Something chnaged

I have same issue as described in mdpeterman first post.
NetFlow Analyzer -> Inventory -> Devices-> SomeRouter -> InternalInterface -> Destination (OUT)
shows me external public IP instead of internal private ip-addresses
by mikruser
Tue Jan 28, 2020 5:37 pm
Forum: General
Topic: NetFlow. No longer showing NAT'd destination address - Something chnaged
Replies: 35
Views: 10810

Re: NetFlow. No longer showing NAT'd destination address - Something chnaged

maybe you do not understand my message?

I also have this issue
by mikruser
Tue Jan 28, 2020 12:11 pm
Forum: General
Topic: NetFlow. No longer showing NAT'd destination address - Something chnaged
Replies: 35
Views: 10810

Re: NetFlow. No longer showing NAT'd destination address - Something chnaged

all of these items are already selected by default
by mikruser
Mon Jan 27, 2020 1:54 pm
Forum: General
Topic: NetFlow. No longer showing NAT'd destination address - Something chnaged
Replies: 35
Views: 10810

Re: NetFlow. No longer showing NAT'd destination address - Something chnaged

Also have this issue!

6.44.6, Traffic Flow Version: 9

How to fix it?
by mikruser
Tue Jan 21, 2020 4:28 pm
Forum: General
Topic: GRE issues with dual WAN
Replies: 4
Views: 1638

Re: GRE issues with dual WAN

why did the router send packets from the wrong interface

I do not see your config.
maybe you do not have the necessary mangle output rules,or maybe you do not have the necessary route rules...
by mikruser
Mon Jan 20, 2020 8:04 pm
Forum: General
Topic: GRE issues with dual WAN
Replies: 4
Views: 1638

Re: GRE issues with dual WAN

You should exclude PublicIP-to-PublicIP connections from NAT'ing
by mikruser
Wed Jan 15, 2020 12:31 pm
Forum: General
Topic: TCP congestion Illinos
Replies: 5
Views: 1872

Re: TCP congestion Illinos

havrla
illinos is very super for fast and long lines. (VDSL, WIFI, )

"Westwood" is much better:
aed1d4d480366a904cf94a6f3977b383.png
by mikruser
Sun Jan 12, 2020 10:52 pm
Forum: Beginner Basics
Topic: TCP port forward doesnt work
Replies: 16
Views: 5939

Re: TCP port forward doesnt work

don't listen to noobs, you no need add public ip to nat rule.

you need add firewall rule:
accept
forward
dst.address=your internal ip
protocol=tcp
dst.port=your internal port
by mikruser
Sun Jan 12, 2020 6:11 pm
Forum: General
Topic: Why MT Wiki contains incomplete information?
Replies: 2
Views: 899

Why MT Wiki contains incomplete information?

for example https://wiki.mikrotik.com/wiki/Manual:IP/Route
do not have information about "Rules" tab settings.
by mikruser
Fri Jan 10, 2020 6:27 pm
Forum: General
Topic: Why gre+ipsec tunnel always use default proposal?
Replies: 3
Views: 1150

Re: Why gre+ipsec tunnel always use default proposal?

Because it doesn't work as you think. Proposal is linked to policy and policy is linked to peer. Not the other way around. So what you created just sits there and does nothing, because automatically created peer won't use it. You are wrong. Dynamic policies are generated from a template policy: htt...
by mikruser
Fri Jan 10, 2020 5:49 pm
Forum: General
Topic: Why gre+ipsec tunnel always use default proposal?
Replies: 3
Views: 1150

Why gre+ipsec tunnel always use default proposal?

Hello,

I have multiple gre-tunnels with ipsec secret enabled. In gre-tunnel i cannot select custom ipsec proposal.
I created custom IPsec Policy Template (priority#0) for Protocol:47 and custom proposal, but my gre-tunnels still use default proposal.

Why?
by mikruser
Thu Jan 09, 2020 1:33 pm
Forum: General
Topic: ipsec established, but gre tunnel not
Replies: 6
Views: 2161

Re: ipsec established, but gre tunnel not

yeahbunin
read my previous message
by mikruser
Thu Jan 02, 2020 8:12 pm
Forum: General
Topic: Port Forwarding doesn't forward
Replies: 4
Views: 1341

Re: Port Forwarding doesn't forward

>>add action=accept chain=forward dst-port=65022 protocol=tcp

you need change port to 22
by mikruser
Thu Jan 02, 2020 4:10 pm
Forum: General
Topic: ipsec established, but gre tunnel not
Replies: 6
Views: 2161

Re: ipsec established, but gre tunnel not

>>Have you specified local and remote addresses of GRE on both routers?
Yes

>>Do you allow proper protocols to pass firewall?
Yes, full access for these addresses (without "IPsec Secret" gre-tunnel link up successfully).

I think this is a bug in ROS...
by mikruser
Thu Jan 02, 2020 9:09 am
Forum: General
Topic: ipsec established, but gre tunnel not
Replies: 6
Views: 2161

ipsec established, but gre tunnel not

Hello, I created GRE tunnel (with IPsec Sercret) between CCR and CHR. (6.44.6) 1) policy created dynamically successfully (ph2 state established) 2) peer created dynamically successfully 3) identities created dynamically successfully 4) remote peers and installed sa created dynamically successfully ...
by mikruser
Thu Dec 26, 2019 6:45 pm
Forum: General
Topic: How to see %lost datagrams of VPN tunnel?
Replies: 0
Views: 1006

How to see %lost datagrams of VPN tunnel?

Hello,
Is it possible to see in Winbox %lost datagrams related to outer (connectionless/stateless) protocol of VPN tunnel?
by mikruser
Thu Dec 12, 2019 1:08 pm
Forum: General
Topic: How does AutoMTU work for VPN tunnels?
Replies: 5
Views: 2039

How does AutoMTU work for VPN tunnels?

Hello,

How does AutoMTU (Actual MTU) work for VPN tunnels?

For example: i have gre+ipsec tunnels sha1/aes-128 ctr

CCR1009(AMTU1446)----(AMTU1434)RB3011

CCR1009(AMTU1446)----(AMTU1434)hAPac2

Why MTU is different on both sides?
by mikruser
Wed Dec 04, 2019 4:23 pm
Forum: RouterBOARD hardware
Topic: MikroTik MQS
Replies: 35
Views: 14552

Re: MikroTik MQS

Where can I download admin guide with a detailed description of all settings?
by mikruser
Mon Dec 02, 2019 4:37 pm
Forum: General
Topic: How to set priorities for the encryption algorithms in the default IPsec proposal?
Replies: 0
Views: 873

How to set priorities for the encryption algorithms in the default IPsec proposal?

Hello,

How to set priorities for the encryption algorithms in the default IPsec proposal?

I have "aes-128 cbc" and "aes-128 ctr" selected, and need now set priority1 to ctr, and priority2 to cbc.
by mikruser
Thu Nov 28, 2019 2:09 pm
Forum: General
Topic: How to select interface in Bandwidth Test tool?
Replies: 1
Views: 1199

How to select interface in Bandwidth Test tool?

Hello,
I have router with 3 WAN interfaces.
How to select interface in Bandwidth Test tool? (like in Traceroute tool)
Image_mikr_bt.png
by mikruser
Wed Nov 27, 2019 5:41 pm
Forum: RouterBOARD hardware
Topic: can't login to MQS [SOLVED]
Replies: 3
Views: 16420

Re: can't login to MQS [SOLVED]

Ok, it works...

but this is a very inconvenient setup method.

please add ability to configure through USB!
by mikruser
Wed Nov 27, 2019 5:30 pm
Forum: RouterBOARD hardware
Topic: can't login to MQS [SOLVED]
Replies: 3
Views: 16420

can't login to MQS [SOLVED]

I'm trying login to MQS as described in https://i.mt.lv/cdn/rb_files/1572339613 ... %20web.pdf
but no success
I can connect to wireless network RBMQS_AP1, but computer can't get ip address.
I'm trying reset MQS, but no success.
by mikruser
Sat Nov 23, 2019 5:43 pm
Forum: General
Topic: Block a huge list of IP-addresses [SOLVED]
Replies: 17
Views: 15322

Re: Block a huge list of IP-addresses [SOLVED]

use blackhole route
by mikruser
Fri Nov 22, 2019 5:33 pm
Forum: General
Topic: Feature request: Virtual Interface
Replies: 36
Views: 10490

Re: Feature request: Virtual Interface

Any news about implementing this feature (VI)?

ISP gave me an additional IP-address on a different subnet.
Now i need create additional (virtual) interface on ether1. MAC address must be different.
by mikruser
Fri Nov 01, 2019 3:10 pm
Forum: General
Topic: Suggestion: VPN over ICMP
Replies: 3
Views: 2282

Re: Suggestion: VPN over ICMP

Absolutely incorrect.
Normal providers do not touch transit icmp traffic.
by mikruser
Fri Oct 25, 2019 5:36 pm
Forum: General
Topic: What type of tunnel should be used in this case?
Replies: 1
Views: 875

What type of tunnel should be used in this case?

Hello, What type of vpn tunnel should be used in this case: 1) server and clients are Mikrotik routers. 2) server have public ip address. 3) all clients have private ip addresses (behind nat). 4) some clients behind same nat (l2tp+ipsec do not work in this case). 5) MPPE encryption or certificates s...
by mikruser
Fri Oct 25, 2019 2:17 pm
Forum: General
Topic: Bug
Replies: 5
Views: 1213

Re: Bug

mikrotik's "stable" = beta version in real life
by mikruser
Fri Oct 25, 2019 12:25 pm
Forum: General
Topic: Bug
Replies: 5
Views: 1213

Re: Bug

6.44.5
by mikruser
Thu Oct 24, 2019 7:48 pm
Forum: General
Topic: Bug
Replies: 5
Views: 1213

Bug

Interface lte1 - General - APN Profile:
this setting is not remembered between reboots
by mikruser
Tue Oct 15, 2019 1:18 pm
Forum: RouterBOARD hardware
Topic: New High Performance Routers ! ?
Replies: 85
Views: 25955

Re: New High Performance Routers ! ?

doneware NAT - is not really a CPU intensive process but in real life author writes something else: doush Router only does NAT and nothing else. CCR1072 CPU consumption is %50 with 18gbit/s total throuput + firewall + NAT plus some cores hitting %80. doneware using a dedicated CPU instruction set (...
by mikruser
Sat Oct 12, 2019 8:58 pm
Forum: RouterBOARD hardware
Topic: New High Performance Routers ! ?
Replies: 85
Views: 25955

Re: New High Performance Routers ! ?

I am very surprised that Mikrotik does not use hardware NAT'ing.
by mikruser
Wed Aug 28, 2019 12:07 am
Forum: General
Topic: Suggestion: VPN over ICMP
Replies: 3
Views: 2282

Suggestion: VPN over ICMP

Hello,
Please implement VPN over ICMP (ICMP Tunnel)
(it can be very useful in some countries with a totalitarian regime)))
by mikruser
Sun Aug 04, 2019 7:41 pm
Forum: RouterBOARD hardware
Topic: GPeR question
Replies: 23
Views: 10151

Re: GPeR question

normis
Tue Jul 30, 2019 9:57 am
The GPER is a passive device that connects wires together, you can call it Layer1. This is not really a hub.

normis
Fri Aug 02, 2019 3:14 pm
Yes, there is a basic switch chip inside.


Two completely different answers.
You are Dr Jekyll and Mr Hyde??
by mikruser
Thu Aug 01, 2019 12:39 pm
Forum: RouterBOARD hardware
Topic: GPeR question
Replies: 23
Views: 10151

Re: GPeR question

If GPER is just a passive device that connects wires together, then the price is perplexing (50% of Raspberry Pi 4 computer)
by mikruser
Mon Jul 29, 2019 10:31 pm
Forum: RouterBOARD hardware
Topic: GPeR question
Replies: 23
Views: 10151

Re: GPeR question

1) Of course it matters (and two port has nothing to do with it)
2) ???
3) Ok
by mikruser
Mon Jul 29, 2019 12:20 pm
Forum: RouterBOARD hardware
Topic: GPeR question
Replies: 23
Views: 10151

GPeR question

Hello,
1) at what OSI layer this device work? at L1 like hub, or at L2 like switch?
2) what delay does this device add?
3) why distance is limited to 1500 m?
by mikruser
Tue Jun 11, 2019 1:03 pm
Forum: General
Topic: SNMP traffic monitoring bug
Replies: 2
Views: 1053

SNMP traffic monitoring bug

Hello,

CHR 6.44.2
PRTG Network Monitor SNMP Traffic sensor

When i copy file via gigabit adapter, SNMP sensor show only 430 Mbit/s

This is a bug in Mikrotik SNMP or in PRTG?
Image1_snmp_.png
by mikruser
Tue Apr 23, 2019 1:38 pm
Forum: General
Topic: Suggestion: Protocols for Bandwidth Test
Replies: 0
Views: 890

Suggestion: Protocols for Bandwidth Test

Hello,

please add not only udp and tcp, but also protocols 4, 47, 50.
by mikruser
Fri Mar 22, 2019 12:08 pm
Forum: General
Topic: GRE over IPSEC, CCR, VERY SLOW
Replies: 39
Views: 23567

Re: GRE over IPSEC, CCR, VERY SLOW

GRE+IPsec still slow:
viewtopic.php?f=2&t=146665
by mikruser
Mon Mar 18, 2019 6:49 pm
Forum: General
Topic: Slow speed through gre+ipsec tunnel
Replies: 15
Views: 10690

Slow speed through gre+ipsec tunnel

Hello, CHR, 6.44.1, 2 vcpu Xeon Gold CCR1009, 6.44.1 WAN with 45 ms latency [CHR]---wan(tunnel gre+ipsec)wan---[CCR1009] aes128cbc/sha1, Actual MTU = 1426 (Auto) OR aes128ctr/sha1, Actual MTU = 1446 (Auto) Bandwidth Test on CHR to CCR (tcp, receive, 1 connection): between public ip = up to 300 Mbps ...
by mikruser
Mon Mar 18, 2019 5:53 pm
Forum: General
Topic: Please add the ability to choose Proposal
Replies: 12
Views: 4509

Re: Please add the ability to choose Proposal

All my tunnels are configured with IPsec Secret enabled, and I will not change it.

We simply need the ability to choose Proposal for each tunnel.
by mikruser
Mon Mar 18, 2019 4:45 pm
Forum: General
Topic: Please add the ability to choose Proposal
Replies: 12
Views: 4509

Re: Please add the ability to choose Proposal

I still do not see any real benefit of your request. It literally takes 2 seconds to change proposal value for your policies to a different one. /ip ipsec proposal add name=newproposal copy-from=default /ip ipsec policy set [find proposal=default] proposal=newproposal I was just posting this exact ...
by mikruser
Thu Mar 07, 2019 12:19 pm
Forum: General
Topic: Why AES CTR is not hardware accelerated on the CHR?
Replies: 1
Views: 771

Why AES CTR is not hardware accelerated on the CHR?

Hello,

Why AES CTR is not hardware accelerated on the CHR?
Image_chr_.png
by mikruser
Mon Mar 04, 2019 11:58 am
Forum: General
Topic: Does the System\Watchdog on the CHR make sense?
Replies: 0
Views: 699

Does the System\Watchdog on the CHR make sense?

Hello,

Does the System\Watchdog on the CHR make sense?
Can he restart the VM if CHR hangs?
by mikruser
Thu Feb 21, 2019 11:49 am
Forum: General
Topic: vlan question
Replies: 6
Views: 1553

Re: vlan question

but I don't want to create additional vlan interfaces
by mikruser
Thu Feb 21, 2019 11:25 am
Forum: General
Topic: vlan question
Replies: 6
Views: 1553

Re: vlan question

I can not merge bridges, because bridges have different ip-addresses and dhcp-servers on them.
by mikruser
Wed Feb 13, 2019 6:23 pm
Forum: General
Topic: vlan question
Replies: 6
Views: 1553

vlan question

Hello, We have routerboard with ether2 and ether3 - in bridge1 ether4 and ether5 - in bridge2 now we need special port ether6 which should be a member of both bridges, but in bridge1 as untagged default vlan (vlan1), and in bridge2 as tagged vlan2. This is can be done very simply on a managed switch...
by mikruser
Fri Feb 08, 2019 5:01 pm
Forum: General
Topic: Why Fast Path not supported with hardware accelerated IPsec?
Replies: 3
Views: 1759

Why Fast Path not supported with hardware accelerated IPsec?

Hello,

Why Fast Path not supported with hardware accelerated IPsec?
by mikruser
Mon Jan 21, 2019 11:12 am
Forum: General
Topic: restore to different hardware
Replies: 5
Views: 1577

Re: restore to different hardware

I see a very large number of messages
expected end of command

looking at all, export/import procedure is very bugged on Mikrotik
by mikruser
Mon Jan 21, 2019 10:42 am
Forum: General
Topic: restore to different hardware
Replies: 5
Views: 1577

Re: restore to different hardware

but cli command /import do not work:

expected end of command (line 24 column 26)
by mikruser
Fri Jan 18, 2019 6:28 pm
Forum: General
Topic: restore to different hardware
Replies: 5
Views: 1577

restore to different hardware

How to copy configuration from router1 to router2 (different hardware)?
I see this post: viewtopic.php?t=115073
My question: how to export and import via Winbox GUI? (not via terminal cli!)
by mikruser
Tue Jan 15, 2019 11:35 am
Forum: General
Topic: Suggestion: drag and drop rules between routers
Replies: 1
Views: 1261

Suggestion: drag and drop rules between routers

Hello,

please add the ability to drag and drop (copy) rules (and other stuff) from one Winbox window to another Winbox window.
by mikruser
Thu Dec 27, 2018 11:41 am
Forum: General
Topic: Cannot connect to L2TP server from Windows 7: no suitable proposal found [SOLVED]
Replies: 3
Views: 4327

Re: Cannot connect to L2TP server from Windows 7: no suitable proposal found [SOLVED]

in case there is NAT between server and client: google "AssumeUDPEncapsulationContextOnSendRule"
Thanks, it helped!
by mikruser
Thu Dec 27, 2018 10:50 am
Forum: General
Topic: Cannot connect to L2TP server from Windows 7: no suitable proposal found [SOLVED]
Replies: 3
Views: 4327

Cannot connect to L2TP server from Windows 7: no suitable proposal found [SOLVED]

Hello, CCR1009, 6.43.8 cannot connect to L2TP server from Windows 7 and Windows 2008 R2. ipsec, error no suitable proposal found. ipsec, error x.x.x.x failed to get valid proposal. ipsec, error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1). ipsec, error x.x.x.x phase1 negotiation fail...
by mikruser
Tue Dec 25, 2018 12:51 pm
Forum: General
Topic: Question about IKE2
Replies: 0
Views: 697

Question about IKE2

What types of authentication does Mikrotik router support with Windows client?
Only "Use machine certificates"? Or also "Use EAP"?
by mikruser
Mon Dec 17, 2018 10:22 am
Forum: General
Topic: Ipsec peers
Replies: 0
Views: 727

Ipsec peers

Hello, I already have several ipsec peers with unique ip addresses (it is used for l2tp/ipsec site-to-site vpn's). Now I need to make a IKEv2 server for incoming connections from remote notebooks. For this i need to create ipsec peer with address 0.0.0.0/0. Is it possible to use this peer with other...
by mikruser
Tue Nov 27, 2018 3:57 pm
Forum: General
Topic: Backup/restore without mac-addresses
Replies: 2
Views: 1974

Re: Backup/restore without mac-addresses

My question about Backup/Restore

(Import/Export do not work on my devices)
by mikruser
Tue Nov 27, 2018 3:39 pm
Forum: General
Topic: Backup/restore without mac-addresses
Replies: 2
Views: 1974

Backup/restore without mac-addresses

Hello,

How to backup config without mac-addresses?
or how to restore config without changing mac-addresses?
by mikruser
Tue Nov 27, 2018 11:51 am
Forum: General
Topic: Backup/ Restore issue and duplicating Ethernet MAC address [SOLVED]
Replies: 4
Views: 5815

Re: Backup/ Restore issue and duplicating Ethernet MAC address [SOLVED]

But why i do not see Import/Export in Winbox?
by mikruser
Fri Nov 23, 2018 6:57 pm
Forum: General
Topic: After upgrade to 6.41, Ethernet Interface Bandwidth is gone
Replies: 2
Views: 1346

Re: After upgrade to 6.41, Ethernet Interface Bandwidth is gone

up!
Why is it removed from Winbox GUI???
(but it is still available from command line: /interface ethernet set ether1 bandwidth=unlimited/unlimited)
by mikruser
Wed Nov 07, 2018 12:20 pm
Forum: General
Topic: Сan't rename interface [SOLVED]
Replies: 3
Views: 2012

Re: Сan't rename interface [SOLVED]

After the command /interface ethernet set ether4-local bandwidth=unlimited/unlimited
I was able to rename the interface
by mikruser
Wed Nov 07, 2018 11:57 am
Forum: General
Topic: Сan't rename interface [SOLVED]
Replies: 3
Views: 2012

Re: Сan't rename interface [SOLVED]

I have this problem again after restoring the configuration
by mikruser
Wed Nov 07, 2018 11:20 am
Forum: General
Topic: Сan't rename interface [SOLVED]
Replies: 3
Views: 2012

Сan't rename interface [SOLVED]

RB750Gr3
ROS 6.43.4
Winbox 3.18

restoring configuration incorrectly restored interfaces, and I need to rename them
but when I try to change the name I get an error: Couldn't change Interface - not supported on this interface (6)
Image_interface.png
by mikruser
Fri Oct 26, 2018 6:44 pm
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 97739

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

When will AES-CTR be added to RB750Gr3?
by mikruser
Fri Oct 26, 2018 1:29 pm
Forum: General
Topic: Suggestion: Reconnect action
Replies: 1
Views: 1227

Suggestion: Reconnect action

Hello,

Please add "Reconnect" action to Right Click (Context) menu for all interfaces in Winbox
(reconnect = disable+enable)
by mikruser
Fri Oct 19, 2018 12:45 pm
Forum: General
Topic: Problem with IPsec after update to 6.42
Replies: 18
Views: 12391

Re: Problem with IPsec after update to 6.42

can you explain your setup and logic behind your policy configuration here? I can not think of a single case where responder should generate a dynamic policy with dst-address=0.0.0.0/0. We have a large number of subnets, and instead of creating a separate policy for each subnet, we create one polic...
by mikruser
Thu Oct 18, 2018 7:56 pm
Forum: General
Topic: Problem with IPsec after update to 6.42
Replies: 18
Views: 12391

Re: Problem with IPsec after update to 6.42

This behavior can be easily reproduced in the test lab.
by mikruser
Thu Oct 18, 2018 4:42 pm
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 50543

Re: v6.43.4 [stable] is released!

This is not a configuration issue (this configuration worked fine for 7 years)
problem occurs after upgrade to 6.42.x or 6.43.x
by mikruser
Thu Oct 18, 2018 4:22 pm
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 50543

Re: v6.43.4 [stable] is released!

This IPsec bug still not fixed viewtopic.php?f=2&t=136445
by mikruser
Thu Oct 18, 2018 1:46 pm
Forum: General
Topic: Problem with IPsec after update to 6.42
Replies: 18
Views: 12391

Re: Problem with IPsec after update to 6.42

6.43.4 also have this issue!
by mikruser
Fri Oct 05, 2018 1:33 pm
Forum: RouterBOARD hardware
Topic: Please add performance results for IPsec tunnel!
Replies: 32
Views: 8485

Re: Please add performance results for IPsec tunnel!

I also tested two hAP ac^2 with 6.43.2

EoIP with IPsec (aes-128 ctr), file copy is only 34 MB/s:
hapac2_eoip_ipsec_ctr.png
EoIP without IPsec, file copy is 68 MB/s:
hapac2_eoip.png
by mikruser
Wed Oct 03, 2018 6:51 pm
Forum: RouterBOARD hardware
Topic: RB751-U-2nHD 100% cpu
Replies: 20
Views: 8621

Re: RB751-U-2nHD 100% cpu

6.43.2 also have this issue
by mikruser
Tue Oct 02, 2018 12:42 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 168455

Re: v6.44beta [testing] is released!

what is "multiple engine"??
by mikruser
Tue Sep 25, 2018 7:55 pm
Forum: RouterBOARD hardware
Topic: Please add performance results for IPsec tunnel!
Replies: 32
Views: 8485

Re: Please add performance results for IPsec tunnel!

You can use minimal (fastest) config, required for EoIP+IPsec or L2TP+IPsec or GRE+IPsec.
by mikruser
Tue Sep 25, 2018 7:47 pm
Forum: General
Topic: Problem with IPsec after update to 6.42
Replies: 18
Views: 12391

Re: Problem with IPsec after update to 6.42

6.43.2 also have this issue!
by mikruser
Tue Sep 25, 2018 2:06 pm
Forum: RouterBOARD hardware
Topic: Please add performance results for IPsec tunnel!
Replies: 32
Views: 8485

Re: Please add performance results for IPsec tunnel!

>>The throughput results are there for you to evaluate the IPsec crypto engine performance, not to show you throughput results with various different configurations. IPsec crypto engine performance is a "spherical cow in a vacuum", and does not show real life results. >>check for packet f...
by mikruser
Tue Sep 25, 2018 12:40 pm
Forum: RouterBOARD hardware
Topic: Please add performance results for IPsec tunnel!
Replies: 32
Views: 8485

Re: Please add performance results for IPsec tunnel!

>>Adding or enabling any additional RouterOS feature apart from IPsec policies can reduce the throughput significantly. That's why I already suggested that you also publish the results for some popular tunnels+ipsec (l2tp+ipsec, gre+ipsec, eoip+ipsec) https://forum.mikrotik.com/viewtopic.php?f=3&am...
by mikruser
Mon Sep 24, 2018 4:53 pm
Forum: RouterBOARD hardware
Topic: Please add performance results for IPsec tunnel!
Replies: 32
Views: 8485

Re: Please add performance results for IPsec tunnel!

I also tested two RB3011 with 6.43.2, connected via EoIP tunnel with IPsec.
They showed an even lower speed, even with hardware acceleration: file copy only 22 MB/s with aes-128 cbc/ctr (this is very far from declared 407.7 Mbps).
Profile:
rb3011_eoip_ipsec.png
by mikruser
Fri Sep 07, 2018 11:42 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 387
Views: 191065

Re: RB4011

Very unbalanced router
https://i.mt.lv/cdn/rb_files/RB4011iGSp ... 135303.png

Each switch have 5*1G port, but only 2.5G link to CPU.

What for this router have 10G sfp+ port? All switches summary have only 5G throughput.
  • 1
  • 2