MikroTik

ahtoh

yes the mss rule is still necessary
on the contrary, enabling or disabling the additional ipsec policy "action=none dst-address=192.168.11.0/24 src-address=0.0.0.0/0" had no visible effect

ahtoh

Mikrotik support quickly identified the issue and suggested me to add these firewall rules: /ip firewall filter add chain=forward action=accept src-address-list=vpn dst-address-list=!vpn place-before=6 /ip firewall filter add chain=forward action=accept src-address-list=!vpn dst-address-list=vpn pla...

ahtoh

I think this goes beyond my level of troubleshooting.
I'll just report this to Mikrotik and leave this to them

p.s. I wonder if the issue is because my WAN interface is wireless which is less common and have not been probably tested thoroughly

ahtoh

I tried to reduce it to 1200 but still the same Windows VPN client works just fine. It simply creates a new tunnel interface with MTU of 1400 and everything works great. So it's not something with my provider, it's Mikrotik VPN implementation that does not work. I'm behind two NATs here, not sure if...

ahtoh

Here is the full export. Firewall rules are all default I believe # oct/25/2020 20:02:05 by RouterOS 6.47.6 # software id = 4QAA-IY6H # # model = RBSXTsqG-5acD # serial number = XXX /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ ...

ahtoh

I thought the screenshot would be better as this is not very readable Flags: T - template, B - backup, X - disabled, D - dynamic, I - invalid, A - active, * - default # PEER TUNNEL SRC-ADDRESS DST-ADDRESS PROTOCOL ACTION LEVEL PH2-COUNT 0 T X* ::/0 ::/0 all 1 0.0.0.0/0 192.168.11.0/24 all none 2 T :...

ahtoh

if I add the mss mangle rule it starts to work, but again, every time I navigate on this forum (including preview page), there is a 2-3 seconds delay before it opens a page
Some sites like speedtest.net take 10 or 20 seconds "connecting" before it starts loading

ahtoh

this is how it looks when the tunnel is up
the first line is something that comes with default config, I did not touch that

Capture.PNG

ahtoh

yes I'm using IKEv2 my setup is the same as described here (with option 1 only) https://wiki.mikrotik.com/wiki/IKEv2_EAP_between_NordVPN_and_RouterOS I added this but it did not help /ip ipsec policy move *ffffff destination=0 add action=none dst-address=192.168.11.0/24 src-address=0.0.0.0/0 place-b...

ahtoh

I lost my previous config and trying to set up Ipsec tunnel again I use ipsec mode config with src address list "vpn" here is my mangle rule, but it does not seem to work, the sites are loaded slowly and not fully what am I missing here? /ip firewall mangle add action=change-mss chain=forw...

ahtoh

It started when I moved it by the window.
It was locking up when under sun light (coincidence?)
After 2nd lock up I drilled the holes and it never happened again.
These simple events make me think the overheating was the issue.

ahtoh

The specs says "Operation temperature -40..50" My understanding it is not the temperature inside next to the chip, it's the air temperature outside the unit. The room temperature was 25 when it stopped working. I doubt sunlight through a window made it over 50. Maybe my router is just faul...

ahtoh

1. Normis from Microtik support in post #7 says "it does not matter"
2. It was not DIRECT sunlight. two glass window was in between
3. Direct sunlight does not increase AMBIENT temperature

ahtoh

Looks like the holes helped
I think paper would not help THAT much
Anyway, the point here is that the temperature on the contrary DOES matter and the hardware can not handle very hot temperatures as was claimed above.

ahtoh

boring as the narrator in the CSS610 video
where is WiFi 6E router with 5 or better 8 2.5G ports?

ahtoh

It doesn't matter how hot it feels. The hardware can handle it and will work fine.

In my case it does matter.
My router is sitting by the window and would stop working when under sun light.
I drilled the holes to help cooling. Will see how it goes.

ahtoh

Here they say it wont work unless you have a special RouterBOOT version which is not public viewtopic.php?t=137262

ahtoh

I bought it as non-working. No idea when it happened. I did reset to factory defaults I was not able to make it show up in the netinstall application though, I followed the instructions but it just does not show up. The fact that the problem is intermittent and probably depends on the temperature ma...

ahtoh

yes, tried with both barrel jack and POE input

ahtoh

https://youtu.be/ra1eXyypNMI
Any ideas how to fix this?
Sometimes it boots just fine when it is cold

ahtoh

Did anyone report this to Mikrotik support?
I'm trying to do this but not able to register on their support portal

ahtoh

My suggestion is to use 100% MikroTik and you will be happy. It will not have a high cost to replace this repeater. https://wiki.mikrotik.com/wiki/Wireless_WDS_Mesh Check out the wireless signal Protocol used in both Ex: 802.11 Channel etc. The link is dead. Can you please point to wiki on how to s...

ahtoh

Yes my understanding is the same. And it works fine if I do not use DHCP on the client devices. So I was wondering if there is a workaround on the mikrotik to make that DHCP packets get through the wireless bridge. I tried to play with setting in the "DHCP server" and it sometimes worked a...

ahtoh

Mikrotik is basically in the default configuration with quickset option "Home-AP Dual"
Linksys is connected via wi-fi to wlan2 on Mikrotik (5Ghz) not sure what do you mean by port.

ahtoh

I'm using Mikrotik router in the normal "Router" mode (I think it is called Home AP in quickset) NAT and DHCP enabled and everything works fine when I connect to Mikrotik via wifi. I also use my Linksys router (AC1200) to extend the coverage and I set it up with "Wireless bridge"...

ahtoh

Just bought another brand because Mikrotik is missing this feature.
https://www.gl-inet.com/products/gl-mv1000/

ahtoh

I wonder if Qualcomm requires patent licensing for router SOCs in a similar way it does for cellphone chips
https://arstechnica.com/tech-policy/201 ... -20-years/

ahtoh

How do I do that?
There is no any option to set the MTU for the IPSEC tunnel in Mikrotik

ahtoh

I'm having the same problem with IPSEC/IKEv2 client on Mikrotik Windows 10 client works fine, but that's because win10 creates a separate interface with MTU set to 1400 Mikrotik does not create a PPP interface for IPSEC tunnels, thus leaving MTU unchanged. I know there is a mangle rule to clamp the ...

ahtoh

Switched to ipesc/ikev2 and get slightly better speed around 34 mbps with aes-128-cbc.
Looks like this router does not support ipsec encryption acceleration

ahtoh

It means you are using EAP authentication, unfortunately it is currently not supported in RouterOS for IKEv2 initiator (client) side. I see EAP option in version 6.45.6 so I assume it was added Please provide documentation on how to properly generate the certificates (for both EAP and RSA), these i...

ahtoh

I set up my wAP ac to use as L2TP/IPSec client and it reaches 100% cpu load when I run speed test.
The maximum throughput speed I get is about 26-27 Mbps
Are these numbers OK or I should look into optimizing some settings?

ahtoh

It means you are using EAP authentication, unfortunately it is currently not supported in RouterOS for IKEv2 initiator (client) side. I see EAP option in version 6.45.6 so I assume it was added Please provide documentation on how to properly generate the certificates (for both EAP and RSA), these i...

ahtoh

DYnamic and Static at the same time?

ahtoh

6RC9 installed - the issue is still there
can I have at least a confirmation or any comment on this?
can anyone confirm that I'm in the right forum for this issue?
how can I get any support from mikrotik? is it official forum or what?

ahtoh

any update?

ahtoh

router: RB750 RouterOS version: 6.0rc7 6to4 tunnel setup: http://wiki.mikrotik.com/wiki/Setting_up_an_IPv6_tunnel_via_6to4 with only difference in the route (one from manual does not work): ipv6 route add dst-address=::/0 gateway=ipng-tunnel ping ipv6.google.com - works ping ipv6.yandex.ru - does no...

Search found 37 matches

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Re: hAP ac² High temperature

Re: hAP ac² High temperature

Re: hAP ac² High temperature

Re: hAP ac² High temperature

Re: Newsletter 97 (September 2020)

Re: hAP ac² High temperature

Re: Hap AC2 bootloop

Re: Hap AC2 bootloop

Re: Hap AC2 bootloop

Hap AC2 bootloop

Re: DHCP is not working when using Mikrotik router with Linksys wireless bridge

Re: TP Link Repeater RE450 not assigning IP address

Re: DHCP is not working when using Mikrotik router with Linksys wireless bridge

Re: DHCP is not working when using Mikrotik router with Linksys wireless bridge

DHCP is not working when using Mikrotik router with Linksys wireless bridge

Re: Feature Request - Wireguard Protocol

Re: Qualcomm IPQ8074

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Re: L2TP IPSec speed [SOLVED]

Re: Mikrotik as IPSec/IKEv2 client

Re: L2TP IPSec speed [SOLVED]

Re: Mikrotik as IPSec/IKEv2 client

Re: v6.15 released

Re: 6to4 tunnel does not work with 192.88.99.1

Re: 6to4 tunnel does not work with 192.88.99.1

6to4 tunnel does not work with 192.88.99.1