Community discussions

Search found 21 matches

by mcooper06
Mon Oct 02, 2017 9:53 pm
Forum: General
Topic: L2TP over IPSec - BROKEN?
Replies: 2
Views: 640

L2TP over IPSec - BROKEN?

I am using a fairly new router with 6.40.3. I have setup L2TP/IPSec many times but am killing myself on this current implementation. Reading the forums it seems like L2TP has gone off the rails in recent versions revolving around the policy-template-group setting in your peer (seen the solution of e...
by mcooper06
Tue Aug 16, 2016 8:04 pm
Forum: Announcements
Topic: MikroTik News May 2016 (Issue #72)
Replies: 26
Views: 21657

Re: MikroTik News May 2016 (Issue #72)

Been waiting to try the wAP ac for a bit - resellers in the US all saying the device has not yet been approved?

When can we get one?
by mcooper06
Thu Apr 28, 2016 6:15 pm
Forum: General
Topic: ISP requires VLAN and pbit set
Replies: 8
Views: 4009

Re: ISP requires VLAN and pbit set

Update today - Yesterday, the PC's onsite were getting much worse than the Mikrotik to Mikrotik Bandwidth Server testing. Today they are getting the same (97.5Mbps Symmetrical) after adding the following Fast Tracking Rules in the Filter below. While running the bandwidth test wide open - the CPU ne...
by mcooper06
Wed Apr 27, 2016 11:01 pm
Forum: General
Topic: ISP requires VLAN and pbit set
Replies: 8
Views: 4009

Re: ISP requires VLAN and pbit set

Drew- Any luck? We have a new Google Fiber install in Lee's Summit. Our speed tests are abysmal. Google support says VLAN tagging and pbit/priority is no longer necessary on most all of their connections and confirmed this one should not need it. Their solution is: plug in the Network Box and connec...
by mcooper06
Mon Feb 29, 2016 5:05 pm
Forum: General
Topic: IPv6 and IPSec
Replies: 1
Views: 494

IPv6 and IPSec

We are still an entirely IPv4 organization. We have run IPSec VPN's for Windows and iOS clients successfully for a long while. However, we are now noticing when our remote folks are in a place where they are assigned an IPv6 address (usually this is on iOS where you cannot disable it), or where the ...
by mcooper06
Fri Jan 23, 2015 11:57 pm
Forum: General
Topic: Mikrotik as an SSTP Client to a Windows 2008 R2 Server
Replies: 1
Views: 764

Mikrotik as an SSTP Client to a Windows 2008 R2 Server

It's a long story that I will spare you from hearing - But I have a network, several actually, that will be connecting to a Windows 2008 R2 server at a data center using SSTP. RRAS is installed on the server and I can connect flawlessly with any Windows client and ping the private IP address of the ...
by mcooper06
Wed Nov 05, 2014 8:48 pm
Forum: Scripting
Topic: Syntax Errors - some sort of pre-run?
Replies: 1
Views: 672

Syntax Errors - some sort of pre-run?

If I am running a script, and a single line has a syntax error - would the script not run at all? In example, if I declare a global variable in line 1 of a script, but line 10 has a syntax error - should I expect the global variable to be declared?

I am not seeing them being created.
by mcooper06
Sat Jun 21, 2014 6:18 pm
Forum: Forwarding Protocols
Topic: Suggestion: Primary Address for each interface
Replies: 5
Views: 1967

Re: Suggestion: Primary Address for each interface

Anyone point me to where the last post is talking about?
by mcooper06
Thu Jun 19, 2014 11:13 pm
Forum: Scripting
Topic: The Value of This Forum
Replies: 1
Views: 671

The Value of This Forum

...this post started as a long one about scripting IPSec changes. As I actually wrote my problem out, to explain to you, a person not so close to this network, I could see my mistake and correct it and thus no need for the post. How many times I have answered my own just by typing it here...:) Michael
by mcooper06
Mon May 05, 2014 8:29 pm
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD stops responding spontaneously
Replies: 42
Views: 11966

Re: RB2011UAS-2HnD stops responding spontaneously

I downgraded to 6.9 and the issue persisted - I checked and my firmware was still 3.14 showing an upgrade available to 3.10. I applied the firmware (I assume 3.10 is the latest for use with 6.9) and rebooted. More info to follow.

Michael
by mcooper06
Fri May 02, 2014 6:36 pm
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD stops responding spontaneously
Replies: 42
Views: 11966

Re: RB2011UAS-2HnD stops responding spontaneously

We are on RB2011UAS using 6.12 and firmware 3.14 - still occuring here.

We have this machine setup to run the following:

L2TP over IPSec for Road Warriors
Site to Site IPSec

I am planning on downgrading to 6.9 today if possible.
by mcooper06
Wed Feb 12, 2014 9:55 pm
Forum: General
Topic: LAN to LAN IPSec with 6.9
Replies: 8
Views: 1346

Re: LAN to LAN IPSec with 6.9

Just two subnets - not really anything else going on.

Added the firewall rule and it seems to be working like a champ!

M.
by mcooper06
Wed Feb 12, 2014 8:04 pm
Forum: General
Topic: LAN to LAN IPSec with 6.9
Replies: 8
Views: 1346

Re: LAN to LAN IPSec with 6.9

I have attached the exports from each router. I changed the secrets and the public IP's, but they should match. I can flush the SA's on both sides and initiate traffic from either end and the tunnel and associated SA's seem to come right up. Every once in awhile (like right this second) the tunnel i...
by mcooper06
Tue Feb 11, 2014 12:27 am
Forum: General
Topic: LAN to LAN IPSec with 6.9
Replies: 8
Views: 1346

Re: LAN to LAN IPSec with 6.9

Backed both down to 6.7 - no change?
by mcooper06
Tue Feb 11, 2014 12:13 am
Forum: General
Topic: LAN to LAN IPSec with 6.9
Replies: 8
Views: 1346

Re: LAN to LAN IPSec with 6.9

After reading some of the other posts, I am going to downgrade to 6.7 on both sides and see if the config is good and the firmware is bad.
by mcooper06
Mon Feb 10, 2014 10:57 pm
Forum: General
Topic: LAN to LAN IPSec with 6.9
Replies: 8
Views: 1346

LAN to LAN IPSec with 6.9

I have two routers both using firmware 6.9. I am attempting to connect the two networks using tunneled IPsec (which I have done before). I can get the either of the two routers to initiate a connection to the other and see the two (and eventually more) SA's appear when I ping LAN to LAN, but the tra...
by mcooper06
Fri Aug 16, 2013 2:49 pm
Forum: General
Topic: Proper Input Filters
Replies: 0
Views: 355

Proper Input Filters

I recently noticed I had become the DNS server to the world - the 'Allow Remote Requests' check box by default in DNS got me. I added a UDP filter in the input chain on port 53 as I don't host a DNS server answering requests outside the network. Just looking for confirmation: I have three sites conn...
by mcooper06
Wed May 15, 2013 7:20 pm
Forum: General
Topic: Replacing ATT MPLS with Mikrotik Site to Site VPN
Replies: 6
Views: 1403

Re: Replacing ATT MPLS with Mikrotik Site to Site VPN

SOLVED - I think :) CelticComms - using Torch was the trick. We were able to see traffic from the BCM phone switch which consisted of packets sent to 0.0.0.0/0 - which were not defined in our IpSec policy as we just connected the two subnets. I added a policy in IPSec consisting of the source IP of ...
by mcooper06
Sun May 12, 2013 2:14 am
Forum: General
Topic: Replacing ATT MPLS with Mikrotik Site to Site VPN
Replies: 6
Views: 1403

Re: Replacing ATT MPLS with Mikrotik Site to Site VPN

The primary lines are all at one end. The locations are 60 miles apart. There are a few local lines at the secondary end, and the BCM decides when to use them - so if a local employee calls a local number, they use those, otherwise they all go out one end. Calling a number, without a transfer in the...
by mcooper06
Sat May 11, 2013 10:31 pm
Forum: General
Topic: Replacing ATT MPLS with Mikrotik Site to Site VPN
Replies: 6
Views: 1403

Replacing ATT MPLS with Mikrotik Site to Site VPN

We are attempting to replace an ATT managed MPLS network with a Mikrotik site to site IPSec VPN. It has gone well so far with everything functioning fine with a single exception. The company uses a Nortel BCM400 phone switch at each site which has 8 IP phone trunks between the locations. When a call...
by mcooper06
Sat Mar 23, 2013 9:21 pm
Forum: Beginner Basics
Topic: RB2011L-IN - Dual WAN Connections?
Replies: 1
Views: 701

RB2011L-IN - Dual WAN Connections?

I understand that ETH1 is configured as the standard WAN port and ETH2 is the standard LAN port. Can we configure a port between 3 and 10 to use a secondary WAN connection?

Thanks.

Michael