Community discussions

MUM Europe 2020

Search found 28 matches

by trunet
Thu Jan 26, 2017 3:43 pm
Forum: General
Topic: Forward pppoe-client ip address to my server
Replies: 3
Views: 438

Re: Forward pppoe-client ip address to my server

This is what I wanted to avoid, NAT... I have a lot of VPN tunnels on it, and wanted to avoid enabling NAT-T and changing settings. Ideal scenario would be to have a transparent pppoe bridge to my ethernet delivering DHCP IP :D .
by trunet
Thu Jan 26, 2017 12:40 pm
Forum: General
Topic: Forward pppoe-client ip address to my server
Replies: 3
Views: 438

Forward pppoe-client ip address to my server

Hello, Hope someone can clarify if this is possible. My provider give me a fiber with VLAN 6 and you need to run pppoe-client on top. I receive the same IP every time, they sell as static ip. As my RB2011 is slow to strip the ppp headers of my gigabit fiber connection, I want to put a cheap atom ser...
by trunet
Thu Dec 29, 2016 3:46 pm
Forum: General
Topic: IKEv2: IOS (10.2) and MacOSX (10.12.1) disconnect after 480 Sec
Replies: 2
Views: 2710

Re: IKEv2: IOS (10.2) and MacOSX (10.12.1) disconnect after 480 Sec

See reply on http://forum.mikrotik.com/viewtopic.php ... 00#p575002

It's a bug, they will fix in one of the next RC releases.
by trunet
Thu Dec 29, 2016 3:41 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 82482

Re: Feature Req: IKEv2 server and client

We have repeated the issue and found the cause. We are working to fix it now. Fix is probably coming in one of the next RC releases.
Thanks... I deeply appreciate the IKEv2 feature coming before the forever waited ROS v7.
by trunet
Wed Dec 28, 2016 11:07 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 82482

Re: Feature Req: IKEv2 server and client

Any news about the 8 minute disconnection bug?
by trunet
Fri Dec 23, 2016 7:25 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 82482

Re: Feature Req: IKEv2 server and client

This is my logs when I connect and when I'm disconnected: 17:13:46 ipsec,info new ike2 SA (R): 1.1.1.1[500]-2.2.2.2[500] spi:55b2bf4541cc23a8:7a4bf2f20934ae25 17:13:46 ipsec,info peer authorized: 1.1.1.1[4500]-2.2.2.2[41122] spi:55b2bf4541cc23a8:7a4bf2f20934ae25 17:13:46 ipsec,info acquired 192.168....
by trunet
Fri Dec 23, 2016 6:52 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 82482

Re: Feature Req: IKEv2 server and client

I have successfully set up IKEv2 and i am able to connect from my iPhone and macbook, but connection drops every exactly 8 minutes. I have try various lifetime in proposals and played with settings without success. Here is my config I'm also having this problem. I can connect successfully from my m...
by trunet
Mon Jun 06, 2016 4:44 pm
Forum: General
Topic: IpSec RoadWarrior policy IPs and OSPF advertising
Replies: 1
Views: 373

IpSec RoadWarrior policy IPs and OSPF advertising

Hello guys, I have OSPF/GRE on top of 2 ipsec tunnels connecting to 2 remote locations. Everything is working perfectly on this. Now I setup an ipsec roadwarrior connection using mode-cfg and template policies to one of the locations. I want that the roadwarrior access all the locations, so I create...
by trunet
Thu Mar 31, 2016 6:19 pm
Forum: General
Topic: v6.10 IPSec multiple networks including hotspot
Replies: 3
Views: 805

Re: v6.10 IPSec multiple networks including hotspot

Hello,

Sorry for resurrecting this 2014 problem.

Did you find the solution for this? I'm having the same problem on the latest version: 6.34.4
by trunet
Thu Mar 17, 2016 5:58 pm
Forum: General
Topic: GRE traffic being dropped somewhere after ESP packet arrived
Replies: 4
Views: 817

Re: GRE traffic being dropped somewhere after ESP packet arrived

I found the problem. pfsense has a bug. ifconfig gre0 with LINK2 flag, enable WCCP v2 that add extra 4 bytes to the GRE that mikrotik don't understand.

Even with "WCCP version" unset on pfsense webui, LINK2 stays enabled.
by trunet
Thu Mar 17, 2016 5:10 pm
Forum: General
Topic: GRE traffic being dropped somewhere after ESP packet arrived
Replies: 4
Views: 817

Re: GRE traffic being dropped somewhere after ESP packet arrived

I just figured out that GRE packet from pfsense, has 4 extra bytes and is type 0x883e(WCCP). Still not sure how it works, but is there any possibility of mikrotik drop the GRE packet because it doesn't understand?
by trunet
Thu Mar 17, 2016 4:35 pm
Forum: General
Topic: GRE traffic being dropped somewhere after ESP packet arrived
Replies: 4
Views: 817

Re: GRE traffic being dropped somewhere after ESP packet arrived

Attached the decrypted ESP returning packet showing the ping reply inside. The packet was captured on mikrotik using /tool sniffer/start/stop/save and exported to wireshark. On wireshark I added the encryption and authentication SA keys to decrypt.
returning_esp_packet_decrypted.png
by trunet
Thu Mar 17, 2016 12:45 pm
Forum: General
Topic: GRE traffic being dropped somewhere after ESP packet arrived
Replies: 4
Views: 817

Re: GRE traffic being dropped somewhere after ESP packet arrived

By the way, I'm on latest version, 6.34.3 on a 2011UiAS-2HnD. (peer) 1 address=2.2.2.2/32 local-address=1.1.1.1 passive=no port=500 auth-method=pre-shared-key secret="*SANITIZED*" generate-policy=no policy-template-group=default exchange-mode=main send-initial-contact=yes nat-traversal=yes proposal-...
by trunet
Thu Mar 17, 2016 12:36 pm
Forum: General
Topic: GRE traffic being dropped somewhere after ESP packet arrived
Replies: 4
Views: 817

GRE traffic being dropped somewhere after ESP packet arrived

Hello, I have a pfsense -> mikrotik using ipsec and gre. I sanitized the public IPs. I shoot a ping between the tunnel IPs. On pfsense side(172.16.0.1), I have: (wan traffic) 10:23:32.367083 IP 1.1.1.1 > 2.2.2.2: ESP(spi=0xcdaad2ef,seq=0xd), length 100 10:23:32.367163 IP 2.2.2.2 > 1.1.1.1: ESP(spi=0...
by trunet
Mon Apr 13, 2015 8:27 pm
Forum: General
Topic: OpenVPN client with tls-auth in RouterOS 6.27?
Replies: 1
Views: 790

Re: OpenVPN client with tls-auth in RouterOS 6.27?

tls-auth is not supported by MikroTik.
by trunet
Mon Apr 13, 2015 8:23 pm
Forum: General
Topic: Can't ping through OpenVPN tunnel
Replies: 0
Views: 417

Can't ping through OpenVPN tunnel

Hello, I'm trying to setup a client openvpn tunnel, but apparently mikrotik is dropping the packets when reply is received. [admin@trunetroutersp01] > /interface ovpn-client print Flags: X - disabled, R - running 0 R name="ovpn-hma-usa" mac-address=02:C1:8B:48:A0:D6 max-mtu=1500 connect-to=<EDITED> ...
by trunet
Wed Oct 22, 2014 8:52 pm
Forum: General
Topic: L2TP/IPSec VPN with MacOSX and iOS
Replies: 10
Views: 4884

Re: L2TP/IPSec VPN with MacOSX and iOS

worked perfectly, thank you very much.

However I think ROS has a bug on l2tp server use-ipsec=yes to auto-generate ipsec policy. It doesn't work with any of the devices I have.
by trunet
Wed Oct 22, 2014 7:48 pm
Forum: General
Topic: L2TP/IPSec VPN with MacOSX and iOS
Replies: 10
Views: 4884

Re: L2TP/IPSec VPN with MacOSX and iOS

are you using ROS 6.20?
by trunet
Tue Oct 21, 2014 10:18 pm
Forum: General
Topic: L2TP/IPSec VPN with MacOSX and iOS
Replies: 10
Views: 4884

Re: L2TP/IPSec VPN with MacOSX and iOS

bump
by trunet
Tue Oct 21, 2014 1:09 am
Forum: General
Topic: L2TP/IPSec VPN with MacOSX and iOS
Replies: 10
Views: 4884

Re: L2TP/IPSec VPN with MacOSX and iOS

bump
by trunet
Thu Oct 16, 2014 10:37 pm
Forum: General
Topic: L2TP/IPSec VPN with MacOSX and iOS
Replies: 10
Views: 4884

L2TP/IPSec VPN with MacOSX and iOS

Hi, I'm following your http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP#L2TP.2FIpSec_setup tutorial, however I'm getting stuck on error. I followed exactly steps as showed on that example. Any clues??? I started receiving: 16:25:29 ipsec,error failed to pre-process ph2 packet. So, I enabled debug...
by trunet
Mon Sep 09, 2013 4:44 am
Forum: General
Topic: /ip/firewall/filter rules get overwritten by Webfig
Replies: 11
Views: 3831

Re: /ip/firewall/filter rules get overwritten by Webfig

+1 with this problem here. I'm on 6.3. I have a remote syslog configured, this is what I have: Sep 8 22:18:15 192.168.142.1 system,info,account user admin logged in from 192.168.142.102 via web Sep 8 22:18:15 192.168.142.1 system,info filter rule removed Sep 8 22:18:15 192.168.142.1 system,info filt...
by trunet
Mon Sep 09, 2013 4:34 am
Forum: General
Topic: Disappearing firewall filter rules - problem
Replies: 9
Views: 2179

Re: Disappearing firewall filter rules - problem

Hi,

I have a rb2011uas-2hnd-in and I'm facing exactly same problem.

My INPUT rules disappears and my DHCP server(only of bridge-local, as I have 2 dhcp configs for 2 different networks) gets disabled.

This is very strange.
by trunet
Fri Jun 14, 2013 4:22 am
Forum: General
Topic: ROS 5.0 -- new OIDs for memory-total/memory-used?
Replies: 14
Views: 8225

Re: ROS 5.0 -- new OIDs for memory-total/memory-used?

yes they are, but it's different from older versions like 5.x and 4.x. on these versions, OIDs ends with .1 and .2 instead of .65536 and .131073. it broke backward compatiblity with some cacti templates I found and I had to manually adjust it.

for me, break compatibility without a good reason is bad.
by trunet
Thu Jun 13, 2013 8:11 pm
Forum: General
Topic: ROS 5.0 -- new OIDs for memory-total/memory-used?
Replies: 14
Views: 8225

Re: ROS 5.0 -- new OIDs for memory-total/memory-used?

did you read my post? or better, did you read the post SUBJECT?

I'm talking about memory and disk OIDs, not CPU.
by trunet
Wed Jun 12, 2013 11:30 pm
Forum: General
Topic: ROS 5.0 -- new OIDs for memory-total/memory-used?
Replies: 14
Views: 8225

Re: ROS 5.0 -- new OIDs for memory-total/memory-used?

I'm having the same problem as you are reporting. Bought a brand new rb2011uas-2hnd-in and upgraded to routeros 6 soon as it arrived. [admin@trunetroutersp01] > /system resource print oid uptime: .1.3.6.1.2.1.1.3.0 total-memory: .1.3.6.1.2.1.25.2.3.1.5.65536 used-memory: .1.3.6.1.2.1.25.2.3.1.6.6553...
by trunet
Thu Jun 06, 2013 3:59 am
Forum: General
Topic: Why /file get FILE contents on routeros 6 returns nothing?
Replies: 4
Views: 1869

Why /file get FILE contents on routeros 6 returns nothing?

Hi, I'm trying to make the dyndns script to work. It doesn't work. It creates the file but does not get the file contents. I'm using routeros 6 so I don't know if it has some weird bug on /file. Ex.: [admin@trunetroutersp01] > /file print # NAME TYPE SIZE CREATION-TIME 0 dyndns.checkip.html .html fi...