Community discussions

Search found 51 matches

by sirdir
Sun Jan 22, 2017 1:45 am
Forum: RouterBOARD hardware
Topic: CRS226-24G-2S+ Poor routing performance
Replies: 35
Views: 26057

Re: CRS226-24G-2S+ Poor routing performance

Just wanted to say I fell for that device, too. Why a 'Cloud Router Switch' should not be used for routing is beyond me, but I'm using it as a Switch now...
by sirdir
Mon Sep 21, 2015 3:31 pm
Forum: General
Topic: get ip of active gateway
Replies: 4
Views: 639

Re: get ip of active gateway

found a solution for me: SA Src. Address can be left 0.0.0.0...
by sirdir
Sat Sep 19, 2015 12:28 pm
Forum: General
Topic: get ip of active gateway
Replies: 4
Views: 639

Re: get ip of active gateway

No, VRRP is not what I need. maybe I have to explain more closely what I'm talking about. Let's say I have 2 internet connections one on ether1, ip 192.168.0.2 (as assigned by the cable modem) and one on ether2, ip 192.168.2.2 (as assigned by the adsl modem) Of course the public IPs are different, t...
by sirdir
Sat Sep 19, 2015 12:22 pm
Forum: General
Topic: get ip of active gateway
Replies: 4
Views: 639

Re: get ip of active gateway

I have to read up what that even is.
Another solution would be if I could use an ip that never changes as src-sa-address.
Tried that (again, did it already a long time ago) and to my surprise, on many routers it did work (took the IP of the LAN). But on one system it doesn't.
by sirdir
Sat Sep 19, 2015 3:42 am
Forum: General
Topic: get ip of active gateway
Replies: 4
Views: 639

get ip of active gateway

Hi! I'm trying to write a script that updates ipsec if an ip / gateway changes. I have a solution so far for cases where the router has the public IP on it's interface. But it's not working in cases where double-nat is in place. Not I'm looking for a solution to find out over what interface the traf...
by sirdir
Thu Jul 23, 2015 1:32 pm
Forum: General
Topic: fasttrack breaking ipsec
Replies: 5
Views: 1179

Re: fasttrack breaking ipsec

exclude traffic that is captured by IPsec policy (both directions) from fasttrack Add accept rule for that traffic before fasttrack-connection rule. See if that helps. It is that way (but also tried taking the fasttrack rules to the top, didn't help. hiere is the filter export: /ip firewall filter ...
by sirdir
Thu Jul 23, 2015 5:50 am
Forum: General
Topic: fasttrack breaking ipsec
Replies: 5
Views: 1179

Re: fasttrack breaking ipsec

What router? os version? I use SSH through my IPSec tunnel daily and fasttrack hasn't been an issue. Have you verified that your MTU is correct? I have seen a lot of SSH issues when packets get fragmented. I will run some tests on my setup and see if I can duplicate your issue. Good hint. I hadn't ...
by sirdir
Thu Jul 23, 2015 4:35 am
Forum: General
Topic: fasttrack breaking ipsec
Replies: 5
Views: 1179

fasttrack breaking ipsec

Hi! I installed a new router today. It had fasttrack enabled. among other things I set up a ipsec connection to my home. It didn't work properly. icmp did work, ftp did work, telnet to port 22 showed me the message of the ssh deamon.. but I wasn't able to connect with ssh, nor with telnet, nor getti...
by sirdir
Sat Jan 17, 2015 12:59 am
Forum: General
Topic: v6.24 worse throughoutput only on older Routerboards
Replies: 6
Views: 918

Re: v6.24 worse throughoutput only on older Routerboards

When my throughput went to 1/3, I saw it was ipsec that was using 100% cpu and had basically crashed (ipsec menu was empty)...
Maybe you're experiencing some sort of bug, too.
by sirdir
Wed Dec 17, 2014 3:19 pm
Forum: General
Topic: dhcp not working for some clients
Replies: 4
Views: 876

Re: dhcp not working for some clients

you shure about 90 adress? its free? router have 1? dhcp starts from 10 - 90?
Sure, now with 'always broadcast' disabled, everything ist working like before
(router is .1, dhcp pool is 100-125)
by sirdir
Sun Dec 14, 2014 3:45 pm
Forum: General
Topic: dhcp not working for some clients
Replies: 4
Views: 876

Re: dhcp not working for some clients

OK, it seems to be related to the 'always broadcast' option. All clients that had this option enabled started suddenly showing these problems. I checked in older backups and the options were the same before.. so something must have happened.
by sirdir
Sun Dec 14, 2014 3:21 pm
Forum: General
Topic: dhcp not working for some clients
Replies: 4
Views: 876

Re: dhcp not working for some clients

I found out something: default offering lease 192.168.1.90 for 28:E1:4C:97:7B:D3 without success dhcp lease changed by admin default assigned 192.168.1.103 to 28:E1:4C:97:7B:D3 When the assgnement is static (.90) it doesn't work. When I switch to dynamic (pook .100-120) it does. When switching back ...
by sirdir
Sun Dec 14, 2014 2:49 pm
Forum: General
Topic: dhcp not working for some clients
Replies: 4
Views: 876

dhcp not working for some clients

Hi!

Suddenly, some computers (seems to be pure coinsidence, i.E. my wife's notebook doesn't get an IP, mine does, we're both connected to the same wifi)

Message in mikrotik log is (for example):
default offering lease 192.168.1.90 for 28:E1:4C:97:7B:D3 without success
by sirdir
Thu Dec 11, 2014 2:41 pm
Forum: General
Topic: Only 100 MBit/s after WOL
Replies: 0
Views: 407

Only 100 MBit/s after WOL

Hi! I don't know what's happening exactly, but one (or some) device(s) on my CRS226-24G-2S+ sometimes only get connected with 100 mbit/s instead of 1 gbit/s. I'm only sure it happens to my iMac, I *think* it has happened to other devices as well, but I changed those Ports to 1 GBit/s only and didn't...
by sirdir
Wed Oct 15, 2014 1:54 am
Forum: General
Topic: v6.20 released!
Replies: 146
Views: 59092

Re: v6.20 released!

FYI, something seems to be broken with IPSEC. Sometimes the configuration just disappears. If you try to change anything in the submenu then that command just times out.
Rebooting fixes all issues for some time... suddenly the problems come back.

Regards
Patrick
by sirdir
Mon Sep 15, 2014 6:18 pm
Forum: General
Topic: CRS226-24G-2S+ not usable as a router
Replies: 6
Views: 2079

Re: CRS226-24G-2S+ not usable as a router

Please post the IP & Interface exports OK, that's about it: # sep/14/2014 14:30:27 by RouterOS 6.19 # software id = 303I-LAN7 # /interface bridge add name=loopback protocol-mode=none /interface ethernet set [ find default-name=ether3 ] mac-address=68:05:CA:01:E9:4F name=Closeness set [ find default...
by sirdir
Mon Sep 15, 2014 4:12 pm
Forum: General
Topic: CRS226-24G-2S+ not usable as a router
Replies: 6
Views: 2079

Re: CRS226-24G-2S+ not usable as a router

The switched ports aren't the problem, they can easily be saturated (gigabit). What part of the config would you like to see? I loaded the config back to my RB450G and boom, speed was back. BTW it only came to my mind it could be the crs because I found one or 2 threads about similar problems here i...
by sirdir
Sun Sep 14, 2014 8:15 pm
Forum: General
Topic: CRS226-24G-2S+ not usable as a router
Replies: 6
Views: 2079

CRS226-24G-2S+ not usable as a router

Hi! People, be advised, the CRS226-24G-2S+ is pretty much unusable as a router. Wasn't able to get more than ~10 mbit/s from my ISP, wondered why, have been looking for problems for weeks (wireless etc.) ... had to switch back to a $30 model RB750 to get full speed again! Wouldn't have thought that'...
by sirdir
Sun Jul 27, 2014 1:05 pm
Forum: General
Topic: v6.17 SNMP - Interface Stats
Replies: 56
Views: 17054

Re: v6.17 SNMP - Interface Stats

I have the same problem. I thought disabling/reenabling snmp fixes the problem for good, unfortunately it's back again and disabling/re-enabling didn't help, neither did a reboot. I'll try disabling/waiting/re-enabling now.
by sirdir
Mon Jun 23, 2014 4:11 am
Forum: General
Topic: 6.9 breaks routing marks?
Replies: 27
Views: 4623

Re: 6.9 breaks routing marks?

My problem is back with 6.15... with routing mark: 3 S dst-address=0.0.0.0/0 gateway=192.168.3.20 gateway-status=192.168.3.20 inactive check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=Closeness when I remove the routing mark: 1 S dst-address=0.0.0.0/0 gateway=192.168.3.20 gateway-...
by sirdir
Fri Jun 13, 2014 5:47 pm
Forum: General
Topic: CRS and LACP
Replies: 6
Views: 3293

Re: CRS and LACP

You are right, performance is actually the same. In my case the bottleneck is the NAS CPU which limits traffic at about 45 MB.sec, which fits well into a Gigabit connection. Just set up bonding for the fun of it... Yes, one wants to keep himself informed, doesn't he? Actually binding would make sen...
by sirdir
Thu Jun 12, 2014 5:56 pm
Forum: General
Topic: CRS and LACP
Replies: 6
Views: 3293

Re: CRS and LACP

Hm, I tried both options, didn't really work. I just gave up trunking for now... even with the HP switch performance probably wasn't really better...
by sirdir
Thu Jun 12, 2014 12:43 pm
Forum: General
Topic: CRS and LACP
Replies: 6
Views: 3293

Re: CRS and LACP

On the NAS side, use balance-xor as the agregation type (if available). Thank you. Do you / does anybody know, if any of those options (and if so, which one :) ) corresponds to balance-xor? Failover FEC (Fast Ether Channel) LACP (Link Aggregation Control Protocol) Load Balancing Roundrobin (if any,...
by sirdir
Thu Jun 12, 2014 5:18 am
Forum: General
Topic: CRS and LACP
Replies: 6
Views: 3293

CRS and LACP

Hi! I've got my CRS today and want to replace my RB and my HP Switch with just one device. I use 3 ISPs. So I configured 3 Ports for those ISPs, a 4th as LAN (with the local IP) and made all other ports slaves of this port (so LAN is master). Is this the way this is usually done? Now my problem: I h...
by sirdir
Tue Feb 11, 2014 2:33 pm
Forum: General
Topic: 6.9 breaks routing marks?
Replies: 27
Views: 4623

Re: 6.9 breaks routing marks?

Strange enough, support wanted a support file from the non working router, so I upgraded to 6.9 again - and now everything is working perfectly. I don't see any configuration problems as just removing the routing mark was enough to get the route up, adding it again was enough to get it down again. B...
by sirdir
Sun Feb 09, 2014 9:12 pm
Forum: General
Topic: 6.9 breaks routing marks?
Replies: 27
Views: 4623

Re: 6.9 breaks routing marks?

What happened to this parameter in v6.7?
check-gateway=ping 
Can be I changed that (I tried some more things before downgrading - but downgrading was the only thing that helped in the end...)
... But in 6.7/6.8 it works with our without check-gateway=ping, in 6.9 it doesn't work any way.
by sirdir
Sun Feb 09, 2014 6:42 pm
Forum: General
Topic: 6.9 breaks routing marks?
Replies: 27
Views: 4623

Re: 6.9 breaks routing marks?

after downgrading to 6.7: 3 A S dst-address=0.0.0.0/0 gateway=192.168.3.20 gateway-status=192.168.3.20 reachable via Closeness distance=1 scope=30 target-scope=10 routing-mark=Closeness .. and everything works as expected.. so why this 'inactive' vs. 'reachable via..'? PS: 6.8 works as expected as w...
by sirdir
Sun Feb 09, 2014 6:08 pm
Forum: General
Topic: 6.9 breaks routing marks?
Replies: 27
Views: 4623

Re: 6.9 breaks routing marks?

this is one of the routes that isn't used: 6 S dst-address=0.0.0.0/0 gateway=192.168.3.20 gateway-status=192.168.3.20 inactive check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=Closeness what does 'gateway status=192.168.3.20 inactive mean? The gateway is reachable and when I remov...
by sirdir
Sun Feb 09, 2014 5:15 pm
Forum: General
Topic: 6.9 breaks routing marks?
Replies: 27
Views: 4623

Re: 6.9 breaks routing marks?

Yes it could be possible there's a problem in my setup (a mikrotik router is quite a complicated thing...) I can see the packets get marked (bytes/packer counter in mangle section is rising) but still the 'main' routes are used... That wasn't the case before... It's a pity there isn't the same kind ...
by sirdir
Sun Feb 09, 2014 3:11 am
Forum: General
Topic: 6.9 breaks routing marks?
Replies: 27
Views: 4623

6.9 breaks routing marks?

Hi!

Can it be 6.9 broke routing marks?
Packet still seem to get marked, but pass the main routes anway, regardless of the routing mark...
by sirdir
Wed Feb 05, 2014 4:34 pm
Forum: General
Topic: Incompatibility with ps4?
Replies: 24
Views: 15493

Re: Incompatibility with ps4?

@spire2z I disagree, doesn't really make sense. It's as easy to spoof with a bind as with a proxy... so there's no security gained. @dundy: I haven't been using the ps4 much lately. I think it works now, not sure because I changed the dns or because I made those stupid port forward (I sill can't bel...
by sirdir
Mon Jan 20, 2014 2:12 pm
Forum: General
Topic: Incompatibility with ps4?
Replies: 24
Views: 15493

Re: Incompatibility with ps4?

I have a problem FORWARDING port 80 to my PS4. What if I wish to run a webserver? Check router's 'IP/Services', probably WWW is enabled. Disable WWW service (Webfig) or change port used by it. HTH, Misunderstanding. It's not that I have a problem technically, but I don't WANT to forward port 80 to ...
by sirdir
Sun Jan 19, 2014 8:27 pm
Forum: General
Topic: Incompatibility with ps4?
Replies: 24
Views: 15493

Re: Incompatibility with ps4?

In order for PS3/4 to work correctly you must open the following ports. This is covered in a lot of posts about the play station and on there website. If you do not wish to open a port, the the PS will not work. TCP PORTS: 80; 443; 465; 983; 5223; 10070; 10080 UDP PORTS: 3478; 3479; 3658; 10070 If ...
by sirdir
Thu Jan 09, 2014 1:01 pm
Forum: General
Topic: Incompatibility with ps4?
Replies: 24
Views: 15493

Re: Incompatibility with ps4?

Tried upnp, didn't really change anything.

The list of ports to forward I found is rather ridiculous, I'm absolutely not going to forward port 80 to my playstation! nor 443...
by sirdir
Sun Dec 22, 2013 5:51 pm
Forum: General
Topic: Incompatibility with ps4?
Replies: 24
Views: 15493

Incompatibility with ps4?

Hi! I have a strange problem with my ps4 in relation with the mikrotik router (ros 6.7) Internetconnection works fine so far (web surfing with the ps 4 etc.) but everything related to PSN breaks on a regular basis. Just can't connect. When I reboot the mikrotik, it works again for some hours, then t...
by sirdir
Thu Dec 05, 2013 11:57 pm
Forum: General
Topic: v6.7 released
Replies: 225
Views: 109893

Re: v6.7 released

May be a coinsidence but my 450G crashed after barely 24h of 6.7 for the first time ever. Unfortunately I was not able to connect serially so I could not see what was happening, but I was not even able to ping the router anymore...
by sirdir
Fri Sep 27, 2013 8:28 pm
Forum: Beginner Basics
Topic: dst-nat question again
Replies: 2
Views: 638

Re: dst-nat question again

Firewall rule blocking traffic?
You're right, after allowing all traffic from the originating IP it worked. I just don't see why the snmp access was allowed before…
I'll have to go through all the tables again ;)
by sirdir
Fri Sep 27, 2013 3:11 pm
Forum: Beginner Basics
Topic: dst-nat question again
Replies: 2
Views: 638

dst-nat question again

Hi! I have a dst-nat related question again. I just added a loopback address to my router (192.168.254.1) and tried two things: I added a dst-nat rule udp port 555 to 192.168.254.1 port 161. When accessing the WAN address port 555, I was able to get SNMP data. Then I added a similar rule: dst-nat po...
by sirdir
Fri Sep 27, 2013 3:08 pm
Forum: General
Topic: ISP setup
Replies: 1
Views: 600

ISP setup

Hi! I have a somewhat special question: I am customer of a small ISP that is providing me wireless internet. This ISP wants to change his network from bridged to routed. Because I used to be ISP myself (~15 years ago) and I have more experience in routing they asked for my help. Back then, we didn't...
by sirdir
Fri Sep 13, 2013 4:43 pm
Forum: Scripting
Topic: Dynamic DNS: One script to rule them all
Replies: 29
Views: 17025

Re: Dynamic DNS: One script to rule them all

efaden sounds pretty plausible to me at least ;) But I'll have to look into layer 7 filtering etc. never used that before..

Regards
Patrick
by sirdir
Fri Sep 13, 2013 4:41 pm
Forum: General
Topic: Routes / Masquerading
Replies: 7
Views: 1509

Re: Routes / Masquerading

Yes that's correct, the public IP is the dst address. an example of port forwarding 49000 would be; add action=dst-nat chain=dstnat comment="Example SIP" disabled=\ no dst-address=*publicIP* dst-port=49000 protocol=tcp to-addresses=\ *localIP* And if you have a dynamic public IP, you can also speci...
by sirdir
Thu Sep 12, 2013 8:48 pm
Forum: Scripting
Topic: Dynamic DNS: One script to rule them all
Replies: 29
Views: 17025

Re: Dynamic DNS: One script to rule them all

I No... unfortunately you cannot control the interface a fetch/get goes out of. If you want to use fetch or get to identify two different interfaces then what you would have to do is to use some sort of Layer7 filtering or something to tag the requests and use routing tags to get the fetch requests...
by sirdir
Thu Sep 12, 2013 8:18 pm
Forum: General
Topic: v6.4 released
Replies: 170
Views: 61284

Re: v6.4 released


*) ovpn - allow to specify server via dns name;
I'd like very much to see this in IPSec as well...
by sirdir
Thu Sep 12, 2013 8:07 pm
Forum: General
Topic: Routes / Masquerading
Replies: 7
Views: 1509

Re: Routes / Masquerading

Create a NAT rule as usual, specific the router address as the Dst Address , specific a Dst Port then in Action select dst-nat and only specify To ports - leave To Addresses blank/default. Thank you. The router address would be the public ip, wouldn't it? Tried that and it seems to receive traffic ...
by sirdir
Thu Sep 12, 2013 7:33 pm
Forum: Scripting
Topic: Dynamic DNS: One script to rule them all
Replies: 29
Views: 17025

Re: Dynamic DNS: One script to rule them all

I have just seen your replies and haven't tested them yet, but thank you very much for your help! While having a very quick review of the code (I don't really know that scripting language yet…) I'm not sure if it addresses my main problem: Say I have 2 WAN Links, WAN1 and WAN2. To correctly update t...
by sirdir
Thu Sep 12, 2013 7:29 pm
Forum: Beginner Basics
Topic: Accessing Port Forwards from internal IPs
Replies: 10
Views: 6701

Re: Accessing Port Forwards from internal IPs

Basically that means if the dst-address is "local" to the router (e.g. it is assigned to one of the interfaces on the router). Hi! That's a great idea, unfortunately it doesn't work for my setup. In fact I even need 2 rules. The problem is my public IP is double-NATed. so, the mikrotik sees it's up...
by sirdir
Thu Sep 12, 2013 5:04 pm
Forum: Beginner Basics
Topic: Accessing Port Forwards from internal IPs
Replies: 10
Views: 6701

Re: Accessing Port Forwards from internal IPs

What you need is a Hairpin Nat rule Rudios is correct. OK, I'm getting first results but this method requires one to put the WAN ip in the dst-nat rule. I'd like to avoid that, that's why I had the incoming interface marked and not the IP. But when accessing from the inside, that rule won't get app...
by sirdir
Thu Sep 12, 2013 3:58 pm
Forum: Beginner Basics
Topic: Accessing Port Forwards from internal IPs
Replies: 10
Views: 6701

Accessing Port Forwards from internal IPs

Hi! This must have been covered before, but if I find an example there are always some special cases that aren't true for me (or I don't understand the example…) Let's say I have a Webserver running on 192.168.1.100 Port 80 and want it to be accessible from the WAN IP 69.69.69.69 on Port 8080. So I ...
by sirdir
Sun Sep 01, 2013 4:11 am
Forum: Scripting
Topic: Dynamic DNS: One script to rule them all
Replies: 29
Views: 17025

Re: Dynamic DNS: One script to rule them all

I have dyndnses on more than one interface.. any idea how to update them all, not just the one on the default gateway?
one would have to send the request out by another than the default gateway, maybe using routing marks?
On pfsense, life was so easy ;)

Regards
Patrick
by sirdir
Fri Aug 30, 2013 6:39 pm
Forum: General
Topic: ipsec vpn between mikrotik router and pfsense router
Replies: 5
Views: 3340

Re: ipsec vpn between mikrotik router and pfsense router

I've got mixed results between mikortik and pfsense… Sometimes it seems to work and sometimes it stops working, I don't really know why.

And the video really doesn't help much as you can't read the settings…
by sirdir
Tue Aug 27, 2013 9:08 pm
Forum: General
Topic: Routes / Masquerading
Replies: 7
Views: 1509

Routes / Masquerading

Hi! I've been using a pfsense so far, but now I'd like to try MikroTik. Well, MikroTik has a lot more possibilities, but is also more complicated. Some problems I have so far: What I'd like to do is do a portforwarding on the Mikrotik itself i.E. Accessing Port 2000 UDP forwards to the MikroTik Port...