Community discussions

Search found 49 matches

by DotTest37
Mon Jul 08, 2019 5:14 am
Forum: Beginner Basics
Topic: QoS question.
Replies: 4
Views: 351

Re: QoS question.

is there any way to set aside 2 Mbits for certain type of traffic (VoIP for example) , regardless of the total available bandwidth? I want to make sure certain traffic gets at least 2 Mbits, leaving the rest for anything else (web browsing, email, chat, etc) No - you might be able to build a script...
by DotTest37
Sun Jul 07, 2019 7:30 pm
Forum: Beginner Basics
Topic: QoS question.
Replies: 4
Views: 351

QoS question.

I have an ISP that sometimes throttles my bandwidth. My physical interface to the Modem is 1Gbit, but the bandwidth to the Internet is obviously a lot less that that. It should be 25 Mbits, but sometimes it slows down to 10 Mbits for few days. Ive seem many tutorials of setting QoS queues specifying...
by DotTest37
Sun Jul 07, 2019 6:26 pm
Forum: Forwarding Protocols
Topic: OSPF Force path for specific subnet
Replies: 6
Views: 494

Re: OSPF Force path for specific subnet

Any other option? Another routing protocol? multiple OSPF instances perhaps? You might be able to do this with BGP, depending on your topology. :-) I wouldn't even know how to start with that. Can you run two instances of OSPF between the same two routers (with multiple loopback addresses, etc) and...
by DotTest37
Sat Jul 06, 2019 4:51 pm
Forum: Forwarding Protocols
Topic: OSPF Force path for specific subnet
Replies: 6
Views: 494

Re: OSPF Force path for specific subnet

Static routes. Pretty much all that comes to mind. OSPF can't manipulate cost per route, only per interface. Static Routes wont failover when the main ISP goes down. I would have to create a script for that. That would defeat the purpose of the OSPF. Any other option? Another routing protocol? mult...
by DotTest37
Wed Jul 03, 2019 11:12 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 60750

Re: v6.45.1 [stable] is released!

What does exactly mean: !) user - removed insecure password storage; ? It is already written in the head of the release notes! In older RouterOS versions before 6.43 the passwords were stored in plaintext. In the 6.43 version they were changed to hashes but the plaintext version remained so you cou...
by DotTest37
Wed Jul 03, 2019 10:33 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 60750

Re: v6.45.1 [stable] is released!

What does exactly mean:
!) user - removed insecure password storage;
?
by DotTest37
Wed Jul 03, 2019 10:30 pm
Forum: Forwarding Protocols
Topic: OSPF Force path for specific subnet
Replies: 6
Views: 494

OSPF Force path for specific subnet

I have OSPF running between two Mikrotik Routers, each of them with 2 WANs configured on failover. I have few private subnets behind each router. Right now my OSPF Interfaces are configured like this: ISP-A Cost : 10 ISP-B Cost: 30 Thats how I got OSPF to use ISP-A by default for all the intra-offic...
by DotTest37
Fri Aug 31, 2018 2:58 am
Forum: Wireless Networking
Topic: Rogue AP prevention/detection
Replies: 1
Views: 535

Rogue AP prevention/detection

How can I prevent these two issues: 1- Someone connecting an unauthorized Access Point in my network (plugging an ethernet wire on the wall, but with different SSID from mine, using his own NATting). 2- Someone running an Access Point with my SSID (even if not plugged in my ethernet wiring, trying t...
by DotTest37
Sat Aug 25, 2018 4:52 pm
Forum: General
Topic: Vulnerability CVE-2018-5390 [SOLVED]
Replies: 13
Views: 2191

Re: Vulnerability CVE-2018-5390 [SOLVED]

DotTest37, go read the CVE. You are getting worked up over nothing. The published CVE has nothing to do with OpenVPN or SSTP security vulnerabilities. It has to do with possible DoS to a host via certain crafted TCP packets, not privilege escalation, not cert/data leakage, etc. The "bug" (sounds mo...
by DotTest37
Tue Aug 21, 2018 12:59 am
Forum: General
Topic: Vulnerability CVE-2018-5390 [SOLVED]
Replies: 13
Views: 2191

Re: Vulnerability CVE-2018-5390 [SOLVED]

On which condition should we worry or not on this particular issue?
Not worry when kernel version is below 4.9
Im confused. So, should we worry about this vulnerability, or not.
If so, on which scenarios?
by DotTest37
Mon Aug 20, 2018 7:43 pm
Forum: General
Topic: Vulnerability CVE-2018-5390 [SOLVED]
Replies: 13
Views: 2191

Re: Vulnerability CVE-2018-5390 [SOLVED]

I think he meant this in a more generic sense. Anyone can submit something to the CVE database. I think so, but I wanted to make sure we dont minimize reality. On which condition should we worry or not on this particular issue? (OpenVPN implementation on RouterOS not able to check the validity of a...
by DotTest37
Mon Aug 20, 2018 3:53 pm
Forum: General
Topic: ROS ovpn-client doesn't verify server certificate.
Replies: 7
Views: 1278

Re: ROS ovpn-client doesn't verify server certificate.

I've been following up on this topic.
Any news from MIkrotik on this issue?
by DotTest37
Mon Aug 20, 2018 3:47 pm
Forum: General
Topic: Vulnerability CVE-2018-5390 [SOLVED]
Replies: 13
Views: 2191

Re: Vulnerability CVE-2018-5390 [SOLVED]

Just a side note - it is way too easy to create those CVE-2018-xxxx entries.. Anyone stubborn enough can do it, even without any actual knowledge of the subject, i think this should be restricted to companies only, for example MikroTik should do it itself. Are you suggesting that this CVE report mi...
by DotTest37
Sun Aug 12, 2018 10:51 pm
Forum: General
Topic: ISP providing two Public IP segments
Replies: 7
Views: 584

Re: ISP providing two Public IP segments

They likely have a route in their routing equipment that routes the /29 over your end of the /30. I was just thinking,, then why they specified a default gateway for the /29 network on the paper they sent me? Because if the incoming or outgoing traffic for the /29 gets routed via the /30 network, t...
by DotTest37
Sun Aug 12, 2018 6:20 pm
Forum: General
Topic: ISP providing two Public IP segments
Replies: 7
Views: 584

Re: ISP providing two Public IP segments

They will turn it on tomorrow, so I guess I will find out then.
All said one m this thread make sense though.
by DotTest37
Sun Aug 12, 2018 5:53 pm
Forum: General
Topic: ISP providing two Public IP segments
Replies: 7
Views: 584

Re: ISP providing two Public IP segments

Do I have to ask the ISP to route the /29 via the gateway from the /30 ? Because those two segments are not contiguous.
I remember doing that in the past, with Cisco .
Otherwise how the internet originated traffic will reach the /29 if the only segment on my WAN interface is from the /30?
by DotTest37
Sun Aug 12, 2018 4:11 pm
Forum: General
Topic: ISP providing two Public IP segments
Replies: 7
Views: 584

ISP providing two Public IP segments

Im setting a Mikrotik device at a new location, asked for 5 public IPs, and the ISP provided me with two segments. They gave me a /29 network but they also gave me a WAN IP block, and according to them this is for my "WAN" interface. (Image attached) IP-Mikrotik.jpg How do I configure that on the Mi...
by DotTest37
Thu Mar 30, 2017 5:59 am
Forum: General
Topic: Compatibility with 4G LTE Global USB Modem U620L
Replies: 16
Views: 3611

Re: Compatibility with 4G LTE Global USB Modem U620L

Which RC did you install?
Id like to try the same.
by DotTest37
Fri Oct 28, 2016 4:19 am
Forum: General
Topic: Expected throughput on x86 board with 10GBE ports
Replies: 12
Views: 2321

Re: Expected throughput on x86 board with 10GBE ports

Hi TomjNorthIdaho Yes, that is very useful indeed! I do have an ESXI 6 box with Mellanox 10GBE dual NICs, it didnt occurred to me doing that tests. I also have 10GBE switches at my home lab, and a couple of Windows servers with 10GBE NICs as well. That could give me a a good test environment, I can ...
by DotTest37
Fri Oct 28, 2016 4:14 am
Forum: General
Topic: Expected throughput on x86 board with 10GBE ports
Replies: 12
Views: 2321

Re: Expected throughput on x86 board with 10GBE ports

If a hardware platform has limitations on handling a physical port, then why that port is even there to begin with? Just my thought of course. I was not expecting much from the CRS, but at least to handling file transfers from two workstations connected to 1GB ports and a SAN connected to the 10GBE ...
by DotTest37
Thu Oct 27, 2016 5:41 pm
Forum: General
Topic: Expected throughput on x86 board with 10GBE ports
Replies: 12
Views: 2321

Expected throughput on x86 board with 10GBE ports

Hi guys. What is the expected throughput if I run routeros on a x86 board with 10GBE ports? I was thinking Supermicro X10SDV-TLN4F It has an Intel Xeon CPU and two 10GBE ports. Has anyone tried that? I was appalled by the performance of the MT CRS that come with SFP+ ports, I tried a couple, switchi...
by DotTest37
Thu Oct 27, 2016 5:35 pm
Forum: General
Topic: Compatibility with 4G LTE Global USB Modem U620L
Replies: 16
Views: 3611

Re: Compatibility with 4G LTE Global USB Modem U620L

Same here.
Would love to see it supported.
by DotTest37
Mon Oct 17, 2016 2:22 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request: Add LTE modem support MHS291L (MHS291LVW)
Replies: 3
Views: 1037

Re: Feature request: Add LTE modem support MHS291L (MHS291LVW)

Hi
I really need this.
A customer of mine has a few of these, and they will move to Mikrotik if I can make them work as Internet backup for their branches.

I would help on anything if needed.
by DotTest37
Fri Oct 14, 2016 5:11 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request: Add LTE modem support MHS291L (MHS291LVW)
Replies: 3
Views: 1037

Re: Feature request: Add LTE modem support MHS291L (MHS291LVW)

This would be nice.

Not sure if it was done yet,, Im trying to use a 291L and it wont work on my CRS125-24G

Does anybody knows how to make it work?
by DotTest37
Thu Oct 13, 2016 4:40 am
Forum: General
Topic: Verizon LTE USB Modem
Replies: 2
Views: 859

Re: Verizon LTE USB Modem

Thanks I should have been more explicit. The Huawei E8372 I mentioned can be also used as WIFI hotspot, when not connected to the MT router. This is what I want to do: Use the device as everyday hotspot for when I work outside the office,, and then occasionally connect it to the MT so I can use it a...
by DotTest37
Thu Oct 13, 2016 3:48 am
Forum: General
Topic: Compatibility with 4G LTE Global USB Modem U620L
Replies: 16
Views: 3611

Re: Compatibility with 4G LTE Global USB Modem U620L

Hi

Has this been done already?
I would like to help, I dont have the modem now but I can buy one.
Thanks
Dotty
by DotTest37
Thu Oct 13, 2016 2:50 am
Forum: General
Topic: Verizon LTE USB Modem
Replies: 2
Views: 859

Verizon LTE USB Modem

I have a CRS 125 and I would like to add LTE. Currently have an extra SIM on my Verizon plan in the US. I was checking USB modems, so I can use as dongle, seems like the Huawei E8372 might not work in US. Does anybody knows a good USB LTE Modem compatible with Verizon LTM that I could use on my MT b...
by DotTest37
Fri Aug 05, 2016 10:41 pm
Forum: General
Topic: Preventing failback when main ISP is flapping
Replies: 3
Views: 587

Re: Preventing failback when main ISP is flapping

Hi

Where would I find an example of such counter?
Im not sure where to start.
Thanks!
by DotTest37
Thu Jun 30, 2016 7:35 am
Forum: General
Topic: Metarouter on CHR
Replies: 1
Views: 748

Metarouter on CHR

Can you run Metarouter on CHR?
Im thinking on installing one on AWS, and perhaps might be an idea to give each user of each subnet their own access to Router OS.
by DotTest37
Tue Jun 28, 2016 9:04 pm
Forum: General
Topic: Preventing failback when main ISP is flapping
Replies: 3
Views: 587

Preventing failback when main ISP is flapping

I have this customer with dual WAN, ISP1 and ISP2. ISP1 is a fiber Internet link, with 60 Mbit download and low latency. ISP2 is a regular DSL, 20 Mbit download, twice as much latency. ISP1 is primary, and ISP2 is used only for failover, in case ISP1 goes down. Both ISP1 and ISP2 provides static pub...
by DotTest37
Tue Jun 28, 2016 3:57 pm
Forum: General
Topic: Winbox Safe mode
Replies: 25
Views: 40593

Re: Winbox Safe mode

I dream too
by DotTest37
Fri Jun 24, 2016 6:45 pm
Forum: General
Topic: How do they do this?
Replies: 3
Views: 515

Re: How do they do this?

I imagined something like BGP was used, since they seem to be offering a public IP that could be used on customer's premises to host service over the internet etc. I know this has been discussed many times over, but in terms of BGP, how hard is to get a ASN for a small provider? Some customers of mi...
by DotTest37
Fri Jun 24, 2016 4:45 pm
Forum: General
Topic: How do they do this?
Replies: 3
Views: 515

How do they do this?

I was reading an article online, and found this:
http://www.netcelero.com/single-static-ip.html

They offer multiple bonded ISP connectivity as a service and they seem to claim offering the end user the same Public Static IP over any of the bonded ISP.

Any idea how they do that? 
by DotTest37
Mon Jun 06, 2016 4:27 pm
Forum: General
Topic: Unable to set a Dual WAN ipSec failover
Replies: 5
Views: 2076

Re: Unable to set a Dual WAN ipSec failover

Direct IPsec tunnels are always causing problems in many areas due to the way they directly interact with the lowest level of IP routing. I would change the direct IPsec tunnels to IP over IPsec or GRE over IPsec tunnels with a /30 network, and then set routes with different preference or run a rou...
by DotTest37
Mon Jun 06, 2016 4:00 pm
Forum: General
Topic: Slow speed on second wan in dual wan configuration
Replies: 3
Views: 677

Re: Slow speed on second wan in dual wan configuration

Im having the same issue, but on a CRS125 Need some help. The download speed on WAN2 should be 120Mbits, but I get only between 50 and 60. A funny thing,, the WAN1 speed is 50 Mbits, as it should be. Im using Port1 and Port2 on the Mikrotik, I wonder if the switch configuration on those ports has an...
by DotTest37
Fri Jun 03, 2016 5:49 pm
Forum: General
Topic: Unable to set a Dual WAN ipSec failover
Replies: 5
Views: 2076

Re: Unable to set a Dual WAN ipSec failover

At Site1 create a netwatch script that monitors Site2 ISP 1. When Site2 ISP 1 connections goes down it disabled the the ISPec peer for ISP 1 and enabled the IPSec peer for ISP 2. When Site2 ISP 1 connections comes back up it enables the the ISPec peer for ISP 1 and disables the IPSec peer for ISP 2...
by DotTest37
Mon May 30, 2016 4:59 pm
Forum: General
Topic: Log step duration on Script
Replies: 0
Views: 256

Log step duration on Script

Hi guys
I have this script that is taking too long, and Id like to log the duration on each step.
If I use log info "/system clock get time" the resolution is just a second.

Id like to get milliseconds, logged on each step, so i can catch which one is slowing me down.

Thanks
by DotTest37
Sun May 29, 2016 5:10 pm
Forum: General
Topic: Unable to set a Dual WAN ipSec failover
Replies: 5
Views: 2076

Unable to set a Dual WAN ipSec failover

Hi guys I have two sites, each of them with a LAN behind NAT, and each of them using different ISP. Im trying to set a Dual WAN ipSec failover, but the ipSec policy keeps giving me trouble, Site1 is like this: ISP0 public IP 1.1.1.1 LAN 10.5.10.0/24 Site2 is like this: ISP1 public IP 2.2.2.2 (this i...
by DotTest37
Tue May 24, 2016 8:29 pm
Forum: General
Topic: Winbox Safe mode
Replies: 25
Views: 40593

Re: Winbox Safe mode

On Winbox doesnt work well. I was remotely logged in, used Safe Mode, deleted the WAN interface, obviously got kicked out. Instructed a helper to reboot the Router (unplugging/plugging the PSU) and the WAN interface never came back. Went physically next to the router and plugged an ethernet cable, u...
by DotTest37
Sat May 14, 2016 6:01 pm
Forum: Beginner Basics
Topic: 1-to-1 NAT with state table
Replies: 6
Views: 1191

Re: 1-to-1 NAT with state table

Excellent

I have two extra MT routers, I will test it this weekend and will report back.
Thanks!
by DotTest37
Sat May 14, 2016 6:01 am
Forum: Beginner Basics
Topic: 1-to-1 NAT with state table
Replies: 6
Views: 1191

Re: 1-to-1 NAT with state table

I just read about Netmap on the Mikrotik Wiki. Great suggestion. One question though, will Netmap make the NAT table static on a prefix basis? for example, will server 10.0.0.10 will be always translated to 192.168.200.10? even if the servers came online in different order? (We cannot have a case wh...
by DotTest37
Thu May 12, 2016 4:01 pm
Forum: Beginner Basics
Topic: 1-to-1 NAT with state table
Replies: 6
Views: 1191

1-to-1 NAT with state table

I have this use case where I need something I dont know MT can do. Three locations, one master with a NOC software and two sites with servers. Each location has a public IP but all internal servers use src-NAT to access the Internet. I have to set a VPN between the NOC and each of the two sites so t...
by DotTest37
Sat Mar 26, 2016 2:58 pm
Forum: General
Topic: openVPN Client on Mikrotik, as Bridge
Replies: 4
Views: 1317

Re: openVPN Client on Mikrotik, as Bridge

Well, you are right,there is no real requirement for having the same subnet on both sides, it is just the way I imagined it first. I was thinking to have devices on the client side getting IPs from my server side DHCP so I could see all of them in the same place, but networking-side, yes, no require...
by DotTest37
Fri Mar 25, 2016 3:59 pm
Forum: General
Topic: openVPN Client on Mikrotik, as Bridge
Replies: 4
Views: 1317

Re: openVPN Client on Mikrotik, as Bridge

I actually did, left the client router with default settings, added the certs from the server router and created the OpenVPN Client settings and I was able to connect the client to the server. then I added some firewall rules, mangle, etc and I was able to ping a PC behind the client router on subne...
by DotTest37
Fri Mar 25, 2016 5:05 am
Forum: General
Topic: openVPN Client on Mikrotik, as Bridge
Replies: 4
Views: 1317

openVPN Client on Mikrotik, as Bridge

I already have a Cloud Switch configured as OpenVPN Server, and I use Viscosity from my Mac to VPN to home. Is it possible to have another Mikrotik router act as a OpenVPN Client and connect to my Cloud Switch in Bridge mode ? (not sure if Bridge is the right word, I just need to be able to see the ...
by DotTest37
Tue Oct 08, 2013 8:57 pm
Forum: General
Topic: Combination of NAT Overloading, PAT and Firewall Rules
Replies: 1
Views: 529

Re: Combination of NAT Overloading, PAT and Firewall Rules

Bump.
It took days for the opening post to be checked by a Moderator, and was pushed to the bottom.

D.
by DotTest37
Sun Oct 06, 2013 10:13 pm
Forum: General
Topic: Combination of NAT Overloading, PAT and Firewall Rules
Replies: 1
Views: 529

Combination of NAT Overloading, PAT and Firewall Rules

This is my first post on this Forum. Ive been hanging my head on this one. I have 5 public IPs from ISP, the first IP is used for NAT overloading so my LAN can acess the Internet (this works) I also added a dst-nat using the second public IP from my ISP, a To-Address and TCP port 80 and another on p...