Community discussions

Search found 43 matches

by LogicalNZ
Tue Sep 24, 2019 5:31 am
Forum: General
Topic: Windows 10 Update, Broken L2tp/ipsec (AGAIN)
Replies: 1
Views: 244

Re: Windows 10 Update, Broken L2tp/ipsec (AGAIN)

Ok, So after much playing around I have worked it out. It seems that Windows 10 has a build number and Update settings (this is a little confusing). If you do a search for "system information" via the magnifying glass it will show the build number. Please be aware that you can be completely up to da...
by LogicalNZ
Tue Sep 24, 2019 12:02 am
Forum: General
Topic: Windows 10 Update, Broken L2tp/ipsec (AGAIN)
Replies: 1
Views: 244

Windows 10 Update, Broken L2tp/ipsec (AGAIN)

Hey All,

It looks like Microsoft have done an update to Windows 10 last week that seems to have of broke L2TP / IPSEC.

Has anyone got a fix for this as yet?

In the logs, it looks like the VPN comes up then is tawn down.

Would rather change the Mikrotik than the W10 machine :(

Any ideas???
by LogicalNZ
Tue Sep 17, 2019 10:04 pm
Forum: Scripting
Topic: Remove Mangle via MAC Address
Replies: 7
Views: 803

Re: Remove Mangle via MAC Address

Hmmm, so very odd - using either a putty terminal or the terminal in Winbox, I get no output from the "put" command.

Any ideas why this would be?

I have even tried just a simple:
:put "hello world"
But to no avail?
by LogicalNZ
Tue Sep 17, 2019 9:18 pm
Forum: Scripting
Topic: Remove Mangle via MAC Address
Replies: 7
Views: 803

Re: Remove Mangle via MAC Address

Ok, that makes sense - I have been using Winbox and not SSH when doing my scripting. Do you find it easier to create scripts via SSH or do you just use it for seeing your put comments? I have been reading the manual, but I’m no programmer (more of a script brasher). I have been working on (and now h...
by LogicalNZ
Tue Sep 17, 2019 10:34 am
Forum: Scripting
Topic: Remove Mangle via MAC Address
Replies: 7
Views: 803

Re: Remove Mangle via MAC Address

Thank you so much. As you can tell i’m New to Mikrotik scripting.

A dumb question I’m sure, what the heck does Put do?

Thanks again!
by LogicalNZ
Tue Sep 17, 2019 6:09 am
Forum: Scripting
Topic: Remove Mangle via MAC Address
Replies: 7
Views: 803

Remove Mangle via MAC Address

Hey All, Been trying to work out how to remove a Mangle rule via CLI (so I can script). The Add command is: /ip firewall mangle add src-mac-address=00:00:00:00:00:00 chain=prerouting action=mark-packet new-packet-mark=bad-mac comment="Layer2 Firewall" I have tried the following with no luck: /ip fir...
by LogicalNZ
Mon Sep 16, 2019 9:25 pm
Forum: Beginner Basics
Topic: Firewall settings, need some help
Replies: 1
Views: 326

Re: Firewall settings, need some help

Hmmm, it seems to me to be overly complex if you are new to using RB. Can I suggest in your forward chain; 1. An Established and Related “allow” rule 2. A New “allow” rule for TCP 80,443 from local addresses 3. A New “allow” rule for UDP 53 from local addresses 4. Drop All Let me know how you go wit...
by LogicalNZ
Mon Sep 16, 2019 3:28 am
Forum: Scripting
Topic: Script to List MAC addresses in Bridge Filters
Replies: 4
Views: 630

Re: Script to List MAC addresses in Bridge Filters

Thank you for your help,

Got it in the end :)

/interface bridge filter
:foreach i in=[find] do={
:local localmac [get $i src-mac-address]
:log warning "Found ths MAC Address in $localmac In the Filter List"
}
by LogicalNZ
Sat Sep 14, 2019 10:29 am
Forum: Scripting
Topic: Script to List MAC addresses in Bridge Filters
Replies: 4
Views: 630

Re: Script to List MAC addresses in Bridge Filters

Thanks for the response, your script lists Mac from the ARP list, what I’m looking to do is to list the MAC from the bridge filter list...

Thanks anyway :)
by LogicalNZ
Sat Sep 14, 2019 7:39 am
Forum: Scripting
Topic: Script to List MAC addresses in Bridge Filters
Replies: 4
Views: 630

Script to List MAC addresses in Bridge Filters

Hey all, Trying to list the MAC addresses in bridge filters but not having any luck. Here is what I have: :foreach i in=[/interface bridge filter] do={ :local localmac [/interface bridge filter get $i src-mac-address] :log warning "Found ths MAC Address in $localmac" } Any help would be appreciated,...
by LogicalNZ
Mon Sep 09, 2019 9:54 am
Forum: General
Topic: VLAN: Newbie Needs Guidance
Replies: 16
Views: 909

Re: VLAN: Newbie Needs Guidance

Just another thing, you make mention of 3rd party routers? I take it theses are wireless AP’s?

If so, have you tested by plugging into the router via Ethernet?

This is not a wireless issue is it?
by LogicalNZ
Mon Sep 09, 2019 9:16 am
Forum: General
Topic: VLAN: Newbie Needs Guidance
Replies: 16
Views: 909

Re: VLAN: Newbie Needs Guidance

Have a look on YouTube, many good videos. Basically set up your filters, give it a file name and start it. Get your users to create issue and then download file to local. If you save it as a .pcap file and have wireshark installed, click on the file and it will open in wireshark. Worth the time to l...
by LogicalNZ
Mon Sep 09, 2019 9:05 am
Forum: General
Topic: VLAN: Newbie Needs Guidance
Replies: 16
Views: 909

Re: VLAN: Newbie Needs Guidance

So I guess you are at the point of using the packet sniffer in ROS and see what wire shark is showing.
by LogicalNZ
Mon Sep 09, 2019 9:01 am
Forum: General
Topic: VLAN: Newbie Needs Guidance
Replies: 16
Views: 909

Re: VLAN: Newbie Needs Guidance

Did you disable the mangle rules?
by LogicalNZ
Mon Sep 09, 2019 8:51 am
Forum: General
Topic: VLAN: Newbie Needs Guidance
Replies: 16
Views: 909

Re: VLAN: Newbie Needs Guidance

If you try pushing all traffic out one ISP, do you still have the problem?
by LogicalNZ
Mon Sep 09, 2019 8:30 am
Forum: General
Topic: VLAN: Newbie Needs Guidance
Replies: 16
Views: 909

Re: VLAN: Newbie Needs Guidance

Just one thing I have noticed, be careful with !local and VLANS. I have seen ROS get this wrong a couple of times. I have found a list of private IP’s works better. Also have you tried fast track?
by LogicalNZ
Mon Sep 09, 2019 7:30 am
Forum: General
Topic: VLAN: Newbie Needs Guidance
Replies: 16
Views: 909

Re: VLAN: Newbie Needs Guidance

So a couple of questions; 1. Have you looked at the CPU load on the router? When it under full load, what is it getting to? 2. What speed are your two internet connections? 3. Are there performance issues with other sites as well or just these sites? 4. Have you tried the Mangle rule to identify Fac...
by LogicalNZ
Sat Aug 11, 2018 12:42 am
Forum: General
Topic: CCR1036 - 50% cpu usage
Replies: 3
Views: 508

Re: CCR1036 - 50% cpu usage

Should not matter, you must upgrade ROS. The bug takes out all IPSEC (no matter IKE v1 or 2).

Upgrade to current and the issue goes away.
by LogicalNZ
Sat Aug 11, 2018 12:06 am
Forum: General
Topic: CCR1036 - 50% cpu usage
Replies: 3
Views: 508

Re: CCR1036 - 50% cpu usage

OK this is a Bug in Router OS. We hit exactly the same thing. The Tile based Mikrotik's have a bug in the "bugfix" release of RouterOS that cayuses the ipsec process to crash and the router will run at about 50% CPU. To fix this - UPGRADE to the current release rater than bugfix. This was cause by M...
by LogicalNZ
Mon Jul 02, 2018 10:21 pm
Forum: General
Topic: LTE Failover
Replies: 13
Views: 3846

Re: LTE Failover

Hey Nic,

I'm by no means saying what you are doing is wrong, what I'm saying is that it is NOT what is on the Mikrotik fail over configuration as published on the Mikrotik website.

Has ANYONE actually made this configuration on the Mikrotik website actually work?
by LogicalNZ
Mon Jul 02, 2018 12:30 pm
Forum: General
Topic: LTE Failover
Replies: 13
Views: 3846

Re: LTE Failover

Hey Nic, What you have put makes sense, but is NOT what the configuration on the Mikrotik website shows... \route add distance=1 gateway=Host1 routing-mark=ISP1 check-gateway=ping the above shows that host1 would actually be the gateway address (you have put pppoe-out1 according to the above in your...
by LogicalNZ
Mon Jul 02, 2018 10:51 am
Forum: General
Topic: LTE Failover
Replies: 13
Views: 3846

Re: LTE Failover

I have been doing some testing with this configuration. Are you sure that it is correct? The testing I have done shows that this configuration does not work.... How in the /routing section can you have a gateway of host1 or host2. This makes no sense. Let’s say host1 = 8.8.8. And host2 = 4.4.4.4 (ho...
by LogicalNZ
Fri Apr 20, 2018 11:52 pm
Forum: General
Topic: Do NOT upgrade tile routers to 6.40.x bugfix BUG
Replies: 0
Views: 337

Do NOT upgrade tile routers to 6.40.x bugfix BUG

This week Mikrotik have confirmed to us that there is a major bug in router os v 6.40.x releases. This mainly effects higher users of IPSec but can effect anyone and will drive your router to about 50% cpu. Please note that 6.40.x is the new bugfix version! Either use 6.39.x or 6.41.x. This bug tota...
by LogicalNZ
Fri Apr 20, 2018 11:44 pm
Forum: General
Topic: CCR1072 @50% CPU, since last week!
Replies: 2
Views: 365

Re: CCR1072 @50% CPU, since last week!

Let me guess, you are running 6.40.x. This has a bug with tile based routers. You need to either downgrade to 6.39.x or upgrade to 6.41.x.

Mikrotik re wrote the IPSec stack in 6.40.x and it crashes on tile based routers and causes your cpu to go to around 50%

Hope this helps
by LogicalNZ
Fri Apr 13, 2018 5:58 am
Forum: General
Topic: Major issue with 6.40.7 on tile
Replies: 0
Views: 368

Major issue with 6.40.7 on tile

We run a small datacenter and have recently upgraded our 1016 to 6.40.07. We noticed a issue where the router will not route IPSec traffic, reboot router and will route traffic correctly for around five minutes then fail. We have no dynamic routing of fast path enabled. Uploaded same config file on ...
by LogicalNZ
Mon Dec 04, 2017 10:53 pm
Forum: The Dude
Topic: Probe Thread
Replies: 324
Views: 224022

Re: Probe Thread

Hey All,

Just having a bit of a test with creating probes. In particular we have been working with SNMP to see if a windows service is running. It works fine :)

My problem is that when the service fails, the monitor only turns "Orange" rather than RED.

Is there any way to change this?

With thanks
by LogicalNZ
Mon Aug 28, 2017 10:35 pm
Forum: Announcements
Topic: v6.40.2 [current]
Replies: 44
Views: 10090

Re: v6.40.2 [current]

Please ignore this post - I was being a dumb arse!
by LogicalNZ
Mon Apr 03, 2017 1:41 am
Forum: The Dude
Topic: The Dude has NO support to Monitor IPSEC?
Replies: 5
Views: 1075

Re: The Dude has NO support to Monitor IPSEC?

I agree, I think it has something to do with IPSEC off load (built into most Mikrotik products) - If you add another tunnel protocol like ISIS then the CPU load increases dramatically and effects thru-put. Our testing was carried out with 2 x 2011's and running pure IPSec and then introducing anothe...
by LogicalNZ
Mon Apr 03, 2017 12:42 am
Forum: The Dude
Topic: The Dude has NO support to Monitor IPSEC?
Replies: 5
Views: 1075

Re: The Dude has NO support to Monitor IPSEC?

Yes I did think of this, only issue we have seen doing this is that using IPIP over IpSec you significantly reduce your thru-put. We have seen as much as a 50% less doing this. We have also looked at EOIP just for the monitoring and management interface. While it kind of works, it is very unreliable...
by LogicalNZ
Sun Apr 02, 2017 10:24 pm
Forum: The Dude
Topic: The Dude has NO support to Monitor IPSEC?
Replies: 5
Views: 1075

The Dude has NO support to Monitor IPSEC?

Hey all, I know this question seems to have been asked many times but it seems that no one has actually answered or looked into the issue (Love some MikroTik input here). The issue seems to be is that there is NO way (that I can find) to monitor a site to site IPSEC connection. With other VPN's we c...
by LogicalNZ
Sun Apr 02, 2017 10:15 pm
Forum: The Dude
Topic: IPsec traffic monitoring
Replies: 1
Views: 796

Re: IPsec traffic monitoring

I have the same issue :(
by LogicalNZ
Tue Oct 18, 2016 11:44 pm
Forum: Announcements
Topic: v6.37.1 [current] is released!
Replies: 144
Views: 38095

Re: v6.37.1 [current] is released!

We are having all kinds of NAT issues with 3.37.1 We have a VoIP server behind a 1016 running 3.37.1 and have a Dest NAT rule from the public IP address to the VoIP servers IP address. The Phones can register with no issue. But when you look in the VoIP server it say the phones are registering from ...
by LogicalNZ
Tue May 17, 2016 1:21 am
Forum: General
Topic: Help with /Interface CLI commands please
Replies: 1
Views: 323

Help with /Interface CLI commands please

Hey all, I would like to be able to query an interface to look at some of the read only parameters (example rx-drop) as per http://wiki.mikrotik.com/wiki/Manual:Interface The issue is how do I return these values from the CLI? I can return data with a /interface print stats-detail but this also retu...
by LogicalNZ
Mon May 16, 2016 7:08 am
Forum: General
Topic: How to get interface details via CLI
Replies: 1
Views: 379

How to get interface details via CLI

Good Afternoon,

I can see from the documentation we have a number of read only properties on a interface. These seem to be in the read only section. The issue I have is how to use these.

I would of thought;

/interface print rx-bytes

But does not seem correct?

Any help please
by LogicalNZ
Thu Feb 25, 2016 8:47 pm
Forum: General
Topic: VPN PPTP Computers in Server Side Can't Ping Computers in Client Side
Replies: 5
Views: 1811

Re: VPN PPTP Computers in Server Side Can't Ping Computers in Client Side

Firstly GRE by default is NOT encrypted. I'm only using as I have no choice. I have my distributor working on this issue and once resolved I will be changing off GRE. Under the interface menu option in winbox you will see a GRE tab. All you have to do is give it your far end and local end ip address...
by LogicalNZ
Wed Feb 24, 2016 9:37 pm
Forum: General
Topic: VPN PPTP Computers in Server Side Can't Ping Computers in Client Side
Replies: 5
Views: 1811

Re: VPN PPTP Computers in Server Side Can't Ping Computers in Client Side

May I please ask a question. What Microtik OS version are you running? Also it is my understanding that a Proxy ARP should not be required. Proxy ARP's can and can cause lots of other issues on your network. My understanding is that a Proxy ARP should only be required if you use the same subnet in t...
by LogicalNZ
Wed Feb 24, 2016 4:06 am
Forum: General
Topic: VPN (PPTP & L2TP) Issues with 6.32.4 (Bugfix) version?
Replies: 0
Views: 444

VPN (PPTP & L2TP) Issues with 6.32.4 (Bugfix) version?

Good Afternoon all, I have a issue with dial in VPN's on multiple devices since I have upgraded to "bugfix" I can route traffic from a standard W7 client (both pptp and l2tp) to the remote end of the tunnel and any interfaces that are on the router board but no further. Talking to a friend, he has t...
by LogicalNZ
Tue Feb 02, 2016 10:10 pm
Forum: The Dude
Topic: The Dude, work continues: v6.35rc test builds.
Replies: 103
Views: 34931

Re: The Dude, work continues: v6.35rc test builds.

It would be fantastic if "The Dude" could support ROMON as a connectivity protocol.

What do the rest of you think????
by LogicalNZ
Sat Jul 04, 2015 12:59 am
Forum: General
Topic: Ip statistics application for routerboard
Replies: 1
Views: 405

Ip statistics application for routerboard

in the past I have seen a post of an application someone has written to log usage of ip addresses through a routerboard?

Cannot find it now, can anyone please help?
by LogicalNZ
Sat Jun 06, 2015 2:09 am
Forum: General
Topic: Native VLAN and trunking question
Replies: 0
Views: 350

Native VLAN and trunking question

Hey we have a question regarding native VLANs. We have a situation where we have a number of VLAN's connecting to a RB via SFP. We have basically created a bridge per VLAN to break them out. All works fine. The issue is one on the RB ports needs to be a trunk with multiple VLANs (for wireless AP's) ...
by LogicalNZ
Wed Oct 23, 2013 7:43 am
Forum: General
Topic: I got an issue please help me...
Replies: 1
Views: 421

Re: I got an issue please help me...

Have you check the logs to see if there is any information to say why the reboots are happening?

Using Winbox have a look in the "Log" menu item on the left.

Thanks

Alan Scott
http://www.logicalsolutions.co.nz
by LogicalNZ
Tue Oct 22, 2013 11:42 pm
Forum: General
Topic: Router Board High CPU (Watchdog timer Reboots) with FTP
Replies: 0
Views: 458

Router Board High CPU (Watchdog timer Reboots) with FTP

So I have been working on a problem with FTP traffic (which I originally thought was a IPSEC issue). When I changed the FTP traffic to transfer from remote to a server behind the router board via NAT. I was seeing about 1.5MBs from a 100Mbs connection. Also I was seeing 100% CPU and when looking at ...
by LogicalNZ
Sat Oct 19, 2013 9:10 pm
Forum: General
Topic: IPSEC very SLOW on router boards? High CPU
Replies: 7
Views: 2773

IPSEC very SLOW on router boards? High CPU

Good Afternoon all, We have a situation where we basically have a customer with 100/50 Mbs fiber at two locations and we are connecting the two sites via a IPSEC VPN. At one site we have a Cyberoam 35 (capable of 200 Mbs via VPN). When I have tried a Cyberoam at each end we have had no issues with g...