Community discussions

MUM Europe 2020

Search found 12 matches

by akliouev
Mon Jan 15, 2018 6:47 pm
Forum: General
Topic: GCM and CTR ciphers broken in 6.41?
Replies: 2
Views: 672

Re: GCM and CTR ciphers broken in 6.41?

Update: GCM ciphers are broken only between version 6.41 I've downgraded one of my HAPac to 6.39 (bugfix branch) and reverted the proposals back to GCM. Amazingly the SAs kicked in. So for those using GCM for IPSec please be aware that if your router and the remote peer are on 6.41 GCM will fail If ...
by akliouev
Fri Jan 12, 2018 4:28 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 80698

Re: v6.41 [current]

It appears that running both a L2TP and an OVPN server is impossible on a HAP ac
When enabling OVPN established L2TP sessions are getting kicked out and new sessions are failing to establish. It looks like enabling OVPN just shuts down or filters out L2TP trafic
by akliouev
Wed Jan 10, 2018 12:45 pm
Forum: General
Topic: GCM and CTR ciphers broken in 6.41?
Replies: 2
Views: 672

GCM and CTR ciphers broken in 6.41?

After upgrading two HAP-AC units to the latest 6.41 my site-to-site tunnel refused to come back up. I've spent several days debugging the problem and it turned out that the previously working proposal or AES-GCM started to fail in phase 2 negotiations The only way to make the tunnel work again was t...
by akliouev
Tue Jun 07, 2016 12:31 pm
Forum: General
Topic: IPSec keys export
Replies: 0
Views: 555

IPSec keys export

Hi!

I need to migrate from my existing TIK to a new HAP ac. I have several IPSec VPNs that are using key auth and I have my TIKs private key in the /ip ipsec keys database

Is there any way to export the private IPSec key and import it on another TIK?

(The SW is 6.35.2)

Regards,
Alex
by akliouev
Thu Apr 21, 2016 11:25 am
Forum: General
Topic: Incorrect reporting of IPSec installed SAs
Replies: 0
Views: 509

Incorrect reporting of IPSec installed SAs

Greetings! I noticed that both Winbox and Webmin do report incorrectly the IPSec installed SA's properties. Here's some examples: Winbox report of installed SAs and details about a particular SA. Please note that the encryption algorithm is empty while the key is present: Winbox.png Webmin's report ...
by akliouev
Tue Jul 08, 2014 12:35 pm
Forum: General
Topic: Moving configuration from 751G to 951G
Replies: 6
Views: 1550

Re: Moving configuration from 751G to 951G

For those wondering -- the order of the commands in the script was totally wrong. The script was chocking on the /interface ethernet switch port commands that created the HW VLANs and assigned those to physical ports prior to higher-level definitions I hope that in the future a config migration will...
by akliouev
Mon Jun 23, 2014 3:05 pm
Forum: General
Topic: Moving configuration from 751G to 951G
Replies: 6
Views: 1550

Re: Moving configuration from 751G to 951G

Thanks for the tip but it didn't work -- Win Box does see the 951 before the config load and stops to see the 951 after the load. I've noticed that the config I'm loading contains "/ip service set winbox disabled=yes", and that should disable WinBox on the router. WinBox is able to sense the 751 and...
by akliouev
Mon Jun 23, 2014 12:32 pm
Forum: General
Topic: Moving configuration from 751G to 951G
Replies: 6
Views: 1550

Moving configuration from 751G to 951G

Hi! I have an operational 751G 2HnD unit with some setting and I've purchased a new 951G 2HnD unit to replace the old one as I need more processing power. Both units are running the latest 6.15 SW I'm trying to achieve a very simple thing -- move the existing configuration from the 751 to the 951 bu...
by akliouev
Sun Mar 23, 2014 10:25 am
Forum: Wireless Networking
Topic: Wireless client fails to connect (iHealth)
Replies: 3
Views: 2259

Re: Wireless client fails to connect (iHealth)

UPDATE:

Just reconfigured my Mikrotik to provide a WEP network. The results are exactly the same -- the client joins the network, gets the IP address and then fails to communicate completely -- no pings.

Please help
by akliouev
Sun Mar 23, 2014 8:55 am
Forum: Wireless Networking
Topic: Wireless client fails to connect (iHealth)
Replies: 3
Views: 2259

Wireless client fails to connect (iHealth)

Greetings, I experience a very strange problem: My Mikrotik runs very smoothly for several years now but one of my wireless clients (namely an iHealth wireless scale) fails to operate properly in the WiFi network. It seems to join the network without problems but can't transmit or receive any traffi...
by akliouev
Thu Dec 26, 2013 11:57 am
Forum: SwOS
Topic: Mix untagged/tagged (access/trunk) VLANs on same port?
Replies: 2
Views: 7345

Re: Mix untagged/tagged (access/trunk) VLANs on same port?

Hi! I had a very similar problem and I managed to find a combination of the settings than worked for me. In my case Port 1 untagged is to go to VLAN 100, Port 1 also can receive tagged frames from VLAN 200. Port 2 is to operate in untagged mode in VLAN 200 The rest of the ports to operate in VLAN 10...
by akliouev
Wed Dec 25, 2013 11:42 am
Forum: SwOS
Topic: SwOS 1.10 and VLANs
Replies: 0
Views: 2058

SwOS 1.10 and VLANs

Greetings! I have a RB260GS unit that I've purchased to do some VLAN magic and I've encountered a strange problem. The task was to receive both tagged and untagged frames on a trunk port and do a very basic VLAN operation -- port 1 trunk, port 2 VLAN 200, ports 3-6 default VAN. Every time I configur...