Community discussions

Search found 13 matches

by nicklowe
Fri Jun 06, 2014 10:25 am
Forum: General
Topic: v6.13 released!
Replies: 177
Views: 48238

Re: v6.13 released!

Please do not release 6.14 with SSTP still broken. 6.13 has terrible performance/throughput compared to 6.12 and this issue has persisted to the pre-releases of 6.14. http://forum.mikrotik.com/viewtopic.php?f=1&t=85568 It would also make an abundance of sense to update OpenSSL to fix the recently di...
by nicklowe
Fri Jun 06, 2014 7:51 am
Forum: RouterOS v6 RC and v7 BETA
Topic: SSTP Speed issue since 6.13 (also 6.14rc)
Replies: 18
Views: 6760

Re: SSTP Speed issue since 6.13 (also 6.14rc)

This is a very real performance issue in 6.13 that is easily reproduced and needs to be fixed.
Thanks for writing it up in such detail.

Have you contacted Mikrotik support via their email address?
by nicklowe
Sat May 17, 2014 6:45 pm
Forum: General
Topic: v6.13 released!
Replies: 177
Views: 48238

Re: v6.13 released!

I have noticed that the performance of SSTP is not as great as it could be. I had been hoping that things would improve with 6.13 - we were told that the OpenSSL library was being updated to the latest version. This latest OpenSSL version implements cipher suites that use the ChaCha20-Poly1305 and A...
by nicklowe
Thu Apr 10, 2014 11:48 am
Forum: General
Topic: Heartbleed vulnerability OpenSSL [RouterOS IS NOT affected]
Replies: 9
Views: 8129

Re: Heartbleed vulnerability in OpenSSL RouterOS IS NOT affe

[url=http://forum.mikrotik.com/viewtopic.php ... 18#p420218]And starting 6.12 we will have updated OpenSSL library that is not affected by it.
Does this mean that we will see TLS 1.2 support in 6.12?
by nicklowe
Tue Apr 08, 2014 4:28 pm
Forum: General
Topic: Heartbleed vulnerability OpenSSL [RouterOS IS NOT affected]
Replies: 9
Views: 8129

Re: Heartbleed vulnerability in OpenSSL - RouterOS affected?

I was told that:
all current released RouterOS versions are not affected by this issue. 6.12 will
have newer OpenSSL with this problem patched.
:)
by nicklowe
Tue Apr 08, 2014 10:25 am
Forum: General
Topic: Heartbleed vulnerability OpenSSL [RouterOS IS NOT affected]
Replies: 9
Views: 8129

Re: Heartbleed vulnerability in OpenSSL - RouterOS affected?

I asked about this issue in ticket #2014040866000258 as soon as I became aware of the vulnerability.

I will update back here when I hear anything from MikroTik.
by nicklowe
Thu Mar 27, 2014 7:21 pm
Forum: General
Topic: v6.11 released
Replies: 260
Views: 79043

Re: v6.11 released

A SSTP tunnel that I have between two Mikrotik routers broke after the upgrade to 6.11. It is configured so that the client verifies the server certificate and the server verifies the client certificate. The certificate and server certificate derive from the same root. The root is one that I genera...
by nicklowe
Mon Mar 24, 2014 8:30 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: CAPsMAN RADIUS Accounting: Acct-Multi-Session-Id
Replies: 2
Views: 2326

CAPsMAN RADIUS Accounting: Acct-Multi-Session-Id

With CAPsMAN, is the Acct-Multi-Session-Id attribute included properly in the RADIUS accounting that is performed by an access point so that there is a unique and constant session id across roams?

http://tools.ietf.org/html/rfc3580#section-2.2

Thanks,

Nick
by nicklowe
Sat Mar 22, 2014 3:58 pm
Forum: General
Topic: v6.11 released
Replies: 260
Views: 79043

Re: v6.11 released

A SSTP tunnel that I have between two Mikrotik routers broke after the upgrade to 6.11. It is configured so that the client verifies the server certificate and the server verifies the client certificate. The certificate and server certificate derive from the same root. The root is one that I generat...
by nicklowe
Mon Feb 17, 2014 1:38 am
Forum: General
Topic: v6.10 released
Replies: 248
Views: 81555

Re: v6.10 released

"Encryption negotiation rejected" on SSTP server (6.10) when SSTP client (6.7) was trying to connect. After rolling back to 6.7 everything is working fine. Is there any fix/solution for this issue, please? Thank you Is there a reason the client cannot be updated? I have SSTP working site-to-site wi...
by nicklowe
Sat Feb 01, 2014 11:06 am
Forum: General
Topic: Cannot get over 1 Mb/s via latent site-to-site SSTP VPN.
Replies: 0
Views: 533

Cannot get over 1 Mb/s via latent site-to-site SSTP VPN.

I have two RouterBoards (RB750GL and RB951G-2HnD) with a site-to-site SSTP VPN running between them, Singapore to England. The path between then is observably symmetric, high bandwidth but is intrinsically latent due to the distance. There is little jitter and no observable packet loss. I can sustai...
by nicklowe
Thu Jan 30, 2014 9:34 am
Forum: General
Topic: v6.8 pre-release (RC)
Replies: 44
Views: 5293

Re: v 6.8 released

I notice there is a typo when you login:
[Tab] Completes the command/word. If the input is ambigous,
a second [Tab] gives possible options
by nicklowe
Thu Dec 26, 2013 5:14 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: SSTP: AES-GCM support, granular control of cipher suites.
Replies: 8
Views: 3458

SSTP: AES-GCM support, granular control of cipher suites.

I presently use SSTP for site to site VPNs between router boards. It would be fantastic if MikroTik would consider offering the following in the future: 1) Support for TLS 1.2. 2) Granular control of the cipher suites offered on the server. 3) Support for AES-GCM. This is today the recommended secur...