Community discussions

Search found 144 matches

by th0massin0
Fri May 17, 2019 2:32 pm
Forum: Wireless Networking
Topic: CAPsMAN channel selection
Replies: 7
Views: 711

Re: CAPsMAN channel selection

Not so far. Screen from scanning one of CAPs. Now, all are on the same channel.
by th0massin0
Thu May 16, 2019 7:41 pm
Forum: Wireless Networking
Topic: CAPsMAN channel selection
Replies: 7
Views: 711

CAPsMAN channel selection

Hello, I have a question about proper config of 2.4 ghz network managed by CAPsMAN. Why APs are running on same channels? How to avoid it? ROS 6.43.16 /caps-man channel add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2412,2417,2422,2427,2432,2437,2442,2447,2452,245...
by th0massin0
Mon Aug 27, 2018 12:11 pm
Forum: RouterOS v7
Topic: Feature Request: ICMP Tunnel
Replies: 1
Views: 682

Feature Request: ICMP Tunnel

It would be very usefull to tunnel any kind of communication (TCP/UDP) into ICMP. Project: https://github.com/DhavalKapil/icmptunnel
by th0massin0
Mon Jun 11, 2018 6:16 am
Forum: General
Topic: L2TP brute force preventing
Replies: 1
Views: 501

L2TP brute force preventing

Hello,
I'm wondering how to secure L2TP server on ROS from brutal forcing? (like fail2ban)
by th0massin0
Tue Jun 05, 2018 11:54 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 108077

Re: v6.43rc [release candidate] is released!

*) lte - improved modem event processing;
is it for SXT LTE?
by th0massin0
Fri Apr 13, 2018 3:13 pm
Forum: General
Topic: IPSEC tunnel mode performance problem
Replies: 2
Views: 305

Re: IPSEC tunnel mode performance problem

what remote device have you actually used for the comparison? CentOS. Both VPNs (OpenVPN and IPSEC) works in hub and spoke architecture (both concentrators in OVH's VPS). OpenVPN encryption: cipher AES-128-CBC, auth SHA256, tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA. IPSEC encryption: - proposal: ...
by th0massin0
Fri Apr 13, 2018 12:32 pm
Forum: General
Topic: IPSEC tunnel mode performance problem
Replies: 2
Views: 305

IPSEC tunnel mode performance problem

Hello,
I have a question about IPSEC performance in comparition with OpenVPN in UDP mode - ipsec is slightly slower and the ping is no as equal as in OVPN.
I think that I should tune MTU value, but the IPSEC works in the tunnel mode, so there is no interface. Could you please help?
by th0massin0
Mon Apr 09, 2018 4:39 pm
Forum: General
Topic: IPSEC hub and spoke problem, tunel established but no traffic
Replies: 4
Views: 646

Re: IPSEC hub and spoke problem, tunel established but no traffic

Thank you for your time and patience. The problem was missing routes!
Site1:
/ip route add distance=1 dst-address=192.168.22.0/24 gateway=bridge-local

Site2:
 /ip route add distance=1 dst-address=192.168.12.0/24 gateway=bridge-local

Have a nice day ;)
by th0massin0
Mon Apr 09, 2018 1:19 pm
Forum: General
Topic: IPSEC hub and spoke problem, tunel established but no traffic
Replies: 4
Views: 646

Re: IPSEC hub and spoke problem, tunel established but no traffic

I'm not using fasttrack, and on remote sites I tryied /ip firewall nat add action=accept chain=srcnat dst-address=192.168.12.0/24 src-address=192.168.22.0/24 (... and masqarade here) and /ip firewall raw add action=notrack chain=prerouting dst-address=192.168.12.0/24 src-address=192.168.22.0/24 With...
by th0massin0
Mon Apr 09, 2018 11:22 am
Forum: General
Topic: IPSEC hub and spoke problem, tunel established but no traffic
Replies: 4
Views: 646

IPSEC hub and spoke problem, tunel established but no traffic

Hello, I am trying to configure IPSEC IKEv2 tunnel in hub and spoke topology. All sites except the VPN concentrator (wchich is ROS CHR in cloud) doesn't have public IP. Site1: 192.168.12.0/24 Site2: 192.168.22.0/24 Site3: 192.168.32.0/24 (planned) Sites2 and 3 should have connection to Site1. The tu...
by th0massin0
Mon Apr 02, 2018 11:56 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 92688

Re: v6.42rc [release candidate] is released!

*) lte - fixed LTE band setting for SXT LTE;
What does it fix excatly? Does it improve connection stability?
by th0massin0
Thu Feb 15, 2018 2:34 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 31142

Re: CHR suggestions for new functionality

ISO is something to make a CD from. Why don't you simply migrate to a cheaper and more modern Cloud provider? Linode can do it, Hetzner can do it. More powerful machines, SSD disks and cheaper price: https://www.hetzner.com/cloud Could you tell us please when is planned to add VirtIO-SCSI boot supp...
by th0massin0
Thu Feb 08, 2018 2:25 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 92688

Re: v6.42rc [release candidate] is released!

May I ask about boot from VirtIO-SCSI (in CHR) in this release?
by th0massin0
Sat Feb 03, 2018 1:25 am
Forum: Virtualization
Topic: CHR on OVH VPS SSD
Replies: 22
Views: 7387

Re: CHR on OVH VPS SSD

CHR can run only in full virtualization like vmware, kvm, xen or hyper-v
by th0massin0
Thu Feb 01, 2018 12:34 am
Forum: Virtualization
Topic: CHR on OVH VPS SSD
Replies: 22
Views: 7387

Re: CHR on OVH VPS SSD

Looks promissing. Thank you!
by th0massin0
Thu Feb 01, 2018 12:22 am
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 31142

Re: CHR suggestions for new functionality

Don't ask about CHR. I think that this product isn't interesting for MT developers as in the beginning of existence. To bypass your problem, use ISO of your favourite live linux (without installation) and my guide: https://forum.mikrotik.com/viewtopic.php?t=120413 Keep in mind if your cloud provider...
by th0massin0
Thu Jan 25, 2018 9:25 pm
Forum: Beginner Basics
Topic: Working VLAN configuration with HW-Offload
Replies: 5
Views: 1420

Re: Working VLAN configuration with HW-Offload

Explain me please one thing: Coud the configuration with mainteined HW offload make intervlan traffic wirespeed?
by th0massin0
Tue Jan 23, 2018 4:49 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 92688

Re: v6.42rc [release candidate] is released!

Does booting from VirtIO-SCSI supported?
by th0massin0
Mon Jan 22, 2018 10:14 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: RAMDisk OR HTTP GET/POST Without Flash Writes [SOLVED]
Replies: 7
Views: 1246

Re: Feature Request: RAMDisk OR HTTP GET/POST Without Flash Writes [SOLVED]

I think that feauture is already paritial implemented in ROS. Some of boards have separate /flash directory.
by th0massin0
Tue Jan 16, 2018 1:57 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 92688

Re: v6.42rc [release candidate] is released!

Dear Mikrotik Developers,
could you consider to support VirtIO-SCSI: ( viewtopic.php?f=15&t=124905&start=100#p626094 ), please?
by th0massin0
Wed Dec 27, 2017 12:39 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 92688

Re: v6.42rc [release candidate] is released!

Is there a chance to support boot from VirtIO-SCSI in this release of CHR?
by th0massin0
Fri Dec 22, 2017 4:48 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 74319

Re: v6.41 [current]

Could somebody tell me how to use vlan in hex v3 properly? By /switch or by /bridge?
by th0massin0
Sun Dec 10, 2017 12:49 am
Forum: Virtualization
Topic: CHR and use OpenVPN Server setup
Replies: 1
Views: 700

Re: CHR and use OpenVPN Server setup

Making VPN in this config is possible, but you should be aware of major ROS limitation: OpenVPN is supported in TCP only mode and without compression. That means very slow tunnel and could be a reason for your conectivity problem too. For now IMHO it's better to choose other solution (general purpos...
by th0massin0
Thu Nov 30, 2017 1:44 pm
Forum: Virtualization
Topic: Virtio-SCSI
Replies: 3
Views: 881

Re: Virtio-SCSI

If you're talking about dedicated server, that's right. Keep in mind that if we're talking about modern VPS hosting, most of them offers Virtio-SCSI only configurations, without rights of modification.
by th0massin0
Mon Nov 27, 2017 12:26 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 31142

Re: CHR suggestions for new functionality

ROS can act as hypervisor host. Download extra packages for CHR and install KVM package. Keep in mind that nested virt (vm-in-vm) is not supported.
by th0massin0
Thu Nov 23, 2017 11:41 pm
Forum: Virtualization
Topic: Virtio-SCSI
Replies: 3
Views: 881

Re: Virtio-SCSI

by th0massin0
Mon Nov 13, 2017 10:32 pm
Forum: Wireless Networking
Topic: Centralized wAP LTE
Replies: 2
Views: 349

Re: Centralized wAP LTE

Hello,
IMHO it's better to manage it by VPN. You will able to configure the devices behund waps too.
by th0massin0
Thu Nov 02, 2017 4:41 pm
Forum: Virtualization
Topic: CHR feature requests
Replies: 54
Views: 8749

Re: CHR feature requests

VirtIO SCSI support, please, ASAP: viewtopic.php?f=15&t=124905&p=626094#p626094
by th0massin0
Thu Nov 02, 2017 2:49 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 31142

Re: CHR suggestions for new functionality

Currently i have some VM provided by Bandwagon,which use a disk driver so CHR can not run on it. I guess it will always be possible to craft some environment in which a binary-only distribution cannot run. The question is if it is worth the trouble to cater for that, or one just has to wait until a...
by th0massin0
Thu Sep 21, 2017 12:16 am
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 31142

Re: CHR suggestions for new functionality

Could you tell me please is VirtIO SCSI supported in this release?
viewtopic.php?f=15&t=120413
by th0massin0
Tue Sep 12, 2017 1:23 am
Forum: RouterOS v6 RC and v7 BETA
Topic: When Switch-chip & VLANs?
Replies: 3
Views: 1020

Re: When Switch-chip & VLANs?

When the communication between ethernet ports (without vlan) occours, we are talking about switching. (OSI layer 2) If you are trying to exchange data between vlans, we are talking routing (OSI layer 3). In MikroTik products to get wirespeed for switching, you should use chip switch feautures. From ...
by th0massin0
Wed Aug 23, 2017 10:58 am
Forum: RouterBOARD hardware
Topic: RB3011 unstable winbox
Replies: 6
Views: 911

Re: RB3011 unstable winbox

Try to connect by IP, NOT by MAC.
by th0massin0
Mon Aug 21, 2017 12:08 pm
Forum: General
Topic: RB951G-2HnD, two networks, one internet connection
Replies: 2
Views: 487

Re: RB951G-2HnD, two networks, one internet connection

It's very similar to my problem: viewtopic.php?f=2&t=124695
You can use my config. Only thing is to set dhcp-client for cable modem and IPs for interfaces and few firewall rules.
by th0massin0
Mon Aug 21, 2017 3:40 am
Forum: General
Topic: vlans between RB3011 and RB951
Replies: 1
Views: 512

Re: vlans between RB3011 and RB951

Resolved. If you want to apply config attached below, remember about resetting your device to defaults with no-defaults=yes option. 951sw.jpg /interface { ethernet { set [ find default-name=ether1 ] name=eth1 set [ find default-name=ether2 ] name=eth2 master-port=eth1 set [ find default-name=ether3 ...
by th0massin0
Sat Aug 19, 2017 1:21 am
Forum: General
Topic: Which LTE USB Modem is recommended?
Replies: 11
Views: 3575

Re: Which LTE USB Modem is recommended?

Update ROS to newest RC (now 6.41rc15) and try e3372h with hi-link firmware.
by th0massin0
Fri Aug 18, 2017 4:47 pm
Forum: General
Topic: vlans between RB3011 and RB951
Replies: 1
Views: 512

vlans between RB3011 and RB951

Hello, I have a problem with passing vlans from RB3011 to RB951Ui. On 3011 there is: /interface vlan add interface=eth2-master loop-protect=off name=vlan11_Users vlan-id=11 add interface=eth2-master loop-protect=off name=vlan21_Wlan vlan-id=21 /ip address add address=192.168.1.1/24 interface=br0 net...
by th0massin0
Fri Aug 18, 2017 2:15 pm
Forum: Beginner Basics
Topic: LAN isolation?
Replies: 7
Views: 1005

Re: LAN isolation?

Maybe you're looking for bridge horizon (?)
http://nztik.blogspot.com/2013/11/mikro ... rizon.html
by th0massin0
Fri Aug 18, 2017 2:12 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 120116

Re: v6.41rc [release candidate] is released! New bridge implementation!

What's new in 6.41rc15 (2017-Aug-18 07:33):
*) lte - added passthrough support (CLI only);
Is it available for SXT LTE?
by th0massin0
Thu Aug 03, 2017 2:36 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request - IPSEC IKEv2, RSA signature hybrid
Replies: 2
Views: 937

Re: Feature request - IPSEC IKEv2, RSA signature hybrid

Is it possible via build-in Mikrotik RADIUS?
by th0massin0
Thu Aug 03, 2017 2:17 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 120116

Re: v6.41rc [release candidate] is released! New bridge implementation!

*) lte - fixed LTE not passing any traffic while in running state;
Problem with reliability of SXT LTE still exists (now: PLMN search in progress) - ROS 6.41rc7.
by th0massin0
Fri Jul 28, 2017 11:35 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request - IPSEC IKEv2, RSA signature hybrid
Replies: 2
Views: 937

Feature request - IPSEC IKEv2, RSA signature hybrid

as in the topic. It's needed to asign static IP to the client.
(please, please ;) )
by th0massin0
Mon Jul 03, 2017 1:24 am
Forum: General
Topic: RouterOS X86 or CHR for PPPOE BRAS?
Replies: 3
Views: 1117

Re: RouterOS X86 or CHR for PPPOE BRAS?

Dell is providing customized ESXi (free) for your server. That's really good piece of software for your future project. Be aware that you should install ESXi on SDCard (your server should have one). Go to dell.com and look for drivers. You will be asked for service tag. Before ESXi installation I re...
by th0massin0
Mon Jul 03, 2017 1:22 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 1097
Views: 192460

Re: Feature requests

Could you please describe how did you worked out port forwarding in dual wan environment with fasttrack?
by th0massin0
Sat Jul 01, 2017 4:34 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 1097
Views: 192460

Re: Feature requests

1. +1!
2. If your dual wan setup depends on mangle be aware of: https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack
Queues (except Queue Trees parented to interfaces), firewall filter and mangle rules will not be applied for FastTracked traffic.
by th0massin0
Fri Jun 16, 2017 12:40 pm
Forum: Virtualization
Topic: CHR on OVH VPS SSD
Replies: 22
Views: 7387

Re: CHR on OVH VPS SSD

Just run this command. PS : check your interface name before apply. here the interface name is : "ens3". Change according yours :D wget https://download2.mikrotik.com/routeros/6.39.1/chr-6.39.1.img.zip -O chr.img.zip && \ gunzip -c chr.img.zip > chr.img && \ mount -o loop,offset=33554944 chr.img /m...
by th0massin0
Fri Jun 16, 2017 12:34 pm
Forum: Virtualization
Topic: Nested virtualization with KVM
Replies: 2
Views: 1865

Re: Nested virtualization with KVM

Is something changed in topic of support nested virt under ROS host? (I am running CHR).
by th0massin0
Fri Jun 16, 2017 10:17 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 77161

Re: Feature Req: IKEv2 server and client

Thank you for your reply. Could you tell me if it requires external RADIUS server or is it possible to combine it with user manager (or xauth)?
by th0massin0
Fri Jun 16, 2017 4:12 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 77161

Re: Feature Req: IKEv2 server and client

Is it possible to asign static ip for ipsec ike v2 peer?
by th0massin0
Tue Jun 13, 2017 1:47 pm
Forum: Announcements
Topic: v6.40rc [release candidate] is released!
Replies: 231
Views: 44332

Re: v6.40rc [release candidate] is released!

Version 6.40rc20 has been released.
Before an upgrade:
Changes since previous version:
*) lte - added "accounting" logs for LTE connections;
*) lte - improved reliability on SXT LTE;
Does the SXT LTE fix is the same as is current (6.39.2) firmware or is it something else?
by th0massin0
Wed May 17, 2017 12:56 pm
Forum: Beginner Basics
Topic: (Solved) VPN from Android/iOS to RouterOS with both sides dynamic IPs (DynDNS)
Replies: 6
Views: 1650

Re: (Solved) VPN from Android/iOS to RouterOS with both sides dynamic IPs (DynDNS)

(IPSEC) IKEv1 should not be considered as save. IKEv2 nowdays is available only in current firmware.