Community discussions

Search found 144 matches

by th0massin0
Fri May 17, 2019 2:32 pm
Forum: Wireless Networking
Topic: CAPsMAN channel selection
Replies: 7
Views: 1057

Re: CAPsMAN channel selection

Not so far. Screen from scanning one of CAPs. Now, all are on the same channel.
by th0massin0
Thu May 16, 2019 7:41 pm
Forum: Wireless Networking
Topic: CAPsMAN channel selection
Replies: 7
Views: 1057

CAPsMAN channel selection

Hello, I have a question about proper config of 2.4 ghz network managed by CAPsMAN. Why APs are running on same channels? How to avoid it? ROS 6.43.16 /caps-man channel add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2412,2417,2422,2427,2432,2437,2442,2447,2452,245...
by th0massin0
Mon Aug 27, 2018 12:11 pm
Forum: General
Topic: Feature Request: ICMP Tunnel
Replies: 1
Views: 829

Feature Request: ICMP Tunnel

It would be very usefull to tunnel any kind of communication (TCP/UDP) into ICMP. Project: https://github.com/DhavalKapil/icmptunnel
by th0massin0
Mon Jun 11, 2018 6:16 am
Forum: General
Topic: L2TP brute force preventing
Replies: 1
Views: 615

L2TP brute force preventing

Hello,
I'm wondering how to secure L2TP server on ROS from brutal forcing? (like fail2ban)
by th0massin0
Tue Jun 05, 2018 11:54 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113448

Re: v6.43rc [release candidate] is released!

*) lte - improved modem event processing;
is it for SXT LTE?
by th0massin0
Fri Apr 13, 2018 3:13 pm
Forum: General
Topic: IPSEC tunnel mode performance problem
Replies: 2
Views: 349

Re: IPSEC tunnel mode performance problem

what remote device have you actually used for the comparison? CentOS. Both VPNs (OpenVPN and IPSEC) works in hub and spoke architecture (both concentrators in OVH's VPS). OpenVPN encryption: cipher AES-128-CBC, auth SHA256, tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA. IPSEC encryption: - proposal: ...
by th0massin0
Fri Apr 13, 2018 12:32 pm
Forum: General
Topic: IPSEC tunnel mode performance problem
Replies: 2
Views: 349

IPSEC tunnel mode performance problem

Hello,
I have a question about IPSEC performance in comparition with OpenVPN in UDP mode - ipsec is slightly slower and the ping is no as equal as in OVPN.
I think that I should tune MTU value, but the IPSEC works in the tunnel mode, so there is no interface. Could you please help?
by th0massin0
Mon Apr 09, 2018 4:39 pm
Forum: General
Topic: IPSEC hub and spoke problem, tunel established but no traffic
Replies: 4
Views: 726

Re: IPSEC hub and spoke problem, tunel established but no traffic

Thank you for your time and patience. The problem was missing routes!
Site1:
/ip route add distance=1 dst-address=192.168.22.0/24 gateway=bridge-local

Site2:
 /ip route add distance=1 dst-address=192.168.12.0/24 gateway=bridge-local

Have a nice day ;)
by th0massin0
Mon Apr 09, 2018 1:19 pm
Forum: General
Topic: IPSEC hub and spoke problem, tunel established but no traffic
Replies: 4
Views: 726

Re: IPSEC hub and spoke problem, tunel established but no traffic

I'm not using fasttrack, and on remote sites I tryied /ip firewall nat add action=accept chain=srcnat dst-address=192.168.12.0/24 src-address=192.168.22.0/24 (... and masqarade here) and /ip firewall raw add action=notrack chain=prerouting dst-address=192.168.12.0/24 src-address=192.168.22.0/24 With...
by th0massin0
Mon Apr 09, 2018 11:22 am
Forum: General
Topic: IPSEC hub and spoke problem, tunel established but no traffic
Replies: 4
Views: 726

IPSEC hub and spoke problem, tunel established but no traffic

Hello, I am trying to configure IPSEC IKEv2 tunnel in hub and spoke topology. All sites except the VPN concentrator (wchich is ROS CHR in cloud) doesn't have public IP. Site1: 192.168.12.0/24 Site2: 192.168.22.0/24 Site3: 192.168.32.0/24 (planned) Sites2 and 3 should have connection to Site1. The tu...
by th0massin0
Mon Apr 02, 2018 11:56 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97325

Re: v6.42rc [release candidate] is released!

*) lte - fixed LTE band setting for SXT LTE;
What does it fix excatly? Does it improve connection stability?
by th0massin0
Thu Feb 15, 2018 2:34 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 32408

Re: CHR suggestions for new functionality

ISO is something to make a CD from. Why don't you simply migrate to a cheaper and more modern Cloud provider? Linode can do it, Hetzner can do it. More powerful machines, SSD disks and cheaper price: https://www.hetzner.com/cloud Could you tell us please when is planned to add VirtIO-SCSI boot supp...
by th0massin0
Thu Feb 08, 2018 2:25 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97325

Re: v6.42rc [release candidate] is released!

May I ask about boot from VirtIO-SCSI (in CHR) in this release?
by th0massin0
Sat Feb 03, 2018 1:25 am
Forum: Virtualization
Topic: CHR on OVH VPS SSD
Replies: 22
Views: 8157

Re: CHR on OVH VPS SSD

CHR can run only in full virtualization like vmware, kvm, xen or hyper-v
by th0massin0
Thu Feb 01, 2018 12:34 am
Forum: Virtualization
Topic: CHR on OVH VPS SSD
Replies: 22
Views: 8157

Re: CHR on OVH VPS SSD

Looks promissing. Thank you!
by th0massin0
Thu Feb 01, 2018 12:22 am
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 32408

Re: CHR suggestions for new functionality

Don't ask about CHR. I think that this product isn't interesting for MT developers as in the beginning of existence. To bypass your problem, use ISO of your favourite live linux (without installation) and my guide: https://forum.mikrotik.com/viewtopic.php?t=120413 Keep in mind if your cloud provider...
by th0massin0
Thu Jan 25, 2018 9:25 pm
Forum: Beginner Basics
Topic: Working VLAN configuration with HW-Offload
Replies: 5
Views: 1553

Re: Working VLAN configuration with HW-Offload

Explain me please one thing: Coud the configuration with mainteined HW offload make intervlan traffic wirespeed?
by th0massin0
Tue Jan 23, 2018 4:49 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97325

Re: v6.42rc [release candidate] is released!

Does booting from VirtIO-SCSI supported?
by th0massin0
Mon Jan 22, 2018 10:14 am
Forum: General
Topic: Feature Request: RAMDisk OR HTTP GET/POST Without Flash Writes [SOLVED]
Replies: 7
Views: 1371

Re: Feature Request: RAMDisk OR HTTP GET/POST Without Flash Writes [SOLVED]

I think that feauture is already paritial implemented in ROS. Some of boards have separate /flash directory.
by th0massin0
Tue Jan 16, 2018 1:57 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97325

Re: v6.42rc [release candidate] is released!

Dear Mikrotik Developers,
could you consider to support VirtIO-SCSI: ( viewtopic.php?f=15&t=124905&start=100#p626094 ), please?
by th0massin0
Wed Dec 27, 2017 12:39 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97325

Re: v6.42rc [release candidate] is released!

Is there a chance to support boot from VirtIO-SCSI in this release of CHR?
by th0massin0
Fri Dec 22, 2017 4:48 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 77927

Re: v6.41 [current]

Could somebody tell me how to use vlan in hex v3 properly? By /switch or by /bridge?
by th0massin0
Sun Dec 10, 2017 12:49 am
Forum: Virtualization
Topic: CHR and use OpenVPN Server setup
Replies: 1
Views: 811

Re: CHR and use OpenVPN Server setup

Making VPN in this config is possible, but you should be aware of major ROS limitation: OpenVPN is supported in TCP only mode and without compression. That means very slow tunnel and could be a reason for your conectivity problem too. For now IMHO it's better to choose other solution (general purpos...
by th0massin0
Thu Nov 30, 2017 1:44 pm
Forum: Virtualization
Topic: Virtio-SCSI
Replies: 3
Views: 1001

Re: Virtio-SCSI

If you're talking about dedicated server, that's right. Keep in mind that if we're talking about modern VPS hosting, most of them offers Virtio-SCSI only configurations, without rights of modification.
by th0massin0
Mon Nov 27, 2017 12:26 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 32408

Re: CHR suggestions for new functionality

ROS can act as hypervisor host. Download extra packages for CHR and install KVM package. Keep in mind that nested virt (vm-in-vm) is not supported.
by th0massin0
Thu Nov 23, 2017 11:41 pm
Forum: Virtualization
Topic: Virtio-SCSI
Replies: 3
Views: 1001

Re: Virtio-SCSI

by th0massin0
Mon Nov 13, 2017 10:32 pm
Forum: Wireless Networking
Topic: Centralized wAP LTE
Replies: 2
Views: 386

Re: Centralized wAP LTE

Hello,
IMHO it's better to manage it by VPN. You will able to configure the devices behund waps too.
by th0massin0
Thu Nov 02, 2017 4:41 pm
Forum: Virtualization
Topic: CHR feature requests
Replies: 55
Views: 9663

Re: CHR feature requests

VirtIO SCSI support, please, ASAP: viewtopic.php?f=15&t=124905&p=626094#p626094
by th0massin0
Thu Nov 02, 2017 2:49 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 32408

Re: CHR suggestions for new functionality

Currently i have some VM provided by Bandwagon,which use a disk driver so CHR can not run on it. I guess it will always be possible to craft some environment in which a binary-only distribution cannot run. The question is if it is worth the trouble to cater for that, or one just has to wait until a...
by th0massin0
Thu Sep 21, 2017 12:16 am
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 32408

Re: CHR suggestions for new functionality

Could you tell me please is VirtIO SCSI supported in this release?
viewtopic.php?f=15&t=120413
by th0massin0
Tue Sep 12, 2017 1:23 am
Forum: General
Topic: When Switch-chip & VLANs?
Replies: 3
Views: 1070

Re: When Switch-chip & VLANs?

When the communication between ethernet ports (without vlan) occours, we are talking about switching. (OSI layer 2) If you are trying to exchange data between vlans, we are talking routing (OSI layer 3). In MikroTik products to get wirespeed for switching, you should use chip switch feautures. From ...
by th0massin0
Wed Aug 23, 2017 10:58 am
Forum: RouterBOARD hardware
Topic: RB3011 unstable winbox
Replies: 6
Views: 967

Re: RB3011 unstable winbox

Try to connect by IP, NOT by MAC.
by th0massin0
Mon Aug 21, 2017 12:08 pm
Forum: General
Topic: RB951G-2HnD, two networks, one internet connection
Replies: 2
Views: 531

Re: RB951G-2HnD, two networks, one internet connection

It's very similar to my problem: viewtopic.php?f=2&t=124695
You can use my config. Only thing is to set dhcp-client for cable modem and IPs for interfaces and few firewall rules.
by th0massin0
Mon Aug 21, 2017 3:40 am
Forum: General
Topic: vlans between RB3011 and RB951
Replies: 1
Views: 543

Re: vlans between RB3011 and RB951

Resolved. If you want to apply config attached below, remember about resetting your device to defaults with no-defaults=yes option. 951sw.jpg /interface { ethernet { set [ find default-name=ether1 ] name=eth1 set [ find default-name=ether2 ] name=eth2 master-port=eth1 set [ find default-name=ether3 ...
by th0massin0
Sat Aug 19, 2017 1:21 am
Forum: General
Topic: Which LTE USB Modem is recommended?
Replies: 11
Views: 3802

Re: Which LTE USB Modem is recommended?

Update ROS to newest RC (now 6.41rc15) and try e3372h with hi-link firmware.
by th0massin0
Fri Aug 18, 2017 4:47 pm
Forum: General
Topic: vlans between RB3011 and RB951
Replies: 1
Views: 543

vlans between RB3011 and RB951

Hello, I have a problem with passing vlans from RB3011 to RB951Ui. On 3011 there is: /interface vlan add interface=eth2-master loop-protect=off name=vlan11_Users vlan-id=11 add interface=eth2-master loop-protect=off name=vlan21_Wlan vlan-id=21 /ip address add address=192.168.1.1/24 interface=br0 net...
by th0massin0
Fri Aug 18, 2017 2:15 pm
Forum: Beginner Basics
Topic: LAN isolation?
Replies: 7
Views: 1083

Re: LAN isolation?

Maybe you're looking for bridge horizon (?)
http://nztik.blogspot.com/2013/11/mikro ... rizon.html
by th0massin0
Fri Aug 18, 2017 2:12 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123693

Re: v6.41rc [release candidate] is released! New bridge implementation!

What's new in 6.41rc15 (2017-Aug-18 07:33):
*) lte - added passthrough support (CLI only);
Is it available for SXT LTE?
by th0massin0
Thu Aug 03, 2017 2:36 pm
Forum: General
Topic: Feature request - IPSEC IKEv2, RSA signature hybrid
Replies: 2
Views: 1003

Re: Feature request - IPSEC IKEv2, RSA signature hybrid

Is it possible via build-in Mikrotik RADIUS?
by th0massin0
Thu Aug 03, 2017 2:17 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123693

Re: v6.41rc [release candidate] is released! New bridge implementation!

*) lte - fixed LTE not passing any traffic while in running state;
Problem with reliability of SXT LTE still exists (now: PLMN search in progress) - ROS 6.41rc7.
by th0massin0
Fri Jul 28, 2017 11:35 am
Forum: General
Topic: Feature request - IPSEC IKEv2, RSA signature hybrid
Replies: 2
Views: 1003

Feature request - IPSEC IKEv2, RSA signature hybrid

as in the topic. It's needed to asign static IP to the client.
(please, please ;) )
by th0massin0
Mon Jul 03, 2017 1:24 am
Forum: General
Topic: RouterOS X86 or CHR for PPPOE BRAS?
Replies: 3
Views: 1221

Re: RouterOS X86 or CHR for PPPOE BRAS?

Dell is providing customized ESXi (free) for your server. That's really good piece of software for your future project. Be aware that you should install ESXi on SDCard (your server should have one). Go to dell.com and look for drivers. You will be asked for service tag. Before ESXi installation I re...
by th0massin0
Mon Jul 03, 2017 1:22 am
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208035

Re: Feature requests

Could you please describe how did you worked out port forwarding in dual wan environment with fasttrack?
by th0massin0
Sat Jul 01, 2017 4:34 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208035

Re: Feature requests

1. +1!
2. If your dual wan setup depends on mangle be aware of: https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack
Queues (except Queue Trees parented to interfaces), firewall filter and mangle rules will not be applied for FastTracked traffic.
by th0massin0
Fri Jun 16, 2017 12:40 pm
Forum: Virtualization
Topic: CHR on OVH VPS SSD
Replies: 22
Views: 8157

Re: CHR on OVH VPS SSD

Just run this command. PS : check your interface name before apply. here the interface name is : "ens3". Change according yours :D wget https://download2.mikrotik.com/routeros/6.39.1/chr-6.39.1.img.zip -O chr.img.zip && \ gunzip -c chr.img.zip > chr.img && \ mount -o loop,offset=33554944 chr.img /m...
by th0massin0
Fri Jun 16, 2017 12:34 pm
Forum: Virtualization
Topic: Nested virtualization with KVM
Replies: 2
Views: 2098

Re: Nested virtualization with KVM

Is something changed in topic of support nested virt under ROS host? (I am running CHR).
by th0massin0
Fri Jun 16, 2017 10:17 am
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80686

Re: Feature Req: IKEv2 server and client

Thank you for your reply. Could you tell me if it requires external RADIUS server or is it possible to combine it with user manager (or xauth)?
by th0massin0
Fri Jun 16, 2017 4:12 am
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80686

Re: Feature Req: IKEv2 server and client

Is it possible to asign static ip for ipsec ike v2 peer?
by th0massin0
Tue Jun 13, 2017 1:47 pm
Forum: Announcements
Topic: v6.40rc [release candidate] is released!
Replies: 231
Views: 45800

Re: v6.40rc [release candidate] is released!

Version 6.40rc20 has been released.
Before an upgrade:
Changes since previous version:
*) lte - added "accounting" logs for LTE connections;
*) lte - improved reliability on SXT LTE;
Does the SXT LTE fix is the same as is current (6.39.2) firmware or is it something else?
by th0massin0
Wed May 17, 2017 12:56 pm
Forum: Beginner Basics
Topic: (Solved) VPN from Android/iOS to RouterOS with both sides dynamic IPs (DynDNS)
Replies: 6
Views: 1779

Re: (Solved) VPN from Android/iOS to RouterOS with both sides dynamic IPs (DynDNS)

(IPSEC) IKEv1 should not be considered as save. IKEv2 nowdays is available only in current firmware.
by th0massin0
Fri May 12, 2017 9:39 am
Forum: Beginner Basics
Topic: Parental Control for Certain MAC
Replies: 15
Views: 3404

Re: Parental Control for Certain MAC

Simple test: set that dns directly on client (disable firewall o ROS) and check if it works. If not, your ISP blocks it.
by th0massin0
Fri May 12, 2017 9:15 am
Forum: Scripting
Topic: RSTP
Replies: 1
Views: 434

Re: RSTP

Look in bridge configuration.
by th0massin0
Tue May 02, 2017 2:00 pm
Forum: Beginner Basics
Topic: Count bandwitch per user
Replies: 1
Views: 363

Count bandwitch per user

Could you tell me please, best practise to monitor bandwitch consumed by users (per internal user's IP address)?
I am searching for way of finding the most active ones.
by th0massin0
Tue Apr 25, 2017 4:44 pm
Forum: Virtualization
Topic: KVM, Hyper-V or Esxi
Replies: 5
Views: 1966

Re: KVM, Hyper-V or Esxi

Avoid KVM if possible ( https://forum.mikrotik.com/viewtopic.php?f=15&t=120413 ), better go to ESXI (I don't have any experience in Hyper-V). Small OT: you could try backup by this: http://www.vsquarebackup.com/#features :) If you're using VLANs, remember to set promisc mode on virtuall eth. You can...
by th0massin0
Tue Apr 18, 2017 9:49 pm
Forum: General
Topic: How to reinstall RouterOS?
Replies: 7
Views: 1215

Re: How to reinstall RouterOS?

Windows + Netinstall. You could virtualize Windows using for example VirtualBox (and bridge network connection). Ask Google how to get Win10 iso, you can do it legally.
by th0massin0
Tue Apr 18, 2017 9:41 pm
Forum: Virtualization
Topic: CHR on OVH VPS SSD
Replies: 22
Views: 8157

Re: CHR on OVH VPS SSD

Thank you for your answer. Even if it would work, that configuration will be unsupported, so if something will goes wrong, nobody could help me with it. CHR is relatively young product that should be 'polished' in the matter of compatibility (in my opinion open vm tools and drivers). Today the gener...
by th0massin0
Fri Apr 14, 2017 11:20 am
Forum: Virtualization
Topic: CHR feature requests
Replies: 55
Views: 9663

Re: CHR feature requests

... or not at all ;) : viewtopic.php?f=15&t=120413
by th0massin0
Thu Apr 13, 2017 1:09 am
Forum: Virtualization
Topic: CHR or CCR1036 12G 4S
Replies: 4
Views: 1226

Re: CHR or CCR1036 12G 4S

Now: CCR. CHR have some kid-age issues. In the future it will be much harder decide ;)
by th0massin0
Wed Apr 05, 2017 7:50 am
Forum: Virtualization
Topic: CHR on OVH VPS SSD
Replies: 22
Views: 8157

CHR on OVH VPS SSD

0. RouterOS >= 6.42rc52 1. Boot VPS to rescue mode from OVH panel. 2. Login via ssh. 3. Execute this TWO lines: cd /root && curl -O https://download2.mikrotik.com/routeros/6.42.3/chr-6.42.3.img.zip && gunzip -S .zip chr-6.42.3.img.zip && umount /mnt/sdb1 dd if=/root/chr-6.42.3.img of=/dev/sdb 4. Reb...
by th0massin0
Tue Apr 04, 2017 2:16 pm
Forum: General
Topic: dynDNS SCRIPT THAT WORKS
Replies: 13
Views: 20960

Re: dynDNS SCRIPT THAT WORKS

Could you have a soulution for multi WAN enviorment? Can I choose what WAN interface would be bind to that service?
by th0massin0
Tue Apr 04, 2017 2:13 pm
Forum: Beginner Basics
Topic: 951ui 3G modem... strange
Replies: 13
Views: 1061

Re: 951ui 3G modem... strange

Do you see modem interface? Could you tell more details about your dongle (brand/model/software version/software type:hilink,non-hilink)?
Please attach output of /export compact
by th0massin0
Tue Mar 28, 2017 3:42 pm
Forum: General
Topic: dynDNS SCRIPT THAT WORKS
Replies: 13
Views: 20960

Re: dynDNS SCRIPT THAT WORKS

IMHO RouterOS should have native DynDns and NO-IP support. It's not allways possible to get rid of ISP device or use it as a bridge.
by th0massin0
Wed Mar 22, 2017 2:28 am
Forum: Beginner Basics
Topic: CAPsMan and station (bridge)
Replies: 1
Views: 649

CAPsMan and station (bridge)

Hello,
I am trying to configure station connected to one of the CAP (CAPsMan architecture). I know that station-bridge will not work, but even station isn't working. Please help.

Answer:
Conectivity problems was caused by EAP-TLS (wrong cert). The proper wireless mode was: station pseudobridge.
by th0massin0
Fri Mar 17, 2017 11:03 am
Forum: General
Topic: Feauture request - comments in /ppp active print
Replies: 0
Views: 305

Feauture request - comments in /ppp active print

Hello,
could you please add comment field to /ppp active connected with /ppp secret comment field ?
by th0massin0
Mon Mar 06, 2017 10:07 am
Forum: Beginner Basics
Topic: Same gateway, same subnet
Replies: 1
Views: 440

Re: Same gateway, same subnet

On the begining, unbound eth3 from chip switch (eth1 is unbounded by default) /interface ethernet set ether3 master-port=none ... and set the addresses /ip address add interface=ether1 address= /ip address add interface=ether3 address= The last step is adjusting firewall filter and NAT. You can just...
by th0massin0
Fri Feb 24, 2017 3:49 am
Forum: Wireless Networking
Topic: 4G SXT LTE Alternative (non band 3 /7)
Replies: 22
Views: 4217

Re: 4G SXT LTE Alternative (non band 3 /7)

Any news about wAP LTE avability?
by th0massin0
Thu Feb 16, 2017 1:26 pm
Forum: General
Topic: Best VPN
Replies: 23
Views: 12961

Re: Best VPN

If VPN must be fast, then you should avoid all TCP solutions (only UDP are fast). http://sites.inka.de/bigred/devel/tcp-tcp.html If it should be encrypted - (private data) - than you should consider IPSEC with IKEv2 . If you are only escaping from ISP's NAT or looking for other unencrypted purposes,...
by th0massin0
Mon Jan 30, 2017 11:54 am
Forum: RouterBOARD hardware
Topic: CRS125-24G-1S-RM .. High Time with VLAN
Replies: 3
Views: 655

Re: CRS125-24G-1S-RM .. High Time with VLAN

Another guy with CRS :) Look at: http://forum.mikrotik.com/viewtopic.php ... an#p525949
Those devices works good when you will be using it as layer2 switch with additional vlan futures and nothing more.
To do intervlan routing you should combine it with CCR.
by th0massin0
Wed Jan 18, 2017 1:55 pm
Forum: Virtualization
Topic: wlan
Replies: 1
Views: 573

Re: wlan

Hello!
If your wlan device is conencted physically to vmware machine, redirect it to guest OS (ROS). Is it USB or PCI?
by th0massin0
Wed Jan 18, 2017 1:32 pm
Forum: RouterBOARD hardware
Topic: STP Alternatives ?
Replies: 5
Views: 860

Re: STP Alternatives ?

http://wiki.mikrotik.com/wiki/Manual:CRS_features#Cloud_Router_Switch_models be aware that if you will use vlans and there will be routing between them, that can consume much CPU of your main router. (Yes, forget about wirespeed: http://forum.mikrotik.com/viewtopic.php?f=13&t=105623&p=525949#p525949...
by th0massin0
Sun Jan 08, 2017 6:22 pm
Forum: Beginner Basics
Topic: IPSEC IKEv2 question
Replies: 0
Views: 443

IPSEC IKEv2 question

I've configured everything by the manual: http://wiki.mikrotik.com/wiki/Manual:IP ... rver_Setup
/ip ipsec mode-conf
add name=cfg1 send-dns=yes address-pool=rw-pool address-prefix=32
Is it possible to assign the client (RSA auth) to once obtained IP from "rw-pool" staticly?
by th0massin0
Mon Jan 02, 2017 1:01 pm
Forum: General
Topic: Routing between VLANs
Replies: 11
Views: 7979

Re: Routing between VLANs

Hello. The answer is make switching by http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features (to get wirespeed in each vlan) and /ip firewall will do the rest. Make vlan on master interface (default it's eter2). Set ether 3 - 5 master port to ether2 (default it should be already set) /interface ...
by th0massin0
Sat Dec 17, 2016 2:19 pm
Forum: General
Topic: NEED OF STRONG MIKROTIK ROUTER FOR POINT TO POINT BRIDGE OF 25 MILES
Replies: 3
Views: 596

Re: NEED OF STRONG MIKROTIK ROUTER FOR POINT TO POINT BRIDGE OF 25 MILES

25 mi ~ 41 km
If the cost matters, Mikrotik 'ready platforms' comparison is here: http://i.mt.lv/routerboard/files/antena ... 123306.pdf
by th0massin0
Tue Dec 13, 2016 2:09 am
Forum: Beginner Basics
Topic: rb2011uias-2hnd-in in/out-interface matcher switch error
Replies: 6
Views: 4374

Re: rb2011uias-2hnd-in in/out-interface matcher switch error

Practise makes perfect. Pozdrawiam :)
by th0massin0
Tue Dec 13, 2016 1:46 am
Forum: Beginner Basics
Topic: rb2011uias-2hnd-in in/out-interface matcher switch error
Replies: 6
Views: 4374

Re: rb2011uias-2hnd-in in/out-interface matcher switch error

Don't get me wrong, but that's NOT a hardware nor software problem :) in wirelles the ip pool setups and dhcp switching automatically from bridge to ether1 and othervise DHCP server is a thing that should be set on master interface (yes, on bridge if ether1 is added to that bridge) simply question f...
by th0massin0
Wed Dec 07, 2016 4:24 pm
Forum: General
Topic: RouterOS DHCP and windows clients
Replies: 7
Views: 1044

Re: RouterOS DHCP and windows clients

Post output of:
/ip dhcp-server export
by th0massin0
Mon Nov 21, 2016 3:04 pm
Forum: Beginner Basics
Topic: Mikrotik WPA2-EAP and RADIUS (802.1X)
Replies: 2
Views: 816

Re: Mikrotik WPA2-EAP and RADIUS

Anyone?
by th0massin0
Fri Oct 21, 2016 5:38 pm
Forum: RouterBOARD hardware
Topic: What hardware select for VPN
Replies: 26
Views: 4135

Re: What hardware select for VPN

Is there any RouterBoard with IPSEC performance (like RB750GR3 - HEX v3) and combined with wlan in one device?
by th0massin0
Thu Oct 20, 2016 12:53 pm
Forum: General
Topic: The problem with addressing Vlan
Replies: 2
Views: 452

Re: The problem with addressing Vlan

Check VLAN config on TP-LINK (VLAN and PVID).
by th0massin0
Thu Oct 20, 2016 12:48 pm
Forum: General
Topic: vlan isolation
Replies: 5
Views: 2362

Re: vlan isolation

RB750 is ethernet only device (without wifi), so remember to replace bridge-local with master lan port (probably eth2).
by th0massin0
Thu Oct 20, 2016 12:35 pm
Forum: General
Topic: vlan isolation
Replies: 5
Views: 2362

Re: vlan isolation

Your right. It's all about firewall. I don't know which routerboard are you using, but you should start building your custom firewall rules set from deleting all rules and try: /ip firewall add action=fasttrack-connection chain=forward comment="START ALLOW FASTTRACK: established related" connection-...
by th0massin0
Thu Oct 20, 2016 11:29 am
Forum: General
Topic: Hairpin problem with double NAT
Replies: 5
Views: 1509

Re: Hairpin problem with double NAT

Your patience should be national treasure ;) To sum it up, if I understand correctly, the rules should be as below: /ip firewall address-list add address=yourddns.example.net list=myip /ip firewall nat add action=masquerade chain=srcnat comment="hairpin NAT" src-address=172.22.100.0/24 dst-address=1...
by th0massin0
Wed Oct 19, 2016 4:36 pm
Forum: General
Topic: Hairpin problem with double NAT
Replies: 5
Views: 1509

Re: Hairpin problem with double NAT

Thank you very, (very) much for your reply. I it's not a problem I have two more questions:
Your one rule is enough to make it working, or should I use "hairpin NAT" rule too?
The rule doesn't contain dst-address-type=local . Is it intentional?
by th0massin0
Tue Oct 18, 2016 12:29 pm
Forum: General
Topic: Hairpin problem with double NAT
Replies: 5
Views: 1509

Hairpin problem with double NAT

Hello! I have a problem with configuring hairpin NAT when double NAT is present. Look at following scenario: netDoubleNAT.gif PC1 that connects to DVR by external IP (ddns domain) can't connect. I tryied configuration below: /ip firewall nat add action=masquerade chain=srcnat comment="hairpin NAT" s...
by th0massin0
Sun Oct 09, 2016 5:48 pm
Forum: General
Topic: NTP for smips
Replies: 24
Views: 4291

NTP for smips

I am looking for NTP server that I can install in hap lite. The package name should be ntp-6.34.6-smips.npk , but there isn't any in extra packages.
Will that functionality be available in the future?
by th0massin0
Fri Oct 07, 2016 2:34 pm
Forum: General
Topic: PCC side effect on Mikrotik Forum
Replies: 4
Views: 866

Re: PCC side effect on Mikrotik Forum

Exclude HTTPS from PCC. I've tried this a year ago, and didn't find other way.
by th0massin0
Fri Oct 07, 2016 2:06 pm
Forum: General
Topic: NTP Server
Replies: 4
Views: 1952

Re: NTP Server

I guess that package version must be equal to installed RouterOS version.

If you have ROS 6.37 you must have package 6.37
If you have ROS 6.37.1 you must have package 6.37.1
... and so on ;) , so: upgrade ROS to 6.37.1 and than install package.
by th0massin0
Mon Oct 03, 2016 3:59 pm
Forum: Beginner Basics
Topic: Mikrotik WPA2-EAP and RADIUS (802.1X)
Replies: 2
Views: 816

Mikrotik WPA2-EAP and RADIUS (802.1X)

Is it possible to configure wlan clients to log in by certificates using only Mikrotik without any other hardware/software?
I saw many manuals how to do something similar: usermanager and hotspot. I am interested in configuring wireless interface without hotspot.
Could you help me please?
by th0massin0
Mon Sep 26, 2016 3:24 pm
Forum: Virtualization
Topic: OpenWRT metarouter as VPN client
Replies: 17
Views: 4070

Re: OpenWRT metarouter as VPN client

If it will be possible, could you please test Metarouter performance with ovpn (client) in udp mode for us?
by th0massin0
Mon Sep 26, 2016 12:40 pm
Forum: Virtualization
Topic: OpenWRT metarouter as VPN client
Replies: 17
Views: 4070

Re: OpenWRT metarouter as VPN client

Simplest solutions are often the best. If you're using Windows, try OpenVPN Windows client with that options in conf: sndbuf 262144 rcvbuf 262144 redirect-gateway def1 ... and try to determine best tun-mtu and mssfix for your link https://www.sonassi.com/help/magestack/setting-correct-mtu-for-openvp...
by th0massin0
Mon Sep 26, 2016 12:14 pm
Forum: Virtualization
Topic: OpenWRT metarouter as VPN client
Replies: 17
Views: 4070

Re: OpenWRT metarouter as VPN client

Until Tik natively will support UDP and LZO — yes, it's necessary.
Some time ago that topic was really important to me, that's the reason of my question.
What down/up speed you want to get? From my personal experience: router isn't allways best place for VPN client.
by th0massin0
Mon Sep 26, 2016 11:22 am
Forum: Virtualization
Topic: OpenWRT metarouter as VPN client
Replies: 17
Views: 4070

Re: OpenWRT metarouter as VPN client

Forgive me my curiosity, but are you sure that running another OS in Metarouter is really necessary ?
You should be also aware of that: https://wiki.openwrt.org/inbox/doc/mikr ... er_openwrt
by th0massin0
Wed Sep 14, 2016 1:26 pm
Forum: General
Topic: Does L2TP with IPSec actually work?
Replies: 10
Views: 12180

Re: Does L2TP with IPSec actually work?

Mikrotik is great peace of hardware, but IMHO, running L2TP/IPSEC on it is not the best idea. Belief me I’ve tried. You should be aware that L2TP/IPSEC in Mikrotik has major limitation - only one tunnel via NAT is possible. Nowdays, if you want secure VPN connection, you should use certificates to a...
by th0massin0
Wed Sep 14, 2016 1:11 pm
Forum: General
Topic: RB911G-5HPacD - NO WLAN
Replies: 3
Views: 430

Re: RB911G-5HPacD - NO WLAN

Did you tried netinstall?
by th0massin0
Fri Aug 26, 2016 11:54 pm
Forum: General
Topic: Feature request: Hairpin NAT more simple
Replies: 10
Views: 2801

Re: Feature request: Hairpin NAT more simple

I believe, that for Mikrotik devs the impossible tasks just doesn't exist ;) . Look for example at complexity of hotspot wizard.
by th0massin0
Fri Aug 26, 2016 11:38 pm
Forum: General
Topic: SXT-LTE bridged mode?
Replies: 19
Views: 7126

Re: SXT-LTE bridged mode?

Anybody found working solution?
by th0massin0
Wed Jul 27, 2016 4:15 am
Forum: General
Topic: Feature request: Hairpin NAT more simple
Replies: 10
Views: 2801

Re: Feature request: Hairpin NAT more simple

Look at this: https://help.ubnt.com/hc/en-us/article_ ... iginal.png
... so it's possible to implement. Maybe the checkbox-idea isn't ideal for all possibilities, but the wizard like for hotspot setup should be more universal.
by th0massin0
Mon Jul 25, 2016 2:36 pm
Forum: General
Topic: Feature request: Hairpin NAT more simple
Replies: 10
Views: 2801

Feature request: Hairpin NAT more simple

ok, I know that it's possible to make it by hand, but IMHO it should be more simple like checkbox in dst-nat rule.
by th0massin0
Tue Jul 19, 2016 2:30 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188145

Re: Cloud Hosted Router

If you are interested IN CHR on OVH VPS SSD, here you go: 1. Install any linux distro 2. From OVH control panel boot VPS to rescue mode 3. Type the magic from below :) : cd /root curl -O http://download2.mikrotik.com/routeros/6.35.2/chr-6.35.2.img.zip gunzip -S .zip chr-6.35.2.img.zip umount /mnt/v...
by th0massin0
Mon Jun 27, 2016 12:22 pm
Forum: Beginner Basics
Topic: Interface ether2 not on interface list
Replies: 4
Views: 597

Re: Interface ether2 not on interface list

Is it real routerboard, x86 PC or virtualized?
by th0massin0
Mon Jun 27, 2016 12:21 pm
Forum: Beginner Basics
Topic: OpenVPN behind ISP router
Replies: 7
Views: 1345

Re: OpenVPN behind ISP router

The best way in that kind of problem is setup SSTP on RouterOS CHR (cloud hosted) that is installed on VPS server.
by th0massin0
Mon Jun 27, 2016 12:14 pm
Forum: Beginner Basics
Topic: Static DNS help
Replies: 6
Views: 1017

Re: Static DNS help

/ip dns static add address=10.0.0.100 name=myserver.com
... on client, the DNS must be set to RouterOS address, if it's Windows try ipconfig /flushdns , than try nslookup myserver.com
by th0massin0
Wed Jun 15, 2016 4:13 pm
Forum: Beginner Basics
Topic: Self signed certificates and CRL
Replies: 2
Views: 3322

Re: Self signed certificates and CRL

/ip service enable www
by th0massin0
Tue Jun 14, 2016 1:02 pm
Forum: Beginner Basics
Topic: SSH Tunnel Server setup on MikroTik
Replies: 4
Views: 10090

Re: SSH Tunnel Server setup on MikroTik

If you will ask nicely :) 1. For me, the best results gave that config:  http://forum.mikrotik.com/viewtopic.php?f=13&t=109233#p542023 , but if you will read the documentation  http://wiki.mikrotik.com/wiki/Manual:Interface/SSTP maybe you will configure in other way. Yes, it can work parallel with O...
by th0massin0
Mon Jun 13, 2016 4:09 pm
Forum: Beginner Basics
Topic: SSTP VPN on ROS and Windows 7 build-in client
Replies: 8
Views: 5645

Re: SSTP VPN on ROS and Windows 7 build-in client

Allright, thanks, tell me please the last thing: We are talking about self cigned CA all the time.
Is it possible to auto-generate crl list from RouterOS in form understable to Windows? 
If I think right, the ca-crl-host option may be used only to external location (to download that CRL)?
by th0massin0
Mon Jun 13, 2016 2:34 pm
Forum: Beginner Basics
Topic: How to setup SSH tunneling on MikroTik (for beginners) ?
Replies: 1
Views: 1547

Re: How to setup SSH tunneling on MikroTik (for beginners) ?

Can you direct me to a guide / how-to of how to set up an SSH Tunnel on my MikroTik ? http://forum.mikrotik.com/viewtopic.php?f=13&t=109302 Is the MikroTik capable of running 2 OpenVPN servers simultaneously ? ... I don't think so, and it's better to not use OpenVPN on ROS, becouse that funcionalit...
by th0massin0
Mon Jun 13, 2016 2:30 pm
Forum: Beginner Basics
Topic: Dual Wan (Non Failover Initially)
Replies: 2
Views: 814

Re: Dual Wan (Non Failover Initially)

That will be helpfull: 
https://aacable.wordpress.com/2011/07/2 ... t-by-zaib/

remeber to exclude https and other encrypted traffic from PCC
by th0massin0
Mon Jun 13, 2016 2:12 pm
Forum: Beginner Basics
Topic: SSH Tunnel Server setup on MikroTik
Replies: 4
Views: 10090

Re: SSH Tunnel Server setup on MikroTik

Hi! I read on many places that an SSH tunnel can be used like a VPN tunnel in some ways.  ... yes, it's possible I would like to set up SSH tunnel server on my MikroTik so that I can use it "like a VPN" for torrents. It's not a good idea, becouse UDP traffic in SSH is a "long story". Torrents witho...
by th0massin0
Mon Jun 13, 2016 1:40 pm
Forum: Beginner Basics
Topic: SSTP VPN on ROS and Windows 7 build-in client
Replies: 8
Views: 5645

Re: SSTP VPN on ROS and Windows 7 build-in client

Dear mrz, thank you very much for your time and patience! Tell me please, if it's possible to block incomming VPN connection from Windows client when the client certificate is revocated without enabling  verify-client-certificate ?? I am trying to use CRL (  http://forum.mikrotik.com/viewtopic.php?f...
by th0massin0
Sun Jun 12, 2016 3:57 am
Forum: Beginner Basics
Topic: Self signed certificates and CRL
Replies: 2
Views: 3322

Self signed certificates and CRL

Hello, From a past few days I am trying to create SSTP VPN with self signed certificates. I have a question about CRL. When I set the ca-crl-host to my public Mikrotik IP and export that certificate, in it's properities is present below entry: [1]CRL distribution point      Distribution point full n...
by th0massin0
Sat Jun 11, 2016 8:50 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188145

Re: Cloud Hosted Router

If you are interested IN CHR on OVH VPS SSD, here you go: 1. Install any linux distro 2. From OVH control panel boot VPS to rescue mode 3. Type the magic from below :) : cd /root curl -O http://download2.mikrotik.com/routeros/6.35.2/chr-6.35.2.img.zip gunzip -S .zip chr-6.35.2.img.zip umount /mnt/vd...
by th0massin0
Sat Jun 11, 2016 12:58 am
Forum: Beginner Basics
Topic: SSTP VPN on ROS and Windows 7 build-in client
Replies: 8
Views: 5645

Re: SSTP VPN on ROS and Windows 7 build-in client

Edit: Bellow I post tested, configuration, that works for further purposes: /certificate add name=CA common-name="CA" key-usage=key-cert-sign,crl-sign days-valid=3650 key-size=4096 sign CA ca-crl-host=<ros.public.ip> add name=SVR common-name="SVR" subject-alt-name=DNS:<ros.domain.name> key-usage=di...
by th0massin0
Fri Jun 10, 2016 4:36 pm
Forum: Beginner Basics
Topic: SSTP VPN on ROS and Windows 7 build-in client
Replies: 8
Views: 5645

SSTP VPN on ROS and Windows 7 build-in client

Hello! I have a problem with SSTP VPN on ROS and SSTP client, after certificate generation and import to trusted root, when I try to connect I have and error:  0x800B010F The certificate's CN name does not match the passed value. My CA cert have CN name that is equal to domain address of my ROS. I'v...
by th0massin0
Thu Jun 09, 2016 2:29 pm
Forum: Beginner Basics
Topic: IPSEC and one side behind NAT
Replies: 3
Views: 1494

Re: IPSEC and one side behind NAT

... another day, another progress :) L2TP tunnel and configured IPSEC peer on VPS (auth method: pre shared key, exhange mode: main l2tp) with dynamic policy generation, allowed me to connect build-in Windows 7 client. Success! but there was another problem: RB951Ui was not connecting, to L2TP tunnel...
by th0massin0
Wed Jun 08, 2016 6:09 pm
Forum: Beginner Basics
Topic: IPSEC and one side behind NAT
Replies: 3
Views: 1494

Re: IPSEC and one side behind NAT

Let's try more simple. I've created L2TP tunnel and have connectivity on both sides. When I set 'use IPsec' on server and set password, than click the same on client (Dial out tab), there is no communication. Allowed ports on firewall 1701/udp, 500,4500/udp, and ipsec-esp (input chain). Could you pl...
by th0massin0
Tue Jun 07, 2016 3:04 pm
Forum: General
Topic: Hide webfig logo
Replies: 14
Views: 3615

Re: Hide webfig logo

I have some kind of bypass of that situation. Allow input to 80 port only for 127.0.0.1, and use SSH to forward it. Let's enable forwarding in ROS: /ip ssh set forwarding-enabled=yes ... and allow traffic to 80 port only from localhost /ip firewall filter add chain=input comment="ACCESS: Webfig loca...
by th0massin0
Tue Jun 07, 2016 1:20 pm
Forum: General
Topic: Feature Request: Ed25519 SSH keys
Replies: 4
Views: 2173

Feature Request: Ed25519 SSH keys

As in subject, everybody will sleep better if the support of Ed25519 keys will be available in ROS7 (or 6!)
by th0massin0
Tue May 17, 2016 1:48 pm
Forum: Beginner Basics
Topic: IPSEC and one side behind NAT
Replies: 3
Views: 1494

IPSEC and one side behind NAT

Hello! I have a problem with configuration of IPSEC: client side is behind NAT (and I don't have control about it), server side is RouterOS CHR installed on VPS with public IP. The connection is established (remote peer appears), but the Installed SAs tab is empty. Is the conectivity possible with t...
by th0massin0
Fri May 06, 2016 4:37 pm
Forum: General
Topic: Feature request for v7.x
Replies: 269
Views: 63659

Re: Feature request for v7.x

Login by ssh key in WinBox will be really helpfull too.
by th0massin0
Thu May 05, 2016 12:55 pm
Forum: Virtualization
Topic: RouterOS in Vmware ESXi
Replies: 22
Views: 37632

Re: RouterOS in Vmware ESXi

If you do this (great!) please consider also to put VMware tools in the image.
This is useful when making snapshot backups.
+1 for that
by th0massin0
Mon May 02, 2016 12:16 pm
Forum: General
Topic: Feature request for v7.x
Replies: 269
Views: 63659

Re: Feature request for v7.x

Also usable will be some kind of checkbox for hairpin NAT in NAT rule creation.
by th0massin0
Mon May 02, 2016 10:54 am
Forum: General
Topic: Feature request for v7.x
Replies: 269
Views: 63659

Re: Feature request for v7.x

When combining PPPoE Client WAN and static IP address WAN it's not so easy, look /ip firewall mangle add action=mark-connection chain=prerouting comment="WAN1 FWD" in-interface=ppp-WAN1 new-connection-mark=wan1_conn passthrough=no add action=mark-routing chain=prerouting comment="WAN1 FWD" connectio...
by th0massin0
Mon May 02, 2016 9:56 am
Forum: General
Topic: Feature request for v7.x
Replies: 269
Views: 63659

Re: Feature request for v7.x

Small thing: for multiple WAN envoronments it should exists some kind of predefined policy or on/off switch, about incomming and outgoing traffic. When something goes in from WAN1 should go out by WAN1, when something goes in frome WAN2 should go out by WAN2 and so on...
by th0massin0
Fri Mar 18, 2016 8:14 pm
Forum: Wireless Networking
Topic: Mikrotik 4G LTE bridge mode?
Replies: 10
Views: 6642

Re: Mikrotik 4G LTE bridge mode?

Is anyone done it in this way?
by th0massin0
Thu Mar 10, 2016 5:36 pm
Forum: Virtualization
Topic: RouterOS in Vmware ESXi
Replies: 22
Views: 37632

Re: RouterOS in Vmware ESXi

Thank you very much for your explenation, it's really helpfull. I have another problem to consider: the pricing. I want to organize a high speed routing between vlans, (problem described here: http://forum.mikrotik.com/viewtopic.php?f=13&t=105623 ) the cost of level4 license is $45 (without speed li...
by th0massin0
Thu Mar 10, 2016 4:42 pm
Forum: Virtualization
Topic: RouterOS in Vmware ESXi
Replies: 22
Views: 37632

RouterOS in Vmware ESXi

Hello
I have a question about installing RouterOS in vmwware ESXi. Is that senario supported?
I should use regular x86 image or CHR ?

The standard settings of virtual network card is optimal for RouterOS?
Should I install vmware tools after?
by th0massin0
Wed Mar 09, 2016 3:03 pm
Forum: Beginner Basics
Topic: Intervlan speed problem with RB2011 and CRS125
Replies: 3
Views: 1520

Re: Intervlan speed problem with RB2011 and CRS125

.. so wire-speed inter vlan communication is impossible with CRS125 ??
by th0massin0
Tue Mar 08, 2016 3:20 pm
Forum: Beginner Basics
Topic: Intervlan speed problem with RB2011 and CRS125
Replies: 3
Views: 1520

Intervlan speed problem with RB2011 and CRS125

Hello, I have a problem with not enough speed in vlan routing and high cpu usage between RB2011 and CRS125. The devices are connected between ourselves on eth1. Defined vlans (on 2011): /interface vlan add interface=eth1 name=vlan_SVRs vlan-id=10 add interface=eth1 name=vlan_CLIs vlan-id=11 RB2011 a...
by th0massin0
Sun Jan 24, 2016 1:48 pm
Forum: General
Topic: Feature request: OpenVPN compression LZO and UDP
Replies: 200
Views: 93484

Re: Feature request: OpenVPN compression LZO and UDP

Dear Mikrotik Support and Developers Staff In context of governmental changes in Poland and dramatic changes in Act of Police (known as “Invigilation Act”) I will ask one more time, please give us OpenVPN in UDP with compression and TLS. We have many RouterBoards already and if you will make OpenVPN...
by th0massin0
Wed Dec 23, 2015 2:16 pm
Forum: General
Topic: Feature Requests: Port Lists, and Multiple address lists in a filter rule
Replies: 13
Views: 2558

Re: Feature Requests: Port Lists, and Multiple address lists in a filter rule

+1
It would be extremly usuable to make something like Address book for hosts (or scopes)
and fixed service list with ability of create it's own.
My proposal: One service = one or few TCP or/and UDP port (s).
by th0massin0
Wed Oct 28, 2015 1:02 pm
Forum: General
Topic: Feature Request: No-IP/DynDNS client
Replies: 3
Views: 800

Re: Feature Request: No-IP/DynDNS client

... after longer reflection, I think, that you're right. Could you tell me if there is a way to use MT ddns in multi WAN enviorment?
by th0massin0
Tue Oct 27, 2015 1:45 pm
Forum: General
Topic: Feature Request: No-IP/DynDNS client
Replies: 3
Views: 800

Feature Request: No-IP/DynDNS client

as in subject. Scripts arte only bypass of missing functionality.
by th0massin0
Tue Oct 27, 2015 1:31 pm
Forum: General
Topic: Feature request: OpenVPN compression LZO and UDP
Replies: 200
Views: 93484

Re: Feature request: OpenVPN compression LZO and UDP

+1 for UDP + LZO and tls-auth
by th0massin0
Thu May 28, 2015 10:35 am
Forum: General
Topic: v6.29 will be released this week!
Replies: 65
Views: 13436

Re: v6.29 will be released this week!

*) firewall - fixed sector writes rising starting since 6.28;
Seems to be fixed in today's 6.29, tested on RB2011UiAS
by th0massin0
Wed Jun 18, 2014 3:00 pm
Forum: Wireless Networking
Topic: WDS with wired backbone
Replies: 4
Views: 1709

Re: WDS with wired backbone

I resolved the problem by setting same SSID and security profile on every AP, but on diffrent channels to avoid interference.
Btw. that's look promissing: http://wiki.mikrotik.com/wiki/Manual:CAPsMAN ...but IMHO it's 'to new' to implement it into production networks.
by th0massin0
Mon Jun 09, 2014 8:11 am
Forum: Wireless Networking
Topic: WDS with wired backbone
Replies: 4
Views: 1709

WDS with wired backbone

Hello
I am trying to set up infrastructure with few wired-connected Mikrotik APs. How to make something like WDS infrastructure where connected clients are able to roam between AP without loosing connection?

I can't find any sufficient info how to do it.
Please help!
by th0massin0
Sun May 11, 2014 4:23 am
Forum: Beginner Basics
Topic: L2TP over IPSEC with certs
Replies: 1
Views: 4270

L2TP over IPSEC with certs

Hello! I am trying to configure L2TP over IPSEC VPN for Windows roadwarriors with certificate authentication. I used http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_with_RSA_Authentication but the manual is siriously bugged, for example: /certificate sign-ca or sign-issued doeesn't ...