Community discussions

Search found 247 matches

by ik3umt
Mon Sep 30, 2019 10:57 am
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 1154

Re: Remote update hAP lite

The issue with not enough space has been fixed in newer versions, but to get to the new version, you will have to use Netinstall
Well, I love this clear answers ! :D
So on-site trip is scheduled !
Thank you Normis.
by ik3umt
Mon Sep 30, 2019 9:17 am
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 1154

Re: Remote update hAP lite

Ok , tedious thread...
anyway, is it possible to erase config , and automatically restore config via script after reboot AND update has been done ?
but probably script takes disk space, so.....
by ik3umt
Fri Sep 27, 2019 11:22 pm
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 1154

Re: Remote update hAP lite

22:16:20 system,info installed routeros-smips-6.45.6 
22:16:20 system,error not enough space for upgrade 
22:16:21 system,info router rebooted 
:(
by ik3umt
Thu Sep 26, 2019 9:36 am
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 1154

Re: Remote update hAP lite

I was able to update a pair of hap-lite by connecting to local remote desktop and run the save-clear-restore cfg tasks. There are a pair more that have no pc on their lan and worse, they are routers managing internet connection, so configuration cannot be erased. latest .npk file can be succesfully ...
by ik3umt
Thu Sep 19, 2019 7:26 pm
Forum: General
Topic: One public address per LAN
Replies: 3
Views: 573

Re: One public address per LAN

Nick, any practical example of rule ?

i.e. :
192.168.1.0/24 (ether4) will use 10.20.30.1/29 on ether1
192.168.2.0/24 (ether5) will use 10.20.30.2/29 on ether1
and so on...

Still masquerade rule needed ?

Thank you
by ik3umt
Wed Sep 18, 2019 3:39 pm
Forum: General
Topic: One public address per LAN
Replies: 3
Views: 573

One public address per LAN

A /29 public addresses subnet is available to one RB ethernet port.
How can each single LAN subnet use a specific WAN IP address ?
by ik3umt
Mon Sep 16, 2019 5:53 pm
Forum: Beginner Basics
Topic: Difference in setting dhcp options
Replies: 1
Views: 316

Difference in setting dhcp options

One can set dhcp server options by specifying a dhcp option set into dhcp server settings as well as single options into dhcp networks settings
What is the difference ?
by ik3umt
Thu Sep 12, 2019 9:21 am
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 1154

Re: Remote update hAP lite

OK understood.
Meanwhile, I have it updated to latest 6.45.6.npk whithout space issues, fingers crossed.....
by ik3umt
Wed Sep 11, 2019 5:18 pm
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 1154

Re: Remote update hAP lite

Please explain : should I disable (I cannot uninstall) all packages and copy only desired ones and reboot to have just the copied one filling hdd space ? What happens to old disabled ones ? Would they becomes available to uninstall ? Goal is obviously to have more free space (hdd not ram , this is a...
by ik3umt
Wed Sep 11, 2019 4:32 pm
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 1154

Re: Remote update hAP lite

As main package is a bundled package, I cannot unnstall single unneeded package so kristsd solution #2 worked for me, but: cannot remove directly entire configuration as hap lite is connected via l2tp/ipsec tunnel generated by itself. I had to connect to a local PC winbox via teamviewer or similar, ...
by ik3umt
Wed Sep 11, 2019 9:10 am
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 1154

Remote update hAP lite

Is there a way to update hAP lite (regular update failed because of known memory space issue) without on-site netinstall ?
Thanks.
by ik3umt
Sat Aug 10, 2019 6:33 pm
Forum: General
Topic: Flooding a cascade css326 , an issue ?
Replies: 2
Views: 416

Re: Flooding a cascade css326 , an issue ?

Found flood ping increases quickly SFP+ Rx MAC and RX FCS errors counters on switch target devices are connected to.....
Opened a request @support.....

No one with CSS326 10Gbps issues ???
by ik3umt
Fri Aug 09, 2019 9:06 pm
Forum: General
Topic: Flooding a cascade css326 , an issue ?
Replies: 2
Views: 416

Re: Flooding a cascade css326 , an issue ?

Further tests: a linux machine with ping -f to machines at the other switch ends gives : ping -f 192.168.1.253 PING 192.168.1.253 (192.168.1.253) 56(84) bytes of data. .......................................................................................................................................
by ik3umt
Tue Aug 06, 2019 6:13 pm
Forum: General
Topic: hAP lite update
Replies: 0
Views: 260

hAP lite update

still on 6.45.1 with few hAP lite

6.45.3 : *) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);

Should I netinstall them anyway to fix failing updates (thus on-site operation) ?
by ik3umt
Fri Aug 02, 2019 5:21 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 25452

Re: v6.45.3 [stable] is released!

UMarcus: are you sure Hap lite has been updated ??

I've tried also to update via /system packages and manually via file upload, it seems it still fails....

npk file is displayed on files section , winbox reports 16MB of16MB used, maybe no more space allowed for updating process....
by ik3umt
Fri Aug 02, 2019 5:06 pm
Forum: General
Topic: Again on Hotspot HTTPS redirection
Replies: 18
Views: 1348

Re: Again on Hotspot HTTPS redirection

Yes, testing deeper (for what my knowledge permits) I've found iphone looking for captive.apple.com once new wifi network has been connected, while windows10 machines trigger msftconnecttest.com/redirect, both probably http sites as they make hotspot login page to appear. Older devices/OS would prob...
by ik3umt
Fri Aug 02, 2019 12:52 pm
Forum: Wireless Networking
Topic: Automatic login to HotSpot in Trial mode
Replies: 3
Views: 2891

Re: Automatic login to HotSpot in Trial mode

For me it works this way: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="refresh" content="0; url=http://10.0.0.1/login?username=T-$(mac-esc)" /> </head> </html> If needed, alogin.html will pro...
by ik3umt
Fri Aug 02, 2019 12:11 pm
Forum: General
Topic: Again on Hotspot HTTPS redirection
Replies: 18
Views: 1348

Re: Again on Hotspot HTTPS redirection

Ok, it is something the user's browser should do, but we are not sure any device does , or does it the right way.
Do you mean they should already behave this way , or is it just a plan about the way all devices should work in future as a standard ?
by ik3umt
Fri Aug 02, 2019 10:42 am
Forum: General
Topic: Flooding a cascade css326 , an issue ?
Replies: 2
Views: 416

Flooding a cascade css326 , an issue ?

RB3011---1G_eth----CSS326_1------10G_fiber------CSS326_2 from rb3011: /tool flood-ping <CSS326_1 address> sent: 500 received: 500 min-rtt: 0 avg-rtt: 0 max-rtt: 1 (it takes two seconds to finish operation) /tool flood-ping <CSS326_2 address> sent: 500 received: 467 min-rtt: 0 avg-rtt: 0 max-rtt: 2 (...
by ik3umt
Fri Aug 02, 2019 10:22 am
Forum: General
Topic: Again on Hotspot HTTPS redirection
Replies: 18
Views: 1348

Re: Again on Hotspot HTTPS redirection

Not really sure about this "fetching random URLs over http" thing.... can you explain ?
by ik3umt
Thu Aug 01, 2019 6:33 pm
Forum: General
Topic: Again on Hotspot HTTPS redirection
Replies: 18
Views: 1348

Re: Again on Hotspot HTTPS redirection

Just tried https auth with an apple device, it warnings me twice (two web pages sequentially) before to access hotspot , then twice for hotspot authentication , a bit tedious... Will try to teach users to browse www.mysite.web (http) to gain access to login, at least for now... One could even ignore...
by ik3umt
Thu Aug 01, 2019 5:23 pm
Forum: General
Topic: Again on Hotspot HTTPS redirection
Replies: 18
Views: 1348

Re: Again on Hotspot HTTPS redirection

Thanks, pretty clearer now, it's really a browser (security) issue then... So what's our kindest solutions from user point of view, when he accesses our hotspot and something bans https sites from being visited ? It wouldn't be a great thing to teach them "please type this url in order to login and ...
by ik3umt
Thu Aug 01, 2019 4:25 pm
Forum: General
Topic: Need a clarification on hotspot trial user
Replies: 7
Views: 1776

Re: Need a clarification on hotspot trial user

So , we agree about kicking them off sometimes, to "refresh" all things.
Then what are the suggested combined values in: Http Cookie Lifetime, Trial Uptime Limit, Trial Uptime Reset and eventually dhcp lease time for a "pseudo-no-time-limit" user ?
by ik3umt
Thu Aug 01, 2019 4:07 pm
Forum: General
Topic: Again on Hotspot HTTPS redirection
Replies: 18
Views: 1348

Again on Hotspot HTTPS redirection

The user hitting hotspot for the first time with an https request will fail and receive the well known warning. Installing self-signed certificate , enabling www-ssl service and https login , redirection is possible with some warnings. When login by HTTP to an HTTP site is done without all the above...
by ik3umt
Thu Aug 01, 2019 11:13 am
Forum: General
Topic: CRS328-24P-4S+RM as wifi allinone
Replies: 3
Views: 475

Re: CRS328-24P-4S+RM as wifi allinone

CRS328 works perfectly as switch
But it has only 16MB storage :shock:
Any possible issue running in routerOS with next package updates if growing in size ?
by ik3umt
Fri Jul 26, 2019 5:09 pm
Forum: Beginner Basics
Topic: Per host queue
Replies: 2
Views: 346

Re: Per host queue

That was enough, single queue with pcq definition,quite easy !
Searching in my place would be greatly appreciated, I did it myself for now.... :lol:
by ik3umt
Fri Jul 26, 2019 11:24 am
Forum: Beginner Basics
Topic: Per host queue
Replies: 2
Views: 346

Per host queue

New to queues...

From what I understood, putting my lan subnet into a simple queue target with 10M, it allows 10M total to be shared between N lan users (i.e. 5M each between 2 users)
How instead allow i.e. 1M each user of the whole subnet without to create 254 queue entries ?
by ik3umt
Fri Jul 26, 2019 9:10 am
Forum: Wireless Networking
Topic: WiFi4EU
Replies: 8
Views: 1807

Re: WiFi4EU

I think MT has lost its train.......
Or it's not in their plans, maybe.
by ik3umt
Thu Jul 11, 2019 12:23 pm
Forum: Beginner Basics
Topic: Cloning device using backup and restore
Replies: 9
Views: 640

Re: Cloning device using backup and restore

It would be pretty nice if someone explains where and why restoring a backup to same model unit fails...
Is definitely "backup" intended to be restored on the same piece of hardware from where it has been generated ?
by ik3umt
Thu Jun 27, 2019 9:40 am
Forum: Wireless Networking
Topic: Running RDP over capsman system , connections hang
Replies: 5
Views: 788

Re: Running RDP over capsman system , connections hang

I'll try local forwarding.... Question: I'm using the same datapath for two different SSIDs in two different capsman configurations, can I use localforwarding YES and NO for the same datapath ? /caps-man configuration datapath=Office_Bridge mode=ap name=OfficeCfg security=security1 ssid=OfficeWIFI d...
by ik3umt
Wed Jun 26, 2019 5:17 pm
Forum: Wireless Networking
Topic: Running RDP over capsman system , connections hang
Replies: 5
Views: 788

Re: Running RDP over capsman system , connections hang

Just wondering why they don't hang while under ping from routerboard.....
something kept alive ? disconnect timing ?
why it doesn't happen when linked to a common AP wired to the switch ?
by ik3umt
Wed Jun 26, 2019 3:30 pm
Forum: Wireless Networking
Topic: Running RDP over capsman system , connections hang
Replies: 5
Views: 788

Running RDP over capsman system , connections hang

Samsung wifi tablets running RDP session to a microsoft server in local LAN by mean of capsman system. Capsman running in cap forwarding mode , chosen datapath is the same bridge LAN switch is connected to (thus MS server connected to same switch). I'm experiencing RDP session hangs (need to re-logi...
by ik3umt
Wed Jun 26, 2019 12:45 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 4298

Re: single IP constantly trying to log to my Mikrotik

Imagine....if this wasn't the "Beginner Basics" section.......
by ik3umt
Fri Jun 21, 2019 11:06 am
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 930

Re: connecting firewall through routerboard keeping public ip address

In the meanwhile, I got it working with two separated routerboards each dst-natted from in-interface to the address of router behind it

Image

It works totally transparent, but the goal is to use , if possible, a single routerboard in the middle....
by ik3umt
Fri Jun 21, 2019 10:24 am
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 930

Re: connecting firewall through routerboard keeping public ip address

Thank you for patience, Arp table of firewall (actually a RB) sees both <ISP router ip address> and 10.10.10.10 with MT ether2 mac address Arp table of MT sees <firewall ip address> with <firewall mac address> on ether2 and <ISP router ip address> with <ISP router mac address> on ether1 If I ping <I...
by ik3umt
Tue Jun 18, 2019 4:43 pm
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 930

Re: connecting firewall through routerboard keeping public ip address

Noob question.... Is it possible a different approach, something like a double routing/nat inside the same RB ??

Image
by ik3umt
Tue Jun 18, 2019 9:20 am
Forum: Scripting
Topic: Perform an action after X times link loss
Replies: 1
Views: 324

Perform an action after X times link loss

How can I perform an action (an e-mail, a reboot etc.) after i.e. an ethernet link goes down for an amount of times ?
by ik3umt
Mon Jun 17, 2019 4:53 pm
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 930

Re: connecting firewall through routerboard keeping public ip address

Unfortunately on the real test it fails: ether1 facing dsl router ether2 facing firewall /interface ethernet set [ find default-name=ether1 ] arp=proxy-arp set [ find default-name=ether2 ] arp=proxy-arp /ip address add address=10.10.10.10 interface=ether1 network=<dslrouter_ip_address> /ip route add...
by ik3umt
Mon Jun 03, 2019 9:41 am
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 930

Re: connecting firewall through routerboard keeping public ip address

Ok, It works , connection from firewall to internet are ok, I haven't yet checked in real environment if a.b.c.6 (firewall public ip) is reachable transparently from internet , I'll keep you updated...
by ik3umt
Thu May 30, 2019 3:43 pm
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 930

Re: connecting firewall through routerboard keeping public ip address

Problem is missing default route on RB. You can try: /ip route add dst-address=0.0.0.0/0 gateway=10.0.0.1 Already tried, 10.0.0.1 gateway is "unreachable", also tried gateway=ether2 , same issue. About other dsls, i want to tie them together with working one to achieve more bandwidth and failover l...
by ik3umt
Thu May 30, 2019 12:53 pm
Forum: Beginner Basics
Topic: Managing two separate subnet with same class addresses
Replies: 9
Views: 576

Re: Managing two separate subnet with same class addresses

No, wait, I haven't undesrtood if two eth with the same ip address and class on the same routerboard is IMPOSSIBLE (don't work) or is WRONG (but works because of using interface names and routing marks).

Each LAN has it own gateway (not the routerboard).
by ik3umt
Thu May 30, 2019 12:25 pm
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 930

Re: connecting firewall through routerboard keeping public ip address

I've tested it with a PC instead of firewall: https://ibin.co/4irKWZWiSd0N.jpg I can ping 10.0.0.1 from 10.0.0.9 and vice-versa PC arp table says 10.0.0.1 is B8:69:F4:BC:BB:32 (routerboard ether3) Dsl router arp table says 10.0.0.9 is B8:69:F4:BC:BB:31 (routerboard ether2) On PC , default gateway an...
by ik3umt
Thu May 30, 2019 9:59 am
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 930

Re: connecting firewall through routerboard keeping public ip address

Yes, firewall already does srcnat so routerboar would see all traffic coming only from a.b.c.6 address. Some incoming services hitting a.b.c.6 are dst-natted by firewall to some lan machines Maybe a vpn can be established from internet client to a.b.c.6 No need for incoming services on other two rou...
by ik3umt
Thu May 30, 2019 2:31 am
Forum: Beginner Basics
Topic: Managing two separate subnet with same class addresses
Replies: 9
Views: 576

Re: Managing two separate subnet with same class addresses

I didn't know more interfaces can be configured with the same ip address and subnet , I thought this would mess up things. It happens, rarely, but happens, you find a place having the same addressing i.e. for PC and for ip cameras or ip telephony, completely separated , each with its own switch (som...
by ik3umt
Thu May 30, 2019 2:15 am
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 930

Re: connecting firewall through routerboard keeping public ip address

Nice to know.... with PCC I let firewall (thus machines behind it) to use all three DSL line to achieve more bandwidth and failover like I'm actually doing in few systems (but without firewall in the middle). Honestly, I don't know if : lan_machines----routerboard_pcc------three_wans lan_machines---...
by ik3umt
Thu May 30, 2019 1:06 am
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 930

Re: connecting firewall through routerboard keeping public ip address

But , from firewall point of view, is it like routerboard didn't exist ??
I would have to set up pcc/loadbalancing like eth facing wirewall was LAN and other eth as WANs.
Would any internet packet destinated to a.b.c.6 hit the firewall ?
by ik3umt
Wed May 29, 2019 11:43 am
Forum: Beginner Basics
Topic: Managing two separate subnet with same class addresses
Replies: 9
Views: 576

Re: Managing two separate subnet with same class addresses

Sob, How can I define a virtual subnet to the real one and routing through the right interface ?
I suppose each ethernet has not to be configured with an ip address...
by ik3umt
Wed May 29, 2019 10:56 am
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 930

connecting firewall through routerboard keeping public ip address

An existing firewall is directly connected to a dsl router with a /29 subnet public ip address
I have to interpose a routerboard used as a loadbalancer/failover with other two dsl routers.
Is there a way to keep the public ip address coming from original router ?

Image
by ik3umt
Wed May 29, 2019 10:12 am
Forum: Beginner Basics
Topic: Managing two separate subnet with same class addresses
Replies: 9
Views: 576

Managing two separate subnet with same class addresses

Is it possible to manage two LAN having each the same IP subnet both containing machines with same ip address ? https://ibin.co/4ijhOkZ00Avj.jpg I would say NO, but I'm not aware if Ros has some obscure feature...... I could use netmap to addressing two different subnet , but how to know on wich tar...
by ik3umt
Wed May 15, 2019 9:25 am
Forum: General
Topic: hotspot + userman : how avoid to reach webfig ?
Replies: 5
Views: 409

Re: hotspot + userman : how avoid to reach webfig ?

Already tried, changing www port affects both userman and webfig, it would be easy if a port could be set for separate www services.

Any other idea to allow/deny userman rather than webfig at firewall level ?
by ik3umt
Tue May 14, 2019 5:44 pm
Forum: General
Topic: hotspot + userman : how avoid to reach webfig ?
Replies: 5
Views: 409

Re: hotspot + userman : how avoid to reach webfig ?

The problem is if any user try to access http://10.50.50.50 he goes straight into webfig page without being asked for credentials ! In laboratory test environment I forgot to set the admin password ......... :? :? Anyway, the real question could be: once an interface (i.e. bridge) is created, is it...
by ik3umt
Tue May 14, 2019 4:24 pm
Forum: General
Topic: hotspot + userman : how avoid to reach webfig ?
Replies: 5
Views: 409

hotspot + userman : how avoid to reach webfig ?

I have set up hotspot together with userman to allow auto-signup this way: hotspot running in a 10.0.0.0/24 subnet made a new bridge with address 10.50.50.50/32 enabled radius for hotspot service on this address added a router with same ip and credentials to user manager edited hotspot login.html wi...
by ik3umt
Fri Apr 19, 2019 6:14 pm
Forum: Beginner Basics
Topic: HotSpot with userman as login page
Replies: 9
Views: 836

Re: HotSpot with userman as login page

I'll take a look....
It seems , however, once signup is done, you are immediately redirected to http://routerip/user that is a page you cannot find (to be edited) among files .... (am I wrong ?)
by ik3umt
Thu Apr 18, 2019 4:53 pm
Forum: Beginner Basics
Topic: HotSpot with userman as login page
Replies: 9
Views: 836

Re: HotSpot with userman as login page

Not so important to manage user input data for now, self-signup is enough, so: Hotspot first login obviously works, I've added a link to userman self-signup page (signup enabled on userman settings) then self-signup of users via userman works. Entering credentials generated by userman into hotspot p...
by ik3umt
Thu Apr 18, 2019 10:43 am
Forum: Beginner Basics
Topic: HotSpot with userman as login page
Replies: 9
Views: 836

Re: HotSpot with userman as login page

Ok, but it would be nice to do it all inside the same routerboard machine. Perhaps a possible workaround: Add to hotspot login page a "click here to signup" link to /routerip/user/signup (easy) Redirect user (I don't know if possible, and how) after signup form is filled, back to hotspot login page,...
by ik3umt
Thu Apr 18, 2019 10:36 am
Forum: General
Topic: Capturing email address in Hotspot login
Replies: 9
Views: 2452

Re: Capturing email address in Hotspot login

Funny, 2009, 2013, 2016, 2017 Now I have this need in 2019 :? :? No answers yet, I can't believe there isn't a solution in such a powerful OS Just a trial login after email field is filled and email value saved somewhere ..... Any suggestion for the inexperienced people ?? Thanks a lot !!!
by ik3umt
Wed Apr 17, 2019 9:37 am
Forum: Beginner Basics
Topic: HotSpot with userman as login page
Replies: 9
Views: 836

Re: HotSpot with userman as login page

Too difficult or too stupid question ? :shock:
by ik3umt
Tue Apr 16, 2019 5:35 pm
Forum: Beginner Basics
Topic: HotSpot with userman as login page
Replies: 9
Views: 836

HotSpot with userman as login page

What I'm trying to do: give a wireless user a HotSpot login page that is http://routerboard_ip/user/signup , allowing user to self-register to system once signup form is filled with e-mail, phone, user, pass etc. How to achieve this ? Hotspot automatically bring you to /hotspot/login.html Any hint p...
by ik3umt
Mon Apr 01, 2019 11:51 am
Forum: General
Topic: Windows 10 and netinstall
Replies: 19
Views: 15660

Re: Windows 10 and netinstall

I found that I had to run it under Windows 7 compatibility mode.
Me too, same issue, had it work selecting "run as administrator" and " run compatibility mode win7"
by ik3umt
Mon Apr 01, 2019 10:41 am
Forum: General
Topic: ROS into watchguard XTM5, what performance ?
Replies: 0
Views: 252

ROS into watchguard XTM5, what performance ?

Planning to install licensed routerOS into a watchguard XTM5 hardware (celeron400 or core2 duo E8500 / 2Gb RAM)
What performance comparision should be expected with Hardware Routerboards ? What model could be comparable with such a system ?
Thanks
by ik3umt
Fri Mar 22, 2019 9:34 am
Forum: General
Topic: What tunnel method for dynamic ip wan ?
Replies: 1
Views: 265

What tunnel method for dynamic ip wan ?

Both VPN server and client are MT machines. Client side have a dynamic public ip address and is behind ISP router NAT (MT and ISP router connected together with 192.168 class, public IP transparently natted) What's the method for site to site VPN , giving less headache as possible because of NAT pre...
by ik3umt
Fri Mar 22, 2019 9:26 am
Forum: General
Topic: One of 30 working l2tp/ipsec tunnels suddenly stops !
Replies: 1
Views: 299

Re: One of 30 working l2tp/ipsec tunnels suddenly stops !

For ones who are experiencing such an issue... It seems related to ISP router, the problem disappeared once ISP router was rebooted. Despite both MT wan have a public IP address, the connection is not so "transparent" as it should expected to be..... It would be nice to know where ip packets are los...
by ik3umt
Thu Mar 07, 2019 5:03 pm
Forum: General
Topic: One of 30 working l2tp/ipsec tunnels suddenly stops !
Replies: 1
Views: 299

One of 30 working l2tp/ipsec tunnels suddenly stops !

30 working l2tp/ipsec tunnels into a RB3011 server One of them suddenly stops working: client (a 3011 too) starts and complete phase1 and phase2 (a pair SA installed on both machines) , then it sends control message (three times) to server but this one doesn't receive anything. Then, client drops th...
by ik3umt
Wed Mar 06, 2019 10:02 am
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 45
Views: 8711

Re: hardware idea for a multiport switch

how about... vertical switch >_> like only 5cm deep so that you could mount it behind normal equipment (especially shorter ones), somewhat like giant rackmount PDU. Not a bad idea, but if mounted IN FRONT of other equipment. Cable management must be in front side of rack to avoid headaches when mai...
by ik3umt
Wed Feb 27, 2019 12:21 pm
Forum: Beginner Basics
Topic: ip neighbor 6.41, interface, discover-interface-list
Replies: 6
Views: 7746

Re: ip neighbor 6.41, interface, discover-interface-list

I noticed that there is a big error in "export compact file=XXXX" , in the "ip neighbor discovery-settings" field. In order to not activate discovery only on a few interface, I create a list named "no-discovery" and i set ip neighbor discovery-settings to " discover-interface-list: !no-discovery "....
by ik3umt
Wed Feb 27, 2019 10:20 am
Forum: General
Topic: Firewall in Access Points
Replies: 8
Views: 576

Firewall in Access Points

Should one configure firewall filter input rules in LAN access points (WLANs and eth bridged) ?
by ik3umt
Mon Feb 25, 2019 6:11 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 45
Views: 8711

Re: hardware idea for a multiport switch

Standard 1U 48 ports are already a mess when cable arrangement is not managed
That layout would be a pain in the.......rack....
A front-side high density would be ok for a 3 or 4 rack units, but a lot of space wasted in depht.
by ik3umt
Thu Feb 21, 2019 9:25 am
Forum: RouterBOARD hardware
Topic: Bricked mAP lite ?
Replies: 2
Views: 468

Re: Bricked mAP lite ?

Sorry I've written net boot , I mean netinstall ..... No way to put it in netinstall mode , or better, Netinstall software (I use succesfully with other RB) doesn't see the device , no matter which button reset timing. mAPlite ethernet is directly connected to PC ethernet I think all is happened wit...
by ik3umt
Tue Feb 19, 2019 12:31 pm
Forum: RouterBOARD hardware
Topic: Bricked mAP lite ?
Replies: 2
Views: 468

Bricked mAP lite ?

mAP lite in endless loop boot
No way to enter any config mode , net boot neither
Tried all reset button timings
https://youtu.be/rTW3B6RjiIY

Any idea other than waste bin ?
by ik3umt
Tue Nov 06, 2018 5:07 pm
Forum: RouterBOARD hardware
Topic: Desired switch
Replies: 7
Views: 1075

Re: Desired switch

Unfortunately 112 has no 10Gb SFP+
And yes 328 is a beast....
by ik3umt
Fri Nov 02, 2018 6:11 pm
Forum: RouterBOARD hardware
Topic: Desired switch
Replies: 7
Views: 1075

Desired switch

MT staff :
It would be nice to have a 8PoE + 8non-PoE Gb eth + 2/4 SFP+ cages switch in the 200 to 300 euro range.
Something to be placed between CRS112-8P-4S-IN and CRS328-24P-4S+RM
Any thought ?
by ik3umt
Fri Oct 26, 2018 5:10 pm
Forum: SwOS
Topic: css326 vlan question
Replies: 1
Views: 864

css326 vlan question

New to SwitchOS
I taken a read to https://wiki.mikrotik.com/wiki/SWOS/CSS326-VLAN-Example
Why is there no need (at least I haven't seen) to declare TAGGED vlan on ether2 ??

Thank you
by ik3umt
Fri Oct 19, 2018 11:12 pm
Forum: RouterBOARD hardware
Topic: Cisco SFP-H10GB-CU3M DAC support
Replies: 1
Views: 655

Cisco SFP-H10GB-CU3M DAC support

Do routers and switches equipped with SFP+ cages support SFP-H10GB-CU3M DAC cable/modules ??
I would use it to connect a CCR1009-7G-1C-1S+PC with a CSS326-24G-2S+RM
by ik3umt
Tue Oct 09, 2018 6:31 pm
Forum: General
Topic: L2TP/ipsec client not able to use encryption
Replies: 1
Views: 770

Re: L2TP/ipsec client not able to use encryption

Suddenly, now I have three of my 10 l2tp incoming connections not working for the same reason. using the profile (server side) with encryption=yes they come up with no encryption, using encryption=required, no way ! All clients are configured identically !! All connecting to the same server What els...
by ik3umt
Thu Sep 27, 2018 6:03 pm
Forum: Scripting
Topic: deleting files with the sam extension
Replies: 2
Views: 1735

Re: deleting files with the sam extension

janisk :

/file remove [find type=".rif file"] is OK

But what if I have to delete all .rif files that are into a directory ? Which syntax ?

P:S: I mean ONLY the .rif files that are inside a particular directory, not other .rif files
by ik3umt
Mon Sep 24, 2018 10:45 am
Forum: General
Topic: L2TP & Unsafe Config
Replies: 3
Views: 3311

Re: L2TP & Unsafe Config

Any detailed wiki page on how to use certificates on ipsec please ?
by ik3umt
Mon Aug 06, 2018 11:41 pm
Forum: General
Topic: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC
Replies: 18
Views: 2142

Re: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC

Thanks for infos, If a fan is down as spare,and cooling is an issue, I'm wondering about to connect both in parallel to achieve a better CFM rate (despite slightly more noise, not so much anyway) It would be interesting to find a point where a single fan@Xrpm equals two fans@Yrpm and evaluate noise ...
by ik3umt
Mon Aug 06, 2018 10:15 am
Forum: General
Topic: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC
Replies: 18
Views: 2142

Re: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC

Are original fans tachometric anyway ?
as MikroTik does'n support PWM
Do MT actually uses speed monitoring and voltage-controlled speed ?
by ik3umt
Mon Aug 06, 2018 9:31 am
Forum: General
Topic: L2TP "road warriors" and security issue
Replies: 2
Views: 285

L2TP "road warriors" and security issue

Would a set of rules allowing L2TP from any public ip addrss represent a security issue ? i.e. add comment="IPSEC input" in-interface-list=WANs chain=input action=accept protocol=udp dst-port=500 add comment="IPSEC input" in-interface-list=WANs chain=input action=accept protocol=udp dst-port=4500 ad...
by ik3umt
Fri Aug 03, 2018 5:01 pm
Forum: Beginner Basics
Topic: Very noob security question
Replies: 2
Views: 414

Very noob security question

Should a routerboard device NOT directly exposed to internet (i.e. a LAN access point without any port forwarding from main router) be protected with a basic firewall set of rules , at least on input chain ?
by ik3umt
Thu Aug 02, 2018 6:33 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 56
Views: 7721

Re: Mikrotik in the news..bad news

...........you will will be using the old firewall config, as is aptly shown above where user Samot pasts his default firewall which is the old vulnerable type. That was the basic firewall : add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain=input com...
by ik3umt
Tue Jul 31, 2018 3:46 pm
Forum: General
Topic: Hex S SFP no link
Replies: 22
Views: 5131

Re: Hex S SFP no link

So definitely an hardware problem ?
Just a defective part or newer/upgraded hardware ?
by ik3umt
Tue Jul 31, 2018 1:06 pm
Forum: General
Topic: Vlan speed and inter-vlan routing killing cpu
Replies: 2
Views: 462

Re: Vlan speed and inter-vlan routing killing cpu

Oops.. Image should be ok

Please note that PC5 and VM4 reside on the same Vlan and routing doesn't take part (as cpu load tells)
That sounds strange to me...

All ports (VMs, ESXi host SW and HW, Routerboard, PCs) status show 1GB
Test to VM4 never exceeds 96-98Mbps.
by ik3umt
Tue Jul 31, 2018 10:54 am
Forum: General
Topic: Vlan speed and inter-vlan routing killing cpu
Replies: 2
Views: 462

Vlan speed and inter-vlan routing killing cpu

SCENARIO: https://ibin.co/4AZF5WiTSZSg.jpg Problem: All connections in diagram (included VMware virtual switching system) are 1Gbps, iperf3 server mode running on each Virtual Machine inside ESXi, iperf3 client mode running on PC1 PC1 to VM1-3 reports almost 1Gb bandwidth PC1 to VM4 (vlan10 to vlan1...
by ik3umt
Thu Jul 26, 2018 7:03 pm
Forum: General
Topic: L2TP/ipsec client not able to use encryption
Replies: 1
Views: 770

L2TP/ipsec client not able to use encryption

I have one out of 10 L2TP/ipsec clients configured the same identical way to connect to same server , not able to encrypt when /ppp profile is set to use-encryption=required All other clients have not any problem Only this one gets an active connection if "use-encryption=yes" is set: this way, the f...
by ik3umt
Thu Jul 26, 2018 3:37 pm
Forum: General
Topic: Bridge as part of VLAN or VLAN as part of bridge ??
Replies: 0
Views: 302

Bridge as part of VLAN or VLAN as part of bridge ??

This is confusing me.... On a CRS125 , all LAN ports are part of VLAN10 : /interface ethernet switch vlan add ports="ether1,ether2,ether3,ether4,ether5,etc,etc" vlan-id=10 I have to add a capsman bridge for datapath , talking to VLAN10 I cannot add a bridge into "add ports=" command The workaround i...
by ik3umt
Thu Jul 19, 2018 12:11 pm
Forum: General
Topic: CRS328-24P-4S+RM as wifi allinone
Replies: 3
Views: 475

Re: CRS328-24P-4S+RM as wifi allinone

Thanks,
how compared to a RB3011 + PoE switch solution (very simple firewall anyway) ?
by ik3umt
Thu Jul 19, 2018 11:56 am
Forum: General
Topic: CRS328-24P-4S+RM as wifi allinone
Replies: 3
Views: 475

CRS328-24P-4S+RM as wifi allinone

Would you use a CRS328-24P-4S+RM as all in one solution for wifi environment up to 20 access points and up to 100Mps ISP WAN bandwidth ?
so RouterOS mode + CAPsMAN +(eventually hotspot) + routing/firewall, )
Any thougth ?
by ik3umt
Thu Jul 12, 2018 12:27 pm
Forum: General
Topic: Traffic generator settings for test against iperf3
Replies: 0
Views: 272

Traffic generator settings for test against iperf3

Noob question:

Since I have never used traffic generator, and it has a lot of settings , is there a basic, standard config/template i can use to tes against a PC running iperf3 in server mode ?

Thank you
by ik3umt
Tue Jul 10, 2018 12:52 pm
Forum: Wireless Networking
Topic: Display all current channels
Replies: 0
Views: 323

Display all current channels

CAPsMAN: Is there a way to display globally all CURRENT channels used by all radios in a single screenshot ?

Enter a single interface to display its status is very annoying.....
by ik3umt
Tue Jul 10, 2018 12:39 pm
Forum: Wireless Networking
Topic: Reselect interval in crowded bands CAPsMAN
Replies: 0
Views: 663

Reselect interval in crowded bands CAPsMAN

Could it be of any benefit to set a "reselect interval" in a crowded band environment with 20-30 AP controlled by manager, both 2.4 and 5 GHz with some AP stuck on same frequency ?? If yes, actually I'm using default radio settings (no channels defined in CAPsMAN configuration): can I setup a SINGLE...
by ik3umt
Tue Apr 24, 2018 6:55 pm
Forum: Wireless Networking
Topic: CAPsMAN upgrade fails because no file
Replies: 6
Views: 4276

Re: CAPsMAN upgrade fails because no file

I'm resuming this post because I need to update whole capsman system in one shot (last manager update causes to lose wifi , as upgrade policy was set as "require same version" and I want to keep this but do not upgrade by hand) Manager is Arm , ap are mipsbe I think the fastest solution is a script ...
by ik3umt
Mon Apr 23, 2018 3:54 pm
Forum: General
Topic: Btest.exe
Replies: 3
Views: 5094

Btest.exe

I cannot find btest.exe in website downloads
Has it been removed ?
Problems with that software ?
by ik3umt
Mon Apr 23, 2018 3:21 pm
Forum: General
Topic: Need help with VLANs on crs125
Replies: 2
Views: 276

Re: Need help with VLANs on crs125

Thank you for reply, What could it happen if invalid VLAN filtering is not applied ? You said " Before you enable invalid VLAN filtering, make sure a management port is set up." I'm managing CRS from one of untagged ports (3-24) (pc is not aware of any tagging) As I created switch vlans, I was locke...
by ik3umt
Mon Apr 23, 2018 12:55 pm
Forum: General
Topic: Need help with VLANs on crs125
Replies: 2
Views: 276

Need help with VLANs on crs125

I need to setup inter-vlan routing with a CRS125, I'm following this guide : https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches_examples#InterVLAN_Routing Well , eth1 and eth2 are VLAN100 and VLAN200 tagged (trunk) connecting to other switches eth3 to eth4 are VLAN100 untagged (access)...
by ik3umt
Thu Feb 15, 2018 3:18 pm
Forum: Beginner Basics
Topic: Booting with own basic config
Replies: 1
Views: 265

Booting with own basic config

Is there a way to perform a routerboard device boot sequence in order to :

1: reset configuration without default configuration
2: load a custom configuration with just few lines

all at same time with no operator ineraction ?

Thanks
by ik3umt
Fri Feb 09, 2018 5:03 pm
Forum: Wireless Networking
Topic: CAPsMAN over DSL
Replies: 3
Views: 442

Re: CAPsMAN over DSL

Thank you,

Should I configure a tunnel for CAP purpose , or manager can be reachable with a simple port-forwarding ?
by ik3umt
Tue Feb 06, 2018 5:35 pm
Forum: Wireless Networking
Topic: CAPsMAN over DSL
Replies: 3
Views: 442

CAPsMAN over DSL

Is it possible to manage two AP that reside geographically away from CAP manager by a DSL line ?

Image

Each location wifi user must use the related DSL line to surf the web. (no clients traffic managed by CAPsMAN)

Thanks
by ik3umt
Wed Oct 11, 2017 10:40 am
Forum: Beginner Basics
Topic: RB3011 how to bind all port together ?
Replies: 1
Views: 353

RB3011 how to bind all port together ?

I need all ten RB3011 ports to act as a single switch

I can set port 2 to 5 as slave of port 1 and port 7 to 10 as slave of port 6 and create a bridge between port 1 and 6
Also I can assign each single port (with no master) to a single bridge.

What is the best ? other better solutions ?

Thanks
by ik3umt
Wed Jun 28, 2017 6:41 pm
Forum: General
Topic: L2TP Status: terminating - config error ? bug ?
Replies: 4
Views: 1975

Re: L2TP Status: terminating - config error ? bug ?

Thank you,
I supposed that, but why it still does not connect if L2TP client has "use ipsec" flag checked with the correct ipsec passphrase ?? (like all other clients with same configuration do)
by ik3umt
Wed Jun 28, 2017 4:36 pm
Forum: General
Topic: L2TP Status: terminating - config error ? bug ?
Replies: 4
Views: 1975

Re: L2TP Status: terminating - config error ? bug ?

Sorry for up, but, really , what's the difference between use ip sec= yes and required ??

Manual (wiki ) doesn't have an answer......
by ik3umt
Tue Jun 27, 2017 10:35 am
Forum: General
Topic: L2TP Status: terminating - config error ? bug ?
Replies: 4
Views: 1975

Re: L2TP Status: terminating - config error ? bug ?

Investigating furher : The issue was on SEVER side : for disconnected clients there was an error : l2tp connection rejected no IPsec encryption while it was required despite the fact "Use IPSEC" flag is present on client configuration with correct passphrase.(please note all MT client machines have ...
by ik3umt
Tue Jun 27, 2017 9:21 am
Forum: General
Topic: L2TP Status: terminating - config error ? bug ?
Replies: 4
Views: 1975

L2TP Status: terminating - config error ? bug ?

I have some MT machines configured as L2TP client connecting the same RB3011 L2TP server Clients configuration is the same except user/pass Some of them lose connection and hang in "Status: terminating... - session closed" state. No way to make them connected again, (disabled/enabled interface), the...
by ik3umt
Tue Jun 06, 2017 5:59 pm
Forum: General
Topic: Event webpage injection to hotspot user
Replies: 3
Views: 735

Event webpage injection to hotspot user

Is there a way to pop up a webpage to hotspot free user browsing web in order to advise i.e. restaurant "today's menu" or "today's events" ?

Not into login page but arbitrarily with content and time chosen by hotspot manager
by ik3umt
Fri May 26, 2017 5:33 pm
Forum: General
Topic: Can skins be saved ?
Replies: 1
Views: 341

Can skins be saved ?

Can I save skins to be restored as a backup ?
by ik3umt
Fri May 26, 2017 5:31 pm
Forum: General
Topic: Looking for hotspot feature
Replies: 0
Views: 253

Looking for hotspot feature

It would be nice if in IP>Hotspot>Hosts/Active the client ActiveHostName derived from DHCP server lease was displayed. A nice look at a glance to recognize the "known" hosts , just to avoid to look at dhcp server , remember mac address and go to hotspot section.... Is there already something like th...
by ik3umt
Fri May 26, 2017 4:27 pm
Forum: Wireless Networking
Topic: CAPsMAN 2.4GHz defined, 5GHz auto
Replies: 1
Views: 460

CAPsMAN 2.4GHz defined, 5GHz auto

In CAPsMAN environment, how can i set a channel configuration to obtain choosen channels for 2.4GHZ radios and auto channels for 5GHZ ones ??
If I configure a set of 2.4 channels only, automatically 5GHz radios end in "Band not supported"....

Thank you
by ik3umt
Mon May 15, 2017 10:53 pm
Forum: Beginner Basics
Topic: dhcp leases and hotspot users
Replies: 0
Views: 255

dhcp leases and hotspot users

I have deleted all dhcp server leases as well as all hotspot users. When they try to reconnect I've noted a strange thing : there are more hotspot user appeared with their own ip address than the active dhcp leases....... Each hotspot user shouldn't get a dhcp lease before to become a part of hotspo...
by ik3umt
Thu May 04, 2017 6:15 pm
Forum: General
Topic: l2TP/ipsec from win10 behind mikrotik to natted mikrotik [Solved]
Replies: 5
Views: 694

Re: l2TP/ipsec from win10 behind mikrotik to natted mikrotik

It works !!!

Thank you !

Briefly for who needs:

regedit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
add new DWORD (32-bit) value named AssumeUDPEncapsulationContextOnSendRule
give it a value of 2
reboot
by ik3umt
Thu May 04, 2017 3:35 pm
Forum: General
Topic: l2TP/ipsec from win10 behind mikrotik to natted mikrotik [Solved]
Replies: 5
Views: 694

Re: l2TP/ipsec from win10 behind mikrotik to natted mikrotik

Same issue : Connecting a remote routerboard in L2TP/IPSEC works from a 3g/4g client as well a windows10 client with a comon DSL router Whe the client is behind a MT device the L2TP connection to a remote mikrotik L2TP/IPSEC server fails Phase 1 and 2 seems to be completed but L2TP is not even start...
by ik3umt
Thu Apr 13, 2017 4:45 pm
Forum: Beginner Basics
Topic: How to ban an hotspot trial user ??
Replies: 6
Views: 808

Re: How to ban an hotspot trial user ??

Just in case some non-occasional user (i.e. my neighbor's house) gets my wpa key and use hotspot as his own gateway.....
by ik3umt
Mon Apr 10, 2017 6:16 pm
Forum: Beginner Basics
Topic: How to ban an hotspot trial user ??
Replies: 6
Views: 808

Re: How to ban an hotspot trial user ??

The problem is how you identify "rouge" client and normal users ?
Not so easy..... i.e. a permanently "active" hotspot user or a known "active host name" in a dhcp lease....

I mean the maintainer has to identify MAC address to be banned, not routerboard automatically itself.....
by ik3umt
Mon Apr 10, 2017 4:39 pm
Forum: Beginner Basics
Topic: How to ban an hotspot trial user ??
Replies: 6
Views: 808

Re: How to ban an hotspot trial user ??

But I also need he cannot re-login as trial (i.e. a "rogue" client)

Any way ?

Thank you
by ik3umt
Fri Apr 07, 2017 8:13 pm
Forum: Beginner Basics
Topic: Firewall Filter Restriction
Replies: 15
Views: 1910

Re: Firewall Filter Restriction

using regexp instead ?
/ip dns static add regexp=.facebook.com address=127.0.0.1
by ik3umt
Fri Apr 07, 2017 8:00 pm
Forum: Beginner Basics
Topic: HotSpot Trial user pre-login https server error
Replies: 9
Views: 1374

Re: HotSpot Trial user pre-login https server error

No doubt on getting back warnings, already proved....
I just want to understand where is the problem, if it is intrinsic in the browser then....yes, there is not so much to do....
by ik3umt
Fri Apr 07, 2017 5:07 pm
Forum: Beginner Basics
Topic: How to ban an hotspot trial user ??
Replies: 6
Views: 808

How to ban an hotspot trial user ??

Once hotspot trial authentication is enabled , each connecting user is created with T-<MAC address> username

How can I disable unwanted user(s) ??

The dynamically created users can't be disabled by ip->hotspot->user section.....
by ik3umt
Fri Apr 07, 2017 5:00 pm
Forum: Beginner Basics
Topic: HotSpot Trial user pre-login https server error
Replies: 9
Views: 1374

Re: HotSpot Trial user pre-login https server error

I'm not experienced but, once an HTTPS request from a not yet authenticated user comes to hotspot , is it still not possible to answer back and tell the browser "reload this HTTP page" ??
Is the problem related to web browser itself when it asks for HTTPS but it receives back something different ??
by ik3umt
Fri Mar 31, 2017 2:23 pm
Forum: General
Topic: Maintenance Level
Replies: 2
Views: 443

Maintenance Level

Is it possible to configure a user with less privilege in winbox or web configuration ?
I.e. decide what settings can a user go to modify ??
Thanks
by ik3umt
Tue Mar 28, 2017 6:46 pm
Forum: Beginner Basics
Topic: HotSpot Trial user pre-login https server error
Replies: 9
Views: 1374

Re: HotSpot Trial user pre-login https server error

There's no solution. Hotspot uses a man-in-the-middle scheme to catch and redirect http requests. Https protocol is designed to avoid this from happening, the device will get a warning about potential security breach. Anyway, from what I saw, once authenticated (user/pass or trial) the user is able...
by ik3umt
Tue Mar 28, 2017 3:54 pm
Forum: Beginner Basics
Topic: HotSpot Trial user pre-login https server error
Replies: 9
Views: 1374

HotSpot Trial user pre-login https server error

I have enabled trial user on the hotspot If the user try to browse HTTP sites , the hotspot welcome page appears It he try to browse an HTTPS site , browser says it cannot open the page because of server connection has failed. After a regular trial login (by choosing HTTP site) then also HTTPS sites...
by ik3umt
Fri Mar 24, 2017 5:02 pm
Forum: General
Topic: PCC when multiple LANs
Replies: 3
Views: 666

Re: PCC when multiple LANs

or summary entire subnet in one.
What do you mean with this ?
by ik3umt
Fri Mar 24, 2017 3:49 pm
Forum: General
Topic: PCC when multiple LANs
Replies: 3
Views: 666

PCC when multiple LANs

I'm using succesfully the following rules for PCC dual-wan : add chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes connection-state=new protocol=tcp dst-address-type=!local in-interface=ether1 dst-port=!443 per-connection-classifier=both-addresses-and-ports:2/0 ad...
by ik3umt
Tue Mar 21, 2017 4:26 pm
Forum: General
Topic: how to fasten fiber cable to netmetal
Replies: 4
Views: 539

Re: how to fasten fiber cable to netmetal

44.x.x.x ip "A" class (ampr net)

From what I understand is a outdoor fiber suitable for aerial stretched span with no support, so it is tough enough for simple tie-wrap on the mast itself....
by ik3umt
Tue Mar 21, 2017 3:44 pm
Forum: General
Topic: how to fasten fiber cable to netmetal
Replies: 4
Views: 539

Re: how to fasten fiber cable to netmetal

Hi, What type of fiber are you using ?? A "dead loop" would prevent stretch, I usually slide heat-shrink tube (the thick glue-compound one is better) along the fiber then you can clamp it with light hose clamps or cable clamps. Friction between heat-shrink tube and mast is enough to prevent fiber fr...
by ik3umt
Tue Mar 14, 2017 5:05 pm
Forum: Wireless Networking
Topic: CAPsMAN tx and rx chains
Replies: 4
Views: 1387

CAPsMAN tx and rx chains

What's the difference between all HT rx and tx chains selected or leave them hidden in "CAPs Configurations" window ??

Thanks
by ik3umt
Tue Mar 14, 2017 11:25 am
Forum: Wireless Networking
Topic: CAPsMAN upgrade fails because no file
Replies: 6
Views: 4276

CAPsMAN upgrade fails because no file

My ap cannot get upgraded by CAPsMAN because of "failed to download file "routeros-mipsbe-6.xx.xx.npk" , no such file" That file doesn't exist into RB indeed As I upgrade CAPs Manager online , how can I get that file to be downloaded and saved into manager other than automatically installed by onlin...
by ik3umt
Thu Mar 09, 2017 10:23 am
Forum: General
Topic: Switching with RouterOS / CRS Questions
Replies: 81
Views: 43624

Re: Switching with RouterOS / CRS Questions

I join this post as I'm trying to setup Vlans on CRS125 Summarizing. if I'm right there are these steps to follow: 1: declare untagged (access) ports , I've seen three methods to do it : /interface ethernet switch ingress-vlan-translation add ports=ether6 customer-vid=0 new-customer-vid=200 sa-learn...
by ik3umt
Wed Mar 08, 2017 9:26 am
Forum: Beginner Basics
Topic: First VLAN attempt
Replies: 2
Views: 508

Re: First VLAN attempt

I have understood there are three type of hardware with different behaviour about vlan CCR, CRS and Atheros-based switch-chip For now, i'm testing a spare RB3011 this way : interface ethernet switch vlan print terse 0 switch=switch1 vlan-id=10 ports=ether1,ether2,ether3,ether4,ether5, switch1-cpu in...
by ik3umt
Fri Mar 03, 2017 6:18 pm
Forum: Beginner Basics
Topic: First VLAN attempt
Replies: 2
Views: 508

First VLAN attempt

I need to do this in CRS125 : http://www.digiteltlc.com/public/vlanmk.jpg Eth22 is the trunk with a third party switch Eth 1 to 21 are VLAN200 untagged Practically, vlan access ports are on the remote switch while CRS is the gateway for each of those single vlans (and it is the gateway for local vla...
by ik3umt
Fri Feb 10, 2017 5:34 pm
Forum: General
Topic: 2011 & 3011 config
Replies: 2
Views: 573

Re: 2011 & 3011 config

I've experienced malfunctioning while restoring backup between different hardware AP With same model I have always restored backups that way (i.e. replacing a faulty RB2011 with another RB2011), Was I wrong ?? I asked now because of great similarity of 2011 and 3011 , so I'll go for export >>>>> imp...
by ik3umt
Fri Feb 10, 2017 2:34 pm
Forum: General
Topic: 2011 & 3011 config
Replies: 2
Views: 573

2011 & 3011 config

Can I load a rb2011uias backup file into a rb3011uias without loosing anything ??
(Same ros release)
by ik3umt
Tue Jan 31, 2017 9:22 am
Forum: Beginner Basics
Topic: Bridge and L2
Replies: 2
Views: 427

Re: Bridge and L2

Thank you
by ik3umt
Mon Jan 30, 2017 6:31 pm
Forum: Beginner Basics
Topic: Bridge and L2
Replies: 2
Views: 427

Bridge and L2

When two interfaces are attached together by a bridge , is it intended to be Layer2 capable ?
by ik3umt
Mon Jan 23, 2017 10:15 am
Forum: Beginner Basics
Topic: Need a clarification on capsman local forwarding
Replies: 4
Views: 1645

Need a clarification on capsman local forwarding

From a little I've understood, to enable local forwarding I have to check "local forwarding" flag on capsman datapath config, and bind wlan and eth together with a bridge on each AP Otherwise all traffic is controlled by manager Am I right ? What's the benefit in using a config rather than other and...
by ik3umt
Fri Jan 20, 2017 2:59 pm
Forum: General
Topic: CAPsMAN what if....
Replies: 5
Views: 884

Re: CAPsMAN what if....

So....it seems NOT working on wAP-ac 2.4GHz radio, I thougth it was a CAPsMAN issue but tried to run wAP-ac as normal AP : SSID is not seen by my 2.4GHz devices. Band : 2GHz b/g/n Channel Width: 20MHz Frequency: Auto SSID sometimes pops-up for few seconds and disappears If i set frequency, it appear...
by ik3umt
Fri Jan 20, 2017 11:11 am
Forum: General
Topic: CAPsMAN what if....
Replies: 5
Views: 884

CAPsMAN what if....

What if I install more wAP-ac controlled by CAPsMAN without any channel configuration ??

Do they place themselves in a random channel each ?

Thank you
by ik3umt
Thu Nov 03, 2016 5:59 pm
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 44424

Re: wAP AC (General questions and experience)

/system reset-configuration no-defaults=yes
to get no config.
Fine, Thank you
Is there a "system reset-configuration" argument to get the CAP mode ??
by ik3umt
Thu Nov 03, 2016 4:17 pm
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 44424

Re: wAP AC (General questions and experience)

Just arrived three today From what I've understood, they come with a default AP configuration with firewalled ethernet (no management) and no encryption on wireless. If powered-up with reset button pressed they boot in CAP mode with management capability on ethernet. If I want a zero-configuration r...
by ik3umt
Wed Nov 02, 2016 5:30 pm
Forum: Beginner Basics
Topic: VLAN routing
Replies: 1
Views: 392

VLAN routing

New to VLANs :

How can I keep VLAN functionality over geographic routes ?
I.E. vlan 100 and 200 on Rome office have to be present on the Paris and London offices ??
How to manage vlan trunks over routing without to know (or don't care to know) what there is in the middle ?

Thank you
by ik3umt
Thu Oct 27, 2016 3:43 pm
Forum: Beginner Basics
Topic: Port forwarding not working and I can't see why
Replies: 15
Views: 1450

Re: Port forwarding not working and I can't see why

Are you sure is a port forwarding issue ?
Have you tried to enable STUN and see how it goes ?
Or simply a codec issue ?
by ik3umt
Mon Oct 24, 2016 9:39 am
Forum: Beginner Basics
Topic: Question about hairpin nat
Replies: 1
Views: 448

Question about hairpin nat

As per wiki : http://wiki.mikrotik.com/images/2/2e/Hairpin_nat_1.png Basic config : /ip firewall nat add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.1.2 add chain=srcnat out-interface=WAN action=masquerade Hairpin NAT: /ip firewall nat add chain=srcnat...
by ik3umt
Fri Oct 21, 2016 3:48 pm
Forum: General
Topic: Console print command column layout
Replies: 3
Views: 1305

Re: Console print command column layout

/ip nei print terse ????

Yes, a lot of perhaps unwanted infos but.....at least not truncated....
by ik3umt
Thu Oct 20, 2016 11:33 am
Forum: Beginner Basics
Topic: Arrange two subnets lan
Replies: 6
Views: 705

Re: Arrange two subnets lan

Nice idea....
by ik3umt
Thu Oct 20, 2016 10:07 am
Forum: Beginner Basics
Topic: Arrange two subnets lan
Replies: 6
Views: 705

Re: Arrange two subnets lan

Yes, the problem is those four PC havin both subnets configured in their NIC... how should I manage this issue ?
Should I move those PC to a single subnet and allow routing to other subnet via routerboard ? (or switch itself ?)
by ik3umt
Thu Oct 20, 2016 9:36 am
Forum: Beginner Basics
Topic: Arrange two subnets lan
Replies: 6
Views: 705

Re: Arrange two subnets lan

What about Vlan for pc having both subnets configured in their NIC ?? (I'm a newbie about Vlan - time to study now- ) can I configure some switch ports who belong to two Vlan simultaneously ? The switch itself has Vlan routing capability if needed, and traffic between two subnet is very low anyway.....
by ik3umt
Wed Oct 19, 2016 6:01 pm
Forum: Beginner Basics
Topic: Arrange two subnets lan
Replies: 6
Views: 705

Arrange two subnets lan

Newbie question: I have two LAN subnets : 192.168.0.0/24 and 10.0.0.0/24 There are 20 pc: 10 pc with nic configured on 192.168.0.0 work with a 192.168.0.100 server 6 pc with nic configured on 10.0.0.0 work with a 10.0.0.100 server 4 pc with nic configured on 192.168.0.0 plus 10.0.0.0 as secondary ip...
by ik3umt
Wed Oct 12, 2016 10:01 am
Forum: Beginner Basics
Topic: How to disable a non working NATted route ?
Replies: 4
Views: 617

Re: How to disable a non working NATted route ?

I've found http://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting very useful, expecially second example : /ip route add dst-address=Host1A gateway=GW1 scope=10 add dst-address=Host1B gateway=GW1 scope=10 add dst-address=Host2A gateway=GW2 scope=10 add dst-address=Host2B gateway=G...
by ik3umt
Fri Oct 07, 2016 6:06 pm
Forum: General
Topic: PCC routing-mark and failover
Replies: 0
Views: 320

PCC routing-mark and failover

With two WAN and PCC routing mark like this: add dst-address=0.0.0.0/0 gateway=192.168.10.1 routing-mark=to_WAN1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.20.1 routing-mark=to_WAN2 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.10.1 distance=1 check-gateway=ping add ...
by ik3umt
Thu Oct 06, 2016 9:01 am
Forum: Announcements
Topic: v6.37.1 [current] is released!
Replies: 144
Views: 38210

Re: v6.37.1 [current] is released!

I know there could be more things involved, but 6.37 to 6.37.1 update has broken my two wan PCC environment (the classic one as per many examples) I have to shut down one or the other interface to avoid web browsing stall Anyone with same issue ?? [EDIT] Sorry , Update and reboot has re-enabled a di...
by ik3umt
Mon Oct 03, 2016 10:05 am
Forum: Beginner Basics
Topic: How to disable a non working NATted route ?
Replies: 4
Views: 617

Re: How to disable a non working NATted route ?

I'll give it a try,
thank you
by ik3umt
Mon Oct 03, 2016 9:59 am
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 44424

Re: wAP AC (General questions and experience)

So, is Wap AC 802.3af compliant ??
by ik3umt
Fri Sep 30, 2016 5:12 pm
Forum: Beginner Basics
Topic: How to disable a non working NATted route ?
Replies: 4
Views: 617

How to disable a non working NATted route ?

PCC environment: I have four DSL routers natted to four routerboard WAN ethernet Each DSL router LAN ip address is configured as gateway in routerboard if a DSL line fails routerboard is not aware of, so that gateway is still considered valid How can it automatically disable that route when DSL fail...
by ik3umt
Wed Sep 21, 2016 6:39 pm
Forum: Beginner Basics
Topic: Iphone and L2TP + mikrotik in
Replies: 2
Views: 734

Re: Iphone and L2TP + mikrotik in

Is the MikroTik machine behind NAT or your provider supplies a pure public IP address to your MikroTik WAN interface ??

Anyway, start to play here

https://www.nasa-security.net/mikrotik/ ... ith-ipsec/

http://www.firstdigest.com/2015/01/mikr ... e-clients/
by ik3umt
Tue Sep 20, 2016 1:11 pm
Forum: Beginner Basics
Topic: Change destination port
Replies: 2
Views: 1003

Re: Change destination port

Thank you

I usually do it in wan to lan port forwarding
I need to do it for outgoing packets ( lan to wan) and the translation has to be valid for only a single machine on lan
What should be the right syntax and interfaces involved/ applied to ??
by ik3umt
Tue Sep 20, 2016 11:50 am
Forum: Beginner Basics
Topic: Change destination port
Replies: 2
Views: 1003

Change destination port

A lan machine behind MT nat tries to connect an internet address in a particular port (let's say 8000)

Can MT change the outgoing packet destination port from 8000 to i.e. 9000 with lan machine being unaware of ???

Thanks
by ik3umt
Mon Jul 25, 2016 7:59 pm
Forum: Beginner Basics
Topic: Navigation issue with Fasttrack in conjunction with pcc
Replies: 6
Views: 1774

Navigation issue with Fasttrack in conjunction with pcc

I'm experiencing some navigation issues (website latency or hung, timeout during web bandwidth tests etc.) that disappear once fasttrack rules are disabled on ip firewall filter. I'm using two wan PCC as per  http://mum.mikrotik.com/presentations/US12/steve.pdf  instructions. What can I check and wh...
by ik3umt
Sun Jul 17, 2016 3:12 am
Forum: General
Topic: Mikrotik L2TP/IPSEC server nat behind Ubuntu
Replies: 3
Views: 1038

Re: Mikrotik L2TP/IPSEC server nat behind Ubuntu

Take a look at  http://forum.mikrotik.com/viewtopic.php?f=2&t=72198 http://forum.mikrotik.com/viewtopic.php?f=2&t=105910 Mikrotik L2TP/IPSEC server behind nat (mikrotik wan interface without public IP address) doesn't work or, at least, nobody suggest me how to make it work. There is a mismatch in p...
by ik3umt
Thu Jun 02, 2016 8:14 pm
Forum: General
Topic: IPSec/L2TP VPN on Mikrotik behind NAT but with FQDN
Replies: 31
Views: 28302

Re: IPSec/L2TP VPN on Mikrotik behind NAT but with FQDN

Is it an xDSL connection ? I have no experience but I don't think PPPoE client inside MT machine takes so much resources once PPPoE connection is established..... In one of my installations I have to do so, configure a cisco router as a straigth dsl modem (ATM and ethernet bridged together) and leav...
by ik3umt
Thu May 12, 2016 11:24 am
Forum: General
Topic: IPSec/L2TP VPN on Mikrotik behind NAT but with FQDN
Replies: 31
Views: 28302

Re: IPSec/L2TP VPN on Mikrotik behind NAT but with FQDN

Quite old discussion , but I had the same problem , no way to make MT L2TP/IPSEC AC behind a nat , because the policy is created using public ip addresses, while SA are installed using MT AC WAN IP (but it is a private one anyway behind a NAT) If you manually create a policy with MT WAN IP as source...
by ik3umt
Tue May 10, 2016 9:14 am
Forum: Beginner Basics
Topic: Is SFP port part of first switch ?
Replies: 2
Views: 517

Re: Is SFP port part of first switch ?

Clear, thanks.
by ik3umt
Mon May 09, 2016 11:01 pm
Forum: Beginner Basics
Topic: Is SFP port part of first switch ?
Replies: 2
Views: 517

Is SFP port part of first switch ?

RB2001uias :

Is SFP port connected to the gigabit switch ??

I have eth1 as master port for eth 2 to 5
eth5 is connected to an ethernet to optical transceiver, but now I can connect that fiber to SFP port:
Can I just set eth1 as master port for SFP interface ??

Thank you
by ik3umt
Tue May 03, 2016 10:59 am
Forum: General
Topic: Keep incoming connection on right WAN
Replies: 0
Views: 306

Keep incoming connection on right WAN

In a system with multiple WAN interfaces, what rule should I add to make sure an incoming connection is replied on the same wan interface ??

Thank you
by ik3umt
Thu Apr 07, 2016 5:39 pm
Forum: General
Topic: L2tp/IPsec is driving me crazy !!!!
Replies: 10
Views: 1757

Re: L2tp/IPsec is driving me crazy !!!!

No further test are done....... However , it seems there is not a src/dst issue The only way to make the system work is creating manually a policy with MT wan as source (10.0.0.2) and iphone ip as destination (5.6.7.8 ) but this last one is dynamic, obviously.... This when a dynamic policy 1.2.3.4 =...
by ik3umt
Fri Apr 01, 2016 4:19 pm
Forum: General
Topic: No luck with L2TP IPsec but same issue with GRE IPsec
Replies: 3
Views: 692

Re: No luck with L2TP IPsec but same issue with GRE IPsec

I was thinking about a script to generate a second dynamic policy once the first one has taken place. Do you think it is possible ?? ( I'm absolutely a noob in scripting...) Or.....adding the DSL line public ip address as secondary in MT wan interface to fool some way the policy generation process ?...
by ik3umt
Fri Mar 25, 2016 4:43 pm
Forum: General
Topic: No luck with L2TP IPsec but same issue with GRE IPsec
Replies: 3
Views: 692

Re: No luck with L2TP IPsec but same issue with GRE IPsec

That's the answer i was waiting for...... If one know a "roadwarrior" cannot establish an IPsec connection with a MT behind any type of nat, one can avoid to waste its time in useless tests....... Anyway, MT knows the initiator IP address, the responder IPaddress (DSL line) and its WAN IP address It...
by ik3umt
Wed Mar 23, 2016 1:13 pm
Forum: General
Topic: No luck with L2TP IPsec but same issue with GRE IPsec
Replies: 3
Views: 692

No luck with L2TP IPsec but same issue with GRE IPsec

I'm giving up with my issue about L2TP/IPsec as per my previous post : http://forum.mikrotik.com/viewtopic.php?f=2&t=105910 Anyway , I have the same issue securing GRE tunnel using IPsec (as per native IPsec section in GRE configuration) : The connecting peers have DYNAMIC ip adresses that change ti...
by ik3umt
Tue Mar 22, 2016 9:25 am
Forum: General
Topic: L2tp/IPsec is driving me crazy !!!!
Replies: 10
Views: 1757

Re: L2tp/IPsec is driving me crazy !!!!

Thank you for interesting
I think , having a private subnet as MT wan to connect to transparently nat-ted ISP router is not uncommon, so my problem should't be so uncommon also
Probably there are some usual workarounds I'm not aware of.....
by ik3umt
Mon Mar 21, 2016 5:11 pm
Forum: General
Topic: L2tp/IPsec is driving me crazy !!!!
Replies: 10
Views: 1757

Re: L2tp/IPsec is driving me crazy !!!!

http://www.digiteltlc.com/public/iphone.jpg A step further.... looking at diagram above : an ipsec policy is generated automatically src=1.2.3.4 dst=5.6.7.8 it works IF i manually add a second policy src=10.0.0.2 dst=5.6.7.8 NO template obviously , iphone address 5.6.7.8 is dynamic so in real life ...
by ik3umt
Mon Mar 21, 2016 3:12 pm
Forum: General
Topic: L2tp/IPsec is driving me crazy !!!!
Replies: 10
Views: 1757

Re: L2tp/IPsec is driving me crazy !!!!

Still one of hardest issue for me to solve..... When a pair of SA are installed, i suppose Phase1 and Phase2 are correctly passed, isn't it ?? in fact, after this, the L2TP server builds a tunnel and starts to send multiple retry control messages from WAN 10.0.0.2 to iPhone ip address (as seen in lo...
by ik3umt
Sat Mar 19, 2016 8:24 pm
Forum: General
Topic: L2tp/IPsec is driving me crazy !!!!
Replies: 10
Views: 1757

Re: L2tp/IPsec is driving me crazy !!!!

Thank you for reply
Your configuration is like mine....
Or at least like one of many I have tried
I suppose there are no nat or firewall/ports issues as for testing purpose only the masquerade rule is present, nothing blocked......

Any other idea ???
by ik3umt
Fri Mar 18, 2016 6:10 pm
Forum: General
Topic: L2tp/IPsec is driving me crazy !!!!
Replies: 10
Views: 1757

Re: L2tp/IPsec is driving me crazy !!!!

Sorry for tedious requests.... Something is still not clear.... I don't understand why no traffic is passed back to initiator : Scenario : http://www.digiteltlc.com/public/iphone.jpg On iPhone connection a dynamic policy is created : http://www.digiteltlc.com/public/policy.jpg as well as a pair of S...
by ik3umt
Wed Mar 16, 2016 5:38 pm
Forum: General
Topic: L2tp/IPsec is driving me crazy !!!!
Replies: 10
Views: 1757

L2tp/IPsec is driving me crazy !!!!

I'm trying to setup an L2TP/IPsec connection from IPhone to RouterOS device RouterOS device connectivity was done this way : dsl_line-----------[public_static_IP ISP_ROUTER 10.0.0.1]----------[10.0.0.2(WAN) RouterOS_device 192.168.0.1/24(LAN) ] all dsl traffic is NATted transparently to RouterOS WAN...
by ik3umt
Tue Mar 15, 2016 6:31 pm
Forum: General
Topic: IPsec tunnel between Apple iOS and RouterOS
Replies: 1
Views: 639

Re: IPsec tunnel between Apple iOS and RouterOS

Briefly, what I don't understand is the corresponding configuration part named "group" in cisco:

crypto isakmp client configuration group MYVPNGROUPNAME
key 123456
dns 192.168.0.1
pool VPN-Pool
acl 120
max-users 5



is this something cisco-proprietary i cannot reproduce in RouterOS ??

Thank you
by ik3umt
Tue Mar 15, 2016 1:23 pm
Forum: General
Topic: IPsec tunnel between Apple iOS and RouterOS
Replies: 1
Views: 639

IPsec tunnel between Apple iOS and RouterOS

I have few Apple iOS devices configured using the native Cisco VPN client to establish a IPsec tunnel with a Cisco router This Cisco router has been replaced with a RouterOS device Can I setup this last one to bring up IPsec tunnel again without change iOS devices settings or VPN mode ? PPTP native ...
by ik3umt
Fri Mar 04, 2016 4:50 pm
Forum: Beginner Basics
Topic: Routing performances comparison
Replies: 7
Views: 2030

Re: Routing performances comparison

Nice to hear it from you... :D

Thank you
by ik3umt
Fri Mar 04, 2016 9:52 am
Forum: Beginner Basics
Topic: Routing performances comparison
Replies: 7
Views: 2030

Re: Routing performances comparison

Thank you for answers I've compared side by side those machines on routerboard.com Cpu, cpu speed, ram size, storage size are the same I have a little experience with 2011 and three to five dsl lines pcc/routing mark managed and a little firewall config They all work flawlessly So I suppose CRS mach...
by ik3umt
Thu Mar 03, 2016 6:50 pm
Forum: Beginner Basics
Topic: Routing performances comparison
Replies: 7
Views: 2030

Routing performances comparison

Briefly, what is the routing performance capability of RB2011UiAS (with external switch) VS a CRS125-24G-1S-IN , both with a pair of ports connected to dsl router (10Mb/s dwn - 1Mb/sup dsl bandwidth) ??

Thank you
by ik3umt
Tue Mar 01, 2016 9:27 am
Forum: General
Topic: CRS port trunking
Replies: 3
Views: 459

Re: CRS port trunking

It is however possible between routeros devices, isn't it ??
by ik3umt
Mon Feb 29, 2016 4:38 pm
Forum: General
Topic: CRS port trunking
Replies: 3
Views: 459

CRS port trunking

Is there any port trunking available in Cloud Router Switches to enhance bandwithd in conjunction with other switches brands (non proprietary system) ??
I have two gigabit ports available between a CRS125-24 and a HP1700-24

Thank you
by ik3umt
Wed Feb 10, 2016 6:22 pm
Forum: General
Topic: Routing to multiple same-subnet VPNs
Replies: 16
Views: 3735

Re: Routing to multiple same-subnet VPNs

Then, checked , it works like a charm.....
Thank you
by ik3umt
Wed Feb 10, 2016 9:29 am
Forum: General
Topic: Routing to multiple same-subnet VPNs
Replies: 16
Views: 3735

Re: Routing to multiple same-subnet VPNs

Thank you for your note However , knowing customers , I'm almost sure they have their lan subnets other than mine. I noted instead , I have to insert a routing rule at customer side pointing to my lan subnet using my side gre ip address as gateway , otherwise it doesn't work. Am I wrong with somethi...
by ik3umt
Thu Feb 04, 2016 10:03 am
Forum: General
Topic: Routing to multiple same-subnet VPNs
Replies: 16
Views: 3735

Re: Routing to multiple same-subnet VPNs

Clear now
Thank you , I'm givin it a try ....
by ik3umt
Wed Feb 03, 2016 6:06 pm
Forum: General
Topic: Routing to multiple same-subnet VPNs
Replies: 16
Views: 3735

Re: Routing to multiple same-subnet VPNs

Thank you for information, I never had the need to use netmap , time to learn. I'm a little confused about which side to configure with your example, Take a look at the diagram with only two customers involved and their interfaces name: http://www.digiteltlc.com/public/MULTI.jpg What NAT configurati...
by ik3umt
Mon Feb 01, 2016 5:59 pm
Forum: General
Topic: Routing to multiple same-subnet VPNs
Replies: 16
Views: 3735

Re: Routing to multiple same-subnet VPNs

The purpose could be of remote managing devices that reside on different customers LANs I cannot ask a customer to change an already working subnet just to satisfy my needs. The customer instead allow me to install a VPN for that particular need. I'm already using PPTP calls to bring up the tunnel w...
by ik3umt
Mon Feb 01, 2016 4:34 pm
Forum: General
Topic: Routing to multiple same-subnet VPNs
Replies: 16
Views: 3735

Re: Routing to multiple same-subnet VPNs

Remote LAN subnets cannot be modified at all,
suggestions ?
by ik3umt
Mon Feb 01, 2016 4:15 pm
Forum: General
Topic: Routing to multiple same-subnet VPNs
Replies: 16
Views: 3735

Routing to multiple same-subnet VPNs

Probably a confusing title (and a bit off-topic argument ?).... Let's assume I build a number of tunnels between my own site and remote sites. Each remote LAN has the same subnet (i.e. 192.168.1.0/24) so there will be many machines , each on its own LAN , with the same ip address. Can I create virtu...
by ik3umt
Mon Feb 01, 2016 9:23 am
Forum: General
Topic: Can I open a .backup file locally ??
Replies: 3
Views: 1237

Re: Can I open a .backup file locally ??

So,
I will try to restore it into a p.c. routerOs

thank you
by ik3umt
Fri Jan 29, 2016 5:32 pm
Forum: General
Topic: Can I open a .backup file locally ??
Replies: 3
Views: 1237

Can I open a .backup file locally ??

I need to view a configuration saved in a .backup file
It is not a running configuration and i can't restore it into a running device as it would break connections.
I've stored this file in a windows machine : can i read its content some way ??

Thank you
by ik3umt
Thu Nov 19, 2015 6:01 pm
Forum: Beginner Basics
Topic: Mangle rules counters
Replies: 1
Views: 362

Mangle rules counters

When the traffic counter increase in a mangle rule, does it necessary mean that packets are filtered by that rule and they leave the chain ??? Or do they continue the chain if passthrough=yes is set ?? I have some accept rules on first positions , their counter have never increased (0) , does it mea...
by ik3umt
Thu Nov 19, 2015 4:03 pm
Forum: General
Topic: step by step tutorial on wan load balancing
Replies: 6
Views: 1614

Re: step by step tutorial on wan load balancing

Glad to know you've found it helpful. I'm learning too so probably I'm not the right person to ask for detailed explanations, however , those lines are used to manage a connection coming from WAN to be answered out on the same WAN First the incoming connection from a specific WAN with no marks is ma...
by ik3umt
Wed Nov 11, 2015 10:49 am
Forum: General
Topic: step by step tutorial on wan load balancing
Replies: 6
Views: 1614

Re: step by step tutorial on wan load balancing

I've followed these ones to play with loadbalancing :

http://mum.mikrotik.com/presentations/US12/steve.pdf

http://mum.mikrotik.com/presentations/US12/tomas.pdf

There are a lot of docs on the net...
by ik3umt
Wed Nov 11, 2015 10:14 am
Forum: General
Topic: Should I bypass tunnels connections in mangle ?
Replies: 0
Views: 392

Should I bypass tunnels connections in mangle ?

I have a gre tunnel up and running Since I started to insert some mangle rules for routing mark purpose I've seen no more packets flowing through tunnel I have inserted first an Accept rule with local Lan as source and remote Lan as destination but with no results. So I had to insert an Accept rule ...
by ik3umt
Thu Nov 05, 2015 11:46 am
Forum: General
Topic: PCC load balancing : rules order and passtrough
Replies: 0
Views: 367

PCC load balancing : rules order and passtrough

I'm using fine this mangle set for PCC loadbalancing But "fine" doesn't always mean "the best way" I was ask you about the rules sequence and the passthrough= statement are OK or not (there is some confusion in the moltitude of resources available on the net....) ether1= LAN ether 6 = 192.168.10.2, ...
by ik3umt
Wed Nov 04, 2015 5:07 pm
Forum: General
Topic: Broadcast and multicast from different networks
Replies: 1
Views: 210

Re: Broadcast and multicast from different networks

I.e. I've inserted these two rules : chain=input action=drop src-address=!10.0.1.0/0 in-interface=ether1 chain=input action=drop src-address=!10.0.2.0/0 in-interface=ether2 (where eth has 10.0.1.1 and eth2 has 10.0.2.1 ) I noted a lot of packet rejected on firewall rules winbox window (Bytes-Packets...
by ik3umt
Wed Nov 04, 2015 4:57 pm
Forum: General
Topic: Broadcast and multicast from different networks
Replies: 1
Views: 210

Broadcast and multicast from different networks

Scenario : Few pc on a LAN subnet and few others on a different LAN subnet All are tepmorarily connected to a single ethernet switch (no VLAN capable) waiting for a second dedicated switch to arrive. Two ports of this single switch are connected to eth1 and eth2 of a routerboard, these ports have di...
by ik3umt
Mon Nov 02, 2015 3:08 pm
Forum: General
Topic: Re-route a port to router.....
Replies: 5
Views: 506

Re: Re-route a port to router.....

I've solved this issue by adding a masquerade rule to my srcnat chain. That way, my Mikrotik replaces my LAN ip address with the IP address of the interface facing the DSL modem. That way my DSL modem just has to deal with the subnet between the modem and the Mikrotik. /ip firewall nat add chain=sr...
by ik3umt
Mon Nov 02, 2015 1:03 pm
Forum: General
Topic: Re-route a port to router.....
Replies: 5
Views: 506

Re: Re-route a port to router.....

It doesn't work.... probably it doesn't know where to route traffic back..... My office ip address is aaa.bbb.ccc.ddd ISP router lan is 10.0.0.1/30 routerboard wan is 10.0.0.2/30 on eth1 chain=dstnat action=dst-nat to-addresses=10.0.0.1 to-ports=80 protocol=tcp src-address=aaa.bbb.ccc.ddd in-interfa...
by ik3umt
Fri Oct 30, 2015 6:04 pm
Forum: General
Topic: Re-route a port to router.....
Replies: 5
Views: 506

Re-route a port to router.....

My dsl router has all incoming traffic forwarded transparently to my routerboard wan interface
How can I re-route an incoming tcp connection (let's say port 8080) back to my router lan in port 80 for maintenance purpose ??
Dsl router doesn't allow mainenance from dsl line.
by ik3umt
Thu Oct 29, 2015 2:36 pm
Forum: General
Topic: Dynamic load balancing without PCC
Replies: 3
Views: 502

Re: Dynamic load balancing without PCC

Nice to hear it from you both
There are two scenarios I can apply to :

A company with 10-15 pc sharing three equal bandwidth dsl lines
A home network with a pair of pc and a pair of adsl lines

Which solution (PCC or traffic monitor) should I choose for each environment ??
by ik3umt
Thu Oct 29, 2015 12:29 pm
Forum: General
Topic: Dynamic load balancing without PCC
Replies: 3
Views: 502

Dynamic load balancing without PCC

Has anyone tried this ?

http://mum.mikrotik.com/presentations/US12/tomas.pdf

It uses traffic monitor to check used bandwidth and modify routing mark dynamically.

Any thought ??
by ik3umt
Wed Oct 28, 2015 4:04 pm
Forum: General
Topic: Static route over gre tunnel : interface vs ipaddress
Replies: 4
Views: 610

Re: Static route over gre tunnel : interface vs ipaddress

Ok
I thought using gw=tunnel all packets addressed to that network would be routed through tunnel to the remote site.....

Thank you
by ik3umt
Wed Oct 28, 2015 10:13 am
Forum: General
Topic: Static route over gre tunnel : interface vs ipaddress
Replies: 4
Views: 610

Static route over gre tunnel : interface vs ipaddress

When adding a static route for a remote network over a gre tunnel, what should i use as gateway ? the remote tunnel endpoint ip address or the tunnel interface name itself ?
What's the difference ?

Thank you
by ik3umt
Wed Oct 28, 2015 10:08 am
Forum: General
Topic: Would you help me to understand this MTU issue ?
Replies: 3
Views: 1139

Re: Would you help me to understand this MTU issue ?

Thank you for replies and clarifications.

Yes , with an MTU of 1418 all is working fine , probably dued in fact to ppoe 8 byte less....

Let's see how it works....

Regards
by ik3umt
Tue Oct 27, 2015 1:19 am
Forum: General
Topic: Would you help me to understand this MTU issue ?
Replies: 3
Views: 1139

Would you help me to understand this MTU issue ?

I'm running a GRE tunnel with IPSEC to connect two different lan subnets , 192.168.0.0/24 site A and 192.168.1.0/24 site B. Site B lan, has no direct internet connection, so it uses site A internet ISP router as gateway. All is working fine but now customer need to change connectivity between sites,...
by ik3umt
Fri Sep 25, 2015 4:39 pm
Forum: Beginner Basics
Topic: Connecting more geographic sites: wich vpn ?
Replies: 13
Views: 1647

Re: Connecting more geographic sites: wich vpn ?

Ok, I've played succesfully with OSPF and I think I'llgo for it, About L2TP (that I never used) is there perhaps some "unwanted" or "problematic" traffic in connecting 16 fully meshed sites on Layer2 ??? It's like to have all sites wire-connected , all seeing all , despite protocols etc From what I'...
by ik3umt
Thu Sep 24, 2015 10:32 am
Forum: Beginner Basics
Topic: Connecting more geographic sites: wich vpn ?
Replies: 13
Views: 1647

Re: Connecting more geographic sites: wich vpn ?

OK, useful infos...! At this point I can say the central hub site to pass through has to be avoided, it has greater bandwidth but not enough to manage all traffic the other sites are doing between them. What difference using GRE (as I already used in the past in conjunction with IPSEC) vs L2TP ?? I ...
by ik3umt
Wed Sep 23, 2015 6:51 pm
Forum: Beginner Basics
Topic: Connecting more geographic sites: wich vpn ?
Replies: 13
Views: 1647

Re: Connecting more geographic sites: wich vpn ?

Thanks for replies,
All sites have their own public static IP address

It would be interesting that traffic wouldn't pass through "A" site when "B" is talking with "C" (assuming "A" is the main company site)
So, for 15 sites, should I build 14 tunnels each ?? , manually ? statically ?
by ik3umt
Mon Sep 21, 2015 11:11 am
Forum: Beginner Basics
Topic: Connecting more geographic sites: wich vpn ?
Replies: 13
Views: 1647

Re: Connecting more geographic sites: wich vpn ?

Let's say 15 sites one of wich with a 34mbs symmetric dsl , the other mostly 7m/1m asymmetric dsl Each site with its 192.168.x.x C class and VoIP traffic to be managed. I've used succesfully GRE w IPSEC and static routes in same three-site networks , i'm asking if (surely) some dynamic routing and d...
by ik3umt
Mon Sep 21, 2015 10:43 am
Forum: Beginner Basics
Topic: Connecting more geographic sites: wich vpn ?
Replies: 13
Views: 1647

Connecting more geographic sites: wich vpn ?

I'm planning to connect some company sites each using xdsl line with public IP address in order to route traffic between different LAN subnets
Which private networking system should I use and which do not?
GRE with IPSEC, MPLS/VPLS ecc.ecc.

Thank you for any suggestion
by ik3umt
Thu Aug 13, 2015 9:51 am
Forum: Beginner Basics
Topic: How to upgrade from old version ?
Replies: 4
Views: 652

Re: How to upgrade from old version ?

Just done !

Thank you for information.

Do I need to upgrade the bootloader too ?? or....when/why to upgrade bootloader ??
by ik3umt
Wed Aug 12, 2015 6:52 pm
Forum: Beginner Basics
Topic: How to upgrade from old version ?
Replies: 4
Views: 652

How to upgrade from old version ?

I own an RB411 with rOs 3.20
How can I (if possible) upgrade to latest version succesfully, without breaking anything ??
Do I need to upgrade to intermediate versions ??

Thank you very much.
by ik3umt
Tue Aug 04, 2015 6:26 pm
Forum: General
Topic: PCC Load balancing and https connection issues
Replies: 23
Views: 13719

Re: PCC Load balancing and https connection issues

- Use "passthrough=no" in the rules 3,4,5,12,13,14. - Put "connection-state=new" in the rules 0,1,2,9,10,11. - Put rules 6,7,8 at the top. - Use public DNS servers (GoogleDNS, OpenDNS, NortonDNS,...) for all your customers. - Decrease (or increase, if your size is 512) the Max UDP packet size to 14...
by ik3umt
Tue Jul 28, 2015 3:57 pm
Forum: Wireless Networking
Topic: Point to Point link
Replies: 0
Views: 418

Point to Point link

Please, excuse me if the question is repeated, annoying, etc.etc. I have read documentation, and set up different wireless modes But a think is not yet clear to me, or at least I haven't read well or I'm too wooden... Point to Point wireless link Bridge---station bridge WDS---station WDS Bridge with...
by ik3umt
Tue Jul 21, 2015 9:12 am
Forum: General
Topic: How to know the machine doing all that traffic ???
Replies: 2
Views: 1948

How to know the machine doing all that traffic ???

Using winbox, how can I detect a machine on the Lan that is producing a lot of internet traffic thus saturating DSL band ??
Thank you
by ik3umt
Mon Jun 08, 2015 11:29 pm
Forum: General
Topic: How should I manage a VPN over two WAN interfaces ?
Replies: 7
Views: 2734

Re: How should I manage a VPN over two WAN interfaces ?

So, you're talking about multiple VPN , one per WAN connection ? Or better...like I supposed, run two tunnels , one each wan , and manage traffic between lan by routing over existing tunnels ?? I should have no problem to run a single (gre) tunnel on a single wan connection (i.e. a.a.a.a to c.c.c.c)...
by ik3umt
Mon Jun 08, 2015 5:36 pm
Forum: General
Topic: How should I manage a VPN over two WAN interfaces ?
Replies: 7
Views: 2734

Re: How should I manage a VPN over two WAN interfaces ?

This is the scenario :
Image

Should I perhaps create two tunnel and bind them together some way ?
Or is it possible to create a "virtual" endpoint over PCC binding ?

Any help very appreciated.
by ik3umt
Thu Jun 04, 2015 10:29 am
Forum: General
Topic: How should I manage a VPN over two WAN interfaces ?
Replies: 7
Views: 2734

How should I manage a VPN over two WAN interfaces ?

Two sites with two DSL internet connections each (static IP from ISP), I need to : Create VPN tunnel to make the two LAN reachable each other (usually I use GRE with RIP) Internet navigation Failover/load-balancing/higher-speed using both connection each site. How can I achieve all three together ??...
by ik3umt
Fri Apr 24, 2015 9:58 am
Forum: RouterBOARD hardware
Topic: ethernet port hardware (?) issue
Replies: 0
Views: 348

ethernet port hardware (?) issue

I have a rb2011 with an ethernet port (7) often has "no link" there is no way to turn it up again other than a power supply reset I tried all possible negotiations on the port as well on the attached device ethernet also a software reboot produces nothing positive (replaced cable of course) On ether...
by ik3umt
Thu Apr 23, 2015 6:56 pm
Forum: General
Topic: Question about Nat rules using IPSEC
Replies: 3
Views: 582

Question about Nat rules using IPSEC

When IPSEC is used in tunnel mode , a nat rule is needed to avoid source address change (by default masquerade nat rule if I have correctly understood..) I noted it is no more needed when IPSEC is used as transport for other tunnel protocols ( I have GRE over IPSEC working without any nat rule) Is t...
by ik3umt
Thu Apr 23, 2015 6:23 pm
Forum: General
Topic: How to keep multiple subnets separated over tunnels ?
Replies: 6
Views: 845

Re: How to keep multiple subnets separated over tunnels ?

So i'll try that way...
Thanks
by ik3umt
Thu Apr 23, 2015 5:49 pm
Forum: General
Topic: How to keep multiple subnets separated over tunnels ?
Replies: 6
Views: 845

Re: How to keep multiple subnets separated over tunnels ?

I should avoid Vlan use,
I wonder if there is any possibility to build two tunnels over a single peer (wan ip address).....
by ik3umt
Thu Apr 23, 2015 4:52 pm
Forum: General
Topic: How to keep multiple subnets separated over tunnels ?
Replies: 6
Views: 845

Re: How to keep multiple subnets separated over tunnels ?

So, a single GRE tunnel with RIP , where all is reachable from all and filtering subnets with firewall rules ??
by ik3umt
Thu Apr 23, 2015 3:35 pm
Forum: General
Topic: Two routerboards on the same physical lan and two addresses on client nic
Replies: 29
Views: 2516

Re: Two routerboards on the same physical lan and two addresses on client nic

Just contacted ISP , it says RIPv2 should be enabled
This is ok as I just tried to enable RIP in my dummy DSL router and all is reachable now !!!
(yes, pc1 address is 192.168.1.5... :wink: )

Thank you
by ik3umt
Thu Apr 23, 2015 3:03 pm
Forum: General
Topic: How to keep multiple subnets separated over tunnels ?
Replies: 6
Views: 845

How to keep multiple subnets separated over tunnels ?

Please , look at diagram : https://dl.dropboxusercontent.com/u/73616613/three.jpg All 192.168 subnet have to communicate together , as well the 10.0 ones but separating 192 from 10 RIP learn routes immediately but each subnet can reach any other by routing Can RIP be used with group of subnets ?? Wi...
by ik3umt
Thu Apr 23, 2015 12:39 pm
Forum: General
Topic: Two routerboards on the same physical lan and two addresses on client nic
Replies: 29
Views: 2516

Re: Two routerboards on the same physical lan and two addresses on client nic

Just implemented RIP.....amazing.... Another problem (i hope the last one..) https://dl.dropboxusercontent.com/u/73616613/rip.jpg DSL Router has a static route 192.168.1.0/24 via 192.168.2.1 From Routerboard A terminal, I can ping the 20.0.0.0 network From PC1 I CANNOT ping 20.0.0.0 network despite ...
by ik3umt
Wed Apr 22, 2015 7:25 pm
Forum: General
Topic: Two routerboards on the same physical lan and two addresses on client nic
Replies: 29
Views: 2516

Re: Two routerboards on the same physical lan and two addresses on client nic

Yeah....up and running easily with gre over ipsec....
But I suppose I need a manual static route for any subnet to manage through the other end of the tunnel (at least I had to do so...)
by ik3umt
Wed Apr 22, 2015 6:12 pm
Forum: General
Topic: Two routerboards on the same physical lan and two addresses on client nic
Replies: 29
Views: 2516

Re: Two routerboards on the same physical lan and two addresses on client nic

Thanks,
I was reading for different type of tunnels just now....

So , with just the simple IPSEC, is a new policy needed for every new subnet I need to manage ??

Then you suggest the use of GRE over IPSEC support, so a tunnel interface is added and I can manage all my routes upon , isn't it ?
by ik3umt
Wed Apr 22, 2015 5:31 pm
Forum: General
Topic: Two routerboards on the same physical lan and two addresses on client nic
Replies: 29
Views: 2516

Re: Two routerboards on the same physical lan and two addresses on client nic

I've drawn a diagram to make things easier.. https://dl.dropboxusercontent.com/u/73616613/twosubnets.jpg With static routes on PCs all is working ok, now I meet a new problem: How can I reach an HTTP server located in the 10.0.0.0 network from PC1 ??? PC1 can ping 192.168.101.200 dsl router but I ca...
by ik3umt
Tue Apr 21, 2015 7:02 pm
Forum: General
Topic: Two routerboards on the same physical lan and two addresses on client nic
Replies: 29
Views: 2516

Re: Two routerboards on the same physical lan and two addresses on client nic

Yes I've realized this just before to read your answer In fact I need an IPSEC policy for each subnet "cross-connection" Now I have two policies: A---------C | B---------D but I need two more if I want A---D and B---C (and relative firewall accept rules I suppose) As you can see I'm not expert here....
by ik3umt
Tue Apr 21, 2015 5:59 pm
Forum: General
Topic: Two routerboards on the same physical lan and two addresses on client nic
Replies: 29
Views: 2516

Re: Two routerboards on the same physical lan and two addresses on client nic

No routing needs to be played with for this. IP will naturally find the right way to go between the networks. You may need to modify or duplicate some rules in the firewall for this - but you'll never need to open the ip > routes menu. Just checked with both addresses on the same routerboard ethern...
by ik3umt
Tue Apr 21, 2015 5:07 pm
Forum: General
Topic: Two routerboards on the same physical lan and two addresses on client nic
Replies: 29
Views: 2516

Re: Two routerboards on the same physical lan and two addresses on client nic

no no no - you're making this entirely more complicated than it needs to be. If the two networks are running on the same switch, then whichever port on the Mikrotik is the lan port, just put two IP addresses on it. Done. Yes it would be simpler, but they asked me to keep as separated as possible (a...
by ik3umt
Tue Apr 21, 2015 4:46 pm
Forum: General
Topic: Two routerboards on the same physical lan and two addresses on client nic
Replies: 29
Views: 2516

Re: Two routerboards on the same physical lan and two addresses on client nic

Some progress I've added a static route 192.168.101.0/24 through Eth2 (not its ip address) , Pref.Source 192.168.100.1 It works , but it's a simple routing as the secondary ip address of pc nic is not involved (in fact it works as well if I delete the second IP address from pc nic) , neither the rou...
by ik3umt
Tue Apr 21, 2015 2:07 am
Forum: General
Topic: Two routerboards on the same physical lan and two addresses on client nic
Replies: 29
Views: 2516

Re: Two routerboards on the same physical lan and two addresses on client nic

just tried to setup a "clone" in laboratory with 3 routerboard to simulate the two tunnels , the one with two eth connected to a swich also with a pc with dual ip subnets , it doesn't work : As the default gw is configured to 192.168.1.1, from pc i can ping 192.168.2.0 network but not the 192.168.10...
by ik3umt
Mon Apr 20, 2015 6:47 pm
Forum: General
Topic: Two routerboards on the same physical lan and two addresses on client nic
Replies: 29
Views: 2516

Re: Two routerboards on the same physical lan and two addresses on client nic

This remind me of another scenario i'll have to manage : What if routerboard A and B would be the same machine ?? Pratically I have eth1=192.168.1.1 and eth2=192.168.100.1 on a single routerboard each of this is IPSEC tunneled to two remote sites : 192.168.1.0/24----192.168.1.1-------------ipsec----...
by ik3umt
Mon Apr 20, 2015 6:31 pm
Forum: General
Topic: Two routerboards on the same physical lan and two addresses on client nic
Replies: 29
Views: 2516

Re: Two routerboards on the same physical lan and two addresses on client nic

Yeah, cable between routers option works great ! (double IP address works as well) , Thank you.
by ik3umt
Mon Apr 20, 2015 5:47 pm
Forum: General
Topic: Two routerboards on the same physical lan and two addresses on client nic
Replies: 29
Views: 2516

Re: Two routerboards on the same physical lan and two addresses on client nic

Thank you for answering,

Is it necessary to add the 192.168 class to routerboard "B" ?
Is it because the static route need to be on the same class ?
by ik3umt
Mon Apr 20, 2015 5:34 pm
Forum: General
Topic: Two routerboards on the same physical lan and two addresses on client nic
Replies: 29
Views: 2516

Two routerboards on the same physical lan and two addresses on client nic

Routerboard "A" ip address = 192.168.0.1/24 Routerboard "B" ip address = 10.0.0.1/24 Windows client ip address = 192.168.0.100 plus 10.0.0.100 on same nic, default GW = 192.168.0.1 All hardware connected to the same switch Destination network 10.10.10.0/24 is reachable through 10.0.0.1 routerboard W...
by ik3umt
Wed Feb 18, 2015 6:36 pm
Forum: Beginner Basics
Topic: How to tunnel two subnets over a single dsl connection for multiple sites ?
Replies: 2
Views: 514

How to tunnel two subnets over a single dsl connection for multiple sites ?

HI SiteA : 192.168.0.0/24 10.0.0.0/24 SIteB: 192.168.1.0/24 10.0.1.0/24 SiteC: 192.168.2.0/24 10.0.2.0/24 Each location have a single DSL connection with a single public IP address and routeros device 192.168 subnet have to "talk" each other as well the 10.0 ones What's the suggested tunneling/proto...
by ik3umt
Tue Sep 09, 2014 2:27 am
Forum: Beginner Basics
Topic: Bonding and vpn at same time
Replies: 0
Views: 409

Bonding and vpn at same time

Hi I have two adsl routers configured in transparent mode ( acting as an adsl modem ) Each of them is used to establish an ipsec tunnel with a respective remote site by use of a netgear firewall Only one netgear is used as default gateway for the LAN Is it possible to replace netgear devices with a ...
by ik3umt
Tue Aug 19, 2014 7:03 pm
Forum: General
Topic: Does routerOs act as content filter ?
Replies: 2
Views: 613

Re: Does routerOs act as content filter ?

Thank you
I'll give it a check !
Regards
by ik3umt
Tue Aug 19, 2014 8:55 am
Forum: General
Topic: Does routerOs act as content filter ?
Replies: 2
Views: 613

Does routerOs act as content filter ?

Hi
Does routerOs have the capability of blocking Internet browsing based on content filtering (i.e. as school firewall/router) ??

Thank you
by ik3umt
Tue Jul 15, 2014 9:07 am
Forum: Forwarding Protocols
Topic: Routerboard maintenance over VPLS tunnel
Replies: 5
Views: 1088

Re: Routerboard maintenance over VPLS tunnel

Clear, thanks
by ik3umt
Mon Jul 14, 2014 10:43 am
Forum: RouterBOARD hardware
Topic: RB751U-2HnD - poor wireless performance & problems
Replies: 113
Views: 114129

Re: RB751U-2HnD - poor wireless performance & problems

In my 2.4 Ghz radioamateur experience, I found many times the receiver saturation leads to a messy quality reception Some few hundreds meters links made with yagi antennas with huge latency and retransmissions, gone OK only changing antennas with simple low gain dipole (the homemade radios has no TX...
by ik3umt
Mon Jul 14, 2014 9:21 am
Forum: Forwarding Protocols
Topic: Routerboard maintenance over VPLS tunnel
Replies: 5
Views: 1088

Re: Routerboard maintenance over VPLS tunnel

As devices eth have no ip address, I suppose I must assign at least one IP address to one eth to be reached at ip level If I assign to eth the same /24 class ip I want to make transparent through Vpls tunnel , it seems me the vpls mechanism brokes itself as this class goes routed through OSPF rather...
by ik3umt
Fri Jul 11, 2014 3:23 pm
Forum: Forwarding Protocols
Topic: Routerboard maintenance over VPLS tunnel
Replies: 5
Views: 1088

Re: Routerboard maintenance over VPLS tunnel

Why not just connect to your loopback addresses they are there for that kind of thing. Ok , as the eth interfaces has no ip address, it is supposed I have to assign an alternative IP class to first device ethernet interface and declare it to the OSPF routing in order to reach all the loopbacks via ...
by ik3umt
Tue Jul 08, 2014 4:21 pm
Forum: Forwarding Protocols
Topic: Routerboard maintenance over VPLS tunnel
Replies: 5
Views: 1088

Routerboard maintenance over VPLS tunnel

Hi all, new to this forum, I set up a two wireless link (three routerboard) A----B----C AB link has a /30 IP class as the BC has a different one (on wlan) A,B and C has a /32 class "lobridge" interface A VPLS tunnel is established between A and C to make LANtoLAN link to be trasparent ( /24 192.168....