Community discussions

Search found 19 matches

by chiem
Mon May 06, 2019 9:33 am
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 89258

Re: Feature Request: OpenVPN [ovpn] udp tunnels

You must be from alternate future.
Go ahead and prove him wrong please.
by chiem
Tue Oct 23, 2018 5:46 pm
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 24064

Re: v6 RC and v7 BETA

Screenshot 2018-10-23 at 08.41.39.png
The question was about V7 Beta, not V7 Alpha.
by chiem
Thu Aug 23, 2018 9:38 am
Forum: General
Topic: [Feature request] Wireguard
Replies: 92
Views: 21476

Re: [Feature request] Wireguard

+1

Wireguard is supposed to be extremely simple. Please don't take 3+ years to support it.
by chiem
Wed Feb 07, 2018 2:59 pm
Forum: General
Topic: RB750Gr3 l2tp/ipsec unbearably slow
Replies: 19
Views: 3284

Re: RB750Gr3 l2tp/ipsec unbearably slow

My understanding is that routing-marks are used to route though the l2tp interface. Routes with routing-marks are bypassed with fast-track as well. Yes, I'm using: /ip firewall mangle add action=mark-routing chain=prerouting comment=VPN dst-address=!192.168.0.0/16 new-routing-mark=vpn passthrough=y...
by chiem
Wed Feb 07, 2018 2:52 pm
Forum: General
Topic: RB750Gr3 l2tp/ipsec unbearably slow
Replies: 19
Views: 3284

Re: RB750Gr3 l2tp/ipsec unbearably slow

So I actually cannot understand how disabling fasttracking could have speeded up your L2TP/IPsec processing. Can you compare the CPU load with and without fasttracking the L2TP traffic? I can't really compare cpu load with and without fasttracking on the l2tp tunnel since with fasttracking, I get a...
by chiem
Wed Feb 07, 2018 4:30 am
Forum: General
Topic: RB750Gr3 l2tp/ipsec unbearably slow
Replies: 19
Views: 3284

Re: RB750Gr3 l2tp/ipsec unbearably slow

Actually, I forgot that the problem isn't with fasttrack and IPsec, since it's slow with or without it. The problem is with fasttrack and tunnels. Is there a way to disable fasttrack just for tunneled traffic? Edit: It looks like I can just filter it by interface: /ip firewall add action=fasttrack-c...
by chiem
Tue Feb 06, 2018 8:33 am
Forum: General
Topic: RB750Gr3 l2tp/ipsec unbearably slow
Replies: 19
Views: 3284

Re: RB750Gr3 l2tp/ipsec unbearably slow

Did you resolve the problem with the 750Gr3? Sorry about the delay, YES! Disabling: /ip firewall add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes .. fixed the issue. Is it possible to enable fasttrack for non-IPsec traffic?...
by chiem
Tue Feb 06, 2018 8:30 am
Forum: General
Topic: RB750Gr3 l2tp/ipsec unbearably slow
Replies: 19
Views: 3284

Re: RB750Gr3 l2tp/ipsec unbearably slow

Check for full/half duplex mismatch settings and errors like collisions on 100Mb/s Ethernet interfaces
If those were issues, they should have affected the transfer rate with and without l2tp/ipsec, but that was not the case.
by chiem
Fri Feb 02, 2018 10:12 am
Forum: General
Topic: RB750Gr3 l2tp/ipsec unbearably slow
Replies: 19
Views: 3284

Re: RB750Gr3 l2tp/ipsec unbearably slow

*bump*
by chiem
Wed Jan 31, 2018 12:30 am
Forum: General
Topic: RB750Gr3 l2tp/ipsec unbearably slow
Replies: 19
Views: 3284

Re: RB750Gr3 l2tp/ipsec unbearably slow

I've tried all the way down to 600.
by chiem
Tue Jan 30, 2018 2:23 pm
Forum: General
Topic: RB750Gr3 l2tp/ipsec unbearably slow
Replies: 19
Views: 3284

RB750Gr3 l2tp/ipsec unbearably slow

At home, I have a CCR1009 on an 1000/50 mbps (down/up) connection. L2TP/IPsec through my VPN provider gets me 200+ mbps down, and 10-20 mbps up. The upload could be faster, but it's usable. At my 2nd house, I have an RB750Gr3 on a 60/5 mbps connection. The same L2TP/IPsec through the same VPN provid...
by chiem
Wed Dec 10, 2014 4:36 pm
Forum: Beginner Basics
Topic: How to get UPnP port forwarding working with static DMZ rule
Replies: 4
Views: 1120

Re: How to get UPnP port forwarding working with static DMZ

Thanks for the feedback guys. It looks like DMZ needs to be a separate feature in RouterOS.
by chiem
Thu Nov 27, 2014 2:30 pm
Forum: Beginner Basics
Topic: How to get UPnP port forwarding working with static DMZ rule
Replies: 4
Views: 1120

How to get UPnP port forwarding working with static DMZ rule

Per subject, how does one set this up to work ? The DMZ port forwarding rule is static and at the end of my static list of ip/firewall/nat rules. UPnP port forwards are dynamic and added to the end of that list, but never reached since the DMZ matches everything. I have to manually move the DMZ rule...
by chiem
Fri Nov 14, 2014 12:11 pm
Forum: Beginner Basics
Topic: Getting port forwards to work from LAN
Replies: 5
Views: 2051

Re: Getting port forwards to work from LAN

Can the hairpin NAT rule: add action=masquerade chain=srcnat comment=hairpin dst-address=192.168.0.0/24 out-interface=bridge-local src-address=192.168.0.0/24 .. be simplified further to remove the choice of LAN subnet to this: add action=masquerade chain=srcnat comment=hairpin in-interface=bridge-lo...
by chiem
Fri Nov 14, 2014 4:01 am
Forum: Beginner Basics
Topic: Getting port forwards to work from LAN
Replies: 5
Views: 2051

Re: Getting port forwards to work from LAN

Hairping NAT is what you need. Your problem is that your port forwards are set for in-interface=ether1-gateway, but when connecting from LAN, in-interface is going to be bridge-local, so nothing gets forwarded. You can: a) Replace in-interface=ether1-gateway with dst-address=<your wan address> if y...
by chiem
Wed Nov 12, 2014 2:26 am
Forum: Beginner Basics
Topic: Getting port forwards to work from LAN
Replies: 5
Views: 2051

Re: Getting port forwards to work from LAN

Help ?
by chiem
Tue Oct 28, 2014 9:36 am
Forum: Beginner Basics
Topic: Getting port forwards to work from LAN
Replies: 5
Views: 2051

Re: Getting port forwards to work from LAN

This two day delay before a post goes up is rather annoying.
by chiem
Sat Oct 25, 2014 3:49 pm
Forum: Beginner Basics
Topic: Getting port forwards to work from LAN
Replies: 5
Views: 2051

Getting port forwards to work from LAN

I'm a new user running 6.2 on an RB2011UAS-RM. These are my ip/firewall/filter rules: add chain=input protocol=icmp add chain=input connection-state=established add chain=input connection-state=related add action=drop chain=input in-interface=ether1-gateway Here's a subset of my ip/firewall/nat rule...