Community discussions

Search found 27 matches

by andrei
Tue Nov 13, 2018 3:47 pm
Forum: General
Topic: SSTP Mikrotik Client / probably bug 6.41.3
Replies: 3
Views: 962

Re: SSTP Mikrotik Client / probably bug 6.41.3

Same here. It seems to be a bug..
by andrei
Thu Mar 09, 2017 2:49 pm
Forum: Announcements
Topic: v6.38.5 [current]
Replies: 66
Views: 25429

Re: v6.38.5 [current]

RSTP on bridges still blocking traffic. Two RB951g connected with VLANs declared on bridges. Traffic doesn't pass while RSTP is enabled. If it is disabled everything is fine. Going back to 6.37.4 bugfix fixes the issue. So, what is the problem? Can anyone clear this issue? This started with 6.38. I ...
by andrei
Fri Jan 20, 2017 9:40 pm
Forum: Announcements
Topic: v6.38.1 [current]
Replies: 73
Views: 23851

Re: v6.38.1 [current]

VLAN interfaces that have a bridge declared as a belonging interface don't work anymore. You need to declare a physical interface instead for it to work properly. It worked ok in previous versions. At least in RB951G-2Hnd Same problem with CCR1009-8G-1S-1S+, VLAN port belongs to bridge and doesn't ...
by andrei
Fri Jan 20, 2017 10:54 am
Forum: Announcements
Topic: v6.38.1 [current]
Replies: 73
Views: 23851

Re: v6.38.1 [current]

VLAN interfaces that have a bridge declared as a belonging interface don't work anymore. You need to declare a physical interface instead for it to work properly.
It worked ok in previous versions. At least in RB951G-2Hnd
by andrei
Fri Dec 23, 2016 9:01 pm
Forum: Wireless Networking
Topic: RouteOS wireless PEAP client
Replies: 1
Views: 600

RouteOS wireless PEAP client

I am trying to connect a Mikrotik router in station mode to an access point that uses PEAP and having some problems.
Can it be done in current routerOS versions?
by andrei
Mon Jul 25, 2016 9:02 am
Forum: Announcements
Topic: v6.36 [current] is released!
Replies: 183
Views: 41713

Re: v6.36 [current] is released!

One interface issue: System->resources is not refreshing in the web page.
by andrei
Thu Apr 28, 2016 2:17 pm
Forum: Announcements
Topic: v6.35.1 [current] is released!
Replies: 84
Views: 20552

Re: v6.35.1 [current] is released!

It appears that v6.35.1 breaks the OID for /system health voltage monitoring (OID .1.3.6.1.4.1.14988.1.1.3.8.0). This was working in v6.35 (and prior). [arosen@admin ~]> snmpget -v 2c -c XxXxXx 172.12.23.1 .1.3.6.1.4.1.14988.1.1.3.8.0 Error in packet Reason: (noSuchName) There is no such variable n...
by andrei
Thu Apr 14, 2016 7:53 pm
Forum: General
Topic: Authentication mismatch issue with L2TP/Ipsec
Replies: 7
Views: 3033

Re: Authentication mismatch issue with L2TP/Ipsec

Asuming I had ca misconfiguration this should happen with every ISP. When I connect using one ISP it works and with another one it doesn't(actually with another two both mobile) Now that I look through the logs I see the same errors and it still connects. It seems it tries different authentication p...
by andrei
Thu Apr 14, 2016 7:21 pm
Forum: General
Topic: Authentication mismatch issue with L2TP/Ipsec
Replies: 7
Views: 3033

Re: Authentication mismatch issue with L2TP/Ipsec

No, it's obviously not that . It works with the exact same settings from a different ISP. I have noticed this happens with mobile operators.(don't exactly know why)
I did something else and it seems to work now. I manually declared 0.0.0.0/0 peers and disabled ipsec secret in L2TP server.
by andrei
Thu Apr 14, 2016 6:28 pm
Forum: General
Topic: Authentication mismatch issue with L2TP/Ipsec
Replies: 7
Views: 3033

Authentication mismatch issue with L2TP/Ipsec

I have a problem when setting up a dial-in L2TP/Ipsec server. I set it up by entering ipsec secret in L2TP Server so that it automatically generates policies. The problem is that it works when connecting from certain networks.(ISP networks) but when connecting from mobile ISPs I can't connect and I ...
by andrei
Wed Mar 23, 2016 3:23 pm
Forum: General
Topic: Unwanted gre traffic on interface
Replies: 6
Views: 705

Re: Unwanted gre traffic on interface

I plug my router into a switch which is connected to the isp router. This is also where router X connects.
by andrei
Wed Mar 23, 2016 2:57 pm
Forum: General
Topic: Unwanted gre traffic on interface
Replies: 6
Views: 705

Re: Unwanted gre traffic on interface

Thanks but I just wanted to understand what can cause this so that I address the question to the right side: there is also the router that originates the traffic(X) which does not belong to the isp.
by andrei
Wed Mar 23, 2016 9:37 am
Forum: General
Topic: Unwanted gre traffic on interface
Replies: 6
Views: 705

Re: Unwanted gre traffic on interface

I don't quite understand what you are saying. The problem is that this traffic is not sourced by the router or destined to it because it doesn't go on any other interface. It is just on the one facing the internet.
by andrei
Fri Mar 18, 2016 6:44 pm
Forum: General
Topic: Unwanted gre traffic on interface
Replies: 6
Views: 705

Unwanted gre traffic on interface

I have an issue with an RB1100AHx2: I'm getting GRE traffic on the interface facing the internet. The traffic (seen with torch) is between a host on the same subnet as my router(both are connecting to the ISP router) and a different ip from the internet. It is GRE and since it is not meant for my ro...
by andrei
Mon Mar 07, 2016 9:24 pm
Forum: General
Topic: Mikrotik ipsec passthrough with NAT
Replies: 12
Views: 4857

Re: Mikrotik ipsec passthrough with NAT

No, I did GRE IPsec in transport mode(default mode) and it worked with the issue I mentioned.
by andrei
Mon Mar 07, 2016 12:35 pm
Forum: General
Topic: Mikrotik ipsec passthrough with NAT
Replies: 12
Views: 4857

Re: Mikrotik ipsec passthrough with NAT

NAT-T only works with IPsec tunnel mode and using ESP. No transport mode, no AH. Not really, L2TP/Ipsec is transport mode and works with no problems over NAT. I have been trying to get GRE over IPsec transport work over NAT-T and have not been successful. GRE over IPsec transport works OK without N...
by andrei
Mon Mar 07, 2016 11:09 am
Forum: General
Topic: Mikrotik ipsec passthrough with NAT
Replies: 12
Views: 4857

Re: Mikrotik ipsec passthrough with NAT

PEER IPSEC >> INTERNET >> MIKROTIK >> CISCO CMIIW, you need to create an ipsec connection using cisco device? why dont you use mikrotik as an ipsec vpn gateway? if you want to use cisco as your VPN Gateway, you need to allow UDP connection 500, 4500, ipsec-esp, passthrough mikrotik firewall, and ma...
by andrei
Wed Feb 17, 2016 1:27 pm
Forum: General
Topic: Mikrotik ipsec passthrough with NAT
Replies: 12
Views: 4857

Mikrotik ipsec passthrough with NAT

I have an Mikrotik device with a public address on an interface and I need to allow a cisco router that connects to it to establish ipsec vpn(it requires udp 500, udp 4500, ipsec-esp). I have done dst-nat from the public address to the local one(cisco router) and masquerading for the outgoing connec...
by andrei
Mon Jan 11, 2016 7:59 pm
Forum: Scripting
Topic: no such item breaks execution
Replies: 3
Views: 1408

Re: no such item breaks execution

Thanks a lot.
I went for the second choice which seems cleaner and I have used it in other programming languages. I just didn't know there was a length function in the scripting language.
Thanks again, I've been struggling a bit with this although now it seems extremely easy.
by andrei
Mon Jan 11, 2016 7:28 pm
Forum: Scripting
Topic: no such item breaks execution
Replies: 3
Views: 1408

no such item breaks execution

I need to do a simple test to check if a connection is alive. The connection has a connection mark and I just need to test if it exists or not. If it exists the script will send an email or log it. I have this: if ([/ip firewall connection get value-name=connection-mark [find connection-mark="KRN"]]...
by andrei
Sat Aug 29, 2015 4:53 pm
Forum: Wireless Networking
Topic: Stopping DNS attack on low bandwidth interfaces(modems)
Replies: 6
Views: 849

Re: Stopping DNS attack on low bandwidth interfaces(modems)

I don't need DNS locally or otherwise. So it is blocked in firewall and allow remote request are off like I said.
It is solved now. Thanks.
by andrei
Fri Aug 28, 2015 10:55 am
Forum: Wireless Networking
Topic: Stopping DNS attack on low bandwidth interfaces(modems)
Replies: 6
Views: 849

Re: Stopping DNS attack on low bandwidth interfaces(modems)

Well, changing the ip is not really a solution.
This is not such a big issue since this is used as a backup connection and the traffic
it uses is really small. I'll wait for it to stop.
by andrei
Thu Aug 27, 2015 10:42 pm
Forum: Wireless Networking
Topic: Stopping DNS attack on low bandwidth interfaces(modems)
Replies: 6
Views: 849

Stopping DNS attack on low bandwidth interfaces(modems)

Hi, I have a problem with a mikrotik router that has a 3g modem connected and gets a public ip. Starting 2 days ago I noticed traffic coming in through that interface. I did a torch on the interface and saw udp dns requests coming from..of course China. I then added a rule in the firewall to filter ...
by andrei
Tue Jan 06, 2015 11:16 am
Forum: Wireless Networking
Topic: Static public ip on lte interface
Replies: 8
Views: 5115

Re: Static public ip on lte interface

So far I couldn't find an USB modem to do that.. you can do it with 3g modems though. I have read you can setup an ppp connection if you enable Ignore DirectIP Modem option but it didn't work for me. I think the best way to do it is to use a 4g router with it's own mobile interface and put your sim ...
by andrei
Tue Nov 04, 2014 10:05 am
Forum: Wireless Networking
Topic: Static public ip on lte interface
Replies: 8
Views: 5115

Re: Static public ip on lte interface

Well, I'm starting to believe it can't be done using this modem. Or at least not without accessing its nat features(if there are any).
I'm gonna ask for a different modem from Vodafone when I get the chance and request that it is able to do NAT...can't think of anything else.
by andrei
Wed Oct 29, 2014 3:16 pm
Forum: Wireless Networking
Topic: Static public ip on lte interface
Replies: 8
Views: 5115

Re: Static public ip on lte interface

I get a private address on the LTE interface(192.168.9.0/24 class) I can't tell you if it is pppoe. The interface allows you to declare apn, user, pass. There is no forwarding option in the modem interface. Or at least not directly accesible. This is what surprises me because what is the point of ha...
by andrei
Wed Oct 29, 2014 10:04 am
Forum: Wireless Networking
Topic: Static public ip on lte interface
Replies: 8
Views: 5115

Static public ip on lte interface

I have an issue trying to setup a ZTE K5008-Z modem from Vodafone on a RB951-G 2HND router. The modem detects the LTE interface and I am able to get DHCP address from it. Also I can access the internet using this connection after setting a default route. My problem is that I have a static IP from Vo...