Community discussions

Search found 32 matches

by MTusewk
Thu Feb 15, 2018 2:04 pm
Forum: General
Topic: SSTP connection limits
Replies: 6
Views: 691

Re: SSTP connection limits

What is the problem you are facing?
by MTusewk
Thu Feb 15, 2018 1:51 pm
Forum: General
Topic: DNS utilization
Replies: 15
Views: 5102

Re: DNS utilization

Is this still the current behavior, as of 6.41 (jan/2018?)
No.

That concurrent hardcoded limit was removed some versions ago, and as sebastia posted now you can set up the max concurrent queries limit at will.

Good decision to remove the hardcoded limit of 100 queries.
by MTusewk
Wed Nov 16, 2016 7:47 am
Forum: General
Topic: Simulate thousands pppoe connections for test purposes
Replies: 2
Views: 760

Re: Simulate thousands pppoe connections for test purposes

Maybe staff can pitch in with numbers they have from their stress testing? Or other forum members?

I am also looking for such numbers.
by MTusewk
Wed Aug 03, 2016 1:13 pm
Forum: General
Topic: DNS utilization
Replies: 15
Views: 5102

Re: DNS utilization

In RouterOS 6.x DNS cache is limited to 100 concurrent requests. To serve more requests you have to have very fast parent and/or you have to set up a quite large cache to ensure that DNS names are resolved as fast as possible if the answer is not in the cache. And regarding how servers for queries ...
by MTusewk
Sun Jul 31, 2016 12:02 pm
Forum: Announcements
Topic: v6.36 [current] is released!
Replies: 183
Views: 42446

Re: v6.36 [current] is released!

I have also experienced random disconnections of WinBox after upgrading to this release.
by MTusewk
Fri Jun 03, 2016 5:02 pm
Forum: General
Topic: Feature Request: Application Level Firewall
Replies: 12
Views: 5065

Re: Feature Request: Application Level Firewall

What I requested is an "Application Level Firewall" where traffic of different applications can be detected and then blocked as per the defined rules. It is fine if MikroTik cannot release signatures for all the different applications out there or keep updating them, what we need this functionality...
by MTusewk
Sat May 28, 2016 4:47 pm
Forum: General
Topic: Feature Request: Application Level Firewall
Replies: 12
Views: 5065

Re: Feature Request: Application Level Firewall

I think a Mikrotik API plugin for snort would be a nice feature, so that if a snort box decides to blacklist some address, it can send it to Mikrotik routers using API calls for adding them to an address-list. Ideally, the ability to place BGP -> address-list will be available in ROSv7, which will ...
by MTusewk
Sat May 28, 2016 4:16 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 157143

Re: RouterOS v7.0 beta1 - when?

Thanks normis for confirming that. :)
by MTusewk
Thu May 26, 2016 7:18 pm
Forum: General
Topic: Feature Request: Application Level Firewall
Replies: 12
Views: 5065

Feature Request: Application Level Firewall

I would like to request the addition of a functionality to detect and block applications through the firewall just like a lot of major players are offering it in their products, for example: - Palo Alto Firewall's App-ID - Fortinet's Application Control I know some of this functionality is available...
by MTusewk
Tue Mar 08, 2016 8:33 am
Forum: General
Topic: Feature request: OpenVPN compression LZO and UDP
Replies: 200
Views: 93983

Re: Feature request: OpenVPN compression LZO and UDP

+10 for UDP & LZO. It is a much needed feature.
by MTusewk
Fri Mar 04, 2016 7:57 pm
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 106568

Re: v6.35rc [release candidate] is released, new wireless package!

What does the below change mean? "snmp - fix cpu load reporting to 1min average and change oid to 1.3.6.1.4.1.2021.11.10.0;" 1). Does it mean it is replacing the old Total CPU Load OID 1.3.6.1.4.1.2021.11.52.0? 2). And that earlier it was reporting realtime CPU Load and now this new OID will report ...
by MTusewk
Mon Feb 08, 2016 2:18 pm
Forum: General
Topic: OID of total CPU usage on CCR
Replies: 16
Views: 10221

Re: OID of total CPU usage on CCR

New in 6.34::

total cpu load OID 1.3.6.1.4.1.2021.11.52.0
From where you got that OID?

Can MikroTik staff confirm that the above OID provides total CPU load? Because I don't see this OID mentioned anywhere?

Can this OID be used for monitoring total CPU load on x86 RouterOS?
by MTusewk
Wed Jan 20, 2016 8:57 pm
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 34296

Re: v6.33.5 [current] is released!

Wildcards are not supported in certificate CN. Is this a change from previous versions? I use a wildcard certificate for SSTP on 6.30. Not sure how ot worked for you but officially such feature was never implemented. Meaning if I use a wildcard certificate for MikroTik SSTP server, SSTP will not wo...
by MTusewk
Fri Oct 30, 2015 8:43 pm
Forum: General
Topic: SSL for routerOS?
Replies: 2
Views: 432

Re: SSL for routerOS?

Above mentioned is exactly true. If any certificate provider tells you to install their CA certificate anywhere then don't buy from them.

Apart from this, let us know how your installation works after you have installed the purchased certificate.
by MTusewk
Fri Oct 30, 2015 8:37 pm
Forum: General
Topic: reinstall changed Software ID
Replies: 3
Views: 1053

Re: reinstall changed Software ID

You cannot get the old software ID back. Explain your situation to the reseller as they may give you a new key.
by MTusewk
Fri Oct 30, 2015 8:24 pm
Forum: General
Topic: 10Gbps Real Life Performance
Replies: 11
Views: 2128

Re: 10Gbps Real Life Performance

So here the question is - are 40Gbps interfaces supported by x86 RouterOS?

And also how much memory can we install on x86 RouterOS systems? You mentioned it can only see 2GB, but I see CCR spec sheet mentioning it can support up to 16GB. How is this possible if both of them are running the RouterOS?
by MTusewk
Wed Aug 26, 2015 2:24 pm
Forum: General
Topic: 10Gbps Real Life Performance
Replies: 11
Views: 2128

Re: 10Gbps Real Life Performance

Thanks for sharing the information. So x86 RouterOS supports running on 10Gbps and dual multi-core CPUs? I thought it only supports running up to 1Gbps?
by MTusewk
Wed Aug 12, 2015 8:18 am
Forum: General
Topic: MikroTik Firewall
Replies: 17
Views: 2518

Re: MikroTik Firewall

No, I am not using Simple Queues at the moment. I understand blocking P2P is a lost battle. At the minimum I am looking for a way to block torrenting. Is there anyway to achieve this atleast?
by MTusewk
Fri Jul 24, 2015 8:03 pm
Forum: General
Topic: MikroTik Firewall
Replies: 17
Views: 2518

Re: MikroTik Firewall

Ok, so regarding the requirement of logging all connection attempts to anywhere on the internet, I am successfully logging the connections with state of "New". Since they are being logged to router's memory (log), to forward these to syslog server instead I have to configure the Memory Action to "re...
by MTusewk
Sat Jul 18, 2015 6:35 pm
Forum: General
Topic: MikroTik Firewall
Replies: 17
Views: 2518

Re: Re:

Hi, @jarda You need two rules. Unfortunately it is so. I would also like multiple choices in other fields... I guess ROS is using iptables as firewall and iptables does not support specifying multiple protocols. It also would be very difficult to implement because many other options of a firewall r...
by MTusewk
Fri Jul 17, 2015 7:34 pm
Forum: General
Topic: MikroTik Firewall
Replies: 17
Views: 2518

Re:

Minimal solution is to drop tcp/udp port 53 input chain on wan interface. I did the above and it is successfully dropping DNS queries from the internet now. I created two rules to drop tcp 53 and udp 53 as there is no way to select both tcp/udp in the protocol field? Or is it possible? Thanks to al...
by MTusewk
Thu Jul 16, 2015 9:41 pm
Forum: General
Topic: MikroTik Firewall
Replies: 17
Views: 2518

Re: MikroTik Firewall

Build a standard stateful firewall will be the best thing you can do. /ip firewall filter add chain=input comment="Accept Established" connection-state=established add chain=input comment="Accept related" connection-state=related add action=drop chain=input comment="Drop invalid" connection-state=i...
by MTusewk
Thu Jul 16, 2015 9:29 pm
Forum: General
Topic: MikroTik Firewall
Replies: 17
Views: 2518

MikroTik Firewall

Hi Guys, I have a MikroTik router on a Public IP acting as a DNS server as well. Now I am noticing the DNS server is being abused by people on the internet, as it is handling DNS requests for them as well. I want to restrict the DNS server to only handle DNS queries from requests coming from a speci...
by MTusewk
Mon Jun 22, 2015 9:15 am
Forum: Virtualization
Topic: license on virtualized routerOS
Replies: 4
Views: 3414

Re: license on virtualized routerOS

So in this case is it possible to change the RAM of the licensed VM and or CPU cores? I mean will it deactivate the VM?
by MTusewk
Fri May 01, 2015 5:57 pm
Forum: General
Topic: MikroTik VPN server with RADIUS authentication
Replies: 3
Views: 5605

Re: MikroTik VPN server with RADIUS authentication

Magchiel:
Your reply helped me in getting it to work as I wanted. It is working perfectly now. However, I am wondering is it possible to use RADIUS server authentication for MikroTik OpenVPN as well?

Thanks a lot for help!
by MTusewk
Mon Mar 16, 2015 6:25 pm
Forum: General
Topic: MikroTik VPN server with RADIUS authentication
Replies: 3
Views: 5605

MikroTik VPN server with RADIUS authentication

Hi, I am trying to figure out, is it possible to use a RADIUS server with MikroTik based VPN server for authenticating VPN clients? What is confusing me is that how will it actually work? Because each PPP Secret under MikroTik is assigned a profile, through which we assign DNS server to the client. ...
by MTusewk
Fri Jan 16, 2015 3:49 pm
Forum: Beginner Basics
Topic: Set expiration date of PPP Secret
Replies: 3
Views: 1628

Re: Set expiration date of PPP Secret

Which RADIUS server is recommended for use with MikroTik apart from the built-in User Manager? I want a RADIUS server which can run on a Windows platform and with which I can achieve the task of expiring a user account (PPP Secret) on a specific date. Please share your experiences.
by MTusewk
Tue Dec 02, 2014 8:49 pm
Forum: General
Topic: PPTP VPN
Replies: 6
Views: 2102

Re: PPTP VPN

You need to enable NAT for your VPN client or assign them an Internet routable static.
The above mentioned action solved the problem. Thanks a lot bkuhn. :)
by MTusewk
Sat Nov 22, 2014 5:28 pm
Forum: General
Topic: PPTP VPN
Replies: 6
Views: 2102

Re: PPTP VPN

Thanks a lot magchiel and skillful for help. I think the post is not clear enough, so I am describing it in much more detail now. I have installed RouterOS on one server and assigned the ether1 interface a Public IP and have added the 0.0.0.0/0 route to point to the default gateway for internet conn...
by MTusewk
Thu Nov 20, 2014 9:27 pm
Forum: Beginner Basics
Topic: Set expiration date of PPP Secret
Replies: 3
Views: 1628

Re: Set expiration date of PPP Secret

Thanks a lot for your reply. It is indeed helpful. So it is possible to achieve this in a proper way with User Manager Radius service of MikroTik?


Thanks.
by MTusewk
Wed Nov 19, 2014 8:53 pm
Forum: General
Topic: PPTP VPN
Replies: 6
Views: 2102

PPTP VPN

Hi, I have a scenario, in which I want my traffic to be routed to internet through the MikroTik PPTP VPN server once the PPTP connection is established. I have one Ethernet interface in the RouterOS with public IP to which I am connecting. Is it possible to achieve this? How can it be done? Thanks.
by MTusewk
Sat Nov 15, 2014 1:25 pm
Forum: Beginner Basics
Topic: Set expiration date of PPP Secret
Replies: 3
Views: 1628

Set expiration date of PPP Secret

Hi, I am brand new to MikroTik RouterOS, so please bear with me. I want to know is there any way to set the expiration date of a PPP Secret? What I want to do is set the PPP Secret to expire on a particular date, so that it can no longer be used for successful authentication to PPTP Server. Kindly s...