Community discussions

Search found 445 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 9
by emils
Tue Jul 16, 2019 1:04 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 37
Views: 6393

Re: v6.46beta [testing] is released!

Thanks for the feedback. We will try to add it in the 6.45.2 as well. It will also be possible to specify both the src-address-list and connection-mark parameters to form a single NAT rule. If anyone is wondering, currently an example is published here.
by emils
Thu Jul 11, 2019 1:15 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 37
Views: 6393

Re: v6.46beta [testing] is released!

Version 6.46beta9 has been released. Before an upgrade: 1) Remember to make backup/export files before an upgrade and save them on another storage device; 2) Make sure the device will not lose power during upgrade process; 3) Device has enough free storage space for all RouterOS packages to be down...
by emils
Tue Jul 09, 2019 1:41 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 394
Views: 51538

Re: v6.45.1 [stable] is released!

Or set tunnel=yes for action=none policies. We will fix action=none policies in next release.

EDIT: actually this is not correct and addresses will change after the phase 1 recreation.
by emils
Tue Jul 09, 2019 1:11 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 37
Views: 6393

Re: v6.46beta [testing] is released!

dash, it will be fixed in the next beta, however you will need to have the same version on server and client (either both pre-6.45 or both post-6.45).

filzek, you can connect to NordVPN servers using IKEv2.
by emils
Tue Jul 09, 2019 12:09 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 59
Views: 8142

v6.44.5 [long-term] is released!

RouterOS version 6.44.5 has been released in public "long-term" channel! Before an upgrade: 1) Remember to make backup/export files before an upgrade and save them on another storage device; 2) Make sure the device will not lose power during upgrade process; 3) Device has enough free storage space ...
by emils
Fri Jul 05, 2019 8:27 am
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 394
Views: 51538

Re: v6.45.1 [stable] is released!

RADIUS authentication issue is already fixed in the latest beta. We will try to release a new stable version next week with a few fixes.
by emils
Thu Jul 04, 2019 3:45 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 37
Views: 6393

v6.46beta [testing] is released!

Version 6.46beta6 has been released. Before an upgrade: 1) Remember to make backup/export files before an upgrade and save them on another storage device; 2) Make sure the device will not lose power during upgrade process; 3) Device has enough free storage space for all RouterOS packages to be down...
by emils
Wed Jul 03, 2019 12:10 pm
Forum: Announcements
Topic: Winbox v3.19 released!
Replies: 27
Views: 3089

Winbox v3.19 released!

What's new in v3.19: *) fixed problem where Winbox could not login into RouterOS v6.45 (or later) router; *) fixed DHCP lease sorting by "last seen" column; If you experience version related issues, then please report them to support@mikrotik.com. Winbox is available here: http://www.mikrotik.com/do...
by emils
Tue Jul 02, 2019 9:03 am
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 394
Views: 51538

Re: v6.45.1 [stable] is released!

all_packages-mmips-6.45.1.zip should be working now.
by emils
Mon Jul 01, 2019 10:15 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

New version 6.45.1 has been released in stable RouterOS channel:

viewtopic.php?f=21&t=149786
by emils
Mon Jul 01, 2019 10:14 am
Forum: Announcements
Topic: v6.44.3 [stable] is released!
Replies: 123
Views: 28952

Re: v6.44.3 [stable] is released!

New version 6.45.1 has been released in stable RouterOS channel:

viewtopic.php?f=21&t=149786
by emils
Mon Jul 01, 2019 10:11 am
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 394
Views: 51538

v6.45.1 [stable] is released!

RouterOS version 6.45.1 has been released in public "stable" channel! Before an upgrade: 1) Remember to make backup/export files before an upgrade and save them on another storage device; 2) Make sure the device will not lose power during upgrade process; 3) Device has enough free storage space for...
by emils
Wed Jun 19, 2019 1:07 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

The thing is, PPP and IPsec are completely unrelated things and currently there is no way to associate the L2TP and the IPsec sessions with each other.
by emils
Wed Jun 19, 2019 11:37 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

The comment from the Identity that was used for the peer to identify itself is carried over to the active-peers menu. For example, if you have a comment "L2TP server" for the IPsec identity, then this comment will be shown for all active peers which used this Identity. Obviously, it is not possible ...
by emils
Fri Jun 14, 2019 8:37 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

Version 6.45beta62 has been released. Before an upgrade: 1) Remember to make backup/export files before an upgrade and save them on another storage device; 2) Make sure the device will not lose power during upgrade process; 3) Device has enough free storage space for all RouterOS packages to be dow...
by emils
Thu Jun 13, 2019 11:11 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

Great, much appreciated! Can't wait for it... Will we see this before version 6.45 final release? Currently looks like no, it will not make it into 6.45. We are already finalizing the 6.45 version. VTI support requires new kernel and we are still not sure whether it should or should not be implemen...
by emils
Wed Jun 12, 2019 4:10 pm
Forum: RouterBOARD hardware
Topic: IPSec with MikroTik wAP ac LTE
Replies: 2
Views: 288

Re: IPSec with MikroTik wAP ac LTE

Yes, it has hardware accelerated IPsec like the rest of the IPQ4018/IPQ4019 devices. Simply the spec sheet is not fully populated yet.
by emils
Wed Jun 12, 2019 2:57 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

msatter we have already plans for such feature. But connection marks will be used instead of routing marks.
by emils
Mon Jun 10, 2019 3:09 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

No, it is not possible at the moment. Please post your request to this thread. We are monitoring the feature requests and will implement them in future updates.

viewtopic.php?f=1&t=128439
by emils
Tue Jun 04, 2019 8:14 am
Forum: General
Topic: IKEv2 server + eap-radius, strongswan android client can't connect
Replies: 6
Views: 544

Re: IKEv2 server + eap-radius, strongswan android client can't connect

Do not see any reason why API authentication would not work in 6.45 either. Is there anything in the logs? Are you using the post v6.43 login method?

https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
by emils
Mon Jun 03, 2019 12:41 pm
Forum: General
Topic: IKEv2 server + eap-radius, strongswan android client can't connect
Replies: 6
Views: 544

Re: IKEv2 server + eap-radius, strongswan android client can't connect

Try the latest beta version, it has a fix for EAP to prefer SAN for identity checking. If that does not work either, post your '/certificate print' output .
by emils
Tue May 28, 2019 2:46 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

When we introduced the new hashing and encryption for user passwords in v6.43, we had to leave the old type of passwords for downgrade possibility. Now they are removed and only strong encrypted passwords are stored. Note that downgrading below 6.43 will cause all passwords to be blank. What's new i...
by emils
Tue May 28, 2019 1:02 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

osc86, SNMPv3 issues will be fixed in the next release.
by emils
Tue May 28, 2019 1:02 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

Version 6.45beta54 has been released. Before an upgrade: 1) Remember to make backup/export files before an upgrade and save them on another storage device; 2) Make sure the device will not lose power during upgrade process; 3) Device has enough free storage space for all RouterOS packages to be dow...
by emils
Fri May 24, 2019 1:23 pm
Forum: General
Topic: L2TP + IPSEC with certificate - problem [SOLVED]
Replies: 30
Views: 1313

Re: L2TP + IPSEC with certificate - problem [SOLVED]

Perhaps, you misinterpreted my e-mail or I worded it wrongly. To clarify: It should be possible to establish L2TP over IPsec with RSA authentication. What I meant with that quote is you can not use match-by=certificate to match a specific client certificate by a specific IPsec Identity. You can use ...
by emils
Wed May 22, 2019 9:55 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

"no-track" is not the same as "accepted by RAW". It fixes a specific case when connection tracking is disabled, RAW firewall rules are accepting (sending to connection tracking) some traffic, but the firewall rules are invalid, because the connection tracking is disabled. The firewall rules should b...
by emils
Tue May 21, 2019 12:58 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

Version 6.45beta50 has been released. Before an upgrade: 1) Remember to make backup/export files before an upgrade and save them on another storage device; 2) Make sure the device will not lose power during upgrade process; 3) Device has enough free storage space for all RouterOS packages to be dow...
by emils
Mon May 20, 2019 9:58 am
Forum: General
Topic: Help with IKEv2/IPsec client configuration
Replies: 29
Views: 9153

Re: Help with IKEv2/IPsec client configuration

Here is the configuration I used to test compatibility with NordVPN. However, it is not working yet with the latest public beta version (6.45beta45). You will need to upgrade to the next beta when it is released. I will probably make an official tutorial on wiki later. /ip ipsec mode-config add name...
by emils
Mon May 20, 2019 9:42 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

Update: I have it now working and writing this with a IKEv2 connection through PureVPN. I have still to adapt the manually generated Ipsec Policy and it a PITA to do because sometimes a 0.0.0.0/ is expected but then I receive the TS_UNEXPECTED error. After several time going round and round the Src...
by emils
Thu May 16, 2019 12:56 pm
Forum: Forwarding Protocols
Topic: OpenVPN + IpSec [SOLVED]
Replies: 6
Views: 454

Re: OpenVPN + IpSec [SOLVED]

Simply create second IPsec Policy on both routers: 192.168.252.0/24 <-> 192.168.100.0/24
by emils
Thu May 16, 2019 10:48 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

Try setting the remote-id to ignore.
by emils
Wed May 15, 2019 2:43 pm
Forum: Announcements
Topic: v6.43.15 [long-term] is released!
Replies: 17
Views: 2728

Re: v6.43.15 [long-term] is released!

New version 6.43.16 has been released in long-term RouterOS channel:

viewtopic.php?f=21&t=148519
by emils
Wed May 15, 2019 2:42 pm
Forum: Announcements
Topic: v6.43.16 [long-term] is released!
Replies: 12
Views: 6545

v6.43.16 [long-term] is released!

RouterOS version 6.43.16 has been released in public "long-term" channel! Before an upgrade: 1) Remember to make backup/export files before an upgrade and save them on another storage device; 2) Make sure the device will not lose power during upgrade process; 3) Device has enough free storage space...
by emils
Wed May 15, 2019 9:45 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

msatter All EAP methods require at least the root CA certificate for IKEv2. On Windows, it is possible, that the CA certificate is already in the Trusted Windows Certificate store so you do not have to import anything. Either ask your provider for the CA certificate or try finding out which certifi...
by emils
Tue May 14, 2019 7:36 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

Not working with Android clients (using https://play.google.com/store/apps/details?id=org.strongswan.android . Any tips towards getting Android working would be appreciated. Also I noticed occasional VPN connections failing using beta42 and 45. Downgrading to 6.44.3 made that issue go away but hope...
by emils
Mon May 13, 2019 3:04 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

There are no new features added with this conntrack fix as you are comparing to TCP loose setting. The fix addresses some stability issues in setups with large connection tracking tables. It also improves connection tracking processing performance.
by emils
Mon May 13, 2019 2:13 pm
Forum: General
Topic: Help with IKEv2/IPsec client configuration
Replies: 29
Views: 9153

Re: Help with IKEv2/IPsec client configuration

Anyone willing to test it, here is your chance. Let me know if any help with configuration is needed.
What's new in 6.45beta45 (2019-May-13 09:22):

!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
by emils
Mon May 13, 2019 2:10 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

Version 6.45beta45 has been released. Before an upgrade: 1) Remember to make backup/export files before an upgrade and save them on another storage device; 2) Make sure the device will not lose power during upgrade process; 3) Device has enough free storage space for all RouterOS packages to be dow...
by emils
Mon May 13, 2019 2:03 pm
Forum: Announcements
Topic: v6.43.15 [long-term] is released!
Replies: 17
Views: 2728

Re: v6.43.15 [long-term] is released!

Yes, they were already in 6.43.14. These are additional small improvements.
by emils
Mon May 13, 2019 1:57 pm
Forum: Announcements
Topic: v6.43.15 [long-term] is released!
Replies: 17
Views: 2728

Re: v6.43.15 [long-term] is released!

No, as usual, it is already in stable build.
by emils
Mon May 13, 2019 1:12 pm
Forum: Announcements
Topic: v6.43.14 [long-term] is released!
Replies: 29
Views: 7343

Re: v6.43.14 [long-term] is released!

New version 6.43.15 has been released in long-term RouterOS channel:

viewtopic.php?f=21&t=148461
by emils
Mon May 13, 2019 1:11 pm
Forum: Announcements
Topic: v6.43.15 [long-term] is released!
Replies: 17
Views: 2728

v6.43.15 [long-term] is released!

RouterOS version 6.43.15 has been released in public "long-term" channel! Before an upgrade: 1) Remember to make backup/export files before an upgrade and save them on another storage device; 2) Make sure the device will not lose power during upgrade process; 3) Device has enough free storage space...
by emils
Fri May 10, 2019 10:23 am
Forum: General
Topic: [Feature Request] Allow Intermediary Certs to be trusted to authenticate ike2
Replies: 4
Views: 249

Re: [Feature Request] Allow Intermediary Certs to be trusted to authenticate ike2

No, you can not do this. Authentication without whole PKI chain including root CA is not possible. Perhaps what we could do is add possibility to match an Identity based on a specific common field in client's certificate, for example, Unit. You could generate multiple client certificates with the sa...
by emils
Fri May 10, 2019 9:34 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

osc86, I can not reproduce the issue. Can you please send a supout.rif file to support@mikrotik.com?
by emils
Thu May 09, 2019 2:16 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: 802.1X over ethernet
Replies: 39
Views: 7995

Re: Feature Request: 802.1X over ethernet

6.45beta42 added EAP-MSCHAPv2 authentication method and VLAN ID assignment from RADIUS attributes.

Manual page published if anyone interested:

https://wiki.mikrotik.com/wiki/Manual:Interface/Dot1x
by emils
Thu May 09, 2019 2:06 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

Version 6.45beta42 has been released. Before an upgrade: 1) Remember to make backup/export files before an upgrade and save them on another storage device; 2) Make sure the device will not lose power during upgrade process; 3) Device has enough free storage space for all RouterOS packages to be dow...
by emils
Fri May 03, 2019 12:42 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

Hopefully, yes.
by emils
Fri May 03, 2019 8:20 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 65989

Re: v6.45beta [testing] is released!

can you add EAP-MSCHAPv2 to the authentication method list?

Yes, it is coming as well.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 9