MikroTik

bedior

Hello. I have a Mikrotik connected to StrongSwan by IKE2. But every 30 minutes in log wrote error: "IPsec-SA expired before finishing rekey". Config StrongSwan: config setup charondebug="ike 1, knl 1, cfg 0" uniqueids=no conn ikev2-vpn auto=add compress=no type=tunnel keyexchange...

bedior

Hello!
Today check Packet Sniffer in RB750Gr3, and found very big quantity of TCP Retransmission and TCP Dup ACK:

lBWtAEKREm.png

How to deal with this?

bedior

I have installed it on virtual server KVM (https://iphoster.net/tarifs?vid=vds). Export: # nov/14/2019 05:18:44 by RouterOS 6.45.7 # software id = # # # /interface ethernet set [ find default-name=ether1 ] disable-running-check=no /interface wireless security-profiles set [ find default=yes ] suppli...

bedior

Hello.
I have install CHR on VDS, with trial license. A few days all work fine, but suddenly Winbox became disconnecting after 0 - 30 seconds after connect. Message: Router IP has been disconnected. How to find problem?

bedior

bedior

Hello! I am working on failover script and found, that after change route distance of my ISP and disable/enable lt2p connection, my l2tp connect much longer. In log I found rows: cvRPhBc9mp.png But, when I disable/enable lt2p connection without change routes, it connect much faster: wVQY3miIBN.png W...

bedior

I understand. But I don't need to execute script for every DNS query. It's enough to run script when resolved IP stored in cache. In average it has on my router 500 entries.

bedior

There are no DNS resolve high load. I mean that my script do high load because need very often check new DNS resolutions. I want add some domains and they subdomains to address list, so I read list of watching domain from file, than find them in DNS cache, and add to address list. If schedule it eve...

bedior

Hello!
Is any possible to run script after DNS server resolve or update DNS cache? Run script every second and check DNS cache is CPU load expensive. Maybe is possibility to run script by Firewall event?

bedior

колбаскин
I think this issue located more deeply, not in settings. Support will not help you, bro. They will be ask you many parameters, all data, maybe even access to device, than connect to it for 2 minutes, and say, that it's ok, try to change iPhone, reinstall Viber...

bedior

About site-to-site

bedior

How configure it as client?

bedior

Is ability to configure IKEv2 tunnel as client to Strongswan in RouterOS 6.38?

bedior

Hello.
Is ability to configure IKEv2 tunnel as client to Strongswan in RouterOS 6.38?

bedior

Hello. I want to replace my slow RB2011UiAS-2HnD-IN with RB3011UiAS-RM. I need to improve VPN (L2TP/IPsec with AES-256). My current give 16 mbit/s DL and 19 mbit/s UL. What speed I can get on RB3011UiAS-RM? It support Hardware Acceleration or not? I want to buy separate Wi-Fi access point. What you ...

bedior

@bedior did you try using AES128, whats the speed then? If I assume correctly AES256 was faster with an older firmware?

I have tried AES128, but there are very little difference. So I forced to use old firmware.

bedior

Thanks alot for the swift reply! 24Mbit is sufficient for my needs. So I can use this board as a router/ipsec router providing VLANs and and wifi?

Oh, it's very optimistically... Please, read: http://forum.mikrotik.com/viewtopic.php?t=110714

bedior

Not until RouterOS v7

So not until next year at the earliest

It mean "Yes, but software not support yet"? Or will be new hardware revision?

bedior

Thank you. Not so fast as needed.

bedior

It will support hardware acceleration?

bedior

BlackVS, test, please, LT2P/IPsec with AES-256. About your stranges with CPU, I think this is global firmware bug, I found it at all firmwares after 6.34.4: http://forum.mikrotik.com/viewtopic.php?t=110714. Support say, that all is ok, buy more powerful router. As we see, most very powerful routers ...

bedior

I more interesting with Softether, how it work with this server, not strongswan.

bedior

CPU power does not figure, because Mikrotik has not optimized firmware, and don't want accept problems and fix its. See my topic as sample of speed degradation on same device: http://forum.mikrotik.com/viewtopic.php?t=110714

bedior

Can you test with Softether VPN on L2TP/IPsec AES-256?

bedior

Please, test it on Softether (l2tp/ipsec) with AES-256. It seems ipsec became very bugged after 6.34.4: http://forum.mikrotik.com/viewtopic.php?t=11071, so 400 mb/s is very sintetic, imho.

bedior

Hej Dual-Core 880 MHz, MIPS1004Kc etc.. similar specification as Ubu EdgeRouter . Hmmm...Interesting. The difference is that EdgeRouter X has 256 MB NAND. EdgeOS might need 256 MB of storage space to fit all applications. :) In your opinion, what better to buy, RB750Gr3 or EdgeRouter X/EdgeRouter L...

bedior

So, anybody buy RB750Gr3? Have you tried IPsec?

bedior

Let's discuss routers, not nations. A lot of people have troubles with Mikrotik hardware, some things works bad, and I, and maybe колбаскин, wants that our devices works as described. Mikrotik must be interested with this too.

bedior

It is quite regular for routers that on firmware updates that add more features, the top speed decreases because CPU overhead for the new features has increased. This happens in all routers, probably not for every upgrade. Of course, if new features is used. But why speed decrease, when new feature...

bedior

Maybe speed degradation after firmware updates, is Windows or ISP problem too?

))

bedior

RB750Gr3 is more powerful than RB850Gx2 and EdgeRouter Lite? If i found correctly, RB750Gr3 is equal EdgeRouter X? Which will be faster?

bedior

Hello. Currently I'am using VPN as client on Mikrotik RB2011UiAS-2HnD-IN, it's giving me speed 23 mbit/s downloading and 20 mbit/s uploading on old firmware, new firmware give 16/20. My WAN give 30/100. If i connect to VPN by Windows client, it give 30/80 mbit. I think to replace it with EdgeRouter ...

bedior

I checked older versions and found, that last working version was 6.34.4. Video:
6.34.4: https://www.youtube.com/watch?v=-NlQYavQ78Y
6.35: https://www.youtube.com/watch?v=J0WTUJFkRJ0

bedior

I make video demonstration:

In my logic if decryption need less CPU power, it must pass more data.

About FastTrack - where I can tune it?

bedior

Thank you. But why an old version of firmware it work with AES-256 on 24 mbps, but on current 14 mbps? Why downloading doesn't load fully CPU, when uploading do that? If CPU weak why uploading with AES-256 give 20 mbps?

bedior

I have 1 client (on router), VPN server is VDS with Softether. Devices in local network 3, but if all devices except one is powered off, than nothing change.

bedior

Downloading:

8k3POSM1qX.png

Uploading:

rv3jgA8Jod.png

bedior

Hello. After update RB2011UiAS-2HnD-IN on 6.35.2 or 6.36 inbound speed became slower at L2TP/IPsec (AES256 + SHA1): http://www.speedtest.net/result/5349439075.png (CPU 60% when downloading) On version 6.32.2: http://www.speedtest.net/result/5349455563.png (CPU 100% when downloading) Any ideas why ...

bedior

What about LT2P speed? This is connected with Fasttrack?

bedior

RB2011UiAS-2HnD-IN on 6.35.2 give slower L2TP/IPsec (AES256 + SHA1):
http://www.speedtest.net/result/5349439075.png (CPU 60% on download)
On version 6.32.2:
http://www.speedtest.net/result/5349455563.png (CPU 100% on download)

Why?

bedior

Hello. I have a pppoe connection to my ISP and LT2P/IPsec connection to my VPN server. I have a mangle that mark all my traffic as L2TP and a route, that transfer it to lt2p interface. I want use torrents over my ISP not over VPN, I have disabled uTP and encryption in uTorrent and in mangle set &quo...

Search found 41 matches