Community discussions

Search found 53 matches

by cpliu903
Mon Jan 16, 2017 3:36 am
Forum: Wireless Networking
Topic: how to implement Mesh Network?
Replies: 2
Views: 1420

how to implement Mesh Network?

We can find below router/AP for Mesh network implementation. https://madeby.google.com/wifi/how-it-works/ https://www.netgear.com/home/products/networking/orbi/?cid=FB_Q12016_20 http://www.linksys.com/us/velop/ For RouterOS: Q1: How many minimum device for Mesh Network ? Q2: Which Wireless WDS Mesh...
by cpliu903
Fri Jul 15, 2016 10:44 am
Forum: RouterBOARD hardware
Topic: Switch CRS112-8G-4S-IN vs Netgear GS308
Replies: 0
Views: 414

Switch CRS112-8G-4S-IN vs Netgear GS308

how to compare these product ?
Netgear GS308 has offer high performance than CRS112-8G-4S-IN ?


http://routerboard.com/CRS112-8G-4S-IN

http://www.downloads.netgear.com/files/ ... bit_DS.pdf
by cpliu903
Fri May 06, 2016 4:01 am
Forum: Beginner Basics
Topic: L2TP/IPsec with firewall rule
Replies: 6
Views: 30818

Re: L2TP/IPsec with firewall rule

What is your WAN interface / IP? Please do not type out the full public IP. use: x.x.x.(last octet) What do the logs show? The logs are going to be the best bet to find the problem. I don't see anything "wrong" off-hand. Most likely you have a different setting somewhere between the client and the ...
by cpliu903
Thu May 05, 2016 2:57 pm
Forum: Beginner Basics
Topic: L2TP/IPsec with firewall rule
Replies: 6
Views: 30818

L2TP/IPsec with firewall rule

When enable L2TP/IPSec, ros will be generate a peer, then I have add follow firewall rule, but cannot connect VPN. Please advise which rule is missing ? [admin@MikroTik] /ip ipsec peer> print Flags: X - disabled, D - dynamic 0 D address=::/0 local-address=:: passive=yes port=500 auth-method=pre-shar...
by cpliu903
Fri Apr 15, 2016 4:57 am
Forum: RouterBOARD hardware
Topic: Ask for for new hardware models
Replies: 2
Views: 857

Ask for for new hardware models

called as hAP ac 2 Home use version: No POE ( reduce cost ) No SFP ports ( reduce cost ) No USB ( reduce cost ) No console port ( reduce cost ) 5 x 10/100/1000 Ethernet Ports ( Must include ) Support dual band 802.11a/n/ac, MIMO 3 x 3 ( Must include ) 256 or 512 RAM Dual Core CPU with Hardware encr...
by cpliu903
Wed Apr 13, 2016 4:44 pm
Forum: Beginner Basics
Topic: Analysis Log message
Replies: 1
Views: 389

Analysis Log message

For log number 39, Why ROS has received L2TP UDP packet, but no user login info has logged. Is it invalid connection ??

For log number 41, OpenVPN is established from unknown ip address, but it's also no user login info has logged.

What's problem? Please help !
log20160413.png
by cpliu903
Tue Apr 12, 2016 4:30 pm
Forum: Beginner Basics
Topic: Firewall Rule: Allow Only Ipsec Ecapsulated Traffic
Replies: 3
Views: 667

Re: Firewall Rule: Allow Only Ipsec Ecapsulated Traffic

use the IPsec policy matcher method
how to config ?
by cpliu903
Tue Apr 12, 2016 9:21 am
Forum: Beginner Basics
Topic: Can listen two ports on OpenVPN Server?
Replies: 3
Views: 1178

Re: Can listen two ports on OpenVPN Server?

I don't think it can run two instances, but with NAT port forwarding you should be able to get 1 instance to listen on two ports.

Use a dst-nat, when packets for port 443 come in via wan1, then action=dst-nat, to-port: 1194
When ROS support UDP mode, how to port forward from TCP 443 to UDP 1194 ?
by cpliu903
Mon Apr 11, 2016 4:33 pm
Forum: Beginner Basics
Topic: Firewall Rule: Allow Only Ipsec Ecapsulated Traffic
Replies: 3
Views: 667

Firewall Rule: Allow Only Ipsec Ecapsulated Traffic

Refer to this: http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Allow_Only_Ipsec_Ecapsulated_Traffic Using generic Ipsec Policy The trick of this method is to add default policy with action drop. Lets assume we are running L2TP/IpSec server 1.1.1.1 with public address and we want to drop all non encryp...
by cpliu903
Mon Apr 11, 2016 4:29 am
Forum: Beginner Basics
Topic: Can listen two ports on OpenVPN Server?
Replies: 3
Views: 1178

Can listen two ports on OpenVPN Server?

Can listen two ports ( TCP 443, 1194 ) on OpenVPN Server?


Refer to this topic, it seems WRT can support run two instance with tow Seperate Ports.
http://blog.omotech.com/?p=602
by cpliu903
Wed Apr 06, 2016 1:48 pm
Forum: Beginner Basics
Topic: allow access WebFig from public ip
Replies: 4
Views: 1884

Re: allow access WebFig from public ip

add chain=input action=accept in-interface=wan_iface src-address=remote_ip protocol=tcp dst-port=80 Move in over your drop rule in input chain. Is risky if you not specify src-address! src-address is dynamic ip such as my mobile device. Thus I try to use specify src-mac-address. Any idea for this ??
by cpliu903
Wed Apr 06, 2016 10:24 am
Forum: Beginner Basics
Topic: allow access WebFig from public ip
Replies: 4
Views: 1884

allow access WebFig from public ip

how to allow specify device for access WebFig from public ip??

I try to use this rule, but not work.
add chain=input protocol=tcp action=accept src-mac-address=xxxxx in-interface=WAN
by cpliu903
Mon Apr 04, 2016 6:00 pm
Forum: General
Topic: OpenVPN works on Android, same config does not on iOS?
Replies: 4
Views: 3561

Re: OpenVPN works on Android, same config does not on iOS?

change: dev tun (for Android client) to dev tap (in the client script for Windows or iOS connection ). also change: Mode: ip (for Android) to Mode: ethernet (under /ppp OpenVPN sever setting) I have faced same problem on iOS connection. iOS OpenVPN client return error message: PolarSSL: SSL read er...
by cpliu903
Thu Mar 31, 2016 4:53 am
Forum: Beginner Basics
Topic: VPN Access not work in Quick Set
Replies: 3
Views: 2058

Re: VPN Access not work in Quick Set

L2TP/Ipsec by default works with PSK (not xauth) and no modeconf, it is very easy to misconfigure iphone client settings by selecting ipsec + modeconf or instead of PSK authentication configure to use xauth. Reset to factory config and follow up this tutorial to config again. http://wiki.mikrotik.c...
by cpliu903
Wed Mar 30, 2016 4:02 pm
Forum: Beginner Basics
Topic: VPN Access not work in Quick Set
Replies: 3
Views: 2058

VPN Access not work in Quick Set

My Device is hAP ac with factory config. ROS version: 6.33.5 (stable) I have enabled VPN access in menu "Quick Set" and then ROS will auto config below VPN. Howerver only PPTP is working. How to solved it ? 1. PPTP - OK ( iOS 9.3 and WIN7 ) 2. L2TP/IPsec - FAIL ( iOS 9.3 and WIN7 ) 3. SSTP - FAIL ( ...
by cpliu903
Mon Mar 21, 2016 3:51 pm
Forum: Beginner Basics
Topic: How to config ipsec with Xauth for iPhone
Replies: 2
Views: 817

How to config ipsec with Xauth for iPhone

Can setup Cisco IPSec on ROS for iPhone ? If yes, could your share your config ?
by cpliu903
Wed Mar 02, 2016 3:02 am
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134332

Re: HAP AC

@normis for next generation version, can use dual core CPU ? Well, let´s call it: "HAP AC2" :D - Of course with some 802.11ac (wave 2) ASIC, e.g. with QCA9984 - What about a coprocessor? ( Of course an Atheros ASIC does have a processor for handling firewall rules, but when I look at my switches wi...
by cpliu903
Mon Feb 29, 2016 3:15 am
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134332

Re: HAP AC

I just finished writing a kind of review with more detailed statistics on my blog. You can find it here! [/b] It's very great review !!! the hAP AC will never be able to achieve it's 3x3 AC radio maximum a 1300Mbit link would allow for. Realistically and the highest I've ever seen in a review that ...
by cpliu903
Thu Feb 25, 2016 10:37 am
Forum: General
Topic: Feature request: OpenVPN compression LZO and UDP
Replies: 200
Views: 93423

Re: Feature request: OpenVPN compression LZO and UDP

which version will be include this new feature ??
by cpliu903
Thu Feb 25, 2016 8:42 am
Forum: RouterBOARD hardware
Topic: Encryption performance on OpenVPN/IPsec VPN
Replies: 32
Views: 14916

Re: Encryption performance on OpenVPN/IPsec VPN

For below VPN, Which is the fastest in the ROS ?

OpenVPN (TCP)
Cisco IPsec
L2TP Over IPsec
SSTP
by cpliu903
Sun Feb 21, 2016 1:59 pm
Forum: RouterBOARD hardware
Topic: Encryption performance on OpenVPN/IPsec VPN
Replies: 32
Views: 14916

Re: Encryption performance on OpenVPN/IPsec VPN

with VPN ? this topic is now about VPN, it got very off topic, so we split it. hAP ac wireless tests we have not published, but I could see what we can do. This guy has excellent results, but I am not sure what he tested and how: https://twitter.com/Janamaja/status/698152711896829953 Hi normis, cou...
by cpliu903
Fri Feb 19, 2016 5:59 am
Forum: RouterBOARD hardware
Topic: 256-bit OpenVPN @ 200/200 mbps
Replies: 15
Views: 11738

Re: 256-bit OpenVPN @ 200/200 mbps

Refer to FortiGate/FortiWiFi 30D Series.
http://www.fortinet.com/sites/default/f ... te-30D.pdf

There can provide 350Mbps for IPsec VPN Throughput (512 byte packets), but only provide 25Mbps for SSL-VPN Throughput.

why huge difference ?
by cpliu903
Thu Feb 18, 2016 11:44 am
Forum: RouterBOARD hardware
Topic: Encryption performance on OpenVPN/IPsec VPN
Replies: 32
Views: 14916

Re: HAP AC

I only concern about wireless router with VPN performance (OPVN and IPSEC). Based on these result, WRT1900ACS is better for me ( not hAP ac ) ?? On hAP AC you will get around 10-15Mbps (The OpenVPN performance is limited by CPU), On Turris/1900ACS you will get around 90Mbps. I would wait for Turris...
by cpliu903
Thu Feb 18, 2016 11:32 am
Forum: RouterBOARD hardware
Topic: CCR1009-8G-1S-1S+ is a BEST ROUTER !!!
Replies: 19
Views: 6026

Re: CCR1009-8G-1S-1S+ is a BEST ROUTER !!!

CCR 1009 Series can install R11e-5HacT card ?

http://routerboard.com/R11e-5HacT
by cpliu903
Thu Feb 18, 2016 9:04 am
Forum: RouterBOARD hardware
Topic: Encryption performance on OpenVPN/IPsec VPN
Replies: 32
Views: 14916

Re: HAP AC

The WRT1900ACS appears to use the same CPU and here they show that it reaches 10-12MB/s: http://www.smallnetbuilder.com/wireless ... l=&start=1. I kind of believe that, because this MIPS processors are pretty weak. And here too: https://airvpn.org/topic/11827-routers-with-aes-256-cbc-acceleration/ ...
by cpliu903
Thu Feb 18, 2016 4:53 am
Forum: RouterBOARD hardware
Topic: Encryption performance on OpenVPN/IPsec VPN
Replies: 32
Views: 14916

Re: HAP AC

The WRT1900ACS appears to use the same CPU and here they show that it reaches 10-12MB/s: http://www.smallnetbuilder.com/wireless ... l=&start=1. I kind of believe that, because this MIPS processors are pretty weak. And here too: https://airvpn.org/topic/11827-routers-with-aes-256-cbc-acceleration/ ...
by cpliu903
Wed Feb 17, 2016 4:11 pm
Forum: RouterBOARD hardware
Topic: 256-bit OpenVPN @ 200/200 mbps
Replies: 15
Views: 11738

Re: 256-bit OpenVPN @ 200/200 mbps

I just built to run PFSense. The CPU is a Celeron N3150 which supports AES-NI. The box will route gigabit all day with no issues and run IPSEC AES-256-CBC at about 125Mbit without AES-NI enabled, OpenVPN AES-256-CBC will only push 98Mbit. Enabling AES-NI support at the kernel level brings IPSEC AES...
by cpliu903
Wed Feb 17, 2016 11:09 am
Forum: RouterBOARD hardware
Topic: Encryption performance on OpenVPN/IPsec VPN
Replies: 32
Views: 14916

Re: HAP AC

Which wireless router can provide 50~100 Mbps throughput for OpenVPN ? The CCR series routers. The 1100AHx2 (the pre-CCR flagship). And once the hardware crypto works (I don't know if it does already), the RB3011 series should be able to reach this as well. 1100AHx2 and RB3011 are not wireless rout...
by cpliu903
Wed Feb 17, 2016 2:57 am
Forum: RouterBOARD hardware
Topic: Encryption performance on OpenVPN/IPsec VPN
Replies: 32
Views: 14916

Re: HAP AC

It is interesting too see the CPU% when doing this 500Mbps. Either way the results are not astonishing. @cpliu903 I expect that you will see no more 30Mbps IPsec md5/aes, and no more than 10-15Mbps OpenVPN sha1/aes. http://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-r...
by cpliu903
Tue Feb 16, 2016 3:15 pm
Forum: RouterBOARD hardware
Topic: Encryption performance on OpenVPN/IPsec VPN
Replies: 32
Views: 14916

Re: HAP AC

Could you also test VPN performance ( ipsec and openvpn ) ?? Yes. Can you describe more in detail VPN config and methodology tests? About VPN config, please see wiki http://wiki.mikrotik.com/wiki/Manual:TOC Test case: 1. Site to Site 2. Remote client access for mobile and PC device ( show network s...
by cpliu903
Tue Feb 16, 2016 1:27 pm
Forum: RouterBOARD hardware
Topic: Encryption performance on OpenVPN/IPsec VPN
Replies: 32
Views: 14916

Re: HAP AC

It is interesting too see the CPU% when doing this 500Mbps. Either way the results are not astonishing. @cpliu903 I expect that you will see no more 30Mbps IPsec md5/aes, and no more than 10-15Mbps OpenVPN sha1/aes. http://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-r...
by cpliu903
Tue Feb 16, 2016 3:27 am
Forum: RouterBOARD hardware
Topic: Encryption performance on OpenVPN/IPsec VPN
Replies: 32
Views: 14916

Encryption performance on OpenVPN/IPsec VPN

My fast test result: http://take.ms/fAhKw
For test was used nas qnap-ts210 connected to lan (1 Gbit) and macbook pro 15" 2015 802.11ac (connection speed 867 - 1300 Mbits/s)
Traffic was generated with iperf
Could you also test VPN performance ( ipsec and openvpn ) ??
by cpliu903
Thu Feb 11, 2016 11:30 am
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134332

Re: HAP AC

we have so many choice for other brand model such as Asus, Netgear. You gotta be kidding, right? Comparing ROS to stock firmware of SOHO routers or even DD-WRT is like comparing bicycle to motorcycle - both rides, both ends with "cycle" but...[/quote] ROS have more features but is not equals high p...
by cpliu903
Thu Feb 11, 2016 6:42 am
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134332

Re: HAP AC

http://routerboard.com/RB962UiGS-5HacT2HnT

$129 USD. Too expensive!

In this price range, we have so many choice for other brand model such as Asus, Netgear.
by cpliu903
Sat Feb 06, 2016 6:06 am
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134332

Re: HAP AC

I've got reply from official US distributor. Standard price will be $106/unit.

Oh no !! I's too expensive for that spec.
Please remove feature POE and SFP for reduce cost. Home user no need POE and SFP.
by cpliu903
Fri Jan 29, 2016 3:18 am
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134332

Re: HAP AC

Littlebill,

HAP AC was anounced in April 2015. Probably MT is waiting for April 2016 to deliver it.
It's too bad and misleading. Let's wait 1 year.
by cpliu903
Wed Jan 13, 2016 11:07 am
Forum: General
Topic: how to config RB + GPON Module with ISP ?
Replies: 3
Views: 851

Re: how to config RB + GPON Module with ISP ?

How to config RouterOS + GPON Module as a replacement for ISP Fiber Modem ? Can work ? Ask your ISP if they support this and want to help you with the registration. See below in the forum how someone else got the reply that his ISP only support the device they supply. My ISP support GPON Module. Ho...
by cpliu903
Tue Jan 12, 2016 4:51 am
Forum: General
Topic: how to config RB + GPON Module with ISP ?
Replies: 3
Views: 851

how to config RB + GPON Module with ISP ?

How to config RouterOS + GPON Module as a replacement for ISP Fiber Modem ?

Can work ?
by cpliu903
Mon Jan 11, 2016 3:09 am
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134332

Re: HAP AC

now THAT would be great. hoping they will have the paperworks through soon .... can't wait longer to claim a hAP AC ... We have it and it works fine. I have one right in front of me. But some paperwork takes longer than usual. Hi normis, when time finish paperwork? Jan or Feb ? We have waited for t...
by cpliu903
Tue Dec 29, 2015 2:48 am
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134332

Re: HAP AC

Mikrotik say in PDF so hAP AC is 2,4Ghz - dual chain and 5Ghz - Triple Chain http://gregsowell.com/wp-content/uploads/2015/04/eumum3.png In this review say - RB962UiGS-5H acT 2H nT It mean 2,4Ghz-triple chain, 5 Ghz-triple chain. http://mikrotik.co.id/artikel_lihat.php?id=164 What is true? Mikrotik...
by cpliu903
Thu Dec 24, 2015 10:00 am
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134332

Re: HAP AC

I already got a few hAP ac lite (952Ui-5ac2nD).

I guess we will have also hAP ac really soon.
how about wireless performance ?
by cpliu903
Tue Dec 22, 2015 5:36 am
Forum: RouterBOARD hardware
Topic: CCR1009-8G-1S-1S+ is a BEST ROUTER !!!
Replies: 19
Views: 6026

Re: CCR1009-8G-1S-1S+ is a BEST ROUTER !!!

IS-IS is not supported in the Kernel
Well, we're expecting an kernel update in ROS v7.0...
update to latest Linux Kernel ???
by cpliu903
Wed Dec 16, 2015 9:30 am
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134332

Re: HAP AC

you think hap ac will be released until christmas?
or only before MUM Europe 2016 +/-1year ?
Sorry but it will not be ready this year
Please speed up to release hAP AC !!! Jan 2016 ?? Feb 2016 ??
by cpliu903
Wed Dec 16, 2015 4:47 am
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134332

Re: HAP AC

AC Wireless with 1/100 mbps LAN ports.. LOL :lol:
As cdr.pl say. Maybe hAP ac lite will be sold this year

http://www.cdr.pl/download/hAP_ac_lite.pdf

Why routerboard always provide 10/100Mbps Ethernet ports? too outdated.

And what's specifications for hAP AC ??
by cpliu903
Wed Dec 02, 2015 6:22 am
Forum: General
Topic: Feature request: OpenVPN compression LZO and UDP
Replies: 200
Views: 93423

Re: Feature request: OpenVPN compression LZO and UDP

+1

UDP very very very important.
by cpliu903
Tue Dec 01, 2015 2:55 am
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134332

Re: HAP AC

still waiting from september, please tell ~ release date....
me too. who know ?
by cpliu903
Mon Nov 30, 2015 10:14 am
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134332

Re: HAP AC

When time release ?
by cpliu903
Mon Nov 30, 2015 9:51 am
Forum: RouterBOARD hardware
Topic: RB850Gx2 Can add external antennas ?
Replies: 3
Views: 660

Re:

You can. But where do you would like to connect them? This board does not have any radio.
which product can integrated with RB850Gx2 and broadcast wifi radio ( No AP solution ) ?
by cpliu903
Mon Nov 30, 2015 8:32 am
Forum: RouterBOARD hardware
Topic: RB850Gx2 Can add external antennas ?
Replies: 3
Views: 660

RB850Gx2 Can add external antennas ?

RB850Gx2 Can add external antennas ?
by cpliu903
Tue Nov 17, 2015 2:55 am
Forum: RouterBOARD hardware
Topic: Which best routerBoard for VPN remote access ?
Replies: 4
Views: 1113

Re: Which best routerBoard for VPN remote access ?

Any RB would do, depending on throughput needed, what's your internet uplink bandwidth?
My internet have 500Mbps bandwidth.
Which model can provide 30Mbps - 50Mbps for L2TP/IPSEC or OpenVPN remote access ?
by cpliu903
Mon Nov 16, 2015 3:06 am
Forum: RouterBOARD hardware
Topic: Which best routerBoard for VPN remote access ?
Replies: 4
Views: 1113

Which best routerBoard for VPN remote access ?

For home user, Please suggestion me Which best routerBoard for VPN remote access ?
by cpliu903
Thu Apr 02, 2015 4:11 am
Forum: RouterBOARD hardware
Topic: RB450G VS RB750GL
Replies: 0
Views: 545

RB450G VS RB750GL

RB450G VS RB750GL
Which is better for VPN purpose ?
by cpliu903
Wed Apr 01, 2015 10:23 am
Forum: RouterBOARD hardware
Topic: how many VPN throughput for RB750GL ?
Replies: 0
Views: 460

how many VPN throughput for RB750GL ?

Model: RB750GL

How many throughput for L2TP/IPSEC and OpenVPN ( Client to Site ) ??