Community discussions

Search found 52 matches

by xt22
Tue Oct 15, 2019 3:33 pm
Forum: General
Topic: Anyone has working IKEv2 vpn server on Mikrotik with ROS 6.40+?
Replies: 1
Views: 109

Anyone has working IKEv2 vpn server on Mikrotik with ROS 6.40+?

Hello, does anyone have working IKEv2 vpn server running on ROS 6.40+, working with windows and mac? If yes, can you please post your config and ROS version? EAP is not possible for server, only for client (6.45.6, throws error "Only EAP client supported"). Certificates don't work or have issues on ...
by xt22
Fri Aug 09, 2019 12:51 am
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 97
Views: 32657

Re: v6.44.5 [long-term] is released!

has anyone had any wireless problems with cAP (RBcAPGi-5acD2nD) and 6.44.5? After upgrading from the great 6.43.16 (I didn't know about the devices for like a year) to 6.44.5, I started to receive complaints from users. I don't see anything in logs or monitoring, but users say internet drops for a w...
by xt22
Wed Jul 24, 2019 12:22 am
Forum: General
Topic: Airprint (multicast?) problems in network
Replies: 0
Views: 231

Airprint (multicast?) problems in network

Hello, my network is growing bigger and bigger, and I am starting to have weird problems with Airprint and sometimes even winbox connecting to mac addresses. Situation: CCR1036 router/gw/fw, connected with 10Gb SFP cable to CRS317 (all ports in bridge, works like a SFP switch), and from CRS317 two S...
by xt22
Tue Jul 23, 2019 11:50 pm
Forum: General
Topic: VLAN problem with another network [SOLVED]
Replies: 2
Views: 371

Re: VLAN problem with another network [SOLVED]

thank you sindy. yes, I am much more familiar with tunnels of any kind (and don't like vlans in more than one switch), so I did exactly that and it works like a charm, without bothering about any other switches on the way etc. thank you
by xt22
Sun Jul 14, 2019 3:02 pm
Forum: General
Topic: VLAN problem with another network [SOLVED]
Replies: 2
Views: 371

VLAN problem with another network [SOLVED]

Hello, I need to bridge another network within our hw, probably with VLAN, even though I have read the tutorials, wiki etc it is not very clear for me, all examples are about one router creating more VLANs. Situatuon: Our network - CCR router in main rack with CRS317 and some CRS326s, fiber uplinks ...
by xt22
Thu Jun 20, 2019 9:56 pm
Forum: General
Topic: CRS 326/328/317 two bridges HW [SOLVED]
Replies: 3
Views: 431

Re: CRS 326/328/317 two bridges HW [SOLVED]

thank you - that's valuable information.
by xt22
Thu Jun 20, 2019 7:19 pm
Forum: General
Topic: CRS 326/328/317 two bridges HW [SOLVED]
Replies: 3
Views: 431

CRS 326/328/317 two bridges HW [SOLVED]

Hello, I need to separate port groups in some of my switches, for example 1-16 network1, 17-24 network 2. Due to the concept of the switch, I can't create two bridges with HW offloading (I can do that on my CRS125 though). I can replace the last 8 ports with $30 cisco/linksys 8p switch running at wi...
by xt22
Fri May 31, 2019 6:14 pm
Forum: RouterBOARD hardware
Topic: CCR1036 memory upgrade question
Replies: 29
Views: 4657

Re: CCR1036 memory upgrade question

Going back to the memory upgrade question - be careful now and don't make the same mistake I did, there are no RAM slots in new revision, so no upgrade is possible without soldering. In my country I'd have to wait 2 weeks for the EM version, of course I needed the unit asap so I bought the 4GB one a...
by xt22
Sun May 12, 2019 3:26 pm
Forum: Scripting
Topic: read file size [SOLVED]
Replies: 9
Views: 745

Re: read file size [SOLVED]

Well but I do netwatch logging all the time! /tool netwatch add down-script="/log warning message=\"x.x.x.x is down\"" host=x.x.x.x up-script="/log info message=\"x.x.x.x is up\"" This writes the message to the log with tags "script, warning" or "script, info" and you can configure logging to write...
by xt22
Thu May 02, 2019 2:34 am
Forum: Scripting
Topic: read file size [SOLVED]
Replies: 9
Views: 745

Re: read file size [SOLVED]

So this i a 100% closed network for some system that are not near any form for internet connection? It may be a solution to setup a server with two network card. One interface connected to the closed network and one to some internet. Then it may use resylog to forward syslog messages. But this many...
by xt22
Sun Apr 28, 2019 8:36 pm
Forum: Scripting
Topic: read file size [SOLVED]
Replies: 9
Views: 745

Re: read file size [SOLVED]

jotne: hmm, even though not all of our routers are able to reach internet, it is very interesting project and I'll take a look at Splunk - I didn't even know something like this existed. pe1chl: I am not really fan of this word playing, I know how the variable limit works and that's why I wrote "fil...
by xt22
Sat Apr 27, 2019 1:31 am
Forum: Scripting
Topic: read file size [SOLVED]
Replies: 9
Views: 745

read file size [SOLVED]

Hello, I have a netwatch script writing log to a file, and I often hit the prehistoric 4096B limit for file/variable. It seems there is no workaround for this, so I need to read the filesize and deal with it some other way (creating new file if filesize>4000, removing some entries at the beginning e...
by xt22
Sun Jan 20, 2019 6:59 pm
Forum: General
Topic: MIMO, chains
Replies: 3
Views: 407

MIMO, chains

Hello, I have many mikrotik APs, mostly RB2011s, cAPs, RB912Uis. I have changed 802.11b/g to 802.11only-n, and I'm not sure what is the best MIMO setting for AP. I have read articles about MIMO, SIMO, MISO etc, 2x2, 3x3, I also want to buy the new RB4011 with 4x4... What is the best setup? Is it bet...
by xt22
Fri Nov 30, 2018 1:52 am
Forum: General
Topic: wifi showing OS version to scanner
Replies: 3
Views: 420

Re: wifi showing OS version to scanner

hmm.. it is bad surprise that there is no option to disable this :-/
by xt22
Fri Nov 30, 2018 1:45 am
Forum: Wireless Networking
Topic: Removing Mikrotik elements from beacons
Replies: 15
Views: 2441

Re: Removing Mikrotik elements from beacons

agree. +1
by xt22
Thu Nov 29, 2018 6:10 pm
Forum: General
Topic: wifi showing OS version to scanner
Replies: 3
Views: 420

wifi showing OS version to scanner

Hello, today when I ran wireless scanner on my MT, I saw ROS versions on all my other MTs in range. I disabled in Mac Server and Neighbor discovery interfaces on those MTs, but ROS version is still showing. How do I disable this security hole? I don't want to broadcast any info to the air... https:/...
by xt22
Tue Nov 13, 2018 2:47 pm
Forum: General
Topic: PPPoE dsl bug 6.43.4, 6.40.9? Disconnecting every 3-5 mins [SOLVED]
Replies: 3
Views: 895

Re: PPPoE dsl bug 6.43.4, 6.40.9? Disconnecting every 3-5 mins [SOLVED]

yes, I did. Although it is probably not related to MT after all, it seems our provider changed something that made vdsl modems in bridge mode reconnect every few minutes. When they are set to normal routing mode, they work fine - this is probably the reason why their stupid helpdesk swore it cannot ...
by xt22
Mon Oct 29, 2018 12:23 pm
Forum: General
Topic: Multiple CA Certificates for OpenVPN
Replies: 3
Views: 795

Re: Multiple CA Certificates for OpenVPN

I wanted to ask the exactly same question now, so I'm rather bumping this up - is it possible to hawe two CAs? For the same reason - to slowly update from old MD5 certs to new ones?
by xt22
Thu Oct 25, 2018 2:50 pm
Forum: General
Topic: PPPoE dsl bug 6.43.4, 6.40.9? Disconnecting every 3-5 mins [SOLVED]
Replies: 3
Views: 895

PPPoE dsl bug 6.43.4, 6.40.9? Disconnecting every 3-5 mins [SOLVED]

Hello, I have a problem with Mikrotiks over vdsl/adsl lines - it keeps disconnecting every 3-5 minutes. Modem is in bridge mode, mikrotik has set pppoe: 26 R name="pppoe-out1" type="pppoe-out" mtu=1480 actual-mtu=1480 fast-path=yes last-link-down-time=oct/25/2018 13:07:36 last-link-up-time=oct/25/20...
by xt22
Fri Oct 19, 2018 12:36 pm
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 90579

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Instead, pay them to implement the suggestion in message https://forum.mikrotik.com/viewtopic.php?p=692031#p692031 That will serve a lot of other purposes on CCR. Although I agree, I believe that would take some serious time. I don't get the point of not implementing already finished UDP support an...
by xt22
Thu Oct 18, 2018 4:58 pm
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 90579

Re: Feature Request: OpenVPN [ovpn] udp tunnels

+1 for UDP.

Damn, take 10% of my payments to you for routers and hire a programmer for 6 months to do this (he'll implement it in a few weeks and work for you for the remaining 5 months) :-/ It is so annoying to have CCRs with speed of RB750 running openvpn via TCP..
by xt22
Wed Oct 17, 2018 1:42 pm
Forum: General
Topic: Bandwidth test on public ip
Replies: 0
Views: 887

Bandwidth test on public ip

Hello, I have two routers (both 6.40.8, I tried also 6.42.9) with two public ips, want to test bandwidth but I can't make the damn thing work, it keeps saying can't connect. No matter if I select TCP, UDP, with or without authentication.. Mikrotik does not say anything specific about ports to open i...
by xt22
Mon Jul 30, 2018 7:26 pm
Forum: General
Topic: LCD option missing in winbox for RB2011 r2
Replies: 1
Views: 446

LCD option missing in winbox for RB2011 r2

I wrote it already to the 6.40.8 thread https://forum.mikrotik.com/viewtopic.php?f=21&t=133585&p=676233#p676233 , but with no response. I don't know if this problem is ROS or winbox related - has anyone seen/solved it too? ---------- There is probably a winbox (ROS?) bug in 3.11 and 3.16 with the ne...
by xt22
Wed Jul 25, 2018 8:38 pm
Forum: Announcements
Topic: v6.40.8 [bugfix] is released!
Replies: 35
Views: 17143

Re: v6.40.8 [bugfix] is released!

There is probably a winbox (ROS?) bug in 3.11 and 3.16 with the new RB2011UiAS-2HnD r2 - LCD option is missing.

ROS 6.40.8, Winbox 3.11 & 3.16. RB2011UiAS-2HnD does have the option, the new RB2011UiAS-2HnD r2 does not.
LCD setting in terminal works, LCD itself too.

Image
by xt22
Mon Jun 18, 2018 11:47 pm
Forum: General
Topic: ipsec tunnel working in 6.37.5, not working in 6.40.8
Replies: 12
Views: 2690

Re: ipsec tunnel working in 6.37.5, not working in 6.40.8

Hi Pasarelli, yes, it has public ip, so it indeed has FILTER and NAT set. But the remote ip is completely allowed, the rule is right after accept related-established and drop-invalid. filter: 5 chain=input action=accept connection-state=established in-interface=ether1 log-prefix="" 6 chain=input act...
by xt22
Mon Jun 18, 2018 11:14 pm
Forum: General
Topic: ipsec tunnel working in 6.37.5, not working in 6.40.8
Replies: 12
Views: 2690

Re: ipsec tunnel working in 6.37.5, not working in 6.40.8

well, I probably can do that, I have enough CCRs and tons of RB2011s I can use for testing. I can create a working tunnel with two 6.37.5, and then upgrade on of them and see - i probably can even indentify the first version that broke this by upgrading to all the versions between 6.37.5 -- 6.40.8. ...
by xt22
Mon Jun 18, 2018 6:45 pm
Forum: General
Topic: ipsec tunnel working in 6.37.5, not working in 6.40.8
Replies: 12
Views: 2690

Re: ipsec tunnel working in 6.37.5, not working in 6.40.8

the default proposal is disabled, I would have removed it but I can't - it says something like "cannot remove ipsec policy (default)". I have already tried to set and enable the default proposal (sha1, aes-256 cbc like the used proposal), but it has no effect (it is in the last part of my previous p...
by xt22
Mon Jun 18, 2018 1:44 am
Forum: General
Topic: ipsec tunnel working in 6.37.5, not working in 6.40.8
Replies: 12
Views: 2690

Re: ipsec tunnel working in 6.37.5, not working in 6.40.8

Hello Sindy, thank you for a very complex debug post. I made a test machine from one of my RB2011, compared the ipsec settings and it seems the ah-esp parameter is the only important thing changed. Differences between configs i found so far: /ip ipsec 6.40.8 (compared to working 6.37.5) ip ipsec pee...
by xt22
Thu Jun 14, 2018 6:08 pm
Forum: General
Topic: ipsec tunnel working in 6.37.5, not working in 6.40.8
Replies: 12
Views: 2690

ipsec tunnel working in 6.37.5, not working in 6.40.8

Hello, I have RB1200 in a company connecting to another location via ipsec tunnel, working well. After the vpnfilter etc bugs, I decided to upgrade to last bugfix release 6.40.8, and it completely broke the tunnel - although I am pretty sure I saw something like "established" in ipsec - remote peers...
by xt22
Tue Mar 20, 2018 2:50 pm
Forum: General
Topic: OpenVPN SHA256 + UDP
Replies: 56
Views: 23142

Re: OpenVPN SHA256 + UDP

+1 for SHA256 :( And UDP also, tcp openvpn from california to rb in europe is slow and laggy, good old l2tp/ipsec on the same machines is more than 10x faster //edit - After the new openvpn TLSv1.2 update - what TLS does mikrotik openvpn server use? Is it possible to force usage of TLSv1.2 only? (--...
by xt22
Wed Feb 21, 2018 3:23 pm
Forum: General
Topic: Bandwidth limiting - working limit-at
Replies: 7
Views: 3339

Re: Bandwidth limiting - working limit-at

ok, so I took four RB2011 and did some more bandwidth testing, it gets interesting. I changed the chain to prerouting with no effect, speeds are still like 176/6, 150/40 - far from 100/100. But the CPU usage was >90%, so I tested it with max-limit 50M and limit-at 25M - it seems working much better,...
by xt22
Wed Feb 21, 2018 2:17 pm
Forum: General
Topic: Bandwidth limiting - working limit-at
Replies: 7
Views: 3339

Re: Bandwidth limiting - working limit-at

I know it should work this way, I tried it and even posted this config in my post, but it does not. The cuplrit may be the the forward chain in my mangle rules (instead of prerouting) - I don't know how big influence can this have, in the packet flow diagram all chains are before HTB, so it should w...
by xt22
Tue Feb 20, 2018 2:06 pm
Forum: General
Topic: Bandwidth limiting - working limit-at
Replies: 7
Views: 3339

Bandwidth limiting - working limit-at

Hello, I want to setup bandwidth limiting with working limit-ats, not wasting usable bandwidth etc, but it never works for me as expected. I have read the articles at the wiki, pcq, htb examples etc, but I just can't get it working. I use mangle and queue trees to set bandwidth for ips or ranges, it...
by xt22
Tue Nov 14, 2017 1:08 pm
Forum: General
Topic: How to export firewall stats [SOLVED]
Replies: 3
Views: 520

Re: How to export firewall stats [SOLVED]

damn, I am dumb :-) thank you mrz
by xt22
Mon Nov 13, 2017 6:56 pm
Forum: General
Topic: How to export firewall stats [SOLVED]
Replies: 3
Views: 520

How to export firewall stats [SOLVED]

Hello, how do I export firewall filter statistics? /ip firewall filter print stats - prints stats /ip firewall filter export file=xx - exports filter rules but how do I export the stats? None of these work /ip firewall filter stats export file=xx /ip firewall filter export stats file=xx /ip firewall...
by xt22
Mon Sep 25, 2017 6:15 pm
Forum: General
Topic: queue tree - how to split bandwidth and enable borrows and lends of unused bandwidth
Replies: 1
Views: 516

queue tree - how to split bandwidth and enable borrows and lends of unused bandwidth

Hello, I am using queue trees (marking packets via mangle), and it works like a charm, shaping works well and accurate. But now, I wand to enable using the unused bandwidth - I believe mikrotik calls this borrows and lends here https://wiki.mikrotik.com/wiki/Manual:Queue : borrows (read-only/read-on...
by xt22
Fri Aug 04, 2017 1:30 pm
Forum: Announcements
Topic: v6.38.7 [bugfix] is released!
Replies: 26
Views: 17963

Re: v6.38.7 [bugfix] is released!

Hello, in 6.38.7, my pcie LTE Huawei ME909u-521 stopped working. I get public ip from the LTE interface, dynamic route gets created with providers gateway, but I can ping neither it, nor google at 8.8.8.8. 6.36.4, 6.38.5, 6.39.1 are all ok (on the same RB). Tested on two RB912UAG-2HPnD, latest fw. A...
by xt22
Sun Dec 04, 2016 9:57 pm
Forum: General
Topic: Excessive memory usage - ovpn server
Replies: 2
Views: 514

Re: Excessive memory usage - ovpn server

either 300 or 1000 lines.

But the RB is probably frozen and not replying any more - probably the watchdog restart wasn't fast enough.

Unfortunately it is not in my office, so I need to ride all the way to the place and restart it :-/

Hopefully I'll get there this week
by xt22
Fri Dec 02, 2016 1:14 pm
Forum: General
Topic: Excessive memory usage - ovpn server
Replies: 2
Views: 514

Excessive memory usage - ovpn server

Hello, I have a problem with one of my RB2011 - something is constantly eating up RAM, rb crashes and forces a restart. It has plenty of RAM (128 MB), and it acts only as OpenVPN server, for approx. 20 connections. There is no shaping, mangle etc, very low traffic.. I have like 40 of RB2011s, some r...
by xt22
Mon Dec 21, 2015 5:55 pm
Forum: General
Topic: Remote access to ROS withous public ip
Replies: 13
Views: 1450

Re: Remote access to ROS withous public ip

ZeroByte> man, you rule!! I had almost everything set the way you do (except small differences like the pool instead of fixed ips, etc), but the problem was probably the route on clients.. I'd swear I tried this route... strange, maybe I tried it on the server side.. Again, big thanks! It works, I'l...
by xt22
Fri Dec 18, 2015 6:46 pm
Forum: General
Topic: Remote access to ROS withous public ip
Replies: 13
Views: 1450

Re: Remote access to ROS withous public ip

on the openvpn server, I have a bridge - local eth + wifi, and when I add to it my computer with vpn client and all the RB's openvpn clients (so they all are in one bridge), I can connect via ssh or winbox to any of them. When i switch it on both sides to tun (called ip in RBs), I can't connect to a...
by xt22
Fri Dec 18, 2015 4:57 pm
Forum: General
Topic: Remote access to ROS withous public ip
Replies: 13
Views: 1450

Re: Remote access to ROS withous public ip

I have finally measured the data, I'm posting it so the post is more accurate and finally with the data - for anyone reading it later. RBs, connected to another RB with public ip, using openvpn, rsa 1024 bit. tap - approx. 160 kB/10 minutes - 960 kB per hour tun - approx. 10 kB/10 minutes - 60 kB pe...
by xt22
Mon Oct 19, 2015 12:20 pm
Forum: General
Topic: Counter for transferred data per user
Replies: 8
Views: 913

Re: Counter for transferred data per user

no, I don't want any logins - there are printers on the network etc - the device must work even when I'm not available.

I'll try the simple queues and see, hope my RB912 doesn't burn :)
by xt22
Sun Oct 18, 2015 8:47 pm
Forum: General
Topic: Remote access to ROS withous public ip
Replies: 13
Views: 1450

Re: Remote access to ROS withous public ip

thanks, both of you. I just wasn't sure about keeping the vpn all the time running, but I'll give it a try and write here the results for anybody's future reference.

good point with the SSTP and 443 pukkita
by xt22
Sun Oct 18, 2015 6:36 pm
Forum: General
Topic: Remote access to ROS withous public ip
Replies: 13
Views: 1450

Re: Remote access to ROS withous public ip

I can and I will have to, although I'd like to hear other people's experience, this doesn't seem to me like a very uncommon task, many people must have dealt with something similar to this
by xt22
Sun Oct 18, 2015 6:28 pm
Forum: General
Topic: Counter for transferred data per user
Replies: 8
Views: 913

Re: Counter for transferred data per user

too bad, although it looked very promising :( I made the hotspot with one admin user, ant set-up walled garden. Users can connect without password, surf the internet, and I can see their MAC and ip addresses under the hosts column, even with their TX/RX and Bytes-in, Bytes-Out.. great!! Unfortunatel...
by xt22
Sun Oct 18, 2015 5:05 pm
Forum: General
Topic: Counter for transferred data per user
Replies: 8
Views: 913

Re: Counter for transferred data per user

Jarda: good point.. although it means to create 200 simple queues (for the whole dhcp range), although the real number of clients will be max 50. Should I expect any performance problems on RB912UAG with 200x simple queue + graphs? chechito: I am unable to connect to the router, so I need to get the...
by xt22
Fri Oct 16, 2015 5:19 pm
Forum: General
Topic: Remote access to ROS withous public ip
Replies: 13
Views: 1450

Re: Remote access to ROS withous public ip

the connection may drop to gprs, there is a limit for monthly transferred data.. I don't know what is the vpn overhead traffic consumption for the tunnel itself - keepalive packets etc.. it probably is not much, but the device may be online 24hrs/day for the whole month... It won't really be a tunne...
by xt22
Fri Oct 16, 2015 4:47 pm
Forum: General
Topic: Counter for transferred data per user
Replies: 8
Views: 913

Counter for transferred data per user

Hello, I would like to know how much data was transferred by every user (per ip, MAC, etc) - is it possible to have some counter like this? Traffic flow is great, but it is realtime, I'd like something like the counter for interfaces, etc. I know that when i mangle packets, I can see the transferred...
by xt22
Fri Oct 16, 2015 4:38 pm
Forum: General
Topic: Remote access to ROS withous public ip
Replies: 13
Views: 1450

Remote access to ROS withous public ip

Hello, I have some mikrotiks used for internet backups via LTE, but I'd like to be able to connect to them somehow remotely and see the traffic etc - we have problems with dumb users eating bandwidth when using HD youtube as a radio fot the whole day etc, and even for some re-settings I'd love to do...
by xt22
Thu Jul 16, 2015 5:41 pm
Forum: Beginner Basics
Topic: How to type question mark?
Replies: 1
Views: 532

How to type question mark?

Hello, sorry for this pretty stupid question, but I tried almost everything and I didn't find any info.. How can I type question mark ( ? ) in winbox? Some help window always jumps out instead of typing ?, I thought it is some winbox thing, but it's the same even with ssh.. It seems to me that it wo...
by xt22
Tue Jul 14, 2015 1:57 pm
Forum: General
Topic: Known issues and bugs - a list
Replies: 283
Views: 110930

Re: Known issues and bugs - a list

Issue: LTE interface - when anything is entered in modem-init, it cannot be set to empty/unset Description : tested on: RB912UAG-2HPnD + Huawei ME909s-120 Versions affected: 6.30 (tested on this) How to reproduce: on factory resetted system, with lte1 in interfaces: - enter anything to modem-init (...