Community discussions

MUM Europe 2020

Search found 15 matches

by nickb333
Mon Jan 06, 2020 10:17 pm
Forum: General
Topic: SSH problem on RBM33G
Replies: 2
Views: 679

Re: SSH problem on RBM33G

I have a couple of these I use for LTE remote access, configured as L2TP/IPSEC clients. Here is the resource print from one that is running 6.46 stable and has been up for almost three weeks. I normally use Winbox for remote access but I've confirmed ssh is working normally. /system resource print u...
by nickb333
Fri Jan 03, 2020 1:39 am
Forum: General
Topic: creating l2tp server
Replies: 11
Views: 1274

Re: creating l2tp server

I have seen cases where the L2TP connections come up without IPSEC encryption so I would suggest adding a firewall rule to block this. /ip firewall filter add action=reject chain=input comment="Reject L2TP with no IPSEC" dst-port=1701 \ in-interface=PPPoE ipsec-policy=in,none protocol=udp reject-wi...
by nickb333
Thu Jan 02, 2020 8:32 pm
Forum: General
Topic: creating l2tp server
Replies: 11
Views: 1274

Re: creating l2tp server

I have seen cases where the L2TP connections come up without IPSEC encryption so I would suggest adding a firewall rule to block this. /ip firewall filter add action=reject chain=input comment="Reject L2TP with no IPSEC" dst-port=1701 \ in-interface=PPPoE ipsec-policy=in,none protocol=udp reject-wit...
by nickb333
Tue Jul 23, 2019 8:35 pm
Forum: General
Topic: VPN (L2TP/IPsec) to VLAN
Replies: 8
Views: 3272

Re: VPN (L2TP/IPsec) to VLAN

Just following this really helpful thread as I have a similar configuration project for multiple L2tp users, however - /ppp secret set [find name=a1] remote-address=pg_A set [find name=a2] remote-address=pg_A set [find name=b1] remote-address=pg_B does not work on mine (version 6.44.5). It appears y...
by nickb333
Sat Dec 01, 2018 11:52 pm
Forum: General
Topic: L2TP server interface in VRF?
Replies: 2
Views: 725

Re: L2TP server interface in VRF?

Thanks for your helpful reply. I see you posted a solution using scripts which makes things clearer to me. I've implemented VRFs on Cisco equipment but Mikrotik just doesn't work the way I was expecting it to!
by nickb333
Wed Oct 10, 2018 6:26 pm
Forum: General
Topic: L2TP server interface in VRF?
Replies: 2
Views: 725

L2TP server interface in VRF?

Hi, I am trying to isolate L2TP connections on my router so the traffic goes into separate VRFs. I have created two static l2tp server instances /ip route vrf add interfaces=l2tp-in1,ether4 routing-mark=SYSTEM1 add interfaces=l2tp-in2,ether3 routing-mark=SYSTEM2 Created two VRFs /ip route vrf add in...
by nickb333
Wed Sep 27, 2017 11:51 pm
Forum: General
Topic: Why I am not using WinBox!
Replies: 24
Views: 2930

Re: Why I am not using WinBox!

Whilist I think it would be a nice feature to be able to vary the font size in Winbox, there is the option on Windows OS to use the magnifier feature.
by nickb333
Sun Jan 22, 2017 12:53 pm
Forum: General
Topic: L2TP/IPSEC not encrypted
Replies: 8
Views: 2574

Re: L2TP/IPSEC not encrypted

So now I've re-ordered a few rules based on your suggestions, traffic flow etc. Most of my understanding is based on experience with Cisco ACLs, ip inspect rules and some BSD pf. Cisco ACL has an implied deny-all at the bottom of the list, so need to double check I've done that on Mikrotik! [admin@O...
by nickb333
Sat Jan 21, 2017 5:22 pm
Forum: General
Topic: L2TP/IPSEC not encrypted
Replies: 8
Views: 2574

Re: L2TP/IPSEC not encrypted

It is most efficient to move the established/related rule up as much as possible. Even the ICMP rule can be below that. The rules are evaluated top to bottom and you want the established/related rule to hit as quick as possible, all rules below that will be evaluated only once for each new connecti...
by nickb333
Sat Jan 21, 2017 2:27 pm
Forum: General
Topic: CCR 1016 can not pass netbios between interfaces
Replies: 11
Views: 1375

Re: CCR 1016 can not pass netbios between interfaces

Why do you use netbios??? That is so 1985...
Is the bridge blocking broadcast traffic at layer 2 or layer 3?
by nickb333
Sat Jan 21, 2017 2:01 pm
Forum: General
Topic: L2TP/IPSEC not encrypted
Replies: 8
Views: 2574

Re: L2TP/IPSEC not encrypted

Thanks for the suggestion! I've modified the firewall rules to implement this. I'd just adapted the default firewall adding two rules to permit ESP and permit UDP 500,4500,1701 from the spoke routers (O2 UK broadband address range). Firstly I removed port 1701, which was intersting to see the IPSEC ...
by nickb333
Sat Jan 21, 2017 11:30 am
Forum: General
Topic: L2TP/IPSEC not encrypted
Replies: 8
Views: 2574

Re: L2TP/IPSEC not encrypted

Some of my output didn't paste correctly in the first attempt. Showing the ppp connections on the hub, 1 is now encrypted (expected behavior) 0 is not. [admin@O2vpn-hub] > /ppp active print detail Flags: R - radius 0 name="o2vpn2" service=l2tp caller-id="82.132.161.25" address=172.16.3.4 uptime=24m1...
by nickb333
Sat Jan 21, 2017 11:22 am
Forum: General
Topic: L2TP/IPSEC not encrypted
Replies: 8
Views: 2574

L2TP/IPSEC not encrypted

6.37.4(bugfix) I have a hub/spoke VPN setup using three routers with the above version. Most of the time it works OK but on occasions when the link comes up it seems to bypass the IPSEC encrytption: Server [admin@O2vpn-hub] > /ppp active print detail Flags: R - radius 0 name="o2vpn2" service=l2tp ca...
by nickb333
Wed Aug 05, 2015 8:35 pm
Forum: RouterBOARD hardware
Topic: RB750 Enclosures?
Replies: 3
Views: 550

Re: RB750 Enclosures?

These were pre-owned RB750s that I purchased via Ebay that came without cases. It the white cases aren't available separately I will just go ahead and find an alternative as these RBs are ony going to be used for training purposes.

Thanks for your help guys.
by nickb333
Sat Jul 25, 2015 2:00 pm
Forum: RouterBOARD hardware
Topic: RB750 Enclosures?
Replies: 3
Views: 550

RB750 Enclosures?

I have just aquired two RB750 boards (my first Mikrotik hardware!). Whilst I'm currently experimenting with them, I would eventually like to put them in tidy boxes. Are there any suitable enclosures avilable or can I obtain the plastic cases from a Mikrotik dealer? If so what part number should I be...