Community discussions

Search found 12 matches

by voxmaster
Wed Mar 27, 2019 9:21 am
Forum: Beginner Basics
Topic: hEX - IPsec Tunnel slow
Replies: 30
Views: 4574

Re: hEX - IPsec Tunnel slow

Sorry. My mistake. No problems with IPsec over L2TP. It was ISP problem in my case :roll:
by voxmaster
Tue Mar 26, 2019 11:35 pm
Forum: Beginner Basics
Topic: hEX - IPsec Tunnel slow
Replies: 30
Views: 4574

Re: hEX - IPsec Tunnel slow

Same here, after upgrade from version 6.42.7
by voxmaster
Thu Oct 05, 2017 11:58 am
Forum: General
Topic: L2TP/IPSec RSA not supporting NAT-T?
Replies: 2
Views: 553

L2TP/IPSec RSA not supporting NAT-T?

Hello! I have fully working: L2TP/IPSec PSK with NAT-T (client behind the NAT) L2TP/IPSec RSA without NAT-T (public IP used) However, when I've tried to use L2TP/IPSec RSA with Client behind the NAT - got error on client side: (789 on Win10), got error on MikroTik side: ISAKMP-SA established the pac...
by voxmaster
Wed Oct 04, 2017 4:19 pm
Forum: Beginner Basics
Topic: ipsec: pre shared key works, while certificates do not?
Replies: 5
Views: 804

Re: ipsec: pre shared key works, while certificates do not?

Same here, looks like L2TP/IPSec RSA not working with NAT-T
by voxmaster
Fri Sep 29, 2017 9:30 am
Forum: General
Topic: RADIUS MS-CHAP(v2) authentication not working with Server 2012R2 [SOLVED]
Replies: 2
Views: 1738

Re: RADIUS MS-CHAP(v2) authentication not working with Server 2012R2 [SOLVED]

SOLVED: This can occur when the LmCompatibilityLevel settings on the authenticating DC has been modified from the defaults. HKLM\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel For example, if you set this value to 5 (Send NTLMv2 response only. Refuse LM & NTLM ), then the DC will not acce...
by voxmaster
Thu Sep 28, 2017 1:01 pm
Forum: General
Topic: RADIUS MS-CHAP(v2) authentication not working with Server 2012R2 [SOLVED]
Replies: 2
Views: 1738

RADIUS MS-CHAP(v2) authentication not working with Server 2012R2 [SOLVED]

Hello! I have a problem with L2TP radius authentication. I'm trying to use Windows Server 2012R2 - NPS(radius) for authentication on MikroTik for Roadwarrior's L2TP\IPSec(RSA) VPN When VPN client using CHAP authentication - it connects successfully. When VPN client using MS-CHAP or MS-CHAP-v2 - then...
by voxmaster
Tue Sep 20, 2016 9:38 pm
Forum: General
Topic: Port forwarding, when L2TP/IPSec is using
Replies: 1
Views: 3030

Re: Port forwarding, when L2TP/IPSec is using

If some one else have problem like that:
To fix this problem, we need to change MMS of tcp syn, like:
/ip firewall mangle
add action=change-mss chain=forward dst-address=1.1.1.1 new-mss=\
    1418 passthrough=yes protocol=tcp src-address=192.168.4.0/24 tcp-flags=\
    syn tcp-mss=1419-65535
by voxmaster
Sun Sep 04, 2016 2:56 pm
Forum: Beginner Basics
Topic: Dahua DVR configuration, and phone
Replies: 4
Views: 1738

Re: Dahua DVR configuration, and phone

/ip firewall nat add action=netmap chain=dstnat comment=DVR-tcp dst-port=[tcp_port_dvr] in-interface=ether1 protocol=tcp to-addresses=[local_IP_of_your_DVR] to-ports=[tcp_port_dvr] add action=netmap chain=dstnat comment=DVR-udp dst-port=[udp_port_dvr] in-interface=ether1 protocol=udp to-addresses=[...
by voxmaster
Fri Sep 02, 2016 2:09 pm
Forum: Beginner Basics
Topic: Multiple WAN IP's & Port Forward
Replies: 2
Views: 995

Re: Multiple WAN IP's & Port Forward

Try to use dst-address= instead of in-interface= /ip firewall nat add action=dst-nat chain=dstnat comment=RDP dst-address=[YOUR-PREFERRED-PUBLIC-IP] dst-port=3389 protocol=tcp to-addresses=[Internal-IP] to-ports=3389 /ip firewall nat add action=dst-nat chain=dstnat comment=RDP dst-address=[YOUR-PREF...
by voxmaster
Fri Sep 02, 2016 1:50 pm
Forum: Beginner Basics
Topic: Dahua DVR configuration, and phone
Replies: 4
Views: 1738

Re: Dahua DVR configuration, and phone

I guess that
"/ip firewall export"
would help more to understand.
with the first configuration as below can I connect to the DVR remotely
Is it possible? I don't see any dst-nat rules.
From what side do you want to connect to DVR/Phone? WAN or LAN?
by voxmaster
Fri Sep 02, 2016 1:04 pm
Forum: Beginner Basics
Topic: IP CLOUD REMOTE ACCESS
Replies: 3
Views: 3135

Re: IP CLOUD REMOTE ACCESS

If understand correctly (If I'm wrong give some more information): 1. You cannot use xxxxxxxxxxxx.sn.mynetname.net address to login at MikroTik router behind NAT, xxxxxxxxxxxx.sn.mynetname.net assign DNS for external IP only. But you can use portmap (port forwarding) on "ADSL box" like: [external-IP...
by voxmaster
Wed Aug 31, 2016 7:05 pm
Forum: General
Topic: Port forwarding, when L2TP/IPSec is using
Replies: 1
Views: 3030

Port forwarding, when L2TP/IPSec is using

Hello! I have a problem with working L2TP/IPSec connection between MikroTik routers. Portmap(Port forwarding) do not work properly when I connect from ROUTER-1 to TCP port of ROUTER-2. Example: XNMP(Jabber) client from 192.168.6.2 behind NAT of ROUTER-1 is connecting to external(WAN)IP 1.1.1.1 of RO...