Community discussions

MikroTik App

Search found 47 matches

by OlofL
Mon Jul 13, 2020 10:50 am
Forum: Wireless Networking
Topic: LTE CAT6 modem disconnecting every 2-3 minutes
Replies: 29
Views: 8058

Re: LTE CAT6 modem disconnecting every 2-3 minutes

I have this issue on the new Mikrotik LTE Audience. I have upgraded to latest lte modem firmeware. I have tested all different routerboard software (testing/beta/stable) Upgraded routerboard firmware. I can reproduce this issue with LTE disconnecting by just starting a simple speedtest. Any news on ...
by OlofL
Wed Jul 08, 2020 4:44 pm
Forum: Beginner Basics
Topic: CRS317 management vlan IP address? [SOLVED]
Replies: 1
Views: 521

CRS317 management vlan IP address? [SOLVED]

What am I missing to get the management IP working on my switch? I have followed the guide from the wiki, but I am not getting any IP connectivity. L2 forwarding works just fine for all vlans. All ports are supposed to be in trunk all vlan-mode. Followed the second example on this page: https://wiki...
by OlofL
Tue Jul 07, 2020 3:57 pm
Forum: RouterBOARD hardware
Topic: RB5011
Replies: 40
Views: 11021

Re: RB5011

this is tempting features, espeically with the new LTE6 mpic-e I am looking for a RB4011s sick performance, but with a built in 4G/5G modem. This would be awesome to do a selfbuilt SD-wan solution with dynamic ipsec tunnels.... +1 for LTE /mini pci-e slot with simcard support! Then I could build my...
by OlofL
Thu Jun 18, 2020 9:45 am
Forum: General
Topic: Traffic Flow Sample Rate
Replies: 4
Views: 2221

Re: Traffic Flow Sample Rate

Google took me here. Shameless bump? cant find a setting for sampling rate. NetFlow does not have sampling rate. Sampling rate is for sFlow, mainly used in Switches. At this time, RouterOS does not support sFlow However, many (all I tried) vendorrs support sampling in netflow/ipfix. Besides routeros.
by OlofL
Wed Jun 17, 2020 4:57 pm
Forum: General
Topic: Traffic Flow Sample Rate
Replies: 4
Views: 2221

Re: Traffic Flow Sample Rate

Google took me here.
Shameless bump?

cant find a setting for sampling rate.
by OlofL
Wed May 20, 2020 12:33 pm
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 82
Views: 23284

Re: Feature Request: IPSEC Improvements

Guys calm down, first we need to finish openvpn over udp.
You need to wait another two decades until alpha version of vti is available.
by OlofL
Wed Apr 08, 2020 4:11 pm
Forum: RouterBOARD hardware
Topic: RB4011 or similar performance - with built in 4G/5G?
Replies: 2
Views: 1830

RB4011 or similar performance - with built in 4G/5G?

Is there a a RB4011 or something in that range of perfomance that has 4G/5G built in? Im looking for a good CPE, like the RB4011. If main line goes down, I intend to use mobile broadband failover. The custom boards from mikrotik are so far too weak. I need RB4011 because of gigabit ipsec performance...
by OlofL
Fri Mar 13, 2020 4:56 pm
Forum: General
Topic: 31 subnet - Not finding an answer to default gateway.
Replies: 17
Views: 4906

Re: 31 subnet - Not finding an answer to default gateway.

As of 6.46.2, this still doesnt work.
by OlofL
Thu Feb 20, 2020 2:50 pm
Forum: General
Topic: GRE Tunnels and Dual Wan on one side
Replies: 4
Views: 2624

Re: GRE Tunnels and Dual Wan on one side

Hello, I dig up this topic because I have a similar issue. For load balancing purpose, I need to establish 2 gre tunnels between 2 routers. On one side I have 1 wan only, with a good bandwith, and on the otherside, I have 2 wan with low bandwith. Everything seems to go well, as both tunnels are run...
by OlofL
Thu Feb 20, 2020 2:47 pm
Forum: Announcements
Topic: v6.46.3 [stable] is released!
Replies: 28
Views: 37590

Re: v6.46.3 [stable] is released!

I am seeing some issues with routes over a /29 gre interface.
This has been observed since I went to v6.46.

viewtopic.php?f=2&t=157756&p=775916#p775705

Bug?
by OlofL
Thu Feb 20, 2020 2:45 pm
Forum: General
Topic: GRE over IPSEC stopped working
Replies: 5
Views: 1841

Re: GRE over IPSEC stopped working

I will set this to unsolved again, because I just had an equal case where the ip route for my ipsec gre link network is not routing properly...
And this time that trick is not working :/
by OlofL
Thu Feb 20, 2020 10:55 am
Forum: General
Topic: Request: add user with password hash
Replies: 3
Views: 1431

Re: Request: add user with password hash

Agree with this. Adding password with a hash is very critical, and a dealbreaker when automating big projects.
by OlofL
Wed Feb 19, 2020 2:34 pm
Forum: General
Topic: GRE over IPSEC stopped working
Replies: 5
Views: 1841

Re: GRE over IPSEC stopped working

Same problem here. It helped to restart VPN server on router side and delete clients and configure them again on client side. Hope that helps. I'm not sure but I think that Mikrotik might have some ipsec issues in versions 4.63.1-3. Do you also have a RB4011? Also, I downgraded to channel=long-term...
by OlofL
Wed Feb 19, 2020 2:21 pm
Forum: General
Topic: GRE over IPSEC stopped working
Replies: 5
Views: 1841

Re: GRE over IPSEC stopped working

Same problem here. It helped to restart VPN server on router side and delete clients and configure them again on client side. Hope that helps. I'm not sure but I think that Mikrotik might have some ipsec issues in versions 4.63.1-3. @Elliot I have restarted the vpn several times, on both ends. Howe...
by OlofL
Wed Feb 19, 2020 12:32 pm
Forum: General
Topic: GRE over IPSEC stopped working
Replies: 5
Views: 1841

GRE over IPSEC stopped working

Recently my gre tunnel over my ipsec tunnel stopped working. Remote site is using vyos. Ping works, so ipsec tunnel is obviously up, however, gre doesnt work. Here is a ping between both routers loopback interfaces. Which is in the ipsec policy. /ping src-address=172.24.32.54 172.18.255.26 count=3 S...
by OlofL
Tue Feb 18, 2020 11:36 am
Forum: Beginner Basics
Topic: How do I UNset a value under /system logging action ?
Replies: 1
Views: 1284

How do I UNset a value under /system logging action ?

How do I unset a value under /system logging action? I set the remote src-address to a value, but I see no way to unset it. There is no unset under this configuration stanza. Also, I cannot remove ` remote ` since its a default rule. So, how do I remove the `src-address` value in /system logging act...
by OlofL
Thu Jan 09, 2020 10:28 am
Forum: General
Topic: Generic grok mikrotik logs pattern
Replies: 2
Views: 1300

Re: Generic grok mikrotik logs pattern

Hello @orx did you find any patterns?
by OlofL
Thu Jul 18, 2019 11:53 am
Forum: General
Topic: encrypted password for mikrotik config
Replies: 22
Views: 6449

Re: encrypted password for mikrotik config

Any updates on this one?

In the world of automation, it would be nice to generate a list of users.
I need to not know the passwords of the other users.

For most other network OS's we have, there is an option to paste the encrypted password.
by OlofL
Mon Jul 08, 2019 11:23 am
Forum: General
Topic: What VPN tech with dynamic routing behind NAT?
Replies: 3
Views: 944

What VPN tech with dynamic routing behind NAT?

Hello, I have a scenario where I need a backup connection over LTE. The LTE connection has a private IPv4 from provider , and is subjected to change any time. I have the LtAP from mikrotik, and I need to setup a VPN with dynamic routing to play together with a VyOS router. Mikrotik behind NAT, dynam...
by OlofL
Wed Jul 03, 2019 8:00 pm
Forum: Beginner Basics
Topic: "Failed to start IGMP proxy, you probably some PIM interfaces configured"
Replies: 3
Views: 1410

Re: "Failed to start IGMP proxy, you probably some PIM interfaces configured"

/routing pim export

no config

reboot
enable igmp proxy - still invalid.. hmm?
@losty ?
by OlofL
Thu May 02, 2019 1:27 pm
Forum: General
Topic: Kernel Failure in previous boot
Replies: 17
Views: 10021

Re: Kernel Failure in previous boot

Same problem here... Router is rebooting almost 10 times every hour. /system routerboard print routerboard: yes model: RB4011iGS+ serial-number: xxxx firmware-type: al2 factory-firmware: 6.43.8 current-firmware: 6.44.3 upgrade-firmware: 6.44.3 /log print 09:37:22 system,error,critical router was reb...
by OlofL
Tue Jan 15, 2019 2:53 pm
Forum: General
Topic: After restart device the PPP connection is not established
Replies: 2
Views: 4806

Re: After restart device the PPP connection is not established

I was trying to connect a Huawei E3372 LTE modem. I used the mikrotik microusb to usb cable that came with the RB2011 router. I can confirm this was a power issue. I was using RB2011 with a 5v 0.8a power. Changed to 5v 1.2a power, still same issue. Changed to a RB3011 with the 5v, 1.2a power - and p...
by OlofL
Tue Nov 13, 2018 6:08 pm
Forum: General
Topic: Any success with ansible over SSH in 2018?
Replies: 3
Views: 3617

Any success with ansible over SSH in 2018?

Hello, Im trying to do some simple ansible scripts to push some config to routeros. Im on routeros 6.43 and ansible 2.7 and trying the ansible modules: raw , command and the new routeros_command https://docs.ansible.com/ansible/latest/modules/routeros_command_module.html. None succeeeds, and they ju...
by OlofL
Tue May 15, 2018 3:29 pm
Forum: General
Topic: How should I be using queueing when I am also using fast track?
Replies: 1
Views: 556

How should I be using queueing when I am also using fast track?

I intend to limit WAN to LAN and LAN to WAN (up/download) bandwidth per host, with some burst traffic The wiki says on the fasttrack page: "Fasttracked packets bypass firewall, connection tracking, simple queues, queue tree ..." I am not getting a queue working, where I want to shape bandwidth per h...
by OlofL
Tue Feb 20, 2018 2:22 pm
Forum: General
Topic: L2TP IPSEC With Local Secret works. With windows NPS doesnt work.
Replies: 1
Views: 904

L2TP IPSEC With Local Secret works. With windows NPS doesnt work.

My setup: Mikrotik RB2011 with public IP and L2TP server enabled, use IPSEC and PSK. # feb/20/2018 12:56:31 by RouterOS 6.41.2 My clients are connecting from behind NAT to the public IP. On another setup, I use local /ppp secret users and they connect just fine from behind NAT. (Server still public ...
by OlofL
Tue Oct 24, 2017 2:00 pm
Forum: General
Topic: LTE Huawei E3372? [SOLVED]
Replies: 7
Views: 2154

Re: LTE Huawei E3372? [SOLVED]

It's weird. I got it up running once. It showed up under /interface lte But then I had to unplug the device, and now its not showing up again. Have tried reboot router and unplug a couple of times without success. are you using original OTG? This was probably it. I was using a one dollar china cabl...
by OlofL
Mon Oct 23, 2017 2:26 pm
Forum: General
Topic: LTE Huawei E3372? [SOLVED]
Replies: 7
Views: 2154

Re: LTE Huawei E3372? [SOLVED]

It's weird. I got it up running once. It showed up under /interface lte

But then I had to unplug the device, and now its not showing up again.

Have tried reboot router and unplug a couple of times without success.
by OlofL
Mon Oct 23, 2017 11:13 am
Forum: General
Topic: LTE Huawei E3372? [SOLVED]
Replies: 7
Views: 2154

Re: LTE Huawei E3372? [SOLVED]

just Unplug Power wait few seconds then plug it back Nope. Model 2011UiAS Serial Number 4CA904EC4A14 Firmware Type ar9344 Factory Firmware 3.10 Current Firmware 3.41 Version 6.41rc47 (testing) And /port> print Flags: I - inactive # DEVICE NAME CHANNELS USED-BY BAUD-RATE 0 serial0 1 Serial Console a...
by OlofL
Mon Oct 23, 2017 9:59 am
Forum: General
Topic: LTE Huawei E3372? [SOLVED]
Replies: 7
Views: 2154

Re: LTE Huawei E3372? [SOLVED]

on which board you test that?
Check if the usb port is added under system ports.
RB2011.

And no, nothing under system ports. Just the serial interface.
by OlofL
Fri Oct 20, 2017 4:41 pm
Forum: General
Topic: Understanding Mikrotik's definition of "Throughput" [SOLVED]
Replies: 5
Views: 1318

Re: Understanding Mikrotik's definition of "Throughput" [SOLVED]

Im pretty sure it means the second one. The first one would be impossible :)
by OlofL
Fri Oct 20, 2017 4:37 pm
Forum: General
Topic: LTE Huawei E3372? [SOLVED]
Replies: 7
Views: 2154

LTE Huawei E3372? [SOLVED]

I cannot get this one started. Interface LTE shows nothing. Nothing in logs. RouterOS 6.41RC47. Ubuntu reports this as [23892.376108] usb 2-3.2: new high-speed USB device number 13 using xhci_hcd [23892.481169] usb 2-3.2: New USB device found, idVendor=12d1, idProduct=1f01 [23892.481172] usb 2-3.2: ...
by OlofL
Fri Oct 06, 2017 2:34 pm
Forum: Forwarding Protocols
Topic: Pushing routes to PPTP/L2TP client of my RB
Replies: 8
Views: 14489

Re: Pushing routes to PPTP/L2TP client of my RB

Or any solution in 2017?
This actually worked on a macos sierra client: under /ppp secrets just select user and add under routes=1.1.1.0/24

The user is connecting with L2TP IPSEC.
Now I have split tunneling and users doesnt hog cpu of my weak little rb2011 :-)

I haven't tried on windows though.
by OlofL
Mon Oct 02, 2017 1:30 pm
Forum: General
Topic: Bridge configuration on RB2011?
Replies: 0
Views: 468

Bridge configuration on RB2011?

I'm getting IPTV from my ISP on a tagged vlan (101) on interface sfp1. It should go out untagged on ether5 where my IPTV decoder is located. I'm not getting the IPTV to work. From what I know, the decoder should get a DHCP address from ISP IPTV network. I can see traffic going in and out on bridge p...
by OlofL
Tue May 09, 2017 4:20 pm
Forum: General
Topic: "Slow" download RB3011
Replies: 6
Views: 1554

Re: "Slow" download RB3011

So much info is missed out here. How is your "/ip firewall export" looking like?
What is using CPU when you access Internet?
Check out /tool profile
by OlofL
Tue May 09, 2017 1:04 pm
Forum: General
Topic: Flapping IPSEC VPN Between Mikrotik and VyOS
Replies: 3
Views: 2011

Re: Flapping IPSEC VPN Between Mikrotik and VyOS

Just to be safe since you've obfuscated the IPs. The SA src or dst is not included in either range to be tunneled correct? That would explain why it goes down as soon as it comes up. Alternatively you may have a layer 1 (physical) issue at one of the sites. Have you ruled that out? Possibly w/a sus...
by OlofL
Mon May 08, 2017 3:39 pm
Forum: General
Topic: traffik flow pre/post nat?
Replies: 4
Views: 1192

Re: traffik flow pre/post nat?

The thread is a bit old, but I'm having similar issues. I'm trying to collect using nProbe + ntopng, and I see that v9 and IPFIX flows contain post-NAT address information, but this seems to be ignored by nProbe/ntopng - did you ever find a solution? I'm having the same problem whereby clients appe...
by OlofL
Mon May 08, 2017 2:25 pm
Forum: General
Topic: Flapping IPSEC VPN Between Mikrotik and VyOS
Replies: 3
Views: 2011

Flapping IPSEC VPN Between Mikrotik and VyOS

Hello, I've had a flapping IPSE Ctunnel for a while now. I cannot find out what the problem is. I can't see in logs on either side that VPN has stopped/started. Other side seem to get unreachable for a good 5-10 minutes and then back up again on its own. I am not 100% sure it is a VPN problem though...
by OlofL
Fri Dec 16, 2016 12:06 am
Forum: General
Topic: traffik flow pre/post nat?
Replies: 4
Views: 1192

Re: traffik flow pre/post nat?

As you can see in picture, the netflow 5 flows are captured after dst-nat is done.

The behavior seem to differ in ipfix. Is this a bug or working as intended?
ipfix vs netflow5.PNG
by OlofL
Wed Dec 14, 2016 1:10 am
Forum: General
Topic: traffik flow pre/post nat?
Replies: 4
Views: 1192

traffik flow pre/post nat?

It seems like traffik flow is captured pre dst nat. This means when I'm analyzing it looks like all traffic is headed for my WAN IP. Is it possible to get the traffik flow to capture flows post dst nat? The ipv4 next hop address field is populated with the right destination nat address. I am capturi...
by OlofL
Fri Sep 30, 2016 3:14 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 150814

Re: HAP AC

Hm, tried to test network performance between windows PC connected by gigabit cable (cat.5e) to hAP AC and MacBook Pro connected by wifi 5ghz (1000-1300Mbit connection). Why transfer speed is so low? iperf -c 192.168.1.253 -t 30 -i 5 ------------------------------------------------------------ Clie...
by OlofL
Tue Dec 01, 2015 10:12 am
Forum: Beginner Basics
Topic: IPSEC problems with hAP and Bintec RS123
Replies: 17
Views: 2421

Re:

Read the fasttrack thread instead asking what is it. Unfortunately it has some problems as it is quite newly introduced feature.
The thread is huge, why would you just not answer here instead?
by OlofL
Fri Nov 20, 2015 9:26 am
Forum: General
Topic: Routing different subnets through different providers, possible???
Replies: 5
Views: 691

Re: Routing different subnets through different providers, possible???

It's not metrics... I want all 10.x.x.x traffic from every location to route through Location A / Provider A. I want all 192.x.x.x. traffic from every location to route through Location B / Provider B. I think it has to do with masquerade and srcnat, but what I've tried hasn't worked. Currently I h...
by OlofL
Thu Nov 12, 2015 2:43 pm
Forum: General
Topic: Firewall filter rule with est+rel breaks when edited with gui? bug?
Replies: 1
Views: 475

Re: Firewall filter rule with est+rel breaks when edited with gui? bug?

Seems like this might have been a bug connected to the browser. The routers where earlier upgraded from 6.4 to 6.32, but deleting browser cache helped.
by OlofL
Thu Nov 12, 2015 2:41 pm
Forum: Beginner Basics
Topic: DNS over VPN (PPTP)
Replies: 1
Views: 1374

Re: DNS over VPN (PPTP)

I don't think it is possible to set on Mikrotik. You have to do it on the clients.
Powershell:
Set-VPNConnection -Name "Your-Connection" -DNSSuffix "something.local"
by OlofL
Thu Nov 05, 2015 10:37 am
Forum: General
Topic: LTE Interface Hijacking my Default Route
Replies: 3
Views: 1035

Re: LTE Interface Hijacking my Default Route

So... I got a 4g/LTE USB Dongle with a SIM card in it. The problem is whenever I reboot my router or disable/re-enable the LTE interface, it adds a default route with it's address as the gateway. This overrides my default routes and screws up everything for me. Anyone familiar with this issue? I do...
by OlofL
Tue Nov 03, 2015 1:25 pm
Forum: Beginner Basics
Topic: [SOLVED]Default route to Internet
Replies: 10
Views: 5140

Re: Default route to Internet

/ip firewall nat src-address=192.168.88.0/24 action=masquerade out-interface=ether3 chain=src-nat

meaning
address incoming to router with address 192.168.88.0/24 will be source-nated
with technique masquerade (meaning it will use the outgoing address of interface) ether3.
by OlofL
Tue Nov 03, 2015 12:35 pm
Forum: General
Topic: Firewall filter rule with est+rel breaks when edited with gui? bug?
Replies: 1
Views: 475

Firewall filter rule with est+rel breaks when edited with gui? bug?

Hello, if I create a rule from command line with two connection-states in one rule: /ip firewall filter add connection-state=established,related dst-address=192.168.213.0/24 chain=forward comment="est/rel to guests" If I then open this rule from the webgui the connection-state is removed, if I prese...