Community discussions

MUM Europe 2020

Search found 31 matches

by kartongsaft
Mon Mar 13, 2017 9:51 pm
Forum: General
Topic: RB2011UiAS - OpenVPN/VPN server struggle...
Replies: 4
Views: 2235

Re: RB2011UiAS - OpenVPN/VPN server struggle...

I have OpenVPN server running on my Mikrotiks for couple years and they just work fine. Let me give you some tips that worked for me after a lot of research and a bunch of tests: - I did create my digital certificates on a separate machine (i.e. windows). - Use TUN mode only. That allows to run OVP...
by kartongsaft
Mon Mar 13, 2017 9:42 pm
Forum: General
Topic: IKEv1 ipsec sha256 and pfs problems
Replies: 5
Views: 2203

Re: IKEv1 ipsec sha256 and pfs problems

Remove modp8192 or lower dh group in your proposal. I believe it's a matter of compatibility. Thanks for the reply but that did not make either of the machines work It was a wild guess to see if there where something with your proposal. I think I answered the thread too quickly and I am sorry about...
by kartongsaft
Mon Mar 13, 2017 9:16 pm
Forum: General
Topic: L2TP/IPsec in Tunnel Mode?
Replies: 3
Views: 596

Re: L2TP/IPsec in Tunnel Mode?

L2TP/Ipsec is intended to be in transport mode.
I thought so. Thank you!
by kartongsaft
Sun Mar 05, 2017 2:09 pm
Forum: General
Topic: Routing between sites when using IPsec tunnels
Replies: 9
Views: 2953

Re: Routing between sites when using IPsec tunnels

No, the best is not to use IPsec tunnel mode but to use a tunnel interface over IPsec transport, as already suggested above.
But you don't want it, so...
I'm listening. :)

Maybe that's a better choice, but how do you handle routing when the network becomes bigger? OSPF?
by kartongsaft
Sun Mar 05, 2017 12:02 pm
Forum: General
Topic: Routing between sites when using IPsec tunnels
Replies: 9
Views: 2953

Re: Routing between sites when using IPsec tunnels

Clearly I have done something wrong in the configuration (I believe somewhere in filter rules or NAT) as I cannot figure out why the traffic will not pass over via Site B. On the other hand, this type of setup is rather confusing, maybe it's better to approach a setup that are decentralized (where t...
by kartongsaft
Sat Mar 04, 2017 11:03 pm
Forum: General
Topic: [BUG] EoIP w/ automatic IPSec is useless and stale after IP change
Replies: 11
Views: 1550

Re: [BUG] EoIP w/ automatic IPSec is useless and stale after IP change

I wish it is possible! The script wouldn't be a problem, but if you change the local IP on EoIP with IPSec policies aren't updated and they cannot be changed since they're dynamic... Is the IPsec policy automatically generated from EoIP or have you created is manually? I think a script would solve ...
by kartongsaft
Sat Mar 04, 2017 10:25 pm
Forum: General
Topic: Routing between sites when using IPsec tunnels
Replies: 9
Views: 2953

Re: Routing between sites when using IPsec tunnels

You can do two things: a) Add more policies to cover all possible traffic (in this case .10.0/24 <-> .30.0/24 for both tunnels) and set level=unique. b) Switch IPSec to transport mode, create IPIP/EoIP/GRE tunnels between routers and only encrypt those using IPSec. It will give you normal network i...
by kartongsaft
Sat Mar 04, 2017 4:53 pm
Forum: General
Topic: Improvements in bugfix channel?
Replies: 0
Views: 235

Improvements in bugfix channel?

Hi,

Are improvements made within the bugfix channel or is it just fixes for known issues?
by kartongsaft
Sat Mar 04, 2017 4:12 pm
Forum: General
Topic: Routing between sites when using IPsec tunnels
Replies: 9
Views: 2953

Routing between sites when using IPsec tunnels

Hi there! I have created two IPsec tunnels from Site A and C to a router at Site B. How do I achieve so traffic from Site A can reach Site C and vice versa? Do I need to create a IPsec tunnel between the Site A and C directly? I also found two earlier topics related to what i trying to achieve. http...
by kartongsaft
Sat Mar 04, 2017 1:16 pm
Forum: General
Topic: RB2011UiAS - OpenVPN/VPN server struggle...
Replies: 4
Views: 2235

Re: RB2011UiAS - OpenVPN/VPN server struggle...

If I were you, I would have standalone OpenVPN server or continue using L2TP/IPsec. I have heard from various sources that MikroTik is having problems with OpenVPN implementation and who knows, maybe they will stop support OpenVPN in RouterOS v7. A while ago we sat in the same situation (long access...
by kartongsaft
Sat Mar 04, 2017 12:33 pm
Forum: General
Topic: L2TP Client Default IPsec Settings
Replies: 3
Views: 573

Re: L2TP Client Default IPsec Settings

Let me see some logs.
by kartongsaft
Sat Mar 04, 2017 1:33 am
Forum: General
Topic: IKEv1 ipsec sha256 and pfs problems
Replies: 5
Views: 2203

Re: IKEv1 ipsec sha256 and pfs problems

Remove modp8192 or lower dh group in your proposal. I believe it's a matter of compatibility.
by kartongsaft
Fri Mar 03, 2017 8:58 pm
Forum: General
Topic: L2TP/IPsec in Tunnel Mode?
Replies: 3
Views: 596

L2TP/IPsec in Tunnel Mode?

Hi! Is it possible to use L2TP/IPsec in Tunnel Mode (in my case computers outside the office) or is it limited to Transport Mode? At Microsoft's knowledge base it states that Transports Mode is used, but nothing more. L2TP uses IPsec in Transport Mode for encryption services https://technet.microsof...
by kartongsaft
Thu Mar 02, 2017 12:31 pm
Forum: General
Topic: Feature Req. - Preview Commands
Replies: 6
Views: 1266

Re: Feature Req. - Preview Commands

This makes no sense to me. Such feature is useful in the world of ASA, where the way you do things in ASDM is rather different from what you'd do if you configure the same via CLI. However the situation is rather different in Mikrotik world- the way WinBox (and also WebFig) is organized closely res...
by kartongsaft
Thu Mar 02, 2017 8:18 am
Forum: General
Topic: Feature Req. - Preview Commands
Replies: 6
Views: 1266

Re: Feature Req. - Preview Commands

I want that! :D

But you should be able to view or hide the command output with a button.
by kartongsaft
Sun Jul 31, 2016 12:32 pm
Forum: General
Topic: LAN broadcast over VPN
Replies: 1
Views: 526

LAN broadcast over VPN

Hello!

Is it somehow possible to create VPN solution that allows UDP (or TCP) broadcast (255.255.255.255) between a VPN client and a local network? If not, can this be achived in another way (for example involving two routers)?
by kartongsaft
Sun Jul 31, 2016 12:06 am
Forum: General
Topic: Broadcast and Multicast over VPN (PPP)
Replies: 11
Views: 4672

Re: Broadcast and Multicast over VPN (PPP)

In my case it's StarCraft that cannot be played over VPN as broadcast is used for clients to connect to player hosting a game.

But if we find a solution to this, other applications that are designed in the same way would also work.
by kartongsaft
Sat Jul 30, 2016 10:30 pm
Forum: General
Topic: Broadcast and Multicast over VPN (PPP)
Replies: 11
Views: 4672

Re: Broadcast and Multicast over VPN (PPP)

Same problem here. How can this be solved?
by kartongsaft
Sun Feb 14, 2016 9:45 pm
Forum: General
Topic: Disable internet access for LAN and PPTP
Replies: 3
Views: 554

Re: Disable internet access for LAN and PPTP

Sorry, I forgot to mention that I only want this for certain users. What exactly do you mean?
by kartongsaft
Sat Feb 13, 2016 1:52 am
Forum: General
Topic: Disable internet access for LAN and PPTP
Replies: 3
Views: 554

Disable internet access for LAN and PPTP

Hello,

I wish to disable internet access for LAN and those who is using PPTP outside the network. How do I accomplish that?
by kartongsaft
Tue Feb 02, 2016 2:03 pm
Forum: General
Topic: Windows 10 and netinstall
Replies: 19
Views: 16879

Re: Windows 10 and netinstall

I got this working by disabling all network cards except wired.
by kartongsaft
Mon Feb 01, 2016 6:05 pm
Forum: General
Topic: Cannot access device after downgraded to legacy firmware
Replies: 6
Views: 721

Re: Cannot access device after downgraded to legacy firmware

Success! I followed your advice and installed Wireshark and started to capture/listen for bootp packages and then boom! Lots of packages where captured in my net!

I was then was able to install the firmware to the device. Thanks, pukkita! :D
by kartongsaft
Mon Feb 01, 2016 5:27 pm
Forum: General
Topic: Cannot access device after downgraded to legacy firmware
Replies: 6
Views: 721

Re: Cannot access device after downgraded to legacy firmware

According to the manual (http://i.mt.lv/routerboard/files/wAP-series.pdf) it's either 5 or 15 seconds, which I have tried.
by kartongsaft
Mon Feb 01, 2016 4:29 pm
Forum: General
Topic: Cannot access device after downgraded to legacy firmware
Replies: 6
Views: 721

Re: Cannot access device after downgraded to legacy firmware

I have already tested a netinstall, but without luck. On the other hand, I'm not 100% certain that I do this right.
by kartongsaft
Mon Feb 01, 2016 10:53 am
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 431
Views: 154275

Re: Tik App, MikroTik android utility ALPHA test

Seems promising!
by kartongsaft
Mon Feb 01, 2016 10:17 am
Forum: General
Topic: Cannot access device after downgraded to legacy firmware
Replies: 6
Views: 721

Cannot access device after downgraded to legacy firmware

I think I did something stupid when I was experimenting with a new wAP. I tried to downgrade from 6.33.5 to 5.26 just for fun and now I cannot access RouterOS using Winbox. Is it possible to in some way restore the device or shall I throw it away?
by kartongsaft
Fri Jan 15, 2016 3:03 pm
Forum: General
Topic: can't ping pptp or l2tp client from LAN
Replies: 8
Views: 3505

Re: can't ping pptp or l2tp client from LAN

I also had this problem when I was trying to set up PPTP server. I ended up with creating a different subnet for remote connections.
by kartongsaft
Thu Jan 14, 2016 5:07 pm
Forum: RouterBOARD hardware
Topic: hEX nand size ONLY 16MB !!!!
Replies: 61
Views: 17965

Re: hEX nand size ONLY 16MB !!!!

just delete that package from files

in the package list use the check for updates button

off course be sure hap lite has internet access
But if the storage had instead been 32 MB, then we wouldn't have this problem.
by kartongsaft
Wed Jan 13, 2016 3:16 pm
Forum: RouterBOARD hardware
Topic: hEX nand size ONLY 16MB !!!!
Replies: 61
Views: 17965

Re: hEX nand size ONLY 16MB !!!!

how will a upgrade be possible if you cannot transfer the file to the unit?
RouterOS is upgradable in-place from RAM - update files are not saved on flash.
So if I transfer the file using WinBox, the file is placed in the RAM?
by kartongsaft
Wed Jan 13, 2016 11:18 am
Forum: RouterBOARD hardware
Topic: hEX nand size ONLY 16MB !!!!
Replies: 61
Views: 17965

Re: hEX nand size ONLY 16MB !!!!

Well, I agree that 16 MB total storage is too small. It would be nice if this could be increased to at least 32 MB. Is there a slot for Micro SD or something? And how will a upgrade be possible if you cannot transfer the file to the unit?