Community discussions

MikroTik App

Search found 50 matches

by Mett
Wed Oct 28, 2020 5:23 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 137
Views: 52552

Re: v6.48beta [testing] is released!

Version 6.48beta48 has been released.

*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);

Oh yeah! Thank you. Finally I was able to enable certificate based VPN on Windows 10-machines.
by Mett
Sat Oct 24, 2020 6:35 pm
Forum: RouterBOARD hardware
Topic: Usage GPON module SFP in Spain
Replies: 442
Views: 113055

Re: Usage GPON module SFP in Spain

I've currently the previous ONT from Telekom (Huawei 8010u), but I expect the process of cloning the S/N to the SFP would be very similar. CarlitoxxPro mentioned converting modem SN in their manual (you just have to read it with open eyes - not like me *g*). If the SN is printed with 16 characters ...
by Mett
Fri Oct 16, 2020 3:50 pm
Forum: RouterBOARD hardware
Topic: Usage GPON module SFP in Spain
Replies: 442
Views: 113055

Re: Usage GPON module SFP in Spain

CPGOS03-0490 v2.0 works with hEX S. And it works on GPON-access of Deutsche Telekom in Germany. All you need is the PLOAM password ("ONT Kennung" or "Installationskennung") from your customer service and the serial number of the ONT you got from Telekom. The newer devices are called "Glasfaser Modem...
by Mett
Tue Oct 06, 2020 9:38 pm
Forum: RouterBOARD hardware
Topic: hAP ac2 vs. cAP ac, CAP only usage
Replies: 10
Views: 611

Re: hAP ac2 vs. cAP ac, CAP only usage

But then, when everything else fails, why read the manual if one can complain on user forum? Really? It's no RTFM issue. I just find it unhandy from my personal perspective. When I implement a new device to my existing network, I plug it into my PoE switch and use another cable for first configurat...
by Mett
Mon Oct 05, 2020 9:52 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 77
Views: 39264

Re: SwOS version 2.12 released!

First 260GS does not want to update.
I also got a 260GS which doesn't likes 2.12. After an autoupdate the switch wasn't available any more as well as the connected devices. Same behaviour after several manual updates. After an upgrade to 2.11 everything works fine again.
by Mett
Sat Oct 03, 2020 4:25 pm
Forum: RouterBOARD hardware
Topic: hAP ac2 vs. cAP ac, CAP only usage
Replies: 10
Views: 611

Re: hAP ac2 vs. cAP ac, CAP only usage

Because it is the port, that will definitely be used on a wifi router run with default config. So you don't need to reconfigure the device only to power it up from an injector. For cAP ac it is even more obvious, as it don't have separate power input. But running the default configuration makes it ...
by Mett
Thu Oct 01, 2020 8:23 pm
Forum: RouterBOARD hardware
Topic: hAP ac2 vs. cAP ac, CAP only usage
Replies: 10
Views: 611

Re: hAP ac2 vs. cAP ac, CAP only usage

Because hAP ac2 seems to me to be a better value, since it can be used as a full standalone router if need be, as it has more RJ45 ports. I'm using a cAP ac as a standalone router without using wifi, tbh. Why? When I needed to replace my hEX S by a better hardware platform, hAP ac2 was not availabl...
by Mett
Thu Oct 01, 2020 2:10 pm
Forum: General
Topic: SFP RB4011
Replies: 20
Views: 3952

Re: SFP RB4011

Hey,

I testes a Sercomm FGS202 on RB4011 a few months ago. It was'nt regognized by the router. But today I checked it again and now the router regognized it. Firmware is 6.47.2 stable.
RB4011_ONT.png
by Mett
Wed Jun 17, 2020 9:04 am
Forum: General
Topic: IKEv2 site-2-site: Lost connection after 30 minutes [SOLVED]
Replies: 7
Views: 1541

Re: IKEv2 site-2-site: Lost connection after 30 minutes [SOLVED]

I do not want to deprive you of the solution. I have a script running which updates a dyndns hostname every 30 minutes. This script also updates the local address of my ike2 peer. So what happens, when this script runs? It disconnects VPN connections... :roll:
by Mett
Tue May 19, 2020 9:06 am
Forum: General
Topic: IKEv2 site-2-site: Lost connection after 30 minutes [SOLVED]
Replies: 7
Views: 1541

Re: IKEv2 site-2-site: Lost connection after 30 minutes [SOLVED]

Hey, so the problem is still there. The logfile has been created by /system logging add topics=ipsec,!packet action=disk And here is the log on server side : May/19/2020 08:00:02 ipsec,info killing ike2 SA: 77.185.x.x[4500]-95.208.x.x[61002] spi:f88c727962a00259:3959cc4cbaeee540 May/19/2020 08:00:02...
by Mett
Mon May 18, 2020 9:06 pm
Forum: General
Topic: IKEv2 site-2-site: Lost connection after 30 minutes [SOLVED]
Replies: 7
Views: 1541

Re: IKEv2 site-2-site: Lost connection after 30 minutes [SOLVED]

pfs-group is set to none on both sides, dh-groups are also the same on both sides. And this time there was no reconnect. :/ Sorry guys. I'll send a reply if the problem occurs again.
by Mett
Mon May 18, 2020 8:36 pm
Forum: General
Topic: IKEv2 site-2-site: Lost connection after 30 minutes [SOLVED]
Replies: 7
Views: 1541

IKEv2 site-2-site: Lost connection after 30 minutes [SOLVED]

Hi all,

two routers are connecting two sites by IKEv2. On both sites, the settings are:

Profile:
Lifetime: 24h

Proposals:
Lifetime: 8h

Every 30 minutes, the connection is lost and getting reestablished immediately. What might be wrong with my configuration?
by Mett
Sun Apr 26, 2020 9:56 pm
Forum: Scripting
Topic: Mikrotik RouterOS automatic backup and update script
Replies: 10
Views: 4907

Re: Mikrotik RouterOS automatic backup and update script

Thanks for this helpful script.
by Mett
Sat Apr 25, 2020 6:12 am
Forum: General
Topic: RoadWarrior IKEv2 Windows 10 OK but "no ping"
Replies: 38
Views: 7678

Re: RoadWarrior IKEv2 Windows 10 OK but "no ping"

Hey, it's a pretty old thread, but I'm struggling with the same issue and I think, I can help here. The last error in your log is "NO_PROPOSAL_CHOSEN", so you have to change the settings of your Windows 10 client. Take a look at this support document. With this powershell command you can influence s...
by Mett
Tue Apr 21, 2020 10:58 pm
Forum: General
Topic: IPsec IKEv2: Firewall or MTU issue
Replies: 8
Views: 2006

Re: IPsec IKEv2: Firewall or MTU issue

Hey, it is working now and I'm not sure, what the problem was. In my export file above one NAT-rule was missing and I'm not sure if it was deleted completely by myself while deleting sensitive information or if it was not existent at the moment when the configuration was exported. /ip firewall nat a...
by Mett
Mon Apr 20, 2020 7:45 pm
Forum: General
Topic: IPsec IKEv2: Firewall or MTU issue
Replies: 8
Views: 2006

Re: IPsec IKEv2: Firewall or MTU issue

Hello, I recorded some files while pinging from BO to HQ with 1395 bytes. Here is result on HQ: headquarter_ping_1395.png And here is the result on BO: bo_ping_1395.png To compare the differences, I recorded some packets while pinging from BO to HQ with 1934 bytes. Result on HQ: HQ_ping_1394.png Res...
by Mett
Mon Apr 20, 2020 2:55 pm
Forum: General
Topic: IPsec IKEv2: Firewall or MTU issue
Replies: 8
Views: 2006

Re: IPsec IKEv2: Firewall or MTU issue

This is the configuration on headquarters side: # apr/20/2020 13:37:37 by RouterOS 6.46.5 # # model = RB4011iGS+ /interface bridge add admin-mac=C4:AD:34:xx:xx:xx auto-mac=no comment=LAN name=br_LAN /interface ethernet set [ find default-name=ether1 ] comment="LAN-Interface" l2mtu=1500 \ name=e1_LAN...
by Mett
Mon Apr 20, 2020 11:51 am
Forum: General
Topic: IPsec IKEv2: Firewall or MTU issue
Replies: 8
Views: 2006

Re: IPsec IKEv2: Firewall or MTU issue

I tried this on the server side like this: Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default # PEE TUN SRC-ADDRESS DST-ADDRESS PROTOCOL ACTION LEVEL PH2-COUNT 0 TX* ::/0 ::/0 all 1 ;;; Site2Site 0.0.0.0/0 10.200.0.0/24 all none 2 A ;;; Site2Site ike yes 10.200.0.0/...
by Mett
Sun Apr 19, 2020 10:26 pm
Forum: General
Topic: IPsec IKEv2: Firewall or MTU issue
Replies: 8
Views: 2006

IPsec IKEv2: Firewall or MTU issue

Hi all, as described in my previously opened thread I want to connect road warriors and a branch office to the headquarters: One problem still remains: It's not possible to connect to clients in headquarter's network from road warrior's clients, neither to connect clients from branch office to headq...
by Mett
Mon Apr 13, 2020 9:02 am
Forum: Wireless Networking
Topic: Multicast helper causes massive battery drain
Replies: 1
Views: 1511

Multicast helper causes massive battery drain

Hey all, I 'm using a CAPsMAN setup with two AP. Because I want to use IPv6 and assign VLAN dynamically to wifi clients in dependency of their MAC addresses or RADIUS login on one SSID, I activated full multicast helper. Since this change of configuration I noticed a massive battery drain on my andr...
by Mett
Sat Apr 11, 2020 11:15 am
Forum: General
Topic: IPsec IKEv2 site to site with certificates not working [SOLVED]
Replies: 6
Views: 2933

Re: IPsec IKEv2 site to site with certificates not working [SOLVED]

Yes, that was it. I changed the whole certs from CA to client certs to ec (secp384r1) and now I've got an established connection also on the client. Client connection with strongswan on Android also works now. Strongswan for Android is not working with secp521r1, it must be secp384r1. So depending o...
by Mett
Sat Apr 11, 2020 10:38 am
Forum: General
Topic: IPsec IKEv2 site to site with certificates not working [SOLVED]
Replies: 6
Views: 2933

Re: IPsec IKEv2 site to site with certificates not working [SOLVED]

I changed EKU at server certificate to tls-server and tls-client to check out if anything changes. Nothing changed. :) Here is wireshark output of the sniffed packets on client side. With PSK client_pcap_psk.png With certificate client_pcap_certificate.png RouterOS versions on both sides is now 6.46...
by Mett
Fri Apr 10, 2020 7:13 pm
Forum: General
Topic: IPsec IKEv2 site to site with certificates not working [SOLVED]
Replies: 6
Views: 2933

Re: IPsec IKEv2 site to site with certificates not working [SOLVED]

Hi, aktually the wiki speaks about setting EKU explicitly: Some certificate requirements should be met to connect various devices to the server: Common name should contain IP or DNS name of the server; SAN (subject alternative name) should have IP or DNS of the server; EKU (extended key usage) tls-s...
by Mett
Wed Apr 08, 2020 10:33 pm
Forum: General
Topic: IPsec IKEv2 site to site with certificates not working [SOLVED]
Replies: 6
Views: 2933

IPsec IKEv2 site to site with certificates not working [SOLVED]

Hello, this is my network situation: Netzwerk.png For this topic let's just look at the site to site issue. This is the ipsec configuration on the server (RB4011): # apr/08/2020 20:41:10 by RouterOS 6.46.4 # # model = RB4011iGS+ /ip ipsec mode-config set [ find default=yes ] src-address-list=vpn add...
by Mett
Mon Sep 30, 2019 4:48 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 381
Views: 102556

Re: RB4011

Would support for GPON ever change (firmware) or is this a hardware issue? If we want GPON should we stick to RB3011?
+1

What is the reason for this limitation?
by Mett
Wed Mar 14, 2018 9:23 am
Forum: General
Topic: Netwatch not starting strcipt on up event
Replies: 0
Views: 400

Netwatch not starting strcipt on up event

Hello all, I'm using netwatch to start a script when WAN interface is up again after downtime. So, netwatch recognizes up- and downtimes correctly, but it's not able to start the script. The up-tab is filled with: /system script run scriptname That has been working for a few months now, but suddenly...
by Mett
Sun Feb 11, 2018 12:19 am
Forum: General
Topic: cAP Upgrading error (rebooting every 5s)
Replies: 1
Views: 529

Re: cAP Upgrading error (rebooting every 5s)

Had that problem also with a RB750Gr3. Just flash the firmware with the netinstall tool. That should do it.
by Mett
Fri Dec 08, 2017 9:13 am
Forum: Beginner Basics
Topic: Mikrotik and provider 1und1 (resolved)
Replies: 4
Views: 1676

Re: Mikrotik and provider 1und1 (resolved)

Wow, thanks a lot!
by Mett
Sun Sep 10, 2017 11:39 pm
Forum: RouterBOARD hardware
Topic: RB M11G 802.3af/at
Replies: 8
Views: 1707

Re: RB M11G 802.3af/at

You are not up to Date @savage

https://mikrotik.com/product/RBwAPG-5HacT2HnD
No, it's not 802.3af/at compliant. I just checked it with a PoE switch and didn't came up. Mikrotik should read the specs again.
by Mett
Mon Sep 04, 2017 8:26 am
Forum: General
Topic: PPPoE-client doesn't comes up
Replies: 0
Views: 697

PPPoE-client doesn't comes up

Hi, I've got a problem with reconnect a PPPoE client on RB750GR3 with ROS 6.41rc21. Every night on 4 o'clock, a script shuts down the pppoe client and enables it again 20 seconds later. But sometimes, the interface doesn't comes up with the error "Couldn't change interface <pppoe_VDSL> - object does...
by Mett
Fri Jun 30, 2017 11:32 pm
Forum: RouterBOARD hardware
Topic: cAP lite - POE (passive or 802.3af/at)
Replies: 10
Views: 3960

Re: cAP lite - POE (passive or 802.3af/at)

So it also doesn't has real 802.3af/at compatibility. That's annoying.
by Mett
Sat Jun 03, 2017 9:28 am
Forum: Beginner Basics
Topic: Capsman with hAP ac lite RB952 for a beginner?
Replies: 8
Views: 2264

Re: Capsman with hAP ac lite RB952 for a beginner?

Hello, I'd say that the hAP ac lite is powerful enough to be the Capsman for all of your devices. You can configure one device as Capsman which is controlled by itself at the same time. So, no, there's no need for one dedicated controller. The hAP ac lite can also be used as a switch. Last but not l...
by Mett
Mon May 29, 2017 8:52 pm
Forum: Wireless Networking
Topic: Capsman: new AP not able to request certificate
Replies: 0
Views: 434

Capsman: new AP not able to request certificate

Hi, I'm running a Capsman on a RB2011 and enabled the option "require peer certificate". To register a new access point (mAP lite) I disabled this option and checked "Certificate: request" in the mAP. But nothing happens. The AP is not able to fetch the certificate from the Capsman. When I set "Cert...
by Mett
Fri May 12, 2017 9:14 am
Forum: RouterBOARD hardware
Topic: mAP lite (RBmAPL-2nD) without 802.3af/at
Replies: 3
Views: 1253

Re: mAP lite (RBmAPL-2nD) without 802.3af/at

Try a crossover cable. This is from the quick guide:
I finally tried a crossover cable without success. So the mAP lite couldn't get power from a D-Link PoE-Switch.
by Mett
Fri Apr 14, 2017 4:08 pm
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 436
Views: 178803

Re: Tik App, MikroTik android utility ALPHA test

I've got something for the suggestion box:

Setting a widget for executing a cetain script would be nice. For turning on and off wifi for example.
by Mett
Mon Feb 13, 2017 5:44 pm
Forum: RouterBOARD hardware
Topic: Powering a GrooveA/Metal 52ac through fast ethernet PoE?
Replies: 0
Views: 439

Powering a GrooveA/Metal 52ac through fast ethernet PoE?

Hi,

the GrooveA/Metal 52ac devices have both a GbE port with support for passive PoE. Is it possible to power this routerboard devices through a fast ethernet passive PoE like the secondary port of a Nanostation? Perhaps when switching the routerboards down to fast ethernet?
by Mett
Fri Feb 03, 2017 12:03 am
Forum: RouterBOARD hardware
Topic: mAP lite (RBmAPL-2nD) without 802.3af/at
Replies: 3
Views: 1253

Re: mAP lite (RBmAPL-2nD) without 802.3af/at

You can add TP-Link TL-SF1008P. mAP lite comes up immediately when connected to this switch.
by Mett
Tue Jan 31, 2017 8:58 pm
Forum: RouterBOARD hardware
Topic: mAP lite (RBmAPL-2nD) without 802.3af/at
Replies: 3
Views: 1253

mAP lite (RBmAPL-2nD) without 802.3af/at

Hi all,

I bought a mAP lite recently and found out that it doesn't supports PoE 802.3at/af at a D-Link-Switch. Passive PoE on the second port of a Nanostation works.
by Mett
Thu Jan 26, 2017 6:12 pm
Forum: RouterBOARD hardware
Topic: Move configuration from RB750Gr2 to RB750Gr3?
Replies: 5
Views: 2192

Re: Move configuration from RB750Gr2 to RB750Gr3?

Hi,

thank you very much! At first I tried export and import through the file browser of Winbox. The export through console was unknown to me.
by Mett
Thu Jan 26, 2017 10:38 am
Forum: RouterBOARD hardware
Topic: Move configuration from RB750Gr2 to RB750Gr3?
Replies: 5
Views: 2192

Move configuration from RB750Gr2 to RB750Gr3?

Hi all,

is it possible to move a configuration from a hex Gr2 to the latest hex Gr3?
by Mett
Sun Jul 17, 2016 6:12 pm
Forum: General
Topic: Dual WAN on one ether-interface?
Replies: 1
Views: 601

Dual WAN on one ether-interface?

Hello, with the illustrated setup I got two different public IP addresses from my ISP. The 1st one on ether1 and the 2nd one on ether2. The ISP assigns the addresses by means of the MAC. dual-WAN.jpg Is it possible to connect the RB2011 just with ether1 to the Modem and getting two IPs? I tried a br...
by Mett
Fri Mar 18, 2016 3:20 pm
Forum: RouterBOARD hardware
Topic: SOHO-Router for 150-400 Mbit NAT?
Replies: 12
Views: 2265

Re: SOHO-Router for 150-400 Mbit NAT?

Hi, this is a little update: Almost surely it will be the RB3011, although there are few bugs and the software needs to mature. However, I hope it will do its work somehow (natting LAN through two WAN-interfaces and forwarding 10-15 ports into LAN). VPN will be used later, as soon as acceleration of...
by Mett
Tue Mar 15, 2016 5:45 pm
Forum: Beginner Basics
Topic: One ethernet-port with a second logical device?
Replies: 3
Views: 989

Re: One ethernet-port with a second logical device?

I know which post you mean.

Is it somehow possible to bridge physical eth1 and eth2 together and using eth2 through eth1?
by Mett
Tue Mar 15, 2016 5:38 pm
Forum: Beginner Basics
Topic: One ethernet-port with a second logical device?
Replies: 3
Views: 989

One ethernet-port with a second logical device?

Hello, I'd like to implement the following setup: One ethernet port of a router (eth1) is connected to the ethernet port of a docsis modem. eth1 gets its public IP address through DHCP from the modem. So I guess that's no big deal. But now, I'd like to get a second public IP address from the modem. ...
by Mett
Mon Mar 14, 2016 10:14 pm
Forum: RouterBOARD hardware
Topic: SOHO-Router for 150-400 Mbit NAT?
Replies: 12
Views: 2265

Re: SOHO-Router for 150-400 Mbit NAT?

Gb-WAN will be an option in several years, but not in the next 1-2. Not for me. Budget is actually not the problem, but I don't want to spend money unnecessarily. I guess, the RB3011 will be adequate for me. There is no need for a 400 EUR router in my environment but it could be the last router in m...
by Mett
Mon Mar 14, 2016 7:33 pm
Forum: RouterBOARD hardware
Topic: SOHO-Router for 150-400 Mbit NAT?
Replies: 12
Views: 2265

Re: SOHO-Router for 150-400 Mbit NAT?

Well, yes. This Router would leave nothing to be desired but is too much for my purposes, I guess.
by Mett
Mon Mar 14, 2016 5:52 pm
Forum: RouterBOARD hardware
Topic: SOHO-Router for 150-400 Mbit NAT?
Replies: 12
Views: 2265

Re: SOHO-Router for 150-400 Mbit NAT?

Well, for the money I have to spend for the RB850Gx2 including case and power suply I almost can get a RB3011. Software might be not perfect yet, but will be improved certainly. I guess, this device will have enogh power for my purposes. But, RB850Gx2 is a very interesting, small sized router, thoug...
by Mett
Mon Mar 14, 2016 3:54 pm
Forum: RouterBOARD hardware
Topic: SOHO-Router for 150-400 Mbit NAT?
Replies: 12
Views: 2265

SOHO-Router for 150-400 Mbit NAT?

Hello, I'm very impressed about the versatile possibilities of RouterOS. So, I'm searching a new SOHO-Router. These are the facts: WAN (DOCSIS) with 150/10 Mbit, router must handle up to 400/100 Mbit 25 Clients VPN through IPSec or openVPN The router will be a typical SOHO-router, so it has to NAT t...
by Mett
Mon Mar 14, 2016 10:23 am
Forum: General
Topic: Virtual or pseudo ethernet interfaces possible?
Replies: 12
Views: 12596

Re: Virtual or pseudo ethernet interfaces possible?

Hello, I've got the same problem. My idea was now connecting the router through eth1 to the DOCSIS-Modem und bridging (or switching) eth2 with another MAC to eth1. So there is one physical connection between router and modem but two logical connections. So eth1 gets the static IP (ISP assigns a stat...