Community discussions

Search found 38 matches

by ksteink
Mon Sep 09, 2019 6:24 am
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 196
Views: 36441

Re: RouterOS v7.0beta1 (ARM)

Nice progress!! Some of the new cool stuff that I want to see: - Not just OVPN with UDP support but also HW acceleration for AES encryption like hEX S or similar does HW accelerated IPSec. - Wireguard support as well with HE acceleration for encryption. - SDWAN capabilities like major players that h...
by ksteink
Fri Aug 30, 2019 2:05 am
Forum: General
Topic: VLAN configuration approach, correct or not ?
Replies: 5
Views: 666

Re: VLAN configuration approach, correct or not ?

There are multiple ways to configure VLANs in a Mikrotik. To keep it simple for you we have to separate them in 3 categories depending on the Model of the device that you have: (1) VLANs configured at the Router chip (Software based) : This is the most universal way to configure VLANs but you will b...
by ksteink
Fri Aug 16, 2019 6:41 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 22
Views: 3613

Re: vlan bridge (new way) HW offload and performance

@ksteink - thank you, again! I may consider your approach to a RB as the router for WAN outbound and termination point, and then a MT switch for inter-vlan traffic and rules. Assuming you're more of a core + access layer style network designs? --> Correct I go with a dedicated Router at the edge an...
by ksteink
Thu Aug 15, 2019 1:36 am
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 22
Views: 3613

Re: vlan bridge (new way) HW offload and performance

@ksteink WOW - awesome, thank you for such big break down and config examples. I appreciate this. --> My pleasure and I like that you found my insight here useful. It took a me a while with a lot of trail and error and reading to understand it in the way I share it with you and I want to contribute...
by ksteink
Thu Aug 15, 2019 12:06 am
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 22
Views: 3613

Re: vlan bridge (new way) HW offload and performance

Hi there, related to your questions let me try to address them as I have today 2 L2 access switches connected to my RB2011 with 2 VLANs What is recommended upgrade path from RB2011? --> Answer: There are multiple ways to configure VLANs in a Mikrotik. To keep it simple for you we have to separate th...
by ksteink
Tue Aug 13, 2019 5:14 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 25427

Re: v6.45.3 [stable] is released!

hap lite upgrade issue is not fixed! I have a hap lite with very very very basic config (wifi pseudo bridge to local ports + dhcp client). I am running 6.45.1 and if I try to update to 6.45.3 I get an error : "ERROR: not enough disk space, 7.3MiB required and only 7.3MiB is free." ... I have no fil...
by ksteink
Mon Aug 12, 2019 8:49 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 25427

Re: v6.45.3 [stable] is released!

I have upgraded multiple Routers without major issues but I just have noticed that my RB2011 stopped to advertise SLAAC addresses for my IPv6 setup. None of my clients are able to get a global IPv6 address. When I connect to the router I can ping IPv6 addresses but none of the clients can't as they ...
by ksteink
Sat May 25, 2019 12:41 am
Forum: General
Topic: Storage Error weird and help on CRS326 and hAP AC
Replies: 0
Views: 246

Storage Error weird and help on CRS326 and hAP AC

Hi guys, I am seeing this error in these 2 models of Mikrotik that I have (CRS326 and hAP AC): 17:32:37 echo: manager,error,info,debug Running out of disk space, when minimum 500kB is reached UM will be stopped! it says that I have 5% free but I have nothing weird or large in files that is eating th...
by ksteink
Fri May 24, 2019 7:46 pm
Forum: General
Topic: IKEv2 server + eap-radius, strongswan android client can't connect
Replies: 6
Views: 892

Re: IKEv2 server + eap-radius, strongswan android client can't connect

Can you share the config of your Mikrotik server here? I have done tests with IKEv2 using RSA certificates and made it work in Windows, MacOS, iOS and Android (StrongSwan). I like to try your configuration to see how differs from mine and try to replicate your authentication using Strongswan on Andr...
by ksteink
Wed May 08, 2019 10:52 pm
Forum: Scripting
Topic: MT-bulk v2.0 Mikrotik automate and send mass commands +REST API
Replies: 11
Views: 1376

Re: MT-bulk v1.5 Mikrotik automate and send mass commands

Any plans for MacOS version?
by ksteink
Tue Mar 05, 2019 6:15 pm
Forum: General
Topic: OpenVPN sloooow
Replies: 8
Views: 712

Re: OpenVPN sloooow

Mikrotik's implementation of OpenVPN simple sucks. They don't support UDP transport (only TCP) which creates problems for performance on tunnels (See this link for further information: https://openvpn.net/faq/what-is-tcp-meltdown/) and the lack of UDP support has been a looong request feature from t...
by ksteink
Tue Jan 08, 2019 11:53 pm
Forum: General
Topic: CRS312-4C-8XG, Where is it?
Replies: 2
Views: 1382

Re: CRS312-4C-8XG, Where is it?

I have the same question!!!!!
by ksteink
Tue Jan 08, 2019 10:30 pm
Forum: General
Topic: RB4011iGS+RM for my use case
Replies: 7
Views: 1060

Re: RB4011iGS+RM for my use case

Are you saying put all traffic on one port and trunk it all to the managed switch OR Divide the switch into 3 segments and use three trunk ports on the MT to the managed switch I think the op is looking for the most efficient way of handling all the data and streams etc.......... That's fine and my...
by ksteink
Tue Jan 08, 2019 10:25 pm
Forum: General
Topic: RB4011iGS+RM for my use case
Replies: 7
Views: 1060

Re: RB4011iGS+RM for my use case

My approach is that all the inter-VLAN routing remains on the swtich (CRS3xx) so I can take advantage of all the switch chip features and avoid cripple my traffic with CPU bottleneck / limitations / issues including inter-VLAN filtering and routing. From the CRS3xx switch I will have an access port ...
by ksteink
Tue Jan 08, 2019 9:50 pm
Forum: General
Topic: RB4011iGS+RM for my use case
Replies: 7
Views: 1060

Re: RB4011iGS+RM for my use case

I honestly recommend to replace the CRS125 with the RB4011 if you have any of these conditions: - More than 1 VLAN that requires HW Off-loading to not load the CPU of the router and not loose wired speed on the LAN. - VLAN filtering (a.k.a) Firewall rules to control traffic between VLANs. Even if yo...
by ksteink
Wed Nov 14, 2018 3:15 am
Forum: General
Topic: IMPROVEMENTS IN MIKROTIK ROUTERS MUST HAVE 2018/19
Replies: 7
Views: 1389

Re: IMPROVEMENTS IN MIKROTIK ROUTERS MUST HAVE 2018/19

I agree with your proposed list and let me add my points: (1) Support Switch physical stacking for access layers larger than 48 physical ports. (2) Fix HW offload limited to one Bridge interface (i.e. CRS 3xx series) including LACP interfaces that are configured different than Active / Active with t...
by ksteink
Tue Oct 30, 2018 7:22 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84208

Re: v6.44beta [testing] is released!

I want to see HW Off-load enabled in all bridge interfaces, not just one. Specially knowing that you need 1 Bridge per VLAN having this limitation is a killer as I will limit the traffic throughput without unable to get wired speed only in just 1 VLAN. Really?? Seriously??
by ksteink
Tue Oct 30, 2018 7:08 pm
Forum: General
Topic: CRS317 10Gbps forwarding rate
Replies: 8
Views: 992

Re: CRS317 10Gbps forwarding rate

This is very disappointing. Paying for a switch that has 10 Gbps that you cannot get wired speed only 1 Bridge?? Typically you can use it with 1 VLAN / Bridge if you want to have full wire speed. That doesn't make any sense at all. If the HW has 10 Gbps I should be able to get that wire speed indepe...
by ksteink
Fri Oct 19, 2018 9:23 pm
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 12974

Re: Newsletter #84

For the RB4011 it will be nice to have at least 2 x SFP+ ports instead of one and be able to support natively to have HA routers (not just VRRP but other services) that today can be achieved by custom made scripts. Ideally to have 4 x SFP+ and 10 1 GbE ports!. so if down stream switches can get 10 G...
by ksteink
Tue Sep 18, 2018 12:21 am
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 12974

Re: Newsletter #84

The RouterOS implementation of OpenVPN will always have shitty throughput since it lacks UDP support. http://sites.inka.de/bigred/devel/tcp-tcp.html RB4011 looks like a beast of a device though! Thanks for sharing R1CH! I don't disagree with you but even using UDP I want to confirm if Mikrotik has ...
by ksteink
Thu Sep 13, 2018 6:40 pm
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 12974

Re: Newsletter #84

Does the new RB4011 support HW acceleration for OpenVPN tunnels aside of IPSec acceleration?
by ksteink
Mon Sep 10, 2018 9:40 pm
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 12974

Re: Newsletter #84

Does the new RB4011 also has Hardware Acceleration for AES (OpenVPN protocol)? I am testing a file transfer using OVPN between 2 RB2011 and the transfer literally sucks (Less than 1 Mbps of throughput) when we have 25 Mbps total BW between the 2 endpoints. I understand that the new RB4011 has IPSec ...
by ksteink
Thu Sep 06, 2018 9:51 pm
Forum: General
Topic: Getting IPv6 subnet to work behind router
Replies: 10
Views: 968

Re: Getting IPv6 subnet to work behind router

I had a similar issue with my ISP on your setup. They gave me an /56 and the ::1 of the first /64 was their gateway address and ::2 was the one for my router. The problem with this approach is that they are using part of the /48 in this case to route the WAN side. The /48 is for your LAN segments, a...
by ksteink
Thu Jul 19, 2018 12:29 am
Forum: Beginner Basics
Topic: Deploying IPv6 on a home/hobbyist/small business network?
Replies: 8
Views: 2660

Re: Deploying IPv6 on a home/hobbyist/small business network?

Hi Ehbowen, I have running IPv6 for 6 years now at home on Mikrotik and worked great for me. So some tips / advise for you: (1) Does your ISP provides IPv6? If not you need to think to use an alternate solution like a 6to4 tunnel using vISP like Hurricane Electric (tunnel broker). I used tunnel brok...
by ksteink
Thu Jul 19, 2018 12:14 am
Forum: Beginner Basics
Topic: IPv6 Home problem [SOLVED]
Replies: 11
Views: 966

Re: IPv6 Home problem [SOLVED]

I am assuming that you're using Comcast IPv6? If so you may want to follow this online guideline: https://idndx.com/2016/07/20/routeros-meets-comcast-ipv6/ Seems to me that you don't have configured your Default route on IPv6. Go to Winbox --> IPv6 --> Routes and check that you have a default route ...
by ksteink
Tue Feb 13, 2018 9:42 pm
Forum: Announcements
Topic: v6.41.2 [current]
Replies: 125
Views: 28853

Re: v6.41.2 [current]

I upgraded my RB2011UiAS-2HnD-IN with no major issues. All my basic connection features worked fine (OVPN, IPv6 and VLANs). I did noticed that after the upgrade the LED on the router was constantly ON even in my setting I have it by default on OFF. I did turned ON and OFF again and it finally turn i...
by ksteink
Wed Nov 08, 2017 3:55 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 32444

Re: CHR suggestions for new functionality

I want to see the following features: - SD-WAN Overlay (Group multiple physical circuits into a "logical" one) using an overlay network (i.e. multiple IPSec or SSL tunnels on each physical circuits) - Zero touch provisioning for SD-WAN interconnection - Central controller to centrally manage all the...
by ksteink
Wed Oct 25, 2017 6:02 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 25762

Re: v6.40.4 [current]

Thanks for the "advise". This rule was never before on my base ruleset until I reset the whole configuration and I never had this issue to open these flows. So pls don't tell me what to expect when a new rule shows up on my configuration after a reset. I did try to share my experience for others to ...
by ksteink
Tue Oct 24, 2017 6:51 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 25762

Re: v6.40.4 [current]

Thanks for the advise on the Quick Setup. I learned it myself in the hard way by troubleshooting.

What is still a mystery for me is the issue with Google Play downloads over IPv4. Weird....
by ksteink
Tue Oct 24, 2017 4:42 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 25762

Re: v6.40.4 [current]

I want to share a very special case that happened to me after I did the upgrade to 6.40.4. I cannot tell if the issues / bug(s) came just with this new version but I want to point out the different aspects that impacted me. My issue happened with the RB2011UiAS-2HnD-IN model. In my scenario I have e...
by ksteink
Wed Aug 30, 2017 4:54 pm
Forum: Announcements
Topic: v6.40.2 [current]
Replies: 44
Views: 10123

Re: v6.40.2 [current]

Led issue on my RB2011 finally gone with this version. Thanks!
by ksteink
Fri Aug 04, 2017 5:14 pm
Forum: Announcements
Topic: v6.40.1 [current]
Replies: 74
Views: 23111

Re: v6.40.1 [current]

Same issue on the RB2011 with the led. I have to manually shut it off with set led command.
by ksteink
Thu Jul 27, 2017 1:47 am
Forum: Announcements
Topic: v6.40 [current]
Replies: 101
Views: 22720

Re: v6.40 [current]

Upgraded an RB951Ui-2HnD and everything working fine such as: - IPv6 (HE tunneling) - OpenVPN (S2S and C2S) Planning to upgrade an RB2011 later on this week. Update: I did upgrade my RB2011-UiAS-2HnD with similar configuration as my RB951 and no issues at all. Update #2: RB2011 led blinking issue as...
by ksteink
Tue Jun 06, 2017 7:01 pm
Forum: Announcements
Topic: v6.39.2 [current]
Replies: 122
Views: 35047

Re: v6.39.2 [current]

Updated my RB2011 from 6.39.1 and no issues. I have IPv6 (HLE tunnel broker) and VPNs (using OVPN) working fine.
by ksteink
Sun May 21, 2017 2:35 am
Forum: General
Topic: VoiP port forward?
Replies: 3
Views: 2862

Re: VoiP port forward?

What ports did you opened? There are 2 types of flows: 1) phone signaling. If you use SIP protocol is TCP 5060. This flows allows phones to register on the PBX and get features like the extension number assignment. 2) Voice media streaming. In this case the flow are based on a random UDP port precon...
by ksteink
Sun Mar 19, 2017 5:36 am
Forum: General
Topic: RB2011UiAS - OpenVPN/VPN server struggle...
Replies: 4
Views: 2049

Re: RB2011UiAS - OpenVPN/VPN server struggle...

This happens when OVPN is confiured on IP mode on Mikrotik. I found this guide that I used and worked flawlessly to me. Check this link: https://rbgeek.wordpress.com/2014/09/10 ... -routeros/

Sent from my P01MA using Tapatalk
by ksteink
Sun Mar 12, 2017 5:28 am
Forum: General
Topic: RB2011UiAS - OpenVPN/VPN server struggle...
Replies: 4
Views: 2049

Re: RB2011UiAS - OpenVPN/VPN server struggle...

I have OpenVPN server running on my Mikrotiks for couple years and they just work fine. Let me give you some tips that worked for me after a lot of research and a bunch of tests: - I did create my digital certificates on a separate machine (i.e. windows). - Use TUN mode only. That allows to run OVPN...