Community discussions

MikroTik App

Search found 68 matches

by ksteink
Mon Oct 19, 2020 8:24 pm
Forum: General
Topic: Revoked certificate but IKEv2 connection still works?
Replies: 8
Views: 459

Re: Revoked certificate but IKEv2 connection still works?

I have not tried yet to revoke a certificate and see if the IKEv2 works BUT I did noticed that you need to create 1 IPSec Identities for each certificate you want to connect. If you disable or remove the specific IPSec Identity associated with the target digital certificate then the connection will ...
by ksteink
Fri Oct 09, 2020 10:49 pm
Forum: General
Topic: Problems connecting more than 1 user to the VPN
Replies: 3
Views: 285

Re: Problems connecting more than 1 user to the VPN

Consider that many ISPs are now stretching IPv4 addresses using CGNAT so this issue will become a more recurrent one. I am looking OVPN and WireGuard that uses SSL once the new ROS v7 becomes a Stable Release as an alternative to IKEv2
by ksteink
Fri Oct 09, 2020 6:13 pm
Forum: General
Topic: Problems connecting more than 1 user to the VPN
Replies: 3
Views: 285

Re: Problems connecting more than 1 user to the VPN

That’s a limitation of L2TP/IPSec as the VPN Server cannot tell which client to serve if both clients has the same source IP. The recommendation is to go with IKEv2 using Digital Certificates in which client gets its own client certificate and with that the server will use the certificate to identif...
by ksteink
Sat Sep 26, 2020 8:07 am
Forum: General
Topic: IPSec for clients with dynamic IP and behind NAT
Replies: 4
Views: 451

Re: IPSec for clients with dynamic IP and behind NAT

Understood and food luck BUT even you do the test try to avoid OVPN on versions 6.4x as they only support TCP transport instead of UDP. That causes what is called TCP meltdown and impacts badly performance. On a 25 Mbps link using OVPN I got tops 3 Mbps BW and same link using L2TP/IPSec I got 14 Mbp...
by ksteink
Wed Sep 23, 2020 7:40 am
Forum: General
Topic: IPSec for clients with dynamic IP and behind NAT
Replies: 4
Views: 451

Re: IPSec for clients with dynamic IP and behind NAT

You can use IKEv2 with Digital Certificates for client to site and site To site VPNs where the VPN client cam be behind a NAT device (i.e CGNAT). Make sure that all your edge routers uses hardware that has IPSec HW acceleration like RB4011, hEX S, hAP AC2 and AC3 just to mention few Sent from my iPh...
by ksteink
Mon Sep 21, 2020 6:03 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 275
Views: 70488

Re: v7.1beta2 [development] is released!

Any dates to get the Stable Release? I like to not continue using 6.xx and already push to get 7.xx
by ksteink
Wed Sep 09, 2020 11:25 pm
Forum: General
Topic: IPSec/IKE2 VPN vs Windows 10 [SOLVED]
Replies: 4
Views: 567

Re: IPSec/IKE2 VPN vs Windows 10 [SOLVED]

I had a similar issue and the limitation on windows 10 is that you cannot define remote ID nor local ID like you do on MacOS, Linux & Android (using StrongSwan) and iOS. I fix it by making the remote ID to match my IP Cloud DDNS as also my VPN server hostname to connect on my RouterOS when I did cre...
by ksteink
Sat Sep 05, 2020 8:03 am
Forum: General
Topic: IKEv2 routing issues
Replies: 5
Views: 1006

Re: IKEv2 routing issues

I am facing problems with IKEv2 routing and cannot figure out the issue. There are three players in my setup. IKEv2 client (let us call it client - C). Currently on macOS. Router A) IKEv2 provider VPN pool: 192.168.167.10-50/24 Subnets: 192.168.168.0/24 EOIP IP: 172.16.99.1 headquarters office, SAP...
by ksteink
Wed Aug 26, 2020 6:36 am
Forum: RouterOS v7 BETA
Topic: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN
Replies: 13
Views: 1148

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

1. MikroTik is already working on stacking, I've talked with them at length about the need for this at the MUMs. The last I heard, MikroTik was using a standards based protocol to implement a redundant switching control plane but I don't remember which one. A decent guess would be either SPB (https...
by ksteink
Mon Aug 24, 2020 5:43 pm
Forum: RouterOS v7 BETA
Topic: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN
Replies: 13
Views: 1148

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Hi love to see the following features on RouterOS v7 ( or even v6 ): - VSS ( Virtual Switching and Stacking ): Even ROS supports for years VRRP you need to custom scripts to replicate other configuration parameters like DHCPs. Connection states should be replicated to allow a transparent failover i...
by ksteink
Mon Aug 24, 2020 5:41 pm
Forum: RouterOS v7 BETA
Topic: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN
Replies: 13
Views: 1148

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Zero Touch Provisioning would be great
the others are boring
well this is my wish list, if becomes to reality you can use the features that you like :)
by ksteink
Sun Aug 23, 2020 7:06 am
Forum: RouterOS v7 BETA
Topic: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN
Replies: 13
Views: 1148

Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Hi love to see the following features on RouterOS v7 ( or even v6 ): - VSS ( Virtual Switching and Stacking ): Even ROS supports for years VRRP you need to custom scripts to replicate other configuration parameters like DHCPs. Connection states should be replicated to allow a transparent failover if...
by ksteink
Fri Aug 21, 2020 7:03 pm
Forum: General
Topic: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge
Replies: 20
Views: 1009

Re: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge

Thanks all for the tips here. I am sure 3dfx can apply those to get wired speed as well :). He should disable STP as well and make sure there is no loops in his network as this protocol needs to be disabled in order to get wired speed on VLAN 1 I don't think lack of HW-offloading is a problem in hi...
by ksteink
Fri Aug 21, 2020 7:02 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 275
Views: 70488

Re: v7.1beta2 [development] is released!

Very nice features!!! love them so far and keep going!!

Any time frame to move off development phase and make it ready for production / stable?
by ksteink
Fri Aug 21, 2020 12:51 am
Forum: General
Topic: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge
Replies: 20
Views: 1009

Re: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge

by default STP is enabled and as soon as I disable it I got HW offload enabled. Bingo! :) Thanks all for the tips here. I am sure 3dfx can apply those to get wired speed as well :). He should disable STP as well and make sure there is no loops in his network as this protocol needs to be disabled in...
by ksteink
Fri Aug 21, 2020 12:01 am
Forum: General
Topic: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge
Replies: 20
Views: 1009

Re: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge

Interesting as I have mostly default configuration out of the box. Only changed IP for LAN interfaces and done. Did you do anything to enable HW Offload on yours? No, nothing. I use mine as a plain wired switch & AP, so all interfaces in a single bridge, STP disabled. That's pretty much it. Thanks ...
by ksteink
Thu Aug 20, 2020 11:38 pm
Forum: General
Topic: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge
Replies: 20
Views: 1009

Re: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge

mkx I disagree with your statement. I have an RB4011 with no VLANs (all ports on the bridge interface only) that I support for a client that doesn't get HW Offload even with no VLANs: So I don't expect wired speeds between LAN ports inside of the RB4011. That's why I use them as Edge router only wi...
by ksteink
Thu Aug 20, 2020 6:46 pm
Forum: General
Topic: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge
Replies: 20
Views: 1009

Re: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge

@ksteink is not entirely correct: RB4011 actually does have switch chip built in and it does support wire-speed switching. However it does not offer HW offload when using VLANs. So in a simple scenario (no VLANs) it should be able to forward data between member ports wirespeed. @3dfx: post config (...
by ksteink
Thu Aug 20, 2020 3:28 am
Forum: General
Topic: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge
Replies: 20
Views: 1009

Re: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge

The RB4011 has no switch chip so all the internal traffic hits the router CPU. Other models has a switch chip to HW offload the switching traffic inside of the same VLAN. RB2011 and RB3011 has switch chip but no the RB4011. This was very disappointing for me and hold le to biy this model. Try to fin...
by ksteink
Tue Jul 14, 2020 4:45 am
Forum: RouterBOARD hardware
Topic: OpenVPN hardware
Replies: 1
Views: 996

Re: OpenVPN hardware

None at this moment. Mikrotik’s OVPN implementation sucks for RouterOS ver 6.x: - Support only for TCP not UDP (Causing TCP meltdown) - No compression - No hardware acceleration for encryption/ decryption. RouterOS v7.x that is in beta since last year promises to fix these issues. I do know it suppo...
by ksteink
Tue Jul 14, 2020 4:37 am
Forum: RouterBOARD hardware
Topic: RB5011
Replies: 40
Views: 10598

Re: RB5011

I would add a secondary SFP+ and a switch chip to the specs already mentioned


Sent from my iPhone using Tapatalk
by ksteink
Tue Jul 14, 2020 2:30 am
Forum: Announcements
Topic: v6.47.1 [stable] is released!
Replies: 147
Views: 58431

Re: v6.47.1 [stable] is released!

I have upgraded multiple devices from 6.46.6 to 6.47.1 (I skipped 6.47 as it was too buggy with the write disk issues that several users reported). I have upgraded: - 4 x hAP AC2 - 2 x CRS326 - 1 x CRS312 - 2 x RB2011 - 1 x RB4011 - 3 x hEX S - 1 x RB951Ui - 1 x hAP Lite TC Some of them has IPv6, ot...
by ksteink
Mon Jul 06, 2020 7:53 pm
Forum: Announcements
Topic: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!
Replies: 43
Views: 79748

Re: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!

Any plans to retake MUMs but in virtual format for the time being until we pass this COVID-19 Pandemic? That will be awesome!!
by ksteink
Mon May 25, 2020 7:29 am
Forum: Beginner Basics
Topic: How to setup VLANs?
Replies: 5
Views: 1095

Re: How to setup VLANs?

RB4011 doesn’t have a good switch chip. That means that you can only create VLANs controlled by the CPU chip (software based instead of HW accelerated / offloaded. That means that you need to create a bridge interface per VLAN and only one bridge interface can give you wired speed. The others will n...
by ksteink
Wed Apr 29, 2020 10:56 pm
Forum: Announcements
Topic: MikroTik newsletter May 2020 (#95)
Replies: 50
Views: 27665

Re: MikroTik newsletter May 2020 (#95)

Nice products for this newsletter. I would love to see Mikrotik on the CRS3xx line to have PoE+ included, and mGig Ports instead of normal 1 Gbps ones. That will make this switch (and the rack mount version a very compelling device. Still I like the new CRS326 desktop version but the next level for ...
by ksteink
Fri Apr 17, 2020 6:09 pm
Forum: Announcements
Topic: Winbox v3.23 released!
Replies: 60
Views: 29202

Re: Winbox v3.23 released!

Thanks but any chance to get a native application in other OSes like MacOS or Linux without the need to use Wine?
by ksteink
Sat Apr 11, 2020 8:23 am
Forum: Announcements
Topic: v6.46.5 [stable] is released!
Replies: 72
Views: 28895

Re: v6.46.5 [stable] is released!

I have upgraded 2 x RB2011, 3 x hAP AC2, 4 hEX S, 1 x CRS326, 1 x CRS312, 2 x RB951Ui-2HnD, 1 x hAP lite to this new version without any detected issues. Most of these devices are using L2TP/IPSec VPNs, some OVPN, some IPv6 without any issues.

Thanks!
by ksteink
Fri Feb 28, 2020 5:32 pm
Forum: Announcements
Topic: v6.46.4 [stable] is released!
Replies: 107
Views: 50092

Re: v6.46.4 [stable] is released!

I have updated a bunch of devices without any detected issues:

1 x RB2011UiAS-2HnD-IN
4 x hAP AC2
1 x CRS312
3 x hEX S
1 x CRS326-24G-2S+RM
1 x hAP lite TC
2 x RB951Ui-2HnD

Usage: Some home based devices and some Office one(s) some with IPv6, L2TP/IPSec VPNs, OVPN VPNs.
by ksteink
Tue Feb 11, 2020 6:08 pm
Forum: Announcements
Topic: v6.46.3 [stable] is released!
Replies: 28
Views: 37365

Re: v6.46.3 [stable] is released!

I did upgrade a bunch of devices without major issues: hAP AC2 (Qty 2), hEX S (Qty 4), CRS312 (Qty 1), RB2011 (Qty 1), CRS326 (Qty 1). Related to the hAP AC2 I got a very weird issue. The 2 units that I manage both did the upgrade without any issues and reported no issues at all. One of them 2 days ...
by ksteink
Mon Nov 25, 2019 3:13 pm
Forum: Announcements
Topic: v6.45.7 [stable] is released!
Replies: 104
Views: 42513

Re: v6.45.7 [stable] is released!

I do confirm that I have the same issue with IPv6 AAAA records after upgrading the routers that I do support: [admin@MAK-CD01] > ping [:resolve ipv6.google.com] not enough permissions (9) On 6.43.11: I have a script containing the following command: :resolve $hostname server=$NS I set "read, write, ...
by ksteink
Mon Sep 09, 2019 6:24 am
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 203
Views: 62235

Re: RouterOS v7.0beta1 (ARM)

Nice progress!! Some of the new cool stuff that I want to see: - Not just OVPN with UDP support but also HW acceleration for AES encryption like hEX S or similar does HW accelerated IPSec. - Wireguard support as well with HE acceleration for encryption. - SDWAN capabilities like major players that h...
by ksteink
Fri Aug 30, 2019 2:05 am
Forum: General
Topic: VLAN configuration approach, correct or not ?
Replies: 5
Views: 1252

Re: VLAN configuration approach, correct or not ?

There are multiple ways to configure VLANs in a Mikrotik. To keep it simple for you we have to separate them in 3 categories depending on the Model of the device that you have: (1) VLANs configured at the Router chip (Software based) : This is the most universal way to configure VLANs but you will b...
by ksteink
Fri Aug 16, 2019 6:41 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 23
Views: 7962

Re: vlan bridge (new way) HW offload and performance

@ksteink - thank you, again! I may consider your approach to a RB as the router for WAN outbound and termination point, and then a MT switch for inter-vlan traffic and rules. Assuming you're more of a core + access layer style network designs? --> Correct I go with a dedicated Router at the edge an...
by ksteink
Thu Aug 15, 2019 1:36 am
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 23
Views: 7962

Re: vlan bridge (new way) HW offload and performance

@ksteink WOW - awesome, thank you for such big break down and config examples. I appreciate this. --> My pleasure and I like that you found my insight here useful. It took a me a while with a lot of trail and error and reading to understand it in the way I share it with you and I want to contribute...
by ksteink
Thu Aug 15, 2019 12:06 am
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 23
Views: 7962

Re: vlan bridge (new way) HW offload and performance

Hi there, related to your questions let me try to address them as I have today 2 L2 access switches connected to my RB2011 with 2 VLANs What is recommended upgrade path from RB2011? --> Answer: There are multiple ways to configure VLANs in a Mikrotik. To keep it simple for you we have to separate th...
by ksteink
Tue Aug 13, 2019 5:14 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 38312

Re: v6.45.3 [stable] is released!

hap lite upgrade issue is not fixed! I have a hap lite with very very very basic config (wifi pseudo bridge to local ports + dhcp client). I am running 6.45.1 and if I try to update to 6.45.3 I get an error : "ERROR: not enough disk space, 7.3MiB required and only 7.3MiB is free." ... I have no fil...
by ksteink
Mon Aug 12, 2019 8:49 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 38312

Re: v6.45.3 [stable] is released!

I have upgraded multiple Routers without major issues but I just have noticed that my RB2011 stopped to advertise SLAAC addresses for my IPv6 setup. None of my clients are able to get a global IPv6 address. When I connect to the router I can ping IPv6 addresses but none of the clients can't as they ...
by ksteink
Sat May 25, 2019 12:41 am
Forum: General
Topic: Storage Error weird and help on CRS326 and hAP AC
Replies: 0
Views: 580

Storage Error weird and help on CRS326 and hAP AC

Hi guys, I am seeing this error in these 2 models of Mikrotik that I have (CRS326 and hAP AC): 17:32:37 echo: manager,error,info,debug Running out of disk space, when minimum 500kB is reached UM will be stopped! it says that I have 5% free but I have nothing weird or large in files that is eating th...
by ksteink
Fri May 24, 2019 7:46 pm
Forum: General
Topic: IKEv2 server + eap-radius, strongswan android client can't connect
Replies: 6
Views: 2275

Re: IKEv2 server + eap-radius, strongswan android client can't connect

Can you share the config of your Mikrotik server here? I have done tests with IKEv2 using RSA certificates and made it work in Windows, MacOS, iOS and Android (StrongSwan). I like to try your configuration to see how differs from mine and try to replicate your authentication using Strongswan on Andr...
by ksteink
Wed May 08, 2019 10:52 pm
Forum: Scripting
Topic: MT-bulk v2.2.3 Mikrotik automate and send mass commands +REST API
Replies: 15
Views: 4647

Re: MT-bulk v1.5 Mikrotik automate and send mass commands

Any plans for MacOS version?
by ksteink
Tue Mar 05, 2019 6:15 pm
Forum: General
Topic: OpenVPN sloooow
Replies: 10
Views: 5772

Re: OpenVPN sloooow

Mikrotik's implementation of OpenVPN simple sucks. They don't support UDP transport (only TCP) which creates problems for performance on tunnels (See this link for further information: https://openvpn.net/faq/what-is-tcp-meltdown/) and the lack of UDP support has been a looong request feature from t...
by ksteink
Tue Jan 08, 2019 11:53 pm
Forum: General
Topic: CRS312-4C-8XG, Where is it?
Replies: 2
Views: 1660

Re: CRS312-4C-8XG, Where is it?

I have the same question!!!!!
by ksteink
Tue Jan 08, 2019 10:30 pm
Forum: General
Topic: RB4011iGS+RM for my use case
Replies: 7
Views: 1888

Re: RB4011iGS+RM for my use case

Are you saying put all traffic on one port and trunk it all to the managed switch OR Divide the switch into 3 segments and use three trunk ports on the MT to the managed switch I think the op is looking for the most efficient way of handling all the data and streams etc.......... That's fine and my...
by ksteink
Tue Jan 08, 2019 10:25 pm
Forum: General
Topic: RB4011iGS+RM for my use case
Replies: 7
Views: 1888

Re: RB4011iGS+RM for my use case

My approach is that all the inter-VLAN routing remains on the swtich (CRS3xx) so I can take advantage of all the switch chip features and avoid cripple my traffic with CPU bottleneck / limitations / issues including inter-VLAN filtering and routing. From the CRS3xx switch I will have an access port ...
by ksteink
Tue Jan 08, 2019 9:50 pm
Forum: General
Topic: RB4011iGS+RM for my use case
Replies: 7
Views: 1888

Re: RB4011iGS+RM for my use case

I honestly recommend to replace the CRS125 with the RB4011 if you have any of these conditions: - More than 1 VLAN that requires HW Off-loading to not load the CPU of the router and not loose wired speed on the LAN. - VLAN filtering (a.k.a) Firewall rules to control traffic between VLANs. Even if yo...
by ksteink
Wed Nov 14, 2018 3:15 am
Forum: General
Topic: IMPROVEMENTS IN MIKROTIK ROUTERS MUST HAVE 2018/19
Replies: 7
Views: 2273

Re: IMPROVEMENTS IN MIKROTIK ROUTERS MUST HAVE 2018/19

I agree with your proposed list and let me add my points: (1) Support Switch physical stacking for access layers larger than 48 physical ports. (2) Fix HW offload limited to one Bridge interface (i.e. CRS 3xx series) including LACP interfaces that are configured different than Active / Active with t...
by ksteink
Tue Oct 30, 2018 7:22 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 112291

Re: v6.44beta [testing] is released!

I want to see HW Off-load enabled in all bridge interfaces, not just one. Specially knowing that you need 1 Bridge per VLAN having this limitation is a killer as I will limit the traffic throughput without unable to get wired speed only in just 1 VLAN. Really?? Seriously??
by ksteink
Tue Oct 30, 2018 7:08 pm
Forum: General
Topic: CRS317 10Gbps forwarding rate
Replies: 8
Views: 1586

Re: CRS317 10Gbps forwarding rate

This is very disappointing. Paying for a switch that has 10 Gbps that you cannot get wired speed only 1 Bridge?? Typically you can use it with 1 VLAN / Bridge if you want to have full wire speed. That doesn't make any sense at all. If the HW has 10 Gbps I should be able to get that wire speed indepe...
by ksteink
Fri Oct 19, 2018 9:23 pm
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 17500

Re: Newsletter #84

For the RB4011 it will be nice to have at least 2 x SFP+ ports instead of one and be able to support natively to have HA routers (not just VRRP but other services) that today can be achieved by custom made scripts. Ideally to have 4 x SFP+ and 10 1 GbE ports!. so if down stream switches can get 10 G...
by ksteink
Tue Sep 18, 2018 12:21 am
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 17500

Re: Newsletter #84

The RouterOS implementation of OpenVPN will always have shitty throughput since it lacks UDP support. http://sites.inka.de/bigred/devel/tcp-tcp.html RB4011 looks like a beast of a device though! Thanks for sharing R1CH! I don't disagree with you but even using UDP I want to confirm if Mikrotik has ...
by ksteink
Thu Sep 13, 2018 6:40 pm
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 17500

Re: Newsletter #84

Does the new RB4011 support HW acceleration for OpenVPN tunnels aside of IPSec acceleration?
by ksteink
Mon Sep 10, 2018 9:40 pm
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 17500

Re: Newsletter #84

Does the new RB4011 also has Hardware Acceleration for AES (OpenVPN protocol)? I am testing a file transfer using OVPN between 2 RB2011 and the transfer literally sucks (Less than 1 Mbps of throughput) when we have 25 Mbps total BW between the 2 endpoints. I understand that the new RB4011 has IPSec ...
by ksteink
Thu Sep 06, 2018 9:51 pm
Forum: General
Topic: Getting IPv6 subnet to work behind router
Replies: 10
Views: 1518

Re: Getting IPv6 subnet to work behind router

I had a similar issue with my ISP on your setup. They gave me an /56 and the ::1 of the first /64 was their gateway address and ::2 was the one for my router. The problem with this approach is that they are using part of the /48 in this case to route the WAN side. The /48 is for your LAN segments, a...
by ksteink
Thu Jul 19, 2018 12:29 am
Forum: Beginner Basics
Topic: Deploying IPv6 on a home/hobbyist/small business network?
Replies: 8
Views: 4055

Re: Deploying IPv6 on a home/hobbyist/small business network?

Hi Ehbowen, I have running IPv6 for 6 years now at home on Mikrotik and worked great for me. So some tips / advise for you: (1) Does your ISP provides IPv6? If not you need to think to use an alternate solution like a 6to4 tunnel using vISP like Hurricane Electric (tunnel broker). I used tunnel brok...
by ksteink
Thu Jul 19, 2018 12:14 am
Forum: Beginner Basics
Topic: IPv6 Home problem [SOLVED]
Replies: 11
Views: 1711

Re: IPv6 Home problem [SOLVED]

I am assuming that you're using Comcast IPv6? If so you may want to follow this online guideline: https://idndx.com/2016/07/20/routeros-meets-comcast-ipv6/ Seems to me that you don't have configured your Default route on IPv6. Go to Winbox --> IPv6 --> Routes and check that you have a default route ...
by ksteink
Tue Feb 13, 2018 9:42 pm
Forum: Announcements
Topic: v6.41.2 [current]
Replies: 125
Views: 38000

Re: v6.41.2 [current]

I upgraded my RB2011UiAS-2HnD-IN with no major issues. All my basic connection features worked fine (OVPN, IPv6 and VLANs). I did noticed that after the upgrade the LED on the router was constantly ON even in my setting I have it by default on OFF. I did turned ON and OFF again and it finally turn i...
by ksteink
Wed Nov 08, 2017 3:55 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 39194

Re: CHR suggestions for new functionality

I want to see the following features: - SD-WAN Overlay (Group multiple physical circuits into a "logical" one) using an overlay network (i.e. multiple IPSec or SSL tunnels on each physical circuits) - Zero touch provisioning for SD-WAN interconnection - Central controller to centrally manage all the...
by ksteink
Wed Oct 25, 2017 6:02 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 31854

Re: v6.40.4 [current]

Thanks for the "advise". This rule was never before on my base ruleset until I reset the whole configuration and I never had this issue to open these flows. So pls don't tell me what to expect when a new rule shows up on my configuration after a reset. I did try to share my experience for others to ...
by ksteink
Tue Oct 24, 2017 6:51 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 31854

Re: v6.40.4 [current]

Thanks for the advise on the Quick Setup. I learned it myself in the hard way by troubleshooting.

What is still a mystery for me is the issue with Google Play downloads over IPv4. Weird....
by ksteink
Tue Oct 24, 2017 4:42 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 31854

Re: v6.40.4 [current]

I want to share a very special case that happened to me after I did the upgrade to 6.40.4. I cannot tell if the issues / bug(s) came just with this new version but I want to point out the different aspects that impacted me. My issue happened with the RB2011UiAS-2HnD-IN model. In my scenario I have e...
by ksteink
Wed Aug 30, 2017 4:54 pm
Forum: Announcements
Topic: v6.40.2 [current]
Replies: 44
Views: 13435

Re: v6.40.2 [current]

Led issue on my RB2011 finally gone with this version. Thanks!
by ksteink
Fri Aug 04, 2017 5:14 pm
Forum: Announcements
Topic: v6.40.1 [current]
Replies: 74
Views: 28111

Re: v6.40.1 [current]

Same issue on the RB2011 with the led. I have to manually shut it off with set led command.
by ksteink
Thu Jul 27, 2017 1:47 am
Forum: Announcements
Topic: v6.40 [current]
Replies: 101
Views: 28204

Re: v6.40 [current]

Upgraded an RB951Ui-2HnD and everything working fine such as: - IPv6 (HE tunneling) - OpenVPN (S2S and C2S) Planning to upgrade an RB2011 later on this week. Update: I did upgrade my RB2011-UiAS-2HnD with similar configuration as my RB951 and no issues at all. Update #2: RB2011 led blinking issue as...
by ksteink
Tue Jun 06, 2017 7:01 pm
Forum: Announcements
Topic: v6.39.2 [current]
Replies: 122
Views: 42635

Re: v6.39.2 [current]

Updated my RB2011 from 6.39.1 and no issues. I have IPv6 (HLE tunnel broker) and VPNs (using OVPN) working fine.
by ksteink
Sun May 21, 2017 2:35 am
Forum: General
Topic: VoiP port forward?
Replies: 3
Views: 3899

Re: VoiP port forward?

What ports did you opened? There are 2 types of flows: 1) phone signaling. If you use SIP protocol is TCP 5060. This flows allows phones to register on the PBX and get features like the extension number assignment. 2) Voice media streaming. In this case the flow are based on a random UDP port precon...
by ksteink
Sun Mar 19, 2017 5:36 am
Forum: General
Topic: RB2011UiAS - OpenVPN/VPN server struggle...
Replies: 4
Views: 2705

Re: RB2011UiAS - OpenVPN/VPN server struggle...

This happens when OVPN is confiured on IP mode on Mikrotik. I found this guide that I used and worked flawlessly to me. Check this link: https://rbgeek.wordpress.com/2014/09/10 ... -routeros/

Sent from my P01MA using Tapatalk
by ksteink
Sun Mar 12, 2017 5:28 am
Forum: General
Topic: RB2011UiAS - OpenVPN/VPN server struggle...
Replies: 4
Views: 2705

Re: RB2011UiAS - OpenVPN/VPN server struggle...

I have OpenVPN server running on my Mikrotiks for couple years and they just work fine. Let me give you some tips that worked for me after a lot of research and a bunch of tests: - I did create my digital certificates on a separate machine (i.e. windows). - Use TUN mode only. That allows to run OVPN...