Community discussions

MikroTik App

Search found 151 matches

by ksteink
Thu Oct 24, 2024 4:13 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 50
Views: 5670

Re: Newsletter #121 | October 2024

Thanks for sharing. I am looking to see more interesting products such as: - More options on Switches CRS3xx/CRS5xx that has PoE+ and PoE++ and 2.5 Gbps and 5 Gbps - More options on RBs with 2.5 Gbps and 10 Gbps. In the low end the option is the RB5009 and in the high end we have CCR2004 but there i...
by ksteink
Wed Sep 25, 2024 4:59 pm
Forum: Announcements
Topic: Question to our users about controllers
Replies: 67
Views: 35752

Re: Question to our users about controllers

I know we had a similar topic a while ago, but here there are some more specific questions. This is just to gather ideas and general opinions. Please don't just answer "yes, give us everything". It is more about what you would actually use, what you actually need. 1) Are you interested in...
by ksteink
Fri Jul 05, 2024 3:06 pm
Forum: Announcements
Topic: Newsletter #119 | July 2024
Replies: 37
Views: 49581

Re: Newsletter #119 | July 2024

Knowing that the whole Industry and Wi-Fi is moving to mGig with PoE++, having the CRS320-8P-8B-4S+RM with just 1 Gbps ports is kind of DoA
by ksteink
Tue Jul 02, 2024 9:06 pm
Forum: General
Topic: is RouterOS SSH vulnerable to the regreSSHion vulnerability?
Replies: 2
Views: 520

is RouterOS SSH vulnerable to the regreSSHion vulnerability?

Hi I want to check if RouterOS is vulnerable to the regreSSHion SSH issue reported? is the 7.15.2 non-vulnerable?

https://www.theregister.com/2024/07/01/ ... n_openssh/
by ksteink
Wed Jun 12, 2024 5:00 pm
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 655
Views: 260089

Re: v7.15.1 [stable] is released!

Updated a bunch of devices and no issues so far (all upgrades were smooth and no detected issues with current configurations):

- CRS326-24G
- CRS312
- hEX S
- hAP AC2
- RB2011
- RB3011
- RB4011
- RB5009
- cAP
by ksteink
Mon Jun 10, 2024 11:28 pm
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 655
Views: 260089

Re: v7.15.1 [stable] is released!

I upgraded a vultr CHR 7.15 to 7.15.1 using the internal upgrade function and after the necessary restart my wireguard vpns stopped working. Downgrading to 7.15 fixed the problem. So please deploy with caution. I have updated few devices for testing and the WireGuard VPN came up without a problem o...
by ksteink
Thu May 16, 2024 11:42 pm
Forum: General
Topic: Site to site VPN problem
Replies: 3
Views: 755

Re: Site to site VPN problem

What VPN protocol? WireGuard? IKEv2 IPSec? OVPN? L2TP/IPSec?

It could be many things and depends on your configuration.
by ksteink
Thu May 16, 2024 11:36 pm
Forum: General
Topic: OpenVpn 2FA with User-Manager
Replies: 4
Views: 2055

Re: OpenVpn 2FA with User-Manager

Hello! Has anyone done something like Mikrotik OpenVPN with double authentication without radius with usermannager? I mean something where the user connects to the VPN with the password of his own username, and then the router sends him a second one-time-use password by e-mail. Has anyone done this...
by ksteink
Tue Mar 12, 2024 4:43 am
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 671
Views: 228263

Re: v7.14.1 [stable] is released!

3 CRS326-24G tested: - 1 Upgraded without problems - 1 Failed to upgrade (and storage reports 0% free space but I can dump a copy of the configuration and a backup without a problem) - 1 Bricked (I need to do a Netinstall) I am not thrilled with the outcome of these upgrades and since 7.13 these new...
by ksteink
Sat Mar 09, 2024 3:02 am
Forum: Announcements
Topic: Newsletter #117 | March 2024
Replies: 22
Views: 34274

Re: Newsletter #117 | March 2024

I support a CRS312 that has 64 MB with L3 HW Offload. The switch reboots every 2 weeks when Memory gets maxed out. So for me CRS312, CRS5xx series and this new one is Dead on Arrival (Aside of the 3X times price issue for additional port speeds (2.5 Gbps) and couple extra SFP+ and 2 x 40 Gbps that ...
by ksteink
Sat Mar 09, 2024 2:54 am
Forum: Announcements
Topic: Newsletter #117 | March 2024
Replies: 22
Views: 34274

Re: Newsletter #117 | March 2024

128M is certainly prohibitively low for running a sizable L3 network. For $1000 it should have an ARM with a 512MB at least.
Precisely one of my points! and the price is 3X higher than the old CRS326-24G without any PoE and 1/5 of the memory!
by ksteink
Fri Mar 08, 2024 6:57 pm
Forum: Announcements
Topic: Newsletter #117 | March 2024
Replies: 22
Views: 34274

Re: Newsletter #117 | March 2024

Yeah, RAM and CPU are mostly meaningless for a switch, it's just for management purposes. The big question is if the switch chip is stable or if it has problems like the other CRS models. Well if you want to use the switch as Layer 2 only, agree with you but if you want to enable advanced features ...
by ksteink
Fri Mar 08, 2024 3:16 pm
Forum: Announcements
Topic: Newsletter #117 | March 2024
Replies: 22
Views: 34274

Re: Newsletter #117 | March 2024

The new CRS is DoA for me: -1/5 the RAM of the CRS326-24G - wow 32 MB Flash. This cut cost corner doesn’t make sense and they have to come later to do crazy and stupid things to split packages like the mess on the wifi ones just because there is no enough storage nor memory. - 40 Gbps is being repla...
by ksteink
Wed Feb 07, 2024 7:23 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 908
Views: 294905

Re: v7.13.4 [stable] is released!

Does this fix the random reboots of the RB5009? I have 2 rb5009 and they never reboot with 7.13.3. It would be interesting to identify what is the source of those reboots (vpn, routing). That's precisely my question! I rolled back all my managed devices to version 7.12.x until I see this firmware v...
by ksteink
Wed Feb 07, 2024 6:07 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 908
Views: 294905

Re: v7.13.4 [stable] is released!

Does this fix the random reboots of the RB5009?
by ksteink
Sun Feb 04, 2024 11:32 pm
Forum: Announcements
Topic: Newsletter #116 | January 2024
Replies: 106
Views: 36410

Re: Newsletter #116 | January 2024

I think Mikrotik has the opportunity to improve this whole situation with the following approach: - Normalize all new upcoming new models / products with the same RAM and Storage ( I mean 1 GB of RAM and 1 GB of Storage ) that will provide enough RAM and storage to avoid situation of separate and co...
by ksteink
Fri Feb 02, 2024 10:47 pm
Forum: Announcements
Topic: Newsletter #116 | January 2024
Replies: 106
Views: 36410

Re: Newsletter #116 | January 2024

CRS is a switch, do not use it as your main router I am fully aware that is a switch and I use it for that but let me share (Again) Some real-life experiences and use cases: - With 16 MB Storage I cannot use the feature for partition the storage for dual boot (in case a firmware upgrade goes wrong ...
by ksteink
Thu Feb 01, 2024 3:08 pm
Forum: Announcements
Topic: Newsletter #116 | January 2024
Replies: 106
Views: 36410

Re: Newsletter #116 | January 2024

The new releases feels more like a downgrade than an upgrade and let me explain why: - hAP AC2 and hAP AC3 has descent switch chip to do VLANs with L2 HW Offload. The new hAP AX2 and AX3 doesn't even if they have faster processors and Wi-Fi6 - L009 Wi-Fi has only 2.4 Ghz radio band. Really in 2024??...
by ksteink
Wed Jan 31, 2024 2:44 pm
Forum: Announcements
Topic: Newsletter #116 | January 2024
Replies: 106
Views: 36410

Re: Newsletter #116 | January 2024

Great another wasted 2 months to not see new CRS3xx/CRS5xx with mGig ports, 10G and 25 Gbps (CRS326 and CRS328 replacement?)
by ksteink
Mon Jan 22, 2024 9:21 pm
Forum: General
Topic: User poll about using Winbox
Replies: 107
Views: 110509

Re: User poll about using Winbox

1) Have you ever used Sessions? (default ones are <own> and <none> and you can make more) 2) Describe in a few words, what you think they do 3) How could we supercharge this feature to actually be useful for everyone? 4) Does the name Sessions actually convey what this feature is meant to do? 5) Af...
by ksteink
Wed Jan 17, 2024 5:25 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 908
Views: 294905

Re: v7.13.2 [stable] is released!

Sorry to say it but this new version has been a mess.. too much confusing information, too many issues (Random reboot, wrong country, fixed TX, random errors, fetch tool broken, etc.). I am skipping this version until I see it more stable :(
by ksteink
Wed Dec 20, 2023 9:31 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 169203

Re: v7.14beta [testing] is released!

Any plans for:

- L3HW offload enabled when using MLAG?
- Virtual Switch Stacking (VSS) capabilities? or at least Active / Standby switches with replicated configuration for true high availability?

I am looking for these features!
by ksteink
Tue Dec 19, 2023 8:00 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 908
Views: 294905

Re: v7.13 [stable] is released!

My Telegram script works fine in v7.13 :global tgFunc do={ :do { :local BotToken "XXXXXXXXX:XXXXXXXXXXX-XXXXXXXXXXXXXXXXXX" :local ChatID "XXXXXXXXX" :local parseMode "HTML" :local DisableWebPagePreview true :local SendText $1 /tool fetch url="https://api.telegram...
by ksteink
Tue Dec 19, 2023 4:20 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 908
Views: 294905

Re: v7.13 [stable] is released!

user policy "ftp" is enabled? is enabled. I get this from the logs: fetch,info,debug Download from https://api.telegram.org/bot42558852236:AAR_pTRe0CjksgfdydhdncbvfdtY4/sendMessage to RAM FAILED: Fetch failed with status 400 I have not changed anything and I use Telegram in NetWatch and a...
by ksteink
Mon Dec 18, 2023 3:52 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 908
Views: 294905

Re: v7.13 [stable] is released!

I confirm downgrading to 7.12.1 fix / restores my issue with Telegram notifications. Don't know the issue but this version (aside of the wireless major change) is a non-go / deal breaker for me with this issue
by ksteink
Sun Dec 17, 2023 2:53 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 908
Views: 294905

Re: v7.13 [stable] is released!

Another issue: I tried to downgrade to version 7.12.1 and also doesn't work!! I just uploaded the RouterOS 7.12.1 ARM64 into the /files of my RB5009 and went to System --> Packages --> Downgrade and the router refuses to downgrade. Reboots and nothing happens!. I am so annoyed! and first time I hav...
by ksteink
Sat Dec 16, 2023 6:31 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 908
Views: 294905

Re: v7.13 [stable] is released!

Another issue: I tried to downgrade to version 7.12.1 and also doesn't work!! I just uploaded the RouterOS 7.12.1 ARM64 into the /files of my RB5009 and went to System --> Packages --> Downgrade and the router refuses to downgrade. Reboots and nothing happens!. I am so annoyed! and first time I have...
by ksteink
Sat Dec 16, 2023 6:06 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 908
Views: 294905

Re: v7.13 [stable] is released!

I have updated my RB5009 and my CRS326-24G and my scripts for Telegram are not working as expected. I am not getting any message more than the download message with the Chat ID.

I will be rolling back to version 7.12 if this not going to be fixed quickly by Mikrotik
by ksteink
Fri Sep 08, 2023 6:42 pm
Forum: Announcements
Topic: Newsletter #114 | September 2023
Replies: 80
Views: 19118

Re: Newsletter #114 | September 2023

Well took forever to see this Newsletter just to release an LTE router and 8 port switch. From May to September. Common Mikrotik I like to see refresh on CRS326-24G and CRS328-24P at descent price (same price or less of current models) with mGig, PoE+ or even better with PoE++, more SFP+ uplink port...
by ksteink
Wed Aug 23, 2023 12:15 am
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 177342

Re: v7.11 [stable] is released!

I have upgraded a bunch of devices such as:

- RB2011
- RB3011
- RB4011
- RB5009
- CRS326
- CRS328
- hAP AC2
- hEX S

All upgrade went well (no issues) BUT I have 2 hEX S with VLANs and those simple come up but users get timeout. Doing a downgrade restores the process so I think there is a bug there.
by ksteink
Tue Aug 22, 2023 3:19 pm
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 177342

Re: v7.11 [stable] is released!

Just da smol home-network:


smol-net-1.jpg

Found no issues.
What tool do you use for massive upgrades?
by ksteink
Mon Aug 21, 2023 6:51 pm
Forum: Announcements
Topic: Newsletter #113 | May 2023
Replies: 103
Views: 45916

Re: Newsletter #113 | May 2023

No newsetter in more than 2 months!. I am still looking the CRS326-24G replacement with 2.5 Gbps, 10 Gbps and QSFP!!
by ksteink
Mon Jul 31, 2023 6:25 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 353
Views: 345538

Re: NEW FEATURE: Back to Home VPN

Nice feature specially for the ones that are stuck with CGNAT!!!. I like to see as a feature virtual stacking for CRS switches (CRS3xx and CRS5xx) for HA core Switches!

Keep it going!
by ksteink
Thu Jul 27, 2023 4:05 pm
Forum: Announcements
Topic: CVE-2023-30799
Replies: 14
Views: 32567

Re: CVE-2023-30799

Very informative. Thanks :)
by ksteink
Wed Jul 19, 2023 7:08 pm
Forum: Announcements
Topic: v7.11beta [testing] is released!
Replies: 373
Views: 114422

Re: v7.11beta [testing] is released!

How odd ... it doesn't show in RB5009, AX2, mAP, MAP Lite, Hex, ... But it does on AX3 and AX Lite ? It seems to create a WG itf with own address range. See screenshots. IPcloud1.jpg ipcloud2.jpg ipcloud3.jpg Print from terminal with QR code (but you need to zoom WAY OUT) ipcloud4.jpg And that QR c...
by ksteink
Mon Jun 19, 2023 6:05 pm
Forum: Announcements
Topic: v7.10, 7.10.1 and more [stable] are released!
Replies: 366
Views: 137905

Re: v7.10 [stable] is released!

I have updated the following devices:

- 1 x CRS328-24P
- 2 x RB5009UG
- 2 x RB450Gx4
- 2 x cAP
- 5 x CRS326-24G
- 3 x RB4011
- 1 x RB3011
- 2 x RB2011
- 10 x hAP AC2
- 6 x hEX S
- 1 x RB951Ui-2HnD

All went well with no issues detected during the upgrade or afterwards :)
by ksteink
Mon Jun 05, 2023 4:22 pm
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 28484

Re: v7.9.2 [stable] is released!

Its a subtle move to entice uers to move to proper ipsec or wireguard............. The sooner the better. I have an IPSEC ikev2, a Wireguard and an OpenVPN setting. The problem with Mikrotik is you need to have multiple VPN options as each firmware update is breaking one or the other. Right now my ...
by ksteink
Fri Jun 02, 2023 8:13 pm
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 28484

Re: v7.9.2 [stable] is released!

I had the same issue with the RB450Gx4 that hung up on the upgrade. It didn't brick, just a forced reboot and came back online after 4+ min. I didn't mention I've had a boot problem. Since some OS version the SFP+ startup time is longer than expected what I wanted to show. Thanks for sharing! and I...
by ksteink
Fri Jun 02, 2023 6:38 pm
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 28484

Re: v7.9.2 [stable] is released!

- 1 x RB450Gx4 that after the upgrade never came back online (it's 30 KM away from where I am) The RB450G was born with v6.x, why was there a need to put v7? But I wonder how is possible to work like this , without testing the updates locally first... And then you go to put the updates released the...
by ksteink
Fri Jun 02, 2023 6:35 pm
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 28484

Re: v7.9.2 [stable] is released!

I had issues with: - 1 x RB450Gx4 that after the upgrade never came back online (it's 30 KM away from where I am) Respectfully disagree. i have upgraded RB450Gx4 without issues. used the IOS app to trigger upgrade in my case (home setup). I just shared my experience. The box did upgrade but never c...
by ksteink
Fri Jun 02, 2023 6:33 pm
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 28484

Re: v7.9.2 [stable] is released!

In RB4011iGS+5HacQ2HnD SFP+ (S+AO0005) startup time in 7.9.2 is around 4 minutes.
I had the same issue with the RB450Gx4 that hung up on the upgrade. It didn't brick, just a forced reboot and came back online after 4+ min.

I rolled back to 7.9.1 and back to normal and boot within seconds!
by ksteink
Thu Jun 01, 2023 4:43 pm
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 28484

Re: v7.9.2 [stable] is released!

Not good experience with the upgrades. All my hAP AC2 upgraded without problems. I had issues with: - 1 x RB450Gx4 that after the upgrade never came back online (it's 30 KM away from where I am) - 1 x CRS326-24G got stuck after I reboot second time with the firmware upgrade. I did a hard reset and c...
by ksteink
Thu May 04, 2023 6:53 pm
Forum: Announcements
Topic: v7.9 [stable] is released!
Replies: 242
Views: 59736

Re: v7.9 [stable] is released!

I have updated a bunch of devices from 7.7 to 7.9 (Sorry 7.8 but I didn't like you much :))

- 2 x RB5009
- 3 x RB4011
- 6 x CRS326-24G
- 1 x CRS328-24P
- 1 x RB3011
- 8 x hAP AC2
- 6 x hEX S
- 2 x RB450Gx4

All upgraded without issues and running stable after couple days.
by ksteink
Thu Mar 02, 2023 6:02 pm
Forum: Announcements
Topic: Newsletter 111
Replies: 24
Views: 20849

Re: Newsletter 111

Awesome news. But...I am still waiting for 48 port switch with 2.5Gbps ports, with and without POE:-)
Me too!!!! Even a 24 port version will do work for me!
by ksteink
Fri Feb 03, 2023 6:35 pm
Forum: Announcements
Topic: Newsletter 110
Replies: 15
Views: 21944

Re: Newsletter 110

Where are the additional CRS5xx models?
by ksteink
Mon Jan 23, 2023 5:54 pm
Forum: General
Topic: Communicating two overlapping LAN networks
Replies: 1
Views: 513

Re: Communicating two overlapping LAN networks

Create a management VLAN with different and no overlapping subnets at each building. That will allows communications between the 2 buildings BUT the question is traffic flow between the 2 buildings can only be enabled if there is some sort of NAT for the subnets that are overlapping to avoid the con...
by ksteink
Fri Jan 20, 2023 11:14 pm
Forum: Announcements
Topic: v7.8beta [testing] is released!
Replies: 307
Views: 82411

Re: v7.8beta [testing] is released!

Nice start for this new version but I like to see in the roadmap to get High Availability (HA) in which I can have 2 CRS3xx/CRS5xx in a stack in which all the configurations on the primary and connection states are sync-up constantly in the secondary (including DHCP leases). That will be a killer fe...
by ksteink
Fri Jan 13, 2023 4:04 pm
Forum: Announcements
Topic: v7.7 [stable] is released!
Replies: 357
Views: 121028

Re: v7.7 [stable] is released!

I have updated a bunch of devices:

- hAP AC2
- RB951Ui-2HnD, RB450Gx4, RB2011, RB3011, RB4011 and RB5009
- CRS326-24G, CRS328-24P
- hEX S
- cAP

All upgraded without issues.
by ksteink
Thu Dec 08, 2022 6:03 pm
Forum: Useful user articles
Topic: Free Netflow app
Replies: 2
Views: 14712

Re: Free Netflow app

I am interested on this tool. Do you have a guide on how to configure it in the Mikrotik and also Grafolean side? Can it monitor multiple devices? or just one?
by ksteink
Thu Sep 29, 2022 6:08 pm
Forum: General
Topic: InterVLAN Routing
Replies: 9
Views: 7366

Re: InterVLAN Routing

You need to consider:

- Run ROSv 7.xx. If you are using version 6.xx you will not get the benefit of L3 HW off-load
- I didn't see that you have enabled vlan filtering on in your configuration.
by ksteink
Sat Aug 13, 2022 3:03 am
Forum: General
Topic: IKEv2 for macOS clients with multiple networks behind the tunnel
Replies: 11
Views: 4576

Re: IKEv2 for macOS clients with multiple networks behind the tunnel

Hi! Any news on this issue? May be in newer versions (7+) of routeros its fixed? Or there is some workarounds? With ROSv7 I switched from IKEv2 to WireGuard and my problems with more than one subnet as interesting traffic for the VPN tunnel are now gone. Sorry IKEv2, WireGuard is more versatile and...
by ksteink
Fri Jul 22, 2022 11:59 pm
Forum: RouterBOARD hardware
Topic: Microtik crs326-24g-2s+rm
Replies: 4
Views: 888

Re: Microtik crs326-24g-2s+rm

Only the CRS328-24P or the 354-48P are PoE currently
by ksteink
Thu Jul 14, 2022 3:17 am
Forum: Announcements
Topic: Newsletter 106
Replies: 29
Views: 19136

Re: Newsletter 106

Nice releases!!!. I like to see the CRS5xx to replace the CRS326 and/or CRS328-24P with the following characteristics: - 24 RJ45 Ports - All or some Ports with mGig Support (2.5 Gbps and 5 Gbps!). If some at least 8 ports - PoE+ or even better PoE++ - 4 x SFP+ cages - 2 x QSFP cages Any expected tim...
by ksteink
Mon May 30, 2022 8:03 pm
Forum: Announcements
Topic: MikroTik Devices Controller
Replies: 374
Views: 258211

Re: MikroTik Devices Controller

It was about time!!!! The whole market is moving to SDNx technologies and Mikrotik shouldn't be the exception !!!. We should start with baby steps and basic features! such as: - It should run on a multi-platform (Windows, Linux, MacOS, docker containers) and run on-premises (self hosted on x86/64 an...
by ksteink
Sat May 07, 2022 3:14 am
Forum: Announcements
Topic: v7.2.2 [stable] and v7.2.3 [stable] are released!
Replies: 401
Views: 87018

Re: v7.2.2 [stable] and v7.2.3 [stable] are released!

Well, tell that to the regular home user that never visits the forum. I suggest that MT introduce a new "pre-release" channel which acts kind of a production test to capture serious flaws before moving it to "stable". I agree on this, there should be no reason code errors like t...
by ksteink
Sat May 07, 2022 3:10 am
Forum: Announcements
Topic: v7.2.2 [stable] and v7.2.3 [stable] are released!
Replies: 401
Views: 87018

Re: v7.2.2 [stable] is released!

I don't install any new version after first others having a go at it. If more first keep an eye on the comments for a time before taking the step and upgrade then a lot of nasty expierences would be avoided. Atleast Mikrotik did not release just before the weekend and that is already a possitive. T...
by ksteink
Fri Apr 15, 2022 5:33 am
Forum: Announcements
Topic: v7.2.1 [stable] is released!
Replies: 240
Views: 50125

Re: v7.2.1 [stable] is released!



I have the same issue too on ccr1009 and 7.2.0 version.
same issue too...
L2TP/IPSec semi broken in 7.1.5 and now completely broken in 7.2 and 7.2.1
by ksteink
Mon Apr 11, 2022 9:13 pm
Forum: Announcements
Topic: v7.2.1 [stable] is released!
Replies: 240
Views: 50125

Re: v7.2.1 [testing] is released!

I'm sure you got a reply by now to your properly submitted bug report regarding OpenVPN and L2TP/IPSec.
Reported the issues since v7.1.5 and 7.2 and I am not the only one sharing the same issues.
by ksteink
Mon Apr 11, 2022 6:21 pm
Forum: Announcements
Topic: v7.2.1 [stable] is released!
Replies: 240
Views: 50125

Re: v7.2.1 [testing] is released!

Where is the fix for L2TP/IPSec (Error on Phase 2)??? and OVPN??

Right now 7.x is kind of useless without these features stable and rock solid like ver 6.x has.
by ksteink
Mon Apr 11, 2022 6:20 pm
Forum: Announcements
Topic: v7.2.1 [stable] is released!
Replies: 240
Views: 50125

Re: v7.2.1 [testing] is released!

Since 7.2 my HexS is booting every now a then ... Log shows: > system,error,critical router was rebooted without proper shutdown, probably kernel failure Will 7.2.1 fix this? I saw that on my hEX S as well with version 7.2. Before that I also have an RB5009 and with version 7.1.5 also saw the same ...
by ksteink
Sun Apr 10, 2022 10:11 pm
Forum: Announcements
Topic: v7.2 is released!
Replies: 359
Views: 67579

Re: v7.2 is released!

Too many issues with my L2TP/IPSec connections. Remote endpoints pings but I cannot connect to them (get timeout). Next day after a reboot I saw error on Phase 2 IPSec negotiations and all VPNs were down. DHCP static lease also broke so I lost local LAN routing to a L3 switch. Sorry, too many issues...
by ksteink
Thu Apr 07, 2022 3:12 pm
Forum: Announcements
Topic: v7.2 is released!
Replies: 359
Views: 67579

Re: v7.2 is released!

WTH???? I wake up this morning and my RB5009 simple crashed. I have upgraded to version 7.2 less than 48 hours ago.

I had to do a hard reset and after that all my VPNs went down with this error:
IPsec Phase 2 error RB5009.png
I have no idea how to solve this as the config looks normal.

Advise?
by ksteink
Tue Apr 05, 2022 9:13 pm
Forum: Announcements
Topic: v7.2 is released!
Replies: 359
Views: 67579

Re: v7.2 is released!

I think I have a new bug (same as I reported over the 7.1.5 version).. Here is the situation: - I have an RB5009 with version 7.2 (was previously on 7.1.5) that has a S2S VPN using L2TP/IPSec to a remote hEX S (let's call it jump network server). - The remote hEX S was using v6.49.5 but few days ago...
by ksteink
Thu Mar 31, 2022 9:42 pm
Forum: Announcements
Topic: v7.1.4 and v7.1.5 is released!
Replies: 201
Views: 43294

Re: v7.1.4 and v7.1.5 is released!

I think I have a new bug.. Here is the situation: - I have an RB5009 that has a S2S VPN using L2TP/IPSec to a remote hEX S (let's call it jump network server). - The remote hEX S was using v6.49.5 but few days ago I upgrade it to version 7.1.5. - The hEX S has L2TP/IPSec S2S VPNs to multiple clients...
by ksteink
Wed Mar 30, 2022 5:54 pm
Forum: Announcements
Topic: v7.1.4 and v7.1.5 is released!
Replies: 201
Views: 43294

Re: v7.1.4 and v7.1.5 is released!

The error messages are telling you that you most probably have unbundled installation of 6.49.5 on your hAP ac ... and this kind of installation can not be upgraded to monolithic v7. The last error (insufficient space) is bogus actually. You have to netinstall the device. Thanks for the insight. I ...
by ksteink
Wed Mar 30, 2022 6:24 am
Forum: Announcements
Topic: v7.1.4 and v7.1.5 is released!
Replies: 201
Views: 43294

Re: v7.1.4 and v7.1.5 is released!

Well as a follow up I decided to upgrade additional spare devices that I have around: - Another hEX S --> No issues upgrading - RB2011 --> No issues upgrading - CRS305 --> No issues upgrading - hAP AC --> Same error as the CRS326 On the hAP AC I did a full reset configuration to have with the factor...
by ksteink
Tue Mar 29, 2022 1:19 am
Forum: Announcements
Topic: v7.1.4 and v7.1.5 is released!
Replies: 201
Views: 43294

Re: v7.1.4 and v7.1.5 is released!

I did upgrade a hEX S and no problems. I tried a CRS326 and no matter what I did I got not enough space for upgrade. I tried this: - Update via /System/Package/update menu - Manual update by uploading the ROS main package for ARM. - I tried an older version of ROS (v.7.1.2) that is a bit smaller and...
by ksteink
Wed Mar 16, 2022 6:02 pm
Forum: Announcements
Topic: v7.1.3 is released!
Replies: 251
Views: 61047

Re: v7.1.3 is released!

I have a RB4011 and while I do not see the reboot due to kernel failure, I did see the "all the IPSec Identities are basically erased" problem. It seems to have been solved for me at installation of 7.2rc4 but I did a fresh netinstall and load of the configuration I exported before (not b...
by ksteink
Wed Mar 16, 2022 5:28 pm
Forum: Announcements
Topic: v7.1.3 is released!
Replies: 251
Views: 61047

Re: v7.1.3 is released!

Well I have upgraded my RB5009 to 7.1.3 and migrated from my old hEX S. I have no major issue migrating the configurations (manually) and everything works (generally speaking). My setup has the following configurations - 2 IKEv2 IPSec S2S VPNs using Digital Certificates (self-signed) - 10 L2TP/IPSec...
by ksteink
Sun Mar 13, 2022 3:54 am
Forum: Announcements
Topic: v7.1.3 is released!
Replies: 251
Views: 61047

Re: v7.1.3 is released!

I switched from my hEX S to the RB5009 using this release 7.1.3 and after couple hours working fine I got this annoying error in the log

kernel failure in previous boot

Of course the router rebooted dropping all my connections and VPNs
by ksteink
Sun Mar 13, 2022 3:53 am
Forum: RouterOS beta
Topic: RB5009 reboots itself each 8-10 days (7.2rc3/rc4) [SOLVED]
Replies: 23
Views: 12914

Re: RB5009 reboots itself each 8-10 days (7.2rc3/rc4) [SOLVED]

Today I have migrated from my hEX S to the RB5009 and after couple hours of usage I got this same error:

kernel failure in previous boot

I am using ROSv7.1.3 Stable
by ksteink
Fri Mar 04, 2022 11:50 pm
Forum: Announcements
Topic: v7.1.3 is released!
Replies: 251
Views: 61047

Re: v7.1.3 is released!

mada3k - Are you sure that all of them are missing, not just a part of them? Please write to support@mikrotik.com and send supout file from your router. leosedf, PSz, mcskiller, avaz - Please send supout file from your router to support@mikrotik.com. sebasGST - Simple definition from Wikipedia - &q...
by ksteink
Thu Feb 24, 2022 12:26 am
Forum: Announcements
Topic: v7.1.3 is released!
Replies: 251
Views: 61047

Re: v7.1.3 is released!

I have upgraded one hAP AC2 to ROS to ver 7.1.3 and I cannot see the content of any window when connect via Winbox or WebFig

After few seconds I get disconnected BUT if I do a connection via SSH it works

Any ideas?
by ksteink
Tue Dec 28, 2021 11:54 pm
Forum: Announcements
Topic: WinBox v3.32 released!
Replies: 65
Views: 97201

Re: WinBox v3.32 released!

Nice!! I have updated mine and works well!!! I use a MacOS and even it works via Wine it will be very nice to get a native MacOS version (also Linux!)
by ksteink
Wed Dec 08, 2021 10:34 pm
Forum: Announcements
Topic: v7.1 is released!
Replies: 785
Views: 238212

Re: v7.1 is released!

Seems there are too many bugs that needs to be baked to have a solid stable release!. I am happy that Mikrotik is finally doing the big push here for RouterOS v7 but needs to polish all these issues that everyone is reporting in this forum
by ksteink
Mon Nov 22, 2021 4:10 pm
Forum: Announcements
Topic: v6.49.1 [stable] is released!
Replies: 138
Views: 83820

Re: v6.49.1 [stable] is released!

I updated 21 devices from different models (RB2011, RB4011, CRS326, CRS312, hEX S, hAP AC2, cAP) and everything went smooth :). Thanks!
by ksteink
Mon Aug 09, 2021 8:40 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 96801

Re: MikroTik RB5009UG+S+IN

Marvell Armada 7040 have Security Engine (hardware crypto engine) with multiple algorithm capabilities https://www.marvell.com/content/dam/marvell/en/public-collateral/embedded-processors/marvell-embedded-processors-armada-7040-product-brief-2017-12.pdf https://csrc.nist.gov/projects/cryptographic-...
by ksteink
Mon Aug 09, 2021 5:43 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 96801

Re: MikroTik RB5009UG+S+IN

Does anyone know if this bad boy supports IPSec HW acceleration? In the Test Results page (Link: https://mikrotik.com/product/rb5009ug_s ... estresults ) doesn't show any IPSec performance.

If no IPSec HW acceleration is supported is DoA for me.

Thanks!
by ksteink
Thu May 20, 2021 6:27 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 249565

Re: v7.1beta6 [development] is released!

For the L3 HW off-load support on CRS3xx can you confirm if that includes even the CRS305 model?

Yes, all CRS3xx devices now support L3 HW offloading. That includes CRS305.

L3HW: Supported Devices
Excellent thank you!
by ksteink
Wed May 19, 2021 10:37 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 249565

Re: v7.1beta6 [development] is released!

RouterOS version 7.1beta6 has been released in public "development" channel! What's new in 7.1beta6 (2021-May-18 14:49): !) added support for Let's Encrypt certificate generation; !) added L3 HW support for all CRS3xx devices; !) added MLAG support for CRS3xx devices (CLI only); !) ported...
by ksteink
Thu Apr 08, 2021 6:28 pm
Forum: Announcements
Topic: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!
Replies: 59
Views: 249905

Re: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!

In compliance with our commitment to ensure the safety of our clients, partners, staff, and visitors at all MikroTik events, we have no other choice but to postpone our upcoming events – MUM EUROPE in Prague, Czech Republic (March 26-27), MTCSA in Riga, Latvia (March 23-24), Train the Trainer in Ri...
by ksteink
Tue Nov 24, 2020 11:43 pm
Forum: Scripting
Topic: Monitor Mikrotik log by Telegram
Replies: 65
Views: 40116

Re: Monitor Mikrotik log by Telegram

Nice script. I am using it in multiple devices and works like a charm


Sent from my iPhone using Tapatalk
by ksteink
Mon Oct 19, 2020 8:24 pm
Forum: General
Topic: Revoked certificate but IKEv2 connection still works?
Replies: 11
Views: 3415

Re: Revoked certificate but IKEv2 connection still works?

I have not tried yet to revoke a certificate and see if the IKEv2 works BUT I did noticed that you need to create 1 IPSec Identities for each certificate you want to connect. If you disable or remove the specific IPSec Identity associated with the target digital certificate then the connection will ...
by ksteink
Fri Oct 09, 2020 10:49 pm
Forum: General
Topic: Problems connecting more than 1 user to the VPN
Replies: 3
Views: 1399

Re: Problems connecting more than 1 user to the VPN

Consider that many ISPs are now stretching IPv4 addresses using CGNAT so this issue will become a more recurrent one. I am looking OVPN and WireGuard that uses SSL once the new ROS v7 becomes a Stable Release as an alternative to IKEv2
by ksteink
Fri Oct 09, 2020 6:13 pm
Forum: General
Topic: Problems connecting more than 1 user to the VPN
Replies: 3
Views: 1399

Re: Problems connecting more than 1 user to the VPN

That’s a limitation of L2TP/IPSec as the VPN Server cannot tell which client to serve if both clients has the same source IP. The recommendation is to go with IKEv2 using Digital Certificates in which client gets its own client certificate and with that the server will use the certificate to identif...
by ksteink
Sat Sep 26, 2020 8:07 am
Forum: General
Topic: IPSec for clients with dynamic IP and behind NAT
Replies: 4
Views: 1589

Re: IPSec for clients with dynamic IP and behind NAT

Understood and food luck BUT even you do the test try to avoid OVPN on versions 6.4x as they only support TCP transport instead of UDP. That causes what is called TCP meltdown and impacts badly performance. On a 25 Mbps link using OVPN I got tops 3 Mbps BW and same link using L2TP/IPSec I got 14 Mbp...
by ksteink
Wed Sep 23, 2020 7:40 am
Forum: General
Topic: IPSec for clients with dynamic IP and behind NAT
Replies: 4
Views: 1589

Re: IPSec for clients with dynamic IP and behind NAT

You can use IKEv2 with Digital Certificates for client to site and site To site VPNs where the VPN client cam be behind a NAT device (i.e CGNAT). Make sure that all your edge routers uses hardware that has IPSec HW acceleration like RB4011, hEX S, hAP AC2 and AC3 just to mention few Sent from my iPh...
by ksteink
Mon Sep 21, 2020 6:03 pm
Forum: RouterOS beta
Topic: v7.1beta2 [development] is released!
Replies: 385
Views: 159671

Re: v7.1beta2 [development] is released!

Any dates to get the Stable Release? I like to not continue using 6.xx and already push to get 7.xx
by ksteink
Wed Sep 09, 2020 11:25 pm
Forum: General
Topic: IPSec/IKE2 VPN vs Windows 10 [SOLVED]
Replies: 4
Views: 2203

Re: IPSec/IKE2 VPN vs Windows 10 [SOLVED]

I had a similar issue and the limitation on windows 10 is that you cannot define remote ID nor local ID like you do on MacOS, Linux & Android (using StrongSwan) and iOS. I fix it by making the remote ID to match my IP Cloud DDNS as also my VPN server hostname to connect on my RouterOS when I did...
by ksteink
Sat Sep 05, 2020 8:03 am
Forum: General
Topic: IKEv2 routing issues
Replies: 8
Views: 4049

Re: IKEv2 routing issues

I am facing problems with IKEv2 routing and cannot figure out the issue. There are three players in my setup. IKEv2 client (let us call it client - C). Currently on macOS. Router A) IKEv2 provider VPN pool: 192.168.167.10-50/24 Subnets: 192.168.168.0/24 EOIP IP: 172.16.99.1 headquarters office, SAP...
by ksteink
Wed Aug 26, 2020 6:36 am
Forum: RouterOS beta
Topic: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN
Replies: 13
Views: 4409

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

1. MikroTik is already working on stacking, I've talked with them at length about the need for this at the MUMs. The last I heard, MikroTik was using a standards based protocol to implement a redundant switching control plane but I don't remember which one. A decent guess would be either SPB (https...
by ksteink
Mon Aug 24, 2020 5:43 pm
Forum: RouterOS beta
Topic: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN
Replies: 13
Views: 4409

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Hi love to see the following features on RouterOS v7 ( or even v6 ): - VSS ( Virtual Switching and Stacking ): Even ROS supports for years VRRP you need to custom scripts to replicate other configuration parameters like DHCPs. Connection states should be replicated to allow a transparent failover i...
by ksteink
Mon Aug 24, 2020 5:41 pm
Forum: RouterOS beta
Topic: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN
Replies: 13
Views: 4409

Re: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Zero Touch Provisioning would be great
the others are boring
well this is my wish list, if becomes to reality you can use the features that you like :)
by ksteink
Sun Aug 23, 2020 7:06 am
Forum: RouterOS beta
Topic: Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN
Replies: 13
Views: 4409

Feature Request - Enterprise features like VSS, ZTP, IPv6 L3 HW offloading and SD-WAN

Hi love to see the following features on RouterOS v7 ( or even v6 ): - VSS ( Virtual Switching and Stacking ): Even ROS supports for years VRRP you need to custom scripts to replicate other configuration parameters like DHCPs. Connection states should be replicated to allow a transparent failover if...
by ksteink
Fri Aug 21, 2020 7:03 pm
Forum: General
Topic: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge
Replies: 20
Views: 4293

Re: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge

Thanks all for the tips here. I am sure 3dfx can apply those to get wired speed as well :). He should disable STP as well and make sure there is no loops in his network as this protocol needs to be disabled in order to get wired speed on VLAN 1 I don't think lack of HW-offloading is a problem in hi...
by ksteink
Fri Aug 21, 2020 7:02 pm
Forum: RouterOS beta
Topic: v7.1beta2 [development] is released!
Replies: 385
Views: 159671

Re: v7.1beta2 [development] is released!

Very nice features!!! love them so far and keep going!!

Any time frame to move off development phase and make it ready for production / stable?
by ksteink
Fri Aug 21, 2020 12:51 am
Forum: General
Topic: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge
Replies: 20
Views: 4293

Re: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge

by default STP is enabled and as soon as I disable it I got HW offload enabled. Bingo! :) Thanks all for the tips here. I am sure 3dfx can apply those to get wired speed as well :). He should disable STP as well and make sure there is no loops in his network as this protocol needs to be disabled in...
by ksteink
Fri Aug 21, 2020 12:01 am
Forum: General
Topic: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge
Replies: 20
Views: 4293

Re: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge

Interesting as I have mostly default configuration out of the box. Only changed IP for LAN interfaces and done. Did you do anything to enable HW Offload on yours? No, nothing. I use mine as a plain wired switch & AP, so all interfaces in a single bridge, STP disabled. That's pretty much it. Tha...
by ksteink
Thu Aug 20, 2020 11:38 pm
Forum: General
Topic: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge
Replies: 20
Views: 4293

Re: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge

mkx I disagree with your statement. I have an RB4011 with no VLANs (all ports on the bridge interface only) that I support for a client that doesn't get HW Offload even with no VLANs: So I don't expect wired speeds between LAN ports inside of the RB4011. That's why I use them as Edge router only wi...
by ksteink
Thu Aug 20, 2020 6:46 pm
Forum: General
Topic: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge
Replies: 20
Views: 4293

Re: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge

@ksteink is not entirely correct: RB4011 actually does have switch chip built in and it does support wire-speed switching. However it does not offer HW offload when using VLANs. So in a simple scenario (no VLANs) it should be able to forward data between member ports wirespeed. @3dfx: post config (...
by ksteink
Thu Aug 20, 2020 3:28 am
Forum: General
Topic: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge
Replies: 20
Views: 4293

Re: RB4011iGS+5HacQ2HnD-IN very slow Ethernet bridge

The RB4011 has no switch chip so all the internal traffic hits the router CPU. Other models has a switch chip to HW offload the switching traffic inside of the same VLAN. RB2011 and RB3011 has switch chip but no the RB4011. This was very disappointing for me and hold le to biy this model. Try to fin...
by ksteink
Tue Jul 14, 2020 4:45 am
Forum: RouterBOARD hardware
Topic: OpenVPN hardware
Replies: 1
Views: 2262

Re: OpenVPN hardware

None at this moment. Mikrotik’s OVPN implementation sucks for RouterOS ver 6.x: - Support only for TCP not UDP (Causing TCP meltdown) - No compression - No hardware acceleration for encryption/ decryption. RouterOS v7.x that is in beta since last year promises to fix these issues. I do know it suppo...
by ksteink
Tue Jul 14, 2020 4:37 am
Forum: RouterBOARD hardware
Topic: RB5011
Replies: 40
Views: 24201

Re: RB5011

I would add a secondary SFP+ and a switch chip to the specs already mentioned


Sent from my iPhone using Tapatalk
by ksteink
Tue Jul 14, 2020 2:30 am
Forum: Announcements
Topic: v6.47.1 [stable] is released!
Replies: 146
Views: 99588

Re: v6.47.1 [stable] is released!

I have upgraded multiple devices from 6.46.6 to 6.47.1 (I skipped 6.47 as it was too buggy with the write disk issues that several users reported). I have upgraded: - 4 x hAP AC2 - 2 x CRS326 - 1 x CRS312 - 2 x RB2011 - 1 x RB4011 - 3 x hEX S - 1 x RB951Ui - 1 x hAP Lite TC Some of them has IPv6, ot...
by ksteink
Mon Jul 06, 2020 7:53 pm
Forum: Announcements
Topic: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!
Replies: 59
Views: 249905

Re: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!

Any plans to retake MUMs but in virtual format for the time being until we pass this COVID-19 Pandemic? That will be awesome!!
by ksteink
Mon May 25, 2020 7:29 am
Forum: Beginner Basics
Topic: How to setup VLANs?
Replies: 5
Views: 1866

Re: How to setup VLANs?

RB4011 doesn’t have a good switch chip. That means that you can only create VLANs controlled by the CPU chip (software based instead of HW accelerated / offloaded. That means that you need to create a bridge interface per VLAN and only one bridge interface can give you wired speed. The others will n...
by ksteink
Wed Apr 29, 2020 10:56 pm
Forum: Announcements
Topic: MikroTik newsletter May 2020 (#95)
Replies: 50
Views: 44994

Re: MikroTik newsletter May 2020 (#95)

Nice products for this newsletter. I would love to see Mikrotik on the CRS3xx line to have PoE+ included, and mGig Ports instead of normal 1 Gbps ones. That will make this switch (and the rack mount version a very compelling device. Still I like the new CRS326 desktop version but the next level for ...
by ksteink
Fri Apr 17, 2020 6:09 pm
Forum: Announcements
Topic: Winbox v3.23 released!
Replies: 60
Views: 51700

Re: Winbox v3.23 released!

Thanks but any chance to get a native application in other OSes like MacOS or Linux without the need to use Wine?
by ksteink
Sat Apr 11, 2020 8:23 am
Forum: Announcements
Topic: v6.46.5 [stable] is released!
Replies: 72
Views: 50898

Re: v6.46.5 [stable] is released!

I have upgraded 2 x RB2011, 3 x hAP AC2, 4 hEX S, 1 x CRS326, 1 x CRS312, 2 x RB951Ui-2HnD, 1 x hAP lite to this new version without any detected issues. Most of these devices are using L2TP/IPSec VPNs, some OVPN, some IPv6 without any issues.

Thanks!
by ksteink
Fri Feb 28, 2020 5:32 pm
Forum: Announcements
Topic: v6.46.4 [stable] is released!
Replies: 106
Views: 80716

Re: v6.46.4 [stable] is released!

I have updated a bunch of devices without any detected issues:

1 x RB2011UiAS-2HnD-IN
4 x hAP AC2
1 x CRS312
3 x hEX S
1 x CRS326-24G-2S+RM
1 x hAP lite TC
2 x RB951Ui-2HnD

Usage: Some home based devices and some Office one(s) some with IPv6, L2TP/IPSec VPNs, OVPN VPNs.
by ksteink
Tue Feb 11, 2020 6:08 pm
Forum: Announcements
Topic: v6.46.3 [stable] is released!
Replies: 28
Views: 54412

Re: v6.46.3 [stable] is released!

I did upgrade a bunch of devices without major issues: hAP AC2 (Qty 2), hEX S (Qty 4), CRS312 (Qty 1), RB2011 (Qty 1), CRS326 (Qty 1). Related to the hAP AC2 I got a very weird issue. The 2 units that I manage both did the upgrade without any issues and reported no issues at all. One of them 2 days ...
by ksteink
Mon Nov 25, 2019 3:13 pm
Forum: Announcements
Topic: v6.45.7 [stable] is released!
Replies: 104
Views: 72691

Re: v6.45.7 [stable] is released!

I do confirm that I have the same issue with IPv6 AAAA records after upgrading the routers that I do support: [admin@MAK-CD01] > ping [:resolve ipv6.google.com] not enough permissions (9) On 6.43.11: I have a script containing the following command: :resolve $hostname server=$NS I set "read, wr...
by ksteink
Mon Sep 09, 2019 6:24 am
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 203
Views: 103918

Re: RouterOS v7.0beta1 (ARM)

Nice progress!! Some of the new cool stuff that I want to see: - Not just OVPN with UDP support but also HW acceleration for AES encryption like hEX S or similar does HW accelerated IPSec. - Wireguard support as well with HE acceleration for encryption. - SDWAN capabilities like major players that h...
by ksteink
Fri Aug 30, 2019 2:05 am
Forum: General
Topic: VLAN configuration approach, correct or not ?
Replies: 5
Views: 2020

Re: VLAN configuration approach, correct or not ?

There are multiple ways to configure VLANs in a Mikrotik. To keep it simple for you we have to separate them in 3 categories depending on the Model of the device that you have: (1) VLANs configured at the Router chip (Software based) : This is the most universal way to configure VLANs but you will b...
by ksteink
Fri Aug 16, 2019 6:41 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 23
Views: 15233

Re: vlan bridge (new way) HW offload and performance

@ksteink - thank you, again! I may consider your approach to a RB as the router for WAN outbound and termination point, and then a MT switch for inter-vlan traffic and rules. Assuming you're more of a core + access layer style network designs? --> Correct I go with a dedicated Router at the edge an...
by ksteink
Thu Aug 15, 2019 1:36 am
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 23
Views: 15233

Re: vlan bridge (new way) HW offload and performance

@ksteink WOW - awesome, thank you for such big break down and config examples. I appreciate this. --> My pleasure and I like that you found my insight here useful. It took a me a while with a lot of trail and error and reading to understand it in the way I share it with you and I want to contribute...
by ksteink
Thu Aug 15, 2019 12:06 am
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 23
Views: 15233

Re: vlan bridge (new way) HW offload and performance

Hi there, related to your questions let me try to address them as I have today 2 L2 access switches connected to my RB2011 with 2 VLANs What is recommended upgrade path from RB2011? --> Answer: There are multiple ways to configure VLANs in a Mikrotik. To keep it simple for you we have to separate th...
by ksteink
Tue Aug 13, 2019 5:14 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 63537

Re: v6.45.3 [stable] is released!

hap lite upgrade issue is not fixed! I have a hap lite with very very very basic config (wifi pseudo bridge to local ports + dhcp client). I am running 6.45.1 and if I try to update to 6.45.3 I get an error : "ERROR: not enough disk space, 7.3MiB required and only 7.3MiB is free." ... I h...
by ksteink
Mon Aug 12, 2019 8:49 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 63537

Re: v6.45.3 [stable] is released!

I have upgraded multiple Routers without major issues but I just have noticed that my RB2011 stopped to advertise SLAAC addresses for my IPv6 setup. None of my clients are able to get a global IPv6 address. When I connect to the router I can ping IPv6 addresses but none of the clients can't as they ...
by ksteink
Sat May 25, 2019 12:41 am
Forum: General
Topic: Storage Error weird and help on CRS326 and hAP AC
Replies: 0
Views: 988

Storage Error weird and help on CRS326 and hAP AC

Hi guys, I am seeing this error in these 2 models of Mikrotik that I have (CRS326 and hAP AC): 17:32:37 echo: manager,error,info,debug Running out of disk space, when minimum 500kB is reached UM will be stopped! it says that I have 5% free but I have nothing weird or large in files that is eating th...
by ksteink
Fri May 24, 2019 7:46 pm
Forum: General
Topic: IKEv2 server + eap-radius, strongswan android client can't connect
Replies: 6
Views: 4455

Re: IKEv2 server + eap-radius, strongswan android client can't connect

Can you share the config of your Mikrotik server here? I have done tests with IKEv2 using RSA certificates and made it work in Windows, MacOS, iOS and Android (StrongSwan). I like to try your configuration to see how differs from mine and try to replicate your authentication using Strongswan on Andr...
by ksteink
Wed May 08, 2019 10:52 pm
Forum: Scripting
Topic: MT-bulk v2.3.1 Mikrotik automate and send mass commands +REST API
Replies: 16
Views: 8070

Re: MT-bulk v1.5 Mikrotik automate and send mass commands

Any plans for MacOS version?
by ksteink
Tue Mar 05, 2019 6:15 pm
Forum: General
Topic: OpenVPN sloooow
Replies: 14
Views: 22191

Re: OpenVPN sloooow

Mikrotik's implementation of OpenVPN simple sucks. They don't support UDP transport (only TCP) which creates problems for performance on tunnels (See this link for further information: https://openvpn.net/faq/what-is-tcp-meltdown/) and the lack of UDP support has been a looong request feature from t...
by ksteink
Tue Jan 08, 2019 11:53 pm
Forum: General
Topic: CRS312-4C-8XG, Where is it?
Replies: 2
Views: 2171

Re: CRS312-4C-8XG, Where is it?

I have the same question!!!!!
by ksteink
Tue Jan 08, 2019 10:30 pm
Forum: General
Topic: RB4011iGS+RM for my use case
Replies: 7
Views: 3775

Re: RB4011iGS+RM for my use case

Are you saying put all traffic on one port and trunk it all to the managed switch OR Divide the switch into 3 segments and use three trunk ports on the MT to the managed switch I think the op is looking for the most efficient way of handling all the data and streams etc.......... That's fine and my...
by ksteink
Tue Jan 08, 2019 10:25 pm
Forum: General
Topic: RB4011iGS+RM for my use case
Replies: 7
Views: 3775

Re: RB4011iGS+RM for my use case

My approach is that all the inter-VLAN routing remains on the swtich (CRS3xx) so I can take advantage of all the switch chip features and avoid cripple my traffic with CPU bottleneck / limitations / issues including inter-VLAN filtering and routing. From the CRS3xx switch I will have an access port ...
by ksteink
Tue Jan 08, 2019 9:50 pm
Forum: General
Topic: RB4011iGS+RM for my use case
Replies: 7
Views: 3775

Re: RB4011iGS+RM for my use case

I honestly recommend to replace the CRS125 with the RB4011 if you have any of these conditions: - More than 1 VLAN that requires HW Off-loading to not load the CPU of the router and not loose wired speed on the LAN. - VLAN filtering (a.k.a) Firewall rules to control traffic between VLANs. Even if yo...
by ksteink
Wed Nov 14, 2018 3:15 am
Forum: General
Topic: IMPROVEMENTS IN MIKROTIK ROUTERS MUST HAVE 2018/19
Replies: 6
Views: 3306

Re: IMPROVEMENTS IN MIKROTIK ROUTERS MUST HAVE 2018/19

I agree with your proposed list and let me add my points: (1) Support Switch physical stacking for access layers larger than 48 physical ports. (2) Fix HW offload limited to one Bridge interface (i.e. CRS 3xx series) including LACP interfaces that are configured different than Active / Active with t...
by ksteink
Tue Oct 30, 2018 7:22 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 175789

Re: v6.44beta [testing] is released!

I want to see HW Off-load enabled in all bridge interfaces, not just one. Specially knowing that you need 1 Bridge per VLAN having this limitation is a killer as I will limit the traffic throughput without unable to get wired speed only in just 1 VLAN. Really?? Seriously??
by ksteink
Tue Oct 30, 2018 7:08 pm
Forum: General
Topic: CRS317 10Gbps forwarding rate
Replies: 8
Views: 2752

Re: CRS317 10Gbps forwarding rate

This is very disappointing. Paying for a switch that has 10 Gbps that you cannot get wired speed only 1 Bridge?? Typically you can use it with 1 VLAN / Bridge if you want to have full wire speed. That doesn't make any sense at all. If the HW has 10 Gbps I should be able to get that wire speed indepe...
by ksteink
Fri Oct 19, 2018 9:23 pm
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 33034

Re: Newsletter #84

For the RB4011 it will be nice to have at least 2 x SFP+ ports instead of one and be able to support natively to have HA routers (not just VRRP but other services) that today can be achieved by custom made scripts. Ideally to have 4 x SFP+ and 10 1 GbE ports!. so if down stream switches can get 10 G...
by ksteink
Tue Sep 18, 2018 12:21 am
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 33034

Re: Newsletter #84

The RouterOS implementation of OpenVPN will always have shitty throughput since it lacks UDP support. http://sites.inka.de/bigred/devel/tcp-tcp.html RB4011 looks like a beast of a device though! Thanks for sharing R1CH! I don't disagree with you but even using UDP I want to confirm if Mikrotik has ...
by ksteink
Thu Sep 13, 2018 6:40 pm
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 33034

Re: Newsletter #84

Does the new RB4011 support HW acceleration for OpenVPN tunnels aside of IPSec acceleration?
by ksteink
Mon Sep 10, 2018 9:40 pm
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 33034

Re: Newsletter #84

Does the new RB4011 also has Hardware Acceleration for AES (OpenVPN protocol)? I am testing a file transfer using OVPN between 2 RB2011 and the transfer literally sucks (Less than 1 Mbps of throughput) when we have 25 Mbps total BW between the 2 endpoints. I understand that the new RB4011 has IPSec ...
by ksteink
Thu Sep 06, 2018 9:51 pm
Forum: General
Topic: Getting IPv6 subnet to work behind router
Replies: 10
Views: 2988

Re: Getting IPv6 subnet to work behind router

I had a similar issue with my ISP on your setup. They gave me an /56 and the ::1 of the first /64 was their gateway address and ::2 was the one for my router. The problem with this approach is that they are using part of the /48 in this case to route the WAN side. The /48 is for your LAN segments, a...
by ksteink
Thu Jul 19, 2018 12:29 am
Forum: Beginner Basics
Topic: Deploying IPv6 on a home/hobbyist/small business network?
Replies: 8
Views: 6838

Re: Deploying IPv6 on a home/hobbyist/small business network?

Hi Ehbowen, I have running IPv6 for 6 years now at home on Mikrotik and worked great for me. So some tips / advise for you: (1) Does your ISP provides IPv6? If not you need to think to use an alternate solution like a 6to4 tunnel using vISP like Hurricane Electric (tunnel broker). I used tunnel brok...
by ksteink
Thu Jul 19, 2018 12:14 am
Forum: Beginner Basics
Topic: IPv6 Home problem [SOLVED]
Replies: 11
Views: 4380

Re: IPv6 Home problem [SOLVED]

I am assuming that you're using Comcast IPv6? If so you may want to follow this online guideline: https://idndx.com/2016/07/20/routeros-meets-comcast-ipv6/ Seems to me that you don't have configured your Default route on IPv6. Go to Winbox --> IPv6 --> Routes and check that you have a default route ...
by ksteink
Tue Feb 13, 2018 9:42 pm
Forum: Announcements
Topic: v6.41.2 [current]
Replies: 124
Views: 54689

Re: v6.41.2 [current]

I upgraded my RB2011UiAS-2HnD-IN with no major issues. All my basic connection features worked fine (OVPN, IPv6 and VLANs). I did noticed that after the upgrade the LED on the router was constantly ON even in my setting I have it by default on OFF. I did turned ON and OFF again and it finally turn i...
by ksteink
Wed Nov 08, 2017 3:55 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 59869

Re: CHR suggestions for new functionality

I want to see the following features: - SD-WAN Overlay (Group multiple physical circuits into a "logical" one) using an overlay network (i.e. multiple IPSec or SSL tunnels on each physical circuits) - Zero touch provisioning for SD-WAN interconnection - Central controller to centrally mana...
by ksteink
Wed Oct 25, 2017 6:02 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 47817

Re: v6.40.4 [current]

Thanks for the "advise". This rule was never before on my base ruleset until I reset the whole configuration and I never had this issue to open these flows. So pls don't tell me what to expect when a new rule shows up on my configuration after a reset. I did try to share my experience for ...
by ksteink
Tue Oct 24, 2017 6:51 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 47817

Re: v6.40.4 [current]

Thanks for the advise on the Quick Setup. I learned it myself in the hard way by troubleshooting.

What is still a mystery for me is the issue with Google Play downloads over IPv4. Weird....
by ksteink
Tue Oct 24, 2017 4:42 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 47817

Re: v6.40.4 [current]

I want to share a very special case that happened to me after I did the upgrade to 6.40.4. I cannot tell if the issues / bug(s) came just with this new version but I want to point out the different aspects that impacted me. My issue happened with the RB2011UiAS-2HnD-IN model. In my scenario I have e...
by ksteink
Wed Aug 30, 2017 4:54 pm
Forum: Announcements
Topic: v6.40.2 [current]
Replies: 44
Views: 21189

Re: v6.40.2 [current]

Led issue on my RB2011 finally gone with this version. Thanks!
by ksteink
Fri Aug 04, 2017 5:14 pm
Forum: Announcements
Topic: v6.40.1 [current]
Replies: 74
Views: 40640

Re: v6.40.1 [current]

Same issue on the RB2011 with the led. I have to manually shut it off with set led command.
by ksteink
Thu Jul 27, 2017 1:47 am
Forum: Announcements
Topic: v6.40 [current]
Replies: 102
Views: 43665

Re: v6.40 [current]

Upgraded an RB951Ui-2HnD and everything working fine such as: - IPv6 (HE tunneling) - OpenVPN (S2S and C2S) Planning to upgrade an RB2011 later on this week. Update: I did upgrade my RB2011-UiAS-2HnD with similar configuration as my RB951 and no issues at all. Update #2: RB2011 led blinking issue as...
by ksteink
Tue Jun 06, 2017 7:01 pm
Forum: Announcements
Topic: v6.39.2 [current]
Replies: 122
Views: 60227

Re: v6.39.2 [current]

Updated my RB2011 from 6.39.1 and no issues. I have IPv6 (HLE tunnel broker) and VPNs (using OVPN) working fine.
by ksteink
Sun May 21, 2017 2:35 am
Forum: General
Topic: VoiP port forward?
Replies: 3
Views: 6387

Re: VoiP port forward?

What ports did you opened? There are 2 types of flows: 1) phone signaling. If you use SIP protocol is TCP 5060. This flows allows phones to register on the PBX and get features like the extension number assignment. 2) Voice media streaming. In this case the flow are based on a random UDP port precon...
by ksteink
Sun Mar 19, 2017 5:36 am
Forum: General
Topic: RB2011UiAS - OpenVPN/VPN server struggle...
Replies: 4
Views: 4221

Re: RB2011UiAS - OpenVPN/VPN server struggle...

This happens when OVPN is confiured on IP mode on Mikrotik. I found this guide that I used and worked flawlessly to me. Check this link: https://rbgeek.wordpress.com/2014/09/10 ... -routeros/

Sent from my P01MA using Tapatalk
by ksteink
Sun Mar 12, 2017 5:28 am
Forum: General
Topic: RB2011UiAS - OpenVPN/VPN server struggle...
Replies: 4
Views: 4221

Re: RB2011UiAS - OpenVPN/VPN server struggle...

I have OpenVPN server running on my Mikrotiks for couple years and they just work fine. Let me give you some tips that worked for me after a lot of research and a bunch of tests: - I did create my digital certificates on a separate machine (i.e. windows). - Use TUN mode only. That allows to run OVPN...