Community discussions

MUM Europe 2020

Search found 24 matches

by TimGuyUK
Thu Jun 13, 2019 2:09 pm
Forum: General
Topic: EoIP tunnels randomly fail
Replies: 8
Views: 673

Re: EoIP tunnels randomly fail

On each end, the input rule in firewall must accept protocol=gre packets from the address from which the opposite end sends the EoIP transport packets. But thinking of it, read also this post as your setup is very similar. The seperate post of order of layers starting is always possible. Is the res...
by TimGuyUK
Thu Jun 13, 2019 2:05 pm
Forum: General
Topic: EoIP tunnels randomly fail
Replies: 8
Views: 673

Re: EoIP tunnels randomly fail

On each end, the input rule in firewall must accept protocol=gre packets from the address from which the opposite end sends the EoIP transport packets. But thinking of it, read also this post as your setup is very similar. So still not 100% sure on the rule. Head Office External - 1.1.1.1 Head Offi...
by TimGuyUK
Thu Jun 13, 2019 1:10 pm
Forum: General
Topic: EoIP tunnels randomly fail
Replies: 8
Views: 673

Re: EoIP tunnels randomly fail

I have a x86 router now running 6.44.3, it was running 42.x, remotely we have a mixture of MK routers but most of them are GR3's We have 10 EoIP tunnels over L2Tp/IPSec vpn/bridge coming into that router. Every now and again one of the EoIP tunnels will drop. We can see traffic from both sides of t...
by TimGuyUK
Thu Jun 13, 2019 1:07 pm
Forum: General
Topic: EoIP tunnels randomly fail
Replies: 8
Views: 673

Re: EoIP tunnels randomly fail

I cannot suggest what is wrong with the EoIP tunnels, but if you have Mikrotiks at both ends of each tunnel, and unless you need VLANs to run through the tunnels and at the same time be tagged/untagged on the endpoint Mikrotiks, you can use the L2 tunneling capability of L2TP itself. Thanks Sindy Y...
by TimGuyUK
Wed Jun 12, 2019 4:34 pm
Forum: General
Topic: EoIP tunnels randomly fail
Replies: 8
Views: 673

EoIP tunnels randomly fail

I have a x86 router now running 6.44.3, it was running 42.x, remotely we have a mixture of MK routers but most of them are GR3's We have 10 EoIP tunnels over L2Tp/IPSec vpn/bridge coming into that router. Every now and again one of the EoIP tunnels will drop. We can see traffic from both sides of th...
by TimGuyUK
Wed Jan 23, 2019 5:48 pm
Forum: Wireless Networking
Topic: hAP ac2 in busy wifi location
Replies: 3
Views: 608

hAP ac2 in busy wifi location

Im at a trade show this week and the wifi is saturated. We always know to turn 2.4 off as that's a no go but this year with a hAP ac2 5Ghz is also a no-go. I sometimes get unicast key exchange timeouts and on the logs Im also getting Radar Detect @ 5805000. Googling about Ive increased Group key upd...
by TimGuyUK
Fri Nov 09, 2018 11:26 am
Forum: General
Topic: Bonding Suggestions Hosted MK to Multi FTTC onprem
Replies: 1
Views: 279

Re: Bonding Suggestions Hosted MK to Multi FTTC onprem

So I see a couple of threads from a few years ago saying you need individual ip address within the hosted cloud router and that if a line drops the whole thing is goes unstable unless you drop that line out the bond.

Im guessing that if that's the case its maybe not the best idea to peruse?

Tim
by TimGuyUK
Thu Nov 08, 2018 9:25 pm
Forum: General
Topic: Bonding Suggestions Hosted MK to Multi FTTC onprem
Replies: 1
Views: 279

Bonding Suggestions Hosted MK to Multi FTTC onprem

Hi Guys I'm looking for some short term bandwidth into a site. Its for less than a year, UK leased line for a years contact carry's large installation fees. My idea was to have a cloud hosted MK router with say 500Mb bandwidth connected to 4 bonded DSL connections into a physical MK on premise. I wo...
by TimGuyUK
Wed Oct 10, 2018 5:48 pm
Forum: General
Topic: UK Lease line WAN subnet mask on MK routers
Replies: 2
Views: 666

Re: UK Lease line WAN subnet mask on MK routers

I seem to remember a thread or two on this forum where users complained about MT not allowing /31 netmask (if you think of it, it doesn't seem like valid net mask as it lacks network and broadcast addresses). But there's a workaround (from the first linked thread): /ip address add address=1.2.3.246...
by TimGuyUK
Wed Oct 10, 2018 5:17 pm
Forum: General
Topic: UK Lease line WAN subnet mask on MK routers
Replies: 2
Views: 666

UK Lease line WAN subnet mask on MK routers

Hi Dealing with UK lease line WAN circuit suppliers (well BT and Virgin) I always have to program the WAN interface of the MK with a mask of at least /29 (and sometimes /28) where as the documented subnet mask from the supplier is always 255.255.255.254 (/31). The Aggregation router is always the ne...
by TimGuyUK
Wed Jun 06, 2018 2:00 pm
Forum: General
Topic: Replacing 2 ISP/Customer router solution with one
Replies: 0
Views: 240

Replacing 2 ISP/Customer router solution with one

Hi So. I have some solutions coming up where we are replacing an out going ISP with a wires only provided solution meaning that we will replace the ISP router that would generally provide the customers true RIPE provided ip's on its LAN port. This means that for a customer that maybe has a firewall ...
by TimGuyUK
Fri Jul 28, 2017 12:55 pm
Forum: General
Topic: filtering pptp srv/client bridge
Replies: 10
Views: 977

Re: filtering pptp srv/client bridge

Wouldn't they have another bridged tunnel elsewhere that may be causing a loop? Possible. They have a ruckus wireless network that could have some kind of bridge in it. The workstations going out via a SonicWALL appliance that I don't have access to. That is purely for web traffic and filtering but...
by TimGuyUK
Fri Jul 28, 2017 12:44 pm
Forum: General
Topic: filtering pptp srv/client bridge
Replies: 10
Views: 977

Re: filtering pptp srv/client bridge

/interface bridge filter add action=drop chain=input in-bridge=pptp mac-protocol=ip src-address=10.0.0.0/8 add action=drop chain=output dst-address=10.0.0.0/8 mac-protocol=ip out-bridge=pptp add action=drop chain=forward in-bridge=pptp mac-protocol=ip src-address=10.0.0.0/8 add action=drop chain=fo...
by TimGuyUK
Thu Jul 27, 2017 2:32 pm
Forum: General
Topic: filtering pptp srv/client bridge
Replies: 10
Views: 977

Re: filtering pptp srv/client bridge

I cannot guess how this setup could end with duplicated IPs, but after seeing 11.200... I understand the scenario and your will to simply filter it out and be done with it. You can filter directly in the bridge, make sure you select mac protocol 800 (ip), that will enable using IP addresses as crit...
by TimGuyUK
Thu Jul 27, 2017 1:05 pm
Forum: General
Topic: filtering pptp srv/client bridge
Replies: 10
Views: 977

Re: filtering pptp srv/client bridge

Wanted the full export... Is ROS installed on bare metal, or are we speaking about a VM? Did you restore a .backup file on this server at any prior stage? Can you provide a diagram of the customer network addressing? (hand drawn is fine) Thanks. I have kept the original internal ip range in this ex...
by TimGuyUK
Wed Jul 26, 2017 7:42 pm
Forum: General
Topic: filtering pptp srv/client bridge
Replies: 10
Views: 977

Re: filtering pptp srv/client bridge

post an export. Cheers. How much do you want. This is the PPP and Bridge stuff /interface bridge add arp=proxy-arp disabled=yes name=pptp /interface ethernet set [ find default-name=ether1 ] name=ether1-Wan set [ find default-name=ether2 ] name=ether2-Lan /ip pool add name=VPN ranges=192.168.10.250...
by TimGuyUK
Wed Jul 26, 2017 7:11 pm
Forum: General
Topic: filtering pptp srv/client bridge
Replies: 10
Views: 977

filtering pptp srv/client bridge

I have a customer who Ive setup a pptp server on a mk x86 sw router. All works fine, the mk has a dhcp pool for the lan side network and traffic flows between the internal lan and the pptp client. However. The customer has two devices on the internal lan that aren't anything to do with the mk router...
by TimGuyUK
Fri Jan 06, 2017 5:46 pm
Forum: General
Topic: DST-NAT Publish with Pre-Routing default route Rule
Replies: 1
Views: 482

DST-NAT Publish with Pre-Routing default route Rule

Hi Everyone Could anyone give me any advice on the following. I needing to do a DST-NAT (port forward / Publish from router to internal ip) with a Mangle Pre-routing Marked Filter rule for all 0.0.0.0/0 traffic. I have a remote site where I need all traffic to go up its VPN connection to head office...
by TimGuyUK
Tue Nov 22, 2016 5:59 pm
Forum: General
Topic: DSL bonding ipsec EoIP bridged tunnel over L2TP
Replies: 1
Views: 604

DSL bonding ipsec EoIP bridged tunnel over L2TP

Sorry to bring bonding up again. I read and I read but not having two DSLs in the same location its difficult for me to test this. I have a customer with a UK 80/20 FTTC connection where the upload speed is restrictive for the data they need to send. The solution is a l2tp vpn with EoIP bridge to my...
by TimGuyUK
Mon Nov 21, 2016 7:01 pm
Forum: Wireless Networking
Topic: UK P2P trial with Mikrotik Kit suggestion
Replies: 3
Views: 579

Re: UK P2P trial with Mikrotik Kit suggestion

I don't believe any of the main UK distributors for MikroTik equipment will sell anything which is not permitted for use in the UK (e.g. I don't believe LinITX or MSDist sell any of the 900MHz gear). We've done a couple of "not quite line of sight" installs with MikroTik SXT devices - e.g. several ...
by TimGuyUK
Mon Nov 14, 2016 4:30 pm
Forum: Wireless Networking
Topic: UK P2P trial with Mikrotik Kit suggestion
Replies: 3
Views: 579

UK P2P trial with Mikrotik Kit suggestion

So I have done a few Motorola / Cambium p2p non line of sites in my time and some obvious line of site 802.11 links up to 5km but I've never tried any MT kit. I am aware that there is some MT products that aren't allowed in the UK. As an exercise I was going to try and connect my house to the office...
by TimGuyUK
Tue Nov 01, 2016 4:53 pm
Forum: General
Topic: R850Gx2 - EoIP Over SSTP Speed
Replies: 0
Views: 550

R850Gx2 - EoIP Over SSTP Speed

I have a R850Gx2 EoIP over l2tp that Ive been running on a UK FTTC 80/20 line for a while. Its used for offsite hyperv replication. the l2tp is unencrypted, the EoIP is using IPSEC secret straight from the general tab of the tunnel. I have it bridged to a single device on a x86 Quad Core RouterOS de...
by TimGuyUK
Fri Jul 29, 2016 5:29 pm
Forum: General
Topic: Azure VPN in 6.34
Replies: 5
Views: 3475

Re: Azure VPN in 6.34

Boom.. Got it (for me at least) In my locked down firewall state I had to enter the following: add action=accept chain=input comment="Allow - IPsec Allow in" in-interface=WAN-Interface log-prefix="" protocol=ipsec-esp \ src-address=<Azure VPN IP> I already had port 500 open for other VPN services: a...
by TimGuyUK
Fri Jul 29, 2016 2:41 pm
Forum: General
Topic: Azure VPN in 6.34
Replies: 5
Views: 3475

Azure VPN in 6.34

I have followed the Microsoft Mikrotik<>Azure VPN howto and I can get to a point where Azure is showing that there is a connection established but I can not transfer data between them. https://blogs.technet.microsoft.com/rharper/2012/11/14/creating-a-site-to-site-vpn-with-windows-azure-and-mikrotik-...