Hi guys and girls I'm building a solution with interconnecting customer locations using ipsec. For monitoring, I will use 2 pcs. RB1100AHx4 Dude edition. Customer location-routers,- when fired up, will establish a ipsec connection to RB1100's,- open a tunnel over ipsec, and connect to the Dude. Cust...
Hi Thank's for your answer, very solid arguments you have. It's a bit sad, I like the Dude, I would wish Mikrotik realised that they must maintain the "whole packet". We want solutions, router, switches, management etc. Like a friend told me,- Mikrotik is too expensive. The hardware is cheap, but ev...
Any solution to this?
I'm designing some major customer solution right now.
I've build monitoring around LibreNMS,- but recently changed to Dude.
So far, running everything with a RB1100AHx4 Dude edition.
Hi Sindy Oh,- I want ipsec,- I just mentioned OpenVPN because of it's ability to connect using DHCP assigned ip address. I haven't been able to find/compose a configuration making ipsec connect. I thought I tried every possible configuration :) Hub -> static WAN ip Spokes -> DHCP assigned WAN ip add...
Hi guys I' working on a solution with a hub-spoke setup interconnecting with ipsec. I would like to run with certificates,- but PSK could be ok. So far I've been unable to produce a working configuration, if a spoke have a DHCP assigned WAN ip address. I've been testing and trying, reading a lot of ...
Hi Thanks for your answer. I thought I understood that page, but I give it a second look :) I'm trying to figure out how to make a ipsec tunnel between 2 Mikrotik's, hub-spoke, but only with the client certificate on the spoke site. It runs fine with both ends having both certificates, but it's a li...
Does anyone know where to find detailed explanations regarding ipsec with rsa certificates?
I need some explanations and examples using rsa key, rsa signature and rsa signature hybrid ... site-to-site and self-signed.
I'm tired of using Google, Youtube and guessing.
You really nailed this, thank's a lot.
Could I ask,- if each vlan should have a seperate DHCP server running, then i guess "one bridge per vlan" is the way to go?
Hi I recently read, that pfSense threw away their planned roadmaps for future improvements. They drop FreeBSD and go Linux. Cisco made their VPP go public, -I had never heard of it before. It's a software that makes a Linux kernel go crazy in networking performance. pfSense expects up to 100GB IPSec...
Thanks guys I haven't been able to configure any setup, that could give the old SW performance. Now I know I'm not nuts :shock: I hope Mikrotik makes a fix,- until then they should stop advertising the 750Gr3 doing 470Mb ipsec. Not even half that number ... Ipsec performance was the main reason for ...
Hi I have tried different ipsec configurations with 6.41, and I think it gives a ipsec throughput decrease around 30%. Have you really testet this and still claim HW support is functioning properly? I'm still testing, mostly on 750Gr3, but I can't find the throughput performance I've seen before. On...
RB750Gr3 switch chip does not have full VLAN tagging/untagging support yet, it is planned to implement it in future. Currently, you should use RB750Gr3 switch chip only for basic switching. RB750Gr3 is also powerful enough to handle software based VLANs: http://wiki.mikrotik.com/wiki/Manual:Interfa...
Hi guys I need some help here :) Let's say we have port "fasttracking" to the WAN port. It's able to do wire speed ~ 920Mb Another circuit want's to establish a Ipsec connection (no fasttracking), help from hardware,- normal max throughput ~ 300Mb. Which circuit will eat the available bandwidth on t...
I'm interested in Mikrotik switches.
A friend told me that bandwidth limiting is done in software, resulting in very poor throughput because the CPU gets cooked.
I will certainly tell about it, when I know.
I'm in the middle of a large development work, and I'm coming to this part soon. I have to dig through a lot of challenges first
Hi guys The EU dictates logging of free wifi data tranfers. Could be in hotels, cafe's and such. We do have excellent descriptions how log voucher and user names into logs. But the collected data sums up fast, even if only dst ip, src ip, ports, time and user is logged. The law suggests only one in ...
Hi guys I just bought a RB750r3. On the side it has a "Mode" button. Does anyone know what that's used for? It's not a reset button, it's on the front. It's not a WPS button, it has no wifi. I've been reading documentation og Google for hours without any success :( It is not mentioned in any Mikroti...
Hi honzam Thanks a lot for your answer :) I have that "5" in the serial number,- that's what I was hoping for, - a precise answer. I had the fear, that my 850 was a old one which had spend many months under the desk somewhere. I better buy one more to test properly,- I'm testing against a Ubiquiti E...
Hi Guys First post from me. A couple of months ago I bough a RB850Gx2 for testing. I'm interested in the IPsec part. In other threads I've read about the first models was without hardware acceleration for IPsec. How do I see if my 850 is the model with it? I can't find the right documentation. From ...