MikroTik

Biker111

Case solved,- I downgraded to old and stabel 6.45.9.
Everything worked again.

Biker111

Hi guys I have a lab setup,- running Dude on the 1100AHx4 Dude edition. 6.46.6 software Running perfect for many months. I've been connecting with a client on a Ubuntu computer running wine. No problems. Suddenly the Dude server stopped responding? I have no clue why. I tried to stop and start the D...

Biker111

Sorry, don't like problems just thrown over the wall hoping someone will catch it and do it for you. What have you tried so far, export of config what you tried? Strange reply? The basic problem is that Mikrotik doc's sucks. QinQ on Cisco is a piece of cake,- search their docs, and you find 10 grea...

Biker111

Hi mkx

Great post, vlan on Mikrotik really makes your head spin

One thing I can't find in your configuration is a psysical port connected to the ISP? The one carrying the ISP "outer" vlan.

Cheers
Biker

Biker111

Hi again As I wrote, it's a hub and spoke topology. Ipsec, OSPF, tunnels, - everything runs fine. Connected clients on the spokes gets a iperf3 throughput ~180Mb. That's fine. If I implement "VRF Lite" on a spoke router,- thoughput becomes very unstable, 180Mb - then 1Kb - then 0 - then 10...

Biker111

Hi Thank's for your info,- I've been thinking the same thing about scalability,- either stub areas + default route or BGP. That's the way to go. Regarding my throughput problem - could it be missing markings (?),- I found this one: https://mum.mikrotik.com/presentations/RU17M/presentation_4939_15101...

Biker111

VRF Lite in MIkroTik would be using the routing marks as a standalone without MPLS/VPNv4. This is supported. Are you trying to use routing protocols in a VRF as well? Thank's a lot for your answer :D Yes,- there is several layers: 1. Ipsec connections in a Hub-and-Spoke setup, using certificates. R...

Biker111

Hi guys I'm working on a hub and spoke ipsec solution. The usual stuff,- Ipsec, tunnels, certificates, QoS, ospf running over tunnels. Everything is running fine,- I did have some problems at a point, I contacted Mikrotik support,- and they found a configuration error in my setup. Simply me missing ...

Biker111

Hi guys and girls I'm building a solution with interconnecting customer locations using ipsec. For monitoring, I will use 2 pcs. RB1100AHx4 Dude edition. Customer location-routers,- when fired up, will establish a ipsec connection to RB1100's,- open a tunnel over ipsec, and connect to the Dude. Cust...

Biker111

Hi Thank's for your answer, very solid arguments you have. It's a bit sad, I like the Dude, I would wish Mikrotik realised that they must maintain the "whole packet". We want solutions, router, switches, management etc. Like a friend told me,- Mikrotik is too expensive. The hardware is che...

Biker111

Hi guys

Any solution to this?
I'm designing some major customer solution right now.
I've build monitoring around LibreNMS,- but recently changed to Dude.
So far, running everything with a RB1100AHx4 Dude edition.

Reading this worries me

Cheers
Biker

Biker111

Thanks Sindy

Looking at it now.
I've been reading a lot of your posts,- you're very, very skilled

Best regards
Biker

Biker111

Hi Sindy Oh,- I want ipsec,- I just mentioned OpenVPN because of it's ability to connect using DHCP assigned ip address. I haven't been able to find/compose a configuration making ipsec connect. I thought I tried every possible configuration :) Hub -> static WAN ip Spokes -> DHCP assigned WAN ip add...

Biker111

Hi guys I' working on a solution with a hub-spoke setup interconnecting with ipsec. I would like to run with certificates,- but PSK could be ok. So far I've been unable to produce a working configuration, if a spoke have a DHCP assigned WAN ip address. I've been testing and trying, reading a lot of ...

Biker111

Hi Thanks for your answer. I thought I understood that page, but I give it a second look :) I'm trying to figure out how to make a ipsec tunnel between 2 Mikrotik's, hub-spoke, but only with the client certificate on the spoke site. It runs fine with both ends having both certificates, but it's a li...

Biker111

Hi

Does anyone know where to find detailed explanations regarding ipsec with rsa certificates?
I need some explanations and examples using rsa key, rsa signature and rsa signature hybrid ... site-to-site and self-signed.
I'm tired of using Google, Youtube and guessing.

Cheers
Biker

Biker111

Hi Sindy

You really nailed this, thank's a lot.
Could I ask,- if each vlan should have a seperate DHCP server running, then i guess "one bridge per vlan" is the way to go?

Cheers
Biker

Biker111

So, I guess no-one has a glue about this?

Cheers
Biker

Biker111

Hi I recently read, that pfSense threw away their planned roadmaps for future improvements. They drop FreeBSD and go Linux. Cisco made their VPP go public, -I had never heard of it before. It's a software that makes a Linux kernel go crazy in networking performance. pfSense expects up to 100GB IPSec...

Biker111

Hi guys

Just received a email from Mikrotik on this:

"For now we will revert the hEX IPsec optimization to the state it was prior version 6.41."

That's fine with me, thanks to Mikrotik for assistance.

Cheers
Biker

Biker111

Unfortunately no news about this, I hope it can be solved.

Biker111

And support ticket number to Mikrotik is?

Ticket#2018012922004625

Biker111

Thanks guys I haven't been able to configure any setup, that could give the old SW performance. Now I know I'm not nuts :shock: I hope Mikrotik makes a fix,- until then they should stop advertising the 750Gr3 doing 470Mb ipsec. Not even half that number ... Ipsec performance was the main reason for ...

Biker111

Hi I have tried different ipsec configurations with 6.41, and I think it gives a ipsec throughput decrease around 30%. Have you really testet this and still claim HW support is functioning properly? I'm still testing, mostly on 750Gr3, but I can't find the throughput performance I've seen before. On...

Biker111

Deleted ...

Biker111

RB750Gr3 switch chip does not have full VLAN tagging/untagging support yet, it is planned to implement it in future. Currently, you should use RB750Gr3 switch chip only for basic switching. RB750Gr3 is also powerful enough to handle software based VLANs: http://wiki.mikrotik.com/wiki/Manual:Interfa...

Biker111

Hey guys

I would like to monitor ipsec tunnels with snmp. up/down and utilization (bandwidth monitoring)
Some oid's seems to be missing to do that.

Any ideas?

Biker111

Hi guys I need some help here :) Let's say we have port "fasttracking" to the WAN port. It's able to do wire speed ~ 920Mb Another circuit want's to establish a Ipsec connection (no fasttracking), help from hardware,- normal max throughput ~ 300Mb. Which circuit will eat the available band...

Biker111

Hi guys

I'm interested in Mikrotik switches.
A friend told me that bandwidth limiting is done in software, resulting in very poor throughput because the CPU gets cooked.

Is this true, I can't find any dokumentation?

Cheers
Biker

Biker111

Wrong thread, sorry

Biker111

Hi msatter

I will certainly tell about it, when I know.
I'm in the middle of a large development work, and I'm coming to this part soon. I have to dig through a lot of challenges first

Thanks again
Biker111

Biker111

Hi msatter

Thanks for your input, nice one

Good idea !!

Regards
Biker111

Biker111

A million thanks, Fraction

I was going crazy ... and was not clever enough to find that post.

Biker111

Hi guys The EU dictates logging of free wifi data tranfers. Could be in hotels, cafe's and such. We do have excellent descriptions how log voucher and user names into logs. But the collected data sums up fast, even if only dst ip, src ip, ports, time and user is logged. The law suggests only one in ...

Biker111

Hi guys I just bought a RB750r3. On the side it has a "Mode" button. Does anyone know what that's used for? It's not a reset button, it's on the front. It's not a WPS button, it has no wifi. I've been reading documentation og Google for hours without any success :( It is not mentioned in a...

Biker111

Hi honzam Thanks a lot for your answer :) I have that "5" in the serial number,- that's what I was hoping for, - a precise answer. I had the fear, that my 850 was a old one which had spend many months under the desk somewhere. I better buy one more to test properly,- I'm testing against a ...

Biker111

Hi Guys First post from me. A couple of months ago I bough a RB850Gx2 for testing. I'm interested in the IPsec part. In other threads I've read about the first models was without hardware acceleration for IPsec. How do I see if my 850 is the model with it? I can't find the right documentation. From ...

Search found 37 matches

Re: Dude not responding [SOLVED]

Dude not responding [SOLVED]

Re: QinQ advice needed!

Re: Mikrotik to Cisco QinQ Tunneling behind an MLPS network

Re: VRF Lite [SOLVED]

Re: VRF Lite [SOLVED]

Re: VRF Lite [SOLVED]

VRF Lite [SOLVED]

Limits for Dude

Re: The Dude 6.43.7 - Database IO disk error

Re: The Dude 6.43.7 - Database IO disk error

Re: Possible to do ipsec + DHCP WAN + certificate ??

Re: Possible to do ipsec + DHCP WAN + certificate ??

Possible to do ipsec + DHCP WAN + certificate ??

Re: More detaled ipsec wiki

More detaled ipsec wiki

Re: VLANS+2 Bridges + 2 DHCP [SOLVED]

Re: VPP for Mikrotik?

VPP for Mikrotik?

Re: Slower ipsec with 6.41

Re: Slower ipsec with 6.41

Re: Slower ipsec with 6.41

Re: Slower ipsec with 6.41

Slower ipsec with 6.41

Deleted ...

Re: RB750Gr3 - Report and questions

Monitor ipsec traffic with snmp?

Have this been tested?

Bandwidth shaping in hardware or software?

Re: Logging part of traffic

Re: Logging part of traffic

Re: Mode button on RB750r3

Logging part of traffic

Mode button on RB750r3

Re: Hardware type/identity

Hardware type/identity