Hi guys and girls I'm building a solution with interconnecting customer locations using ipsec. For monitoring, I will use 2 pcs. RB1100AHx4 Dude edition. Customer location-routers,- when fired up, will establish a ipsec connection to RB1100's,- open a tunnel over ipsec, and connect to the Dude. Cust...

Hi Thank's for your answer, very solid arguments you have. It's a bit sad, I like the Dude, I would wish Mikrotik realised that they must maintain the "whole packet". We want solutions, router, switches, management etc. Like a friend told me,- Mikrotik is too expensive. The hardware is cheap, but ev...

Hi guys

Any solution to this?
I'm designing some major customer solution right now.
I've build monitoring around LibreNMS,- but recently changed to Dude.
So far, running everything with a RB1100AHx4 Dude edition.

Reading this worries me

Cheers
Biker

Thanks Sindy

Looking at it now.
I've been reading a lot of your posts,- you're very, very skilled

Best regards
Biker

Hi Sindy Oh,- I want ipsec,- I just mentioned OpenVPN because of it's ability to connect using DHCP assigned ip address. I haven't been able to find/compose a configuration making ipsec connect. I thought I tried every possible configuration :) Hub -> static WAN ip Spokes -> DHCP assigned WAN ip add...

Hi guys I' working on a solution with a hub-spoke setup interconnecting with ipsec. I would like to run with certificates,- but PSK could be ok. So far I've been unable to produce a working configuration, if a spoke have a DHCP assigned WAN ip address. I've been testing and trying, reading a lot of ...

Hi Thanks for your answer. I thought I understood that page, but I give it a second look :) I'm trying to figure out how to make a ipsec tunnel between 2 Mikrotik's, hub-spoke, but only with the client certificate on the spoke site. It runs fine with both ends having both certificates, but it's a li...

Hi

Does anyone know where to find detailed explanations regarding ipsec with rsa certificates?
I need some explanations and examples using rsa key, rsa signature and rsa signature hybrid ... site-to-site and self-signed.
I'm tired of using Google, Youtube and guessing.

Cheers
Biker

Hi Sindy

You really nailed this, thank's a lot.
Could I ask,- if each vlan should have a seperate DHCP server running, then i guess "one bridge per vlan" is the way to go?

Cheers
Biker

So, I guess no-one has a glue about this?

Cheers
Biker

Hi I recently read, that pfSense threw away their planned roadmaps for future improvements. They drop FreeBSD and go Linux. Cisco made their VPP go public, -I had never heard of it before. It's a software that makes a Linux kernel go crazy in networking performance. pfSense expects up to 100GB IPSec...

Hi guys

Just received a email from Mikrotik on this:

"For now we will revert the hEX IPsec optimization to the state it was prior version 6.41."

That's fine with me, thanks to Mikrotik for assistance.

Cheers
Biker

Unfortunately no news about this, I hope it can be solved.

And support ticket number to Mikrotik is?

Ticket#2018012922004625

Thanks guys I haven't been able to configure any setup, that could give the old SW performance. Now I know I'm not nuts :shock: I hope Mikrotik makes a fix,- until then they should stop advertising the 750Gr3 doing 470Mb ipsec. Not even half that number ... Ipsec performance was the main reason for ...

Hi I have tried different ipsec configurations with 6.41, and I think it gives a ipsec throughput decrease around 30%. Have you really testet this and still claim HW support is functioning properly? I'm still testing, mostly on 750Gr3, but I can't find the throughput performance I've seen before. On...

Deleted ...

RB750Gr3 switch chip does not have full VLAN tagging/untagging support yet, it is planned to implement it in future. Currently, you should use RB750Gr3 switch chip only for basic switching. RB750Gr3 is also powerful enough to handle software based VLANs: http://wiki.mikrotik.com/wiki/Manual:Interfa...

Hey guys

I would like to monitor ipsec tunnels with snmp. up/down and utilization (bandwidth monitoring)
Some oid's seems to be missing to do that.

Any ideas?

Hi guys I need some help here :) Let's say we have port "fasttracking" to the WAN port. It's able to do wire speed ~ 920Mb Another circuit want's to establish a Ipsec connection (no fasttracking), help from hardware,- normal max throughput ~ 300Mb. Which circuit will eat the available bandwidth on t...

Hi guys

I'm interested in Mikrotik switches.
A friend told me that bandwidth limiting is done in software, resulting in very poor throughput because the CPU gets cooked.

Is this true, I can't find any dokumentation?

Cheers
Biker

Wrong thread, sorry

Hi msatter

I will certainly tell about it, when I know.
I'm in the middle of a large development work, and I'm coming to this part soon. I have to dig through a lot of challenges first

Thanks again
Biker111

Hi msatter

Thanks for your input, nice one

Good idea !!

Regards
Biker111

A million thanks, Fraction

I was going crazy ... and was not clever enough to find that post.

Hi guys The EU dictates logging of free wifi data tranfers. Could be in hotels, cafe's and such. We do have excellent descriptions how log voucher and user names into logs. But the collected data sums up fast, even if only dst ip, src ip, ports, time and user is logged. The law suggests only one in ...

Hi guys I just bought a RB750r3. On the side it has a "Mode" button. Does anyone know what that's used for? It's not a reset button, it's on the front. It's not a WPS button, it has no wifi. I've been reading documentation og Google for hours without any success :( It is not mentioned in any Mikroti...

Hi honzam Thanks a lot for your answer :) I have that "5" in the serial number,- that's what I was hoping for, - a precise answer. I had the fear, that my 850 was a old one which had spend many months under the desk somewhere. I better buy one more to test properly,- I'm testing against a Ubiquiti E...

Hi Guys First post from me. A couple of months ago I bough a RB850Gx2 for testing. I'm interested in the IPsec part. In other threads I've read about the first models was without hardware acceleration for IPsec. How do I see if my 850 is the model with it? I can't find the right documentation. From ...