Community discussions

Search found 57 matches

  • 1
  • 2
by en1gm4
Mon Apr 15, 2019 10:24 am
Forum: Beginner Basics
Topic: HAP mini IPSEC+EoIP performance?
Replies: 4
Views: 409

Re: HAP mini IPSEC+EoIP performance?

Thanks. Guess I'll have to just try one and see. Otherwise, any recommendations on the best price performance for this relatively simple task? (Assuming we give up USB powered). I may have a spare RB951G available. Looks like the hEX might do hardware acceleration of AES at least... So that might be...
by en1gm4
Sun Apr 14, 2019 12:11 pm
Forum: Beginner Basics
Topic: HAP mini IPSEC+EoIP performance?
Replies: 4
Views: 409

HAP mini IPSEC+EoIP performance?

does anyone know what performance Is possible from a Hap mini (With wifi turned off) running only an EoIP tunnel and IPSEC? i did see some evidence of people getting 15Mbit from a hap lite and my understanding is the hap mini may have a more powerful cpu, (although a quick google indicates they both...
by en1gm4
Wed Apr 03, 2019 7:35 pm
Forum: General
Topic: Best (free?) network diagram tool
Replies: 3
Views: 375

Re: Best (free?) network diagram tool

thanks. GNS3 looks very impressive if perhaps overkill for our needs so far

draw.io looks simple (And tightly coupled to google drive)and for those interested has a "live example" online here

any other votes?
by en1gm4
Wed Apr 03, 2019 5:14 pm
Forum: General
Topic: Best (free?) network diagram tool
Replies: 3
Views: 375

Best (free?) network diagram tool

anyone have an opinion and experience with tools to draw networks?
in my case it's a relatively small but growing company network so i don't need the complexity of a big enterprise or isp tool.. but google drawing just isn't really up to the task
by en1gm4
Tue Apr 02, 2019 4:03 pm
Forum: General
Topic: LTE passthrough over EoIP
Replies: 16
Views: 913

Re: LTE passthrough over EoIP

just for the record:
while we thought the dell switch was not an issue, it does appear to have been blocking tagged traffic. once that was sorted things are looking much better
at least we are seeing a 4G ip address show up on the main router... so pass-through is at least doing something
by en1gm4
Sun Mar 31, 2019 6:57 pm
Forum: General
Topic: understanding AWS networking with CHR -gateway mac address?
Replies: 0
Views: 183

understanding AWS networking with CHR -gateway mac address?

We have a CHR running in our Amazon Web Services virtual private cloud. It's been a bit of a journey getting there but glad we did it, as it's good to have Mikrtoik flexibility in AWS. However, AWS does things a little differently in the networking department so it's not always easy to work out what...
by en1gm4
Thu Mar 28, 2019 9:20 pm
Forum: Beginner Basics
Topic: very simple vlan and testing
Replies: 2
Views: 234

Re: very simple vlan and testing

Thanks anav

despite much googling and searching i never found that post.
looks fantastic (thanks @pcunite)
by en1gm4
Thu Mar 28, 2019 8:38 pm
Forum: Beginner Basics
Topic: very simple vlan and testing
Replies: 2
Views: 234

very simple vlan and testing

I'm new to vlans so am trying to set up the simplest possible thing I have two routerboards (hEX and 951) and am trying to set up something basic between them I have created a vlan(10) on eth1 on one box and given it the address of 10.1.1.1 I have created a similar vlan on the other mikrotik and giv...
by en1gm4
Thu Mar 28, 2019 7:46 pm
Forum: Virtualization
Topic: CHR VPN server on AWS not reaching VPC [SOLVED]
Replies: 5
Views: 957

Re: CHR VPN server on AWS not reaching VPC (solved) [SOLVED]

just to close this out for future readers. in the end we moved the pool range off of the VPC subnet and meticulously tracked the data flow we needed some careful checking and fixing of security groups (we have too many that built up over time) and VPC subnet route tables AWS routing is a bit of a ch...
by en1gm4
Thu Mar 28, 2019 12:00 am
Forum: Virtualization
Topic: CHR VPN server on AWS not reaching VPC [SOLVED]
Replies: 5
Views: 957

Re: CHR VPN server on AWS not reaching VPC [SOLVED]

in case anyone is still looking at this I could use some thinking from someone with AWS+ CHR experience still using tcpdump (my new best friend) . it appears that the packets from my dialin users are getting to the VPC instance but rather than send the reply (in this case a ping) back to the CHR usi...
by en1gm4
Wed Mar 27, 2019 7:59 pm
Forum: General
Topic: LTE passthrough over EoIP
Replies: 16
Views: 913

Re: LTE passthrough from wAP LTE

excellent. thanks. i shall persevere with the current plan then.

at this point i think we need to have a deeper look a that dell switch as my vlan10 does not appear to be getting the pass-through data
time to play with retro 9600 baud serial cables!!?!
by en1gm4
Wed Mar 27, 2019 7:07 pm
Forum: General
Topic: LTE passthrough over EoIP
Replies: 16
Views: 913

Re: LTE passthrough over EoIP

OR... if I plug the wAP directly back into the RB4011 and passthrough to eth1 can i simply add a vlan port to the wAP and 4011 and add that to the bridge in the 4011 in theory that ought to give me management and capsman back (I hope) but maybe simplify things (and I can use the RB4011 poe to power ...
by en1gm4
Wed Mar 27, 2019 7:01 pm
Forum: General
Topic: LTE passthrough over EoIP
Replies: 16
Views: 913

Re: LTE passthrough over EoIP

* Make sure nothing else is using vlan10, especially not the dhcp, as lte will allow only the first client in. * dell switch is a "dumb" switch, with no vlan filtering right? * make sure you configure "/ip settings rp-filter=loose" (or off) on LTE, there is a bug in 6.43+ which will ignore traffic ...
by en1gm4
Wed Mar 27, 2019 6:10 pm
Forum: General
Topic: LTE passthrough over EoIP
Replies: 16
Views: 913

Re: LTE passthrough over EoIP

Thanks guys so, my understanding is that I _should_ be able to leave eth1 on the wAP connected to my office switch and configure a vlan under eth1 to connect to my main router (RB4011) the lan connection (eth1) on the RB4011 needs a new vlan port with the same tag i should then be able to configure ...
by en1gm4
Wed Mar 27, 2019 11:07 am
Forum: General
Topic: LTE passthrough over EoIP
Replies: 16
Views: 913

Re: LTE passthrough over EoIP

thanks sebastia good to know it is working I was using EoIP as it just seemed simpler (essentially a virtual "wire" between the two boxes that shows up as an interface which is easy to determine as "up") it looks like using vlans is a more usual method though so I'll switch to that and see if it hel...
by en1gm4
Tue Mar 26, 2019 9:27 pm
Forum: General
Topic: LTE passthrough over EoIP
Replies: 16
Views: 913

Re: LTE passthrough over EoIP

addendum:
the ip address I am receiving on the EoIP does not seem correct as the gateway is in the 10.x.x.x range while the IP address assigned is in the 100.113.x.x range
when getting IP directly from the LTE without the tunnel I am seeing only 100.113.x.x/32
by en1gm4
Tue Mar 26, 2019 6:15 pm
Forum: General
Topic: LTE passthrough over EoIP
Replies: 16
Views: 913

LTE passthrough over EoIP

Has anyone got LTE pass-through working? I have an RB4011 (6.43.12) connected to a WAP LTE KIT (6.44.1) They are both plugged into the same switch and the EoIP tunnel is showing as up. The LTE interface is active(and was working previously in a direct configuration but we are trying to move the LTE ...
by en1gm4
Tue Mar 26, 2019 5:44 pm
Forum: General
Topic: LTE passthrough not working on RB411U
Replies: 2
Views: 632

Re: LTE passthrough not working on RB411U

sorry to raise an old issue, but did you guys get this working? I seem to be seeing something similar with and RB4011 (on 6.43.12) with and EoIP tunnel to an WAP LTE (on 6.44.1) LTE is up according to the WAP tunnel is up i am getting an IP address over the eoip tunnel on the RB4011 ... but nothing ...
by en1gm4
Mon Mar 25, 2019 10:00 pm
Forum: Virtualization
Topic: CHR VPN server on AWS not reaching VPC [SOLVED]
Replies: 5
Views: 957

Re: CHR VPN server on AWS not reaching VPC [SOLVED]

well, i've not made a lot of progress, but in case anyone sees this that has more clues that me ;) I used tcpdump on a VPC instance and confirmed that packets are making it to the server, but for some reason packets are not making it back. it confuses me that I can reach devices another hop away (in...
by en1gm4
Tue Mar 05, 2019 6:27 pm
Forum: Virtualization
Topic: CHR VPN server on AWS not reaching VPC [SOLVED]
Replies: 5
Views: 957

Re: CHR VPN server on AWS not reaching VPC [SOLVED]

sorry, i did not seem to get a notifcation for this one the config is pretty simple so far... I suspect I'm doing something very dumb # mar/05/2019 16:16:30 by RouterOS 6.43.12 # software id = # # # /interface ethernet set [ find default-name=ether1 ] advertise=\ 10M-half,10M-full,100M-half,100M-ful...
by en1gm4
Sun Feb 10, 2019 9:33 pm
Forum: Virtualization
Topic: CHR VPN server on AWS not reaching VPC [SOLVED]
Replies: 5
Views: 957

CHR VPN server on AWS not reaching VPC [SOLVED]

Has anyone got a CHR working as a VPN server on AWS? We have one that connects our office (RB4011) to AWS (CHR) Via an ipsec tunnel We've managed to get traffic flowing well from the office (10.11.1.0) to our VPC (10.100.1.0) ... after a little challenge getting MSS right! We also managed to get the...
by en1gm4
Wed Feb 06, 2019 9:33 pm
Forum: General
Topic: choosing VPN protocols
Replies: 2
Views: 378

Re: choosing VPN protocols

thanks pcunite that is great info. I thought win10 supported more/better but could not see how it was done... I can see how is done via command line in the post you linked to. I'll try to find out about android support.... hopefully the devices will be smart enough to negotiate the best possible opt...
by en1gm4
Wed Feb 06, 2019 5:01 pm
Forum: General
Topic: choosing VPN protocols
Replies: 2
Views: 378

choosing VPN protocols

My understanding is that SHA1 and 3DES are considered weak and/or compromised yet I still see a lot of information online showing how to set up various client devices to use them. I believe this might be due to SHA1+3DES being the default for L2TP/IPsec connections in windows (?) and indeed this is ...
by en1gm4
Fri Jan 18, 2019 4:00 pm
Forum: General
Topic: understanding and fixing MTU/MSS/PMTU with IPsec
Replies: 8
Views: 1667

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Trackboy, the first thing i did, which really helped, was to use Ping with the DF flag set to discover the actual MTU that gets through. perhaps try that and see if you are getting the same max packet size in Windows and Linux? The options are slightly different in linux and windows there are lots o...
by en1gm4
Mon Jan 14, 2019 6:16 pm
Forum: General
Topic: understanding and fixing MTU/MSS/PMTU with IPsec
Replies: 8
Views: 1667

Re: understanding and fixing MTU/MSS/PMTU with IPsec

I feel like I am in a conversation with myself here but doing it (briefly) anyway in hope it will help someone in future. Adding a mangle to rewrite the mss on syn packets going from our office to our AWS VPC seems to have done the trick. The VPC hosts then see a 1364 mss which is small enough to cr...
by en1gm4
Mon Jan 14, 2019 12:16 pm
Forum: General
Topic: understanding and fixing MTU/MSS/PMTU with IPsec
Replies: 8
Views: 1667

Re: understanding and fixing MTU/MSS/PMTU with IPsec

for the record, altering the MTU on the ethernet interface of our AWS instance to the same value worked out using ping testing (1406) fixes the problem so it seems clear that PMUD is not working this doc helped https://community.cisco.com/t5/collaboration-voice-and-video/pmtud-blackhole/ta-p/3115561...
by en1gm4
Mon Jan 14, 2019 12:53 am
Forum: General
Topic: understanding and fixing MTU/MSS/PMTU with IPsec
Replies: 8
Views: 1667

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Thanks. At the moment all traffic outside of the tunnel (to the internet from the office or from our vpc) works fine (although it may be worth checking if things are getting fragmented thet shouldn't) I'll have a look at what might be blocking MTU discovery. I think all ICMP are allowed between any ...
by en1gm4
Sun Jan 13, 2019 2:55 pm
Forum: General
Topic: understanding and fixing MTU/MSS/PMTU with IPsec
Replies: 8
Views: 1667

understanding and fixing MTU/MSS/PMTU with IPsec

We have a in issue with our office connection to AWS via an IPSEC tunnel in that anything session oriented (http, ssh) will not work properly, We discovered however that reducing the MTU on the ethernet interface on one of the computers in the office to 1400 appears to solve the problem and both SSH...
by en1gm4
Tue Jan 08, 2019 12:09 pm
Forum: General
Topic: sessions unstable over vpn to AWS
Replies: 1
Views: 390

Re: sessions unstable over vpn to AWS

an updatet for future users that might find themselves with similar issues: it appears that this might be an MTU issue as changing MTU from 1500 to 1400 on devices in the office seems to fix the issue and get traffic flowing properly again (http and SSH) Not yet sure how or where to tell the Mikroti...
by en1gm4
Fri Jan 04, 2019 4:37 pm
Forum: General
Topic: sessions unstable over vpn to AWS
Replies: 1
Views: 390

sessions unstable over vpn to AWS

I have a strange situation that I have having trouble debugging and wondered if anyone has seen the same. We have a 4100 (running 6.43.7) in the office connected to 3 DSL lines We have a VPN (IPsec) over one of those lines to a Mikrotik CHR (on 6.43.8) on Amazon Web services Our office is on 10.11.x...
by en1gm4
Mon Dec 03, 2018 12:26 pm
Forum: General
Topic: FCS errors and link negotiation failing
Replies: 0
Views: 245

FCS errors and link negotiation failing

I have an 951G-2HnD operating as the main router in our office connected to a WAP LTE KIT that provides a 4G connection They are connected by about 30M of good quality cat5E cable. The cable has been tested and restested as good at all speeds and with a range of packet sizes and many millions of pac...
by en1gm4
Mon Nov 19, 2018 4:46 pm
Forum: General
Topic: Has anyone got dual stack IPv4/IPv6 working on EE 4G?
Replies: 1
Views: 339

Re: Has anyone got dual stack IPv4/IPv6 working on EE 4G?

well... it's lonely here on this topic! guess v6 over EE is not very common. If anyone else has had any luck getting both IPv4 and IPv6 running simultaneously over any 4G/LTE service anywhere in the world, do please reply.. (and indeed if you know it to be impossible for some reason or if there are ...
by en1gm4
Fri Nov 16, 2018 3:27 pm
Forum: General
Topic: Has anyone got dual stack IPv4/IPv6 working on EE 4G?
Replies: 1
Views: 339

Has anyone got dual stack IPv4/IPv6 working on EE 4G?

one for those in the UK (but would be good to hear from anyone that has it working on another carrier anywhere) We have a WAP LTE kit working on EE 4G using IPv4 I understand the EE's network is fully IPv6 capable and we would like to have both v4 and v6 working in our office. Before we commit many ...
by en1gm4
Thu Aug 30, 2018 12:21 pm
Forum: General
Topic: O2 Boost Box
Replies: 1
Views: 232

O2 Boost Box

Has anyone had issues with O2 Boost boxes (UK mobile provider for those not familiar) not connecting via a mikrotik router? we've had issues on and off for a long time and cannot seem to get a stable connection. our Vodafone Suresignal box however has been working fine on the same network. We have s...
by en1gm4
Fri Jul 06, 2018 4:30 pm
Forum: General
Topic: Firmware update notification
Replies: 2
Views: 794

Re: Firmware update notification

excellent. thanks is there anything comparable for "major" vulnerabilities or vital patches? our team don't really want to keep an eye on releases regularly but really do want/need to know if something goes badly wrong (looks like we could filter on the word "stable" to find those releases.. is ther...
by en1gm4
Fri Jul 06, 2018 12:34 pm
Forum: General
Topic: Firmware update notification
Replies: 2
Views: 794

Firmware update notification

Is there such a thing as a notification email list / twitter /RSS/ etc that only sends security notifications and info on updated firmware? We would like to be able to easily know if there are any appropriate firmware updates or major vulnerabilities without having to check back on the forums or fin...
by en1gm4
Fri May 25, 2018 5:15 pm
Forum: General
Topic: debugging "out unknown"
Replies: 4
Views: 574

Re: debugging "out unknown"

thanks.
upon deeper inspection i found that someone (other than me ;) had inserted a firewall rule on the input chain to log everything... which seemingly caused these messages to show up each time the input chain saw a packet that it had no route for.
all better now... and I've learned a few things
by en1gm4
Fri May 25, 2018 4:19 pm
Forum: General
Topic: debugging "out unknown"
Replies: 4
Views: 574

Re: debugging "out unknown"

thanks mrz interesting. we've stopped using dropbox in the office so there should not really be much left ? (although perhaps the odd device or two with personal stuff) even when we used to have more dropbox i don;t recall us getting these messages in the logs is there a general rule about what "out...
by en1gm4
Fri May 25, 2018 3:27 pm
Forum: General
Topic: debugging "out unknown"
Replies: 4
Views: 574

debugging "out unknown"

apologies if this is really a newbie question but I'm not quite sure where to begin and am hoping someone might give me a clue or two our office router is load sharing 3 dsl lines to one lan and has been going a great job of it :) however, when I look at the logs I see a lot of entries that seem to ...
by en1gm4
Wed Apr 25, 2018 3:21 pm
Forum: Beginner Basics
Topic: PPP compression - L2TP and Windows
Replies: 0
Views: 326

PPP compression - L2TP and Windows

Can someone please tell me if compression works between a mikrotik running as an L2TP/Ipsec VPN server and a windows 10 user connecting using the built in client? If so, how can i see that this has been negotiated? What sort of compression is in use? (i.e is it just header compression or is there so...
by en1gm4
Sun Apr 22, 2018 3:59 pm
Forum: Announcements
Topic: v6.42 [current]
Replies: 147
Views: 26904

Re: v6.42 [current]

perhaps not as important as some other bugs being posted, but i noticed that kid control in webfig seems to be broken after adding a schedule in winbox, the times in webfig are showing as incorrect. it looks as though it is showing the end times as the same as the start times (?) this is on an RB750...
by en1gm4
Sun Apr 22, 2018 12:12 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 109842

Re: v6.43rc [release candidate] is released!

Deleted. Wrong thread. Kid control bug in webfig is in current release (not checked RC yet)
by en1gm4
Thu Apr 19, 2018 9:08 pm
Forum: Announcements
Topic: v6.42 [current]
Replies: 147
Views: 26904

Re: v6.42 [current]

upgraded one RB951G-2HnD in office (running as an AP only) and it went fine just upgraded another RB951G-2HnD at home (also an AP only) and it immediately went into a bootloop... beeping every 7 seconds or so. I was only upgrading the software and using winbox. power on reset does not help can not g...
by en1gm4
Mon Mar 12, 2018 6:11 pm
Forum: General
Topic: IPV6 HE 6in4 tunnel with multi-wan IPv4
Replies: 5
Views: 692

Re: IPV6 HE 6in4 tunnel with multi-wan IPv4

Thanks again. For clarity, my understanding is that protocol 41 needs to pass to/from the router via IPv4 (output chain mangle taking to the right place and then presumably it is an established connection? Or might there be a need for an explicit rule allowing it on the input chain .. limited to the...
by en1gm4
Wed Mar 07, 2018 10:02 pm
Forum: General
Topic: IPV6 HE 6in4 tunnel with multi-wan IPv4
Replies: 5
Views: 692

Re: IPV6 HE 6in4 tunnel with multi-wan IPv4

Thanks Sob, where should the rule to ensure the traffic to the other end of the ipv4 tunnel sit? output chain? forward? (i.e. since the logic of the 6in4 tunnel is in the router, presumably the tunnel is an "internal" process and you need to intercept it somewhere there) apologies for the newbie que...
by en1gm4
Wed Mar 07, 2018 5:01 pm
Forum: General
Topic: IPV6 HE 6in4 tunnel with multi-wan IPv4
Replies: 5
Views: 692

IPV6 HE 6in4 tunnel with multi-wan IPv4

Hi Has anyone had any experience with a load balanced multi-wan setup (in our case 3 ADSL lines using PPPoE) and adding a tunnelbroker (hurricane electric) IPv6 6in4 tunnel into the mix? Hurricane provides good instructions and there are a number of locations online with information on basic config....
by en1gm4
Tue Jan 09, 2018 5:29 pm
Forum: General
Topic: Hiring a consultant for configuration support
Replies: 3
Views: 445

Re: Hiring a consultant for configuration support

peopleperhour?
truelancer (seems to have a big group under mikrotik)
guru.com (the most I have found)
by en1gm4
Tue Jan 09, 2018 4:42 pm
Forum: General
Topic: Hiring a consultant for configuration support
Replies: 3
Views: 445

Hiring a consultant for configuration support

Has anyone got experience on hiring people online to write/edit/support a Mikrotik config? We have a single office router that needs to load share and prioritise traffic over three adsl links with the usual firewall protection and a couple of pinholes for SSH and VPN We have enough in house expertis...
by en1gm4
Tue Jan 09, 2018 3:02 pm
Forum: General
Topic: Recommended USB LTE/4G modem in UK?
Replies: 5
Views: 1325

Re: Recommended USB LTE/4G modem in UK?

for those following this I clearly missed something in my search as this topic has been covered here: https://forum.mikrotik.com/viewtopic.php?t=124360 there is some suggestion that using the latest firmware and the E3372H on a powered hub might be a working solution might we worth an experiment (an...
by en1gm4
Mon Jan 08, 2018 7:37 pm
Forum: General
Topic: Recommended USB LTE/4G modem in UK?
Replies: 5
Views: 1325

Re: Recommended USB LTE/4G modem in UK?

understood... and many thanks :)
(i see that there is some difference between the E3372S and E3372H... but not sure if that actually helps or if MT works with both... I'm in no way wed to them; just saw there were lots on eBay ;)
anyone else have any recommendations and experience to share?
  • 1
  • 2