Community discussions

Search found 81 matches

  • 1
  • 2
by majestic
Wed Sep 19, 2018 6:51 pm
Forum: Forwarding Protocols
Topic: Public IP over a tunnel ( SOLVED )
Replies: 34
Views: 7198

Re: Public IP over a tunnel ( SOLVED )

One address or twelve, there's not much difference, you can use the same method, it will work.
Aye, confirmed myself with multiple addresses, works like a dream, thank you.
by majestic
Sat Sep 15, 2018 9:24 pm
Forum: Forwarding Protocols
Topic: Public IP over a tunnel ( SOLVED )
Replies: 34
Views: 7198

Re: Public IP over a tunnel ( SOLVED )

I am using a Hetzner Cloud VPS and ive found using a single vCPU, you can get around 400MBits, which ant bad at all. Adding an additional CPU produces around 800Mits. It seems to be CPU limited due to encryption so im looking at tweaking it a bit and see if can get a bit more out of it. Does Hetzne...
by majestic
Sat Sep 15, 2018 9:22 pm
Forum: Forwarding Protocols
Topic: Public IP over a tunnel ( SOLVED )
Replies: 34
Views: 7198

Re: Public IP over a tunnel ( SOLVED )

Wrong source address, if I understand correctly that it's 94.xxx.xxx.150, it must be caused by another srcnat/masquerade rule. Instead of adding another srcnat, it's better to use accept rule, to exclude 195.xxx.xxx.6 from srcnat completely. It doesn't need any, it already has correct address. IPv6...
by majestic
Sat Sep 15, 2018 2:44 pm
Forum: Forwarding Protocols
Topic: Public IP over a tunnel ( SOLVED )
Replies: 34
Views: 7198

Re: Public IP over a tunnel

Hi Sob, One thing I have noticed is, the outgoing packets seems to have the wrong source address. If you say do a curl ifconfig.io you will see the public IP of the end point which you used the IP's from. Iv'e tried to add an SNAT rule but didn't help, I expect its because of the interface/way I tri...
by majestic
Sat Sep 15, 2018 2:10 pm
Forum: Forwarding Protocols
Topic: Public IP over a tunnel ( SOLVED )
Replies: 34
Views: 7198

Re: Public IP over a tunnel ( SOLVED )

Hi @Sob,

On an additional note, you don't by any chance have a working IPv6 version of this?

This would need to be IPv6 over IPv4 i.e. for sites which don't have native IPv6 yet.

If you have anything which you wouldn't mind sharing I would really be apresahted.

Thank you.

Kind Regards,

Majestic
by majestic
Sat Sep 15, 2018 1:29 pm
Forum: Forwarding Protocols
Topic: Public IP over a tunnel ( SOLVED )
Replies: 34
Views: 7198

Re: Public IP over a tunnel ( SOLVED )

Hi Guys, Just wanted to chime in here, this works abosulty awesome and thank you so much @Sob for taking the time to share your solution. I am using a Hetzner Cloud VPS and ive found using a single vCPU, you can get around 400MBits, which ant bad at all. Adding an additional CPU produces around 800M...
by majestic
Sat Jun 24, 2017 4:33 pm
Forum: General
Topic: DHCP classless issues
Replies: 1
Views: 538

DHCP classless issues

Hi Guys, I wonder if someone could be kind enough to point out what I am doing wrong. What I am trying to achieve is to set a classless route via DHCP as shown below. https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server#Options Now what I am trying to do is the following.. VPN network/server Network...
by majestic
Mon Jun 12, 2017 2:59 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: zerotier vpn
Replies: 16
Views: 5410

Re:

I don't understand why it is necessary or useful for routers. +1 I agree, it would be really useful as Mikrotik doesn't currently support dynamic multipoint VPN (DMVPN) or similar technology. Zeroteir is a really a very easy/user friendly DMVPN clone (of sorts) which a lot of people deploy when the...
by majestic
Sun Jun 04, 2017 1:29 am
Forum: RouterOS v6 RC and v7 BETA
Topic: SSTP: AES-GCM support, granular control of cipher suites.
Replies: 8
Views: 3472

Re: SSTP: AES-GCM support, granular control of cipher suites.

+1 This would be really helpful if ROS had AES-GCM support as theres a huge performance boot for all. That means lower hardware can achieve higher throughput which likely would be more cost effective.
by majestic
Thu May 25, 2017 5:09 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request - DNSCrypt support...
Replies: 152
Views: 42457

Re: Feature request - DNSCrypt support...

Doesn't this supersede DNScrypt, plus, is now an accepted standard? https://tools.ietf.org/html/rfc7858 But it is still a very fresh RFC If you could add support for this, it would be great for everyone or even DNSCrypt which a lot of people use and is more common/known to them. Either would be acc...
by majestic
Mon Apr 03, 2017 6:51 pm
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 1667

Re: Is routerOS and CHR capable of using Intel AES-NI?

Brilliant, thank you very much.
by majestic
Wed Mar 08, 2017 1:54 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 102332

Re: Blacklist Filter update script

Using RBL's crossed my mind but then the amount of traffiic would be the same like it is with BGP. When using DNS you will also have some traffic but the main part is distributed by external DNS severs as I see it. Distributed & cached which the cache will lower the amount of traffic needed. Howeve...
by majestic
Tue Mar 07, 2017 8:47 pm
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 102332

Re: Blacklist Filter update script

I have an idea how to bring back the traffic generated by the Blacklist. When I lookup sites I get sometimes a list of IP addresses back: Name: microsoft.com Addresses: 23.100.122.175 23.96.52.53 191.239.213.197 104.40.211.35 104.43.195.251 So if you can convert the list and put it in a DNS, then o...
by majestic
Tue Mar 07, 2017 8:36 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request - DNSCrypt support...
Replies: 152
Views: 42457

Re: Feature request - DNSCrypt support...

I would also like to add my vote for DNScrypt support! I currently run a separate server for this.
likewise.
by majestic
Tue Feb 28, 2017 9:17 pm
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 1667

Re: Is routerOS and CHR capable of using Intel AES-NI?

I actually had an 1100AHx2 connected with a 300mbps cable connection to a CHR on esxi/vmware using a Xeon ES-2650 @2.6Ghz. GRE+IPSEC AES-128-CBC. Could only manage around 100Mbps with connection tracking turned off and no QoS features.. Does that seem odd to you? I thought the 1100 could handle mor...
by majestic
Tue Feb 28, 2017 7:59 pm
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 1667

Re: Is routerOS and CHR capable of using Intel AES-NI?

How is the performance? Mind if I ask what hardware you are using? I'm looking to do something similar. A hub and spoke set up using GRE+IPSEC. I'm hoping to find something for Spokes to get up ~300Mbps. The best ive tested so far was some HP desktop I found lying around, had an interl i3 processor...
by majestic
Tue Feb 28, 2017 4:30 pm
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 1667

Re: Is routerOS and CHR capable of using Intel AES-NI?

Looking to see if routeros and CHR is able to use these instructions in the intel processors. Can't be 100% certain but I do believe it does because the CPU usage which I see is extremely low and this is when i'm using the GRE+IPSEC VPN links which uses AES-256-CBC. HTH How is the performance? Mind...
by majestic
Tue Feb 28, 2017 3:56 pm
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 1667

Re: Is routerOS and CHR capable of using Intel AES-NI?

Looking to see if routeros and CHR is able to use these instructions in the intel processors. Can't be 100% certain but I do believe it does because the CPU usage which I see is extremely low and this is when i'm using the GRE+IPSEC VPN links which uses AES-256-CBC. HTH How is the performance? Mind...
by majestic
Tue Feb 28, 2017 12:52 pm
Forum: Virtualization
Topic: RouterOS CHR + XenServer 7 does not resize disk
Replies: 1
Views: 1052

Re: RouterOS CHR + XenServer 7 does not resize disk

I have imported the CHR image to XenServer 7 but when it starts up for the first time, although it prints on console the resizing disks message, doing /system resource print shows it's still using the 128MB partition. Thats interesting, I am using XenServer 7 as well as CHR images with resized disk...
by majestic
Tue Feb 28, 2017 12:16 pm
Forum: Virtualization
Topic: x86 on XenServer?
Replies: 7
Views: 2741

Re: x86 on XenServer?

I am successfully running CHR on XenServer 7 without any issues... The free versions of x86 and CHR have different limitations. Since I am want to use this device for some bandwidth testing, the 1 Mbps limitation of CHR is too restrictive. I am also successfully running CHR on XenServer. The error ...
by majestic
Tue Feb 28, 2017 3:54 am
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 1667

Re: Is routerOS and CHR capable of using Intel AES-NI?

Looking to see if routeros and CHR is able to use these instructions in the intel processors.
Can't be 100% certain but I do believe it does because the CPU usage which I see is extremely low and this is when i'm using the GRE+IPSEC VPN links which uses AES-256-CBC.

HTH
by majestic
Tue Feb 28, 2017 3:49 am
Forum: Virtualization
Topic: x86 on XenServer?
Replies: 7
Views: 2741

Re: x86 on XenServer?

I am successfully running CHR on XenServer 7 without any issues in a couple of data centres.

The image that I used was the VMware image (https://download2.mikrotik.com/routeros ... .37.4.vmdk), then just imported that directly into xenserver. Works perfect.

HTH
by majestic
Tue Feb 28, 2017 12:10 am
Forum: Forwarding Protocols
Topic: Second opinion two routers BGP/OSPF
Replies: 2
Views: 1609

Re: Second opinion two routers BGP/OSPF

@ZeroByte Thanks very much for all your tips, they have been a great help. I know this is a little late from when you originally posted this but with a little luck this will still get to you. After reading and re-reading what you have posted theres still a small thing I don't understand and I wonder...
by majestic
Sat Feb 18, 2017 9:23 pm
Forum: Announcements
Topic: v6.37.4 [bugfix] is released!
Replies: 38
Views: 15139

Re: v6.37.4 [bugfix] is released!

The filter rules have the selector ipsec-policy which you can set e.g. to ipsec-policy=in,none or ipsec-policy=in,ipsec to create rules that handle traffic that is not protected or traffic that is protected. You will need something like: add action=reject chain=input ipsec-policy=in,none protocol=g...
by majestic
Sat Feb 18, 2017 6:20 pm
Forum: Announcements
Topic: v6.37.4 [bugfix] is released!
Replies: 38
Views: 15139

Re: v6.37.4 [bugfix] is released!

I don't see this issue. make sure your firewall rules are correct. Without the proper rules it can sometimes work because dynamic rules are created on the outbound connection and the "established/related" rule then accepts the traffic in the other direction. However, this is not the proper way to d...
by majestic
Sat Feb 18, 2017 12:51 pm
Forum: Announcements
Topic: v6.37.4 [bugfix] is released!
Replies: 38
Views: 15139

Re: v6.37.4 [bugfix] is released!

Anyone having an issue where ipsec tunnels connect, but don't seem to be passing traffic? Have to kill them a couple of times before they connect properly? I am also experiencing the same issue but it seems to happen completely random. It does not do it all the time and when it does, its not all of...
by majestic
Tue Feb 14, 2017 9:35 pm
Forum: General
Topic: [Q] Hetzner routing using Mikrotik (solved)
Replies: 0
Views: 1117

[Q] Hetzner routing using Mikrotik (solved)

Hi guys, Yesterday I grabbed a license (CHR) for one of my VM's running on Xen but I am having problems in connecting it to Hetzners network. As you might know that they use a subnet outside of the routed block and its locked to the core/physical machines MAC and usually you use the core box as a ro...
by majestic
Sun Feb 12, 2017 12:07 pm
Forum: Announcements
Topic: v6.37.4 [bugfix] is released!
Replies: 38
Views: 15139

Re: v6.37.4 [bugfix] is released!

Majestic: it is a well known problem (at least in BGP) and it "will all be fixed in version 7".
Ahh thanks very much, glad its not me going mad ;)

I can live with it, just wanted to make sure mikrotik was aware.
by majestic
Sun Feb 12, 2017 11:55 am
Forum: Announcements
Topic: v6.37.4 [bugfix] is released!
Replies: 38
Views: 15139

Re: v6.37.4 [bugfix] is released!

Hi guys, Not sure if this is the right place to post this but as this is related to 6.37.4 I thought it be best here. If its in the wrong place, could a mod please move it, thank you. I believe I have found a "possible" bug in v6.37.4 [bugfix] release. It may also be present in other versions but I ...
by majestic
Fri Feb 10, 2017 2:53 am
Forum: General
Topic: [Q] CHR license de-allocate/assign?
Replies: 0
Views: 338

[Q] CHR license de-allocate/assign?

Hi Guys, I wonder if someone with experience with the Cloud Hosted Router licenses could answer a few questions for me. I am currently running several different virtualisation platforms including OpenSource XEN, XenServer and KVM physical machines. Now I am in the process of moving all of them to Xe...
by majestic
Sat Jan 21, 2017 7:14 pm
Forum: Virtualization
Topic: ►OpenVZ VPS Gre Tunnel
Replies: 2
Views: 1675

Re: ►OpenVZ VPS Gre Tunnel

You need to talk to your VPS provider to see if they are willing to "tweak" their host node to allow you to add the gre interfaces into your VM. Assuming you can get them, its the same as linux to MT config nothings special. Give this info to your provider and they should if they are nice do it for ...
by majestic
Tue Jan 17, 2017 9:23 am
Forum: Announcements
Topic: v6.38.1 [current]
Replies: 73
Views: 23576

Re: v6.38.1 [current]

Latest for Mac hasn't been done yet... http://joshaven.com/resources/tools/winbox-for-mac/ Still stuck on 3.7.. wonder if joshaven hides out here somewhere, if so, would you be so kind and give us a 3.9 version when you get a few minutes. Thank you. **Update** I have just dropped joshaven a quick e...
by majestic
Mon Jan 16, 2017 7:06 pm
Forum: Announcements
Topic: v6.38.1 [current]
Replies: 73
Views: 23576

Re: v6.38.1 [current]

Latest for Mac hasn't been done yet... http://joshaven.com/resources/tools/winbox-for-mac/ Still stuck on 3.7.. wonder if joshaven hides out here somewhere, if so, would you be so kind and give us a 3.9 version when you get a few minutes. Thank you. **Update** I have just dropped joshaven a quick em...
by majestic
Mon Jan 16, 2017 6:23 pm
Forum: Announcements
Topic: Winbox 3.9 released!
Replies: 35
Views: 15225

Re: Winbox 3.9 released!

I agree having a native version for MacOS would be really nice to have as I am sure if you do a poll to see how many OSX users there are more then you think. Meanwhile the Wine version which is floating around works quite well, most of the time. You have to remember a lot of us and organisations do...
by majestic
Mon Jan 16, 2017 6:11 pm
Forum: Announcements
Topic: Winbox 3.9 released!
Replies: 35
Views: 15225

Re: Winbox 3.9 released!

I agree having a native version for MacOS would be really nice to have as I am sure if you do a poll to see how many OSX users there are more then you think. Meanwhile the Wine version which is floating around works quite well, most of the time. You have to remember a lot of us and organisations do ...
by majestic
Mon Jan 16, 2017 6:03 pm
Forum: Announcements
Topic: v6.38.1 [current]
Replies: 73
Views: 23576

Re: v6.38.1 [current]

Awesome for releasing this release so soon. Will see if I can test it out later tonight on my RB750Gr3's and will report back once its done and tested. I really hope the 6.38 bugs are squashed :)
by majestic
Sun Jan 15, 2017 2:56 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 102332

Re: Blacklist Filter update script

If external USB or SD disk available, NAND wearing can be avoided by write temporary files to them. PS. Downloading and executing rsc from not own server and/or by insecure channel look dangerous. May I please be so bold, whats the commands to change the temporary file storage location? I use a RB7...
by majestic
Sun Jan 15, 2017 2:48 am
Forum: Forwarding Protocols
Topic: [Q] OSPF Hiding link address in traceroute?
Replies: 0
Views: 444

[Q] OSPF Hiding link address in traceroute?

Hi Guys, I am new to OSPF, but I have finally managed to get it working after reading much documentation about ospf and vpns. I have a small question to ask as I am not sure if its possible or not but I thought it would be worth asking nevertheless. What I would like to do is hide or change the IP a...
by majestic
Thu Jan 12, 2017 10:26 am
Forum: General
Topic: [Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router
Replies: 8
Views: 1025

Re: [Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router

Privacy extensions is client-side stuff, so it can be easily disabled. But even when it's enabled, there's always the main address (with lower 64 bits based on MAC address) and it stays the same. You can tell your SSH client to bind outgoing connection to this addres (-b option) and it should not b...
by majestic
Thu Jan 12, 2017 10:22 am
Forum: General
Topic: [Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router
Replies: 8
Views: 1025

Re: [Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router

IMO better would be to accept prefix and adjust the thinking for IPv6 - so, work with prefixes and get used to things. While many claim that IPv6 is just longer addresses - that is not so. There are quite a lot of other reasons why use IPv6 that are not so obvious when first time you configure and ...
by majestic
Wed Jan 11, 2017 10:07 am
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 36322

Re: v6.38 [current] is released!

Adding an extra repo wouldn't effect anything, wouldn't touch the existing versions available, it only would give users an alternative to install, I.e old stable. I agree! But the quoted question was not to add an extra version, it was about to replace the current bugfix-version. I support adding a...
by majestic
Wed Jan 11, 2017 10:00 am
Forum: General
Topic: [Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router
Replies: 8
Views: 1025

Re: [Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router

SSH client uses (from Linux hosts) uses new temporary IPv6 address for each SSH session. You can check for the addresses via $ip -6 addr | grep temporary. That is a normal behaviour. Thanks for the reply, sadly your right, after doing some research it's called privacy setting or something and it au...
by majestic
Wed Jan 11, 2017 9:54 am
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 36322

Re: v6.38 [current] is released!

Please can 6.37.x be made the bugfix release? There has to be a convenient way to update routers to this version that proves to be quite stable, and avoid the current problems with 6.38 without having to go back to 6.36.4 No, please NOT!!! 6.36.4 is the only version which works with some older WIFI...
by majestic
Tue Jan 10, 2017 12:03 pm
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 36322

Re: v6.38 [current] is released!

Please can 6.37.x be made the bugfix release? There has to be a convenient way to update routers to this version that proves to be quite stable, and avoid the current problems with 6.38 without having to go back to 6.36.4 Agree. It would be nice if after every new release that a new repo say called...
by majestic
Mon Jan 09, 2017 5:10 pm
Forum: Scripting
Topic: Backup to External FTP Useful script
Replies: 9
Views: 34868

Re: Backup to External FTP Useful script

Thanks very much for the script ideas, I was that impressed, I thought I would make myself a version of this to save locally onto my microSD and instead reinventing the wheel I decided to use some of your existing code and adjusted it to my purpose. Credit goes to the original author and if you want...
by majestic
Sat Jan 07, 2017 1:29 am
Forum: General
Topic: [Q] Rate limit single server's IP
Replies: 10
Views: 956

Re: [Q] Rate limit single server's IP

Glad you found what you were looking for. There's always more than one way to "skin a cat."
Aye so it seems.

Now enjoying the best of both worlds :) fast track + rate limit = bliss :)

https://www.dropbox.com/s/bin0rbkam44s6 ... 5.png?dl=0
by majestic
Sat Jan 07, 2017 1:17 am
Forum: General
Topic: Improving VPN speed to remote sites (How to?)
Replies: 7
Views: 4307

Re: Improving VPN speed to remote sites (How to?)

Open VPN and SSTP are TCP based protocols.This limits your performance. IPSEC (with L2TP) performs better, especially if you reduce MTU to avoid the packet reordering bug. Reorder bug? what sort of MTU would you suggest? I am planing to start connecting all my data centre sites using IPSEC, GRE and...
by majestic
Fri Jan 06, 2017 11:15 pm
Forum: General
Topic: [Q] Rate limit single server's IP
Replies: 10
Views: 956

Re: [Q] Rate limit single server's IP

Here's an older thread covering this very topic: http://forum.mikrotik.com/viewtopic.php?t=98133 Revelation, thank you so much for sending me that link again. I can confirm the answer is within that link that you kindly posted but as I am a nice guy, i'm going to post the exact config that I used t...
by majestic
Fri Jan 06, 2017 3:00 pm
Forum: General
Topic: [Q] Rate limit single server's IP
Replies: 10
Views: 956

Re: [Q] Rate limit single server's IP

Here's an older thread covering this very topic: http://forum.mikrotik.com/viewtopic.php?t=98133 Thanks again, i've just had a read and about the third post from the bottom shows a way how I can do what I want and still keep fast track for the other connections. I am not at home right now but in a ...
  • 1
  • 2