Community discussions

Search found 25 matches

by hamster
Wed Oct 03, 2018 5:44 am
Forum: General
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 137
Views: 17265

Re: Suggestion: Completely virtual router based on two physical routers

I've just installed this on two x86, version 6.42.9... So far, so good. Thanks for this!

Quick question, if I may: why is it neccessary to reboot the standby router once it receives new configuration?
by hamster
Wed Mar 15, 2017 3:55 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

Certificate is now also installed on the NPS (RADIUS) server and the result is exactly the same as before.
by hamster
Wed Mar 15, 2017 11:46 am
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

It's true, I have self signed certificate on the router, generated by the router itself, but I have also installed this certificate on my Windows 10 client to user's and computer's Trusted Root Cert. Authorities "store", so Windows recognises the router's certificate as perfectly valid... So I don't...
by hamster
Tue Mar 14, 2017 2:23 am
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

Yep, same problem here as emiX is having. At first I was getting "no proposal chosen" errors, but after setting PFS group to "none" (which is kinda moronic default in Windows, but you can "conveniently" change that via PowerShell), it "established" the connection, but Windows asked me for username a...
by hamster
Fri Mar 10, 2017 1:41 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

Wonderful! I'll test it over the weekend and let let you guys know the result.
by hamster
Mon Mar 06, 2017 12:20 pm
Forum: General
Topic: Backup and Restore Certificates
Replies: 21
Views: 9473

Re: Backup and Restore Certificates

Is this still the case? I'll have to replace a problematic router with a new one. It will be the same model. I noticed that "/export" doesn't export certificates... Which is a shame, but fine. Will certificates be backed up and restored by "/system backup"? Is "/system backup" even usable if I try t...
by hamster
Wed Mar 01, 2017 12:22 am
Forum: General
Topic: L2TP/IPSec for Road Warrior
Replies: 93
Views: 35326

Re: L2TP/IPSec for Road Warrior

I'm sorry to hear that. Unfortunately I'm in all Windows/Linux environment, so I have no way to test this out for you, I just gave you information based on information about Macs available on the internet. One thing worth noting here is that some network setups can screw with your clients, for examp...
by hamster
Thu Feb 23, 2017 1:08 am
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

Just to update the status of RADIUS problem: I was told by Mikrotik support via email that it will not be fixed yet: "Definately not in next RC, maybe after few versions. At the moment we want to fix more critical problems first."
by hamster
Mon Feb 20, 2017 7:26 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

@netleak Can you post some more verbose log from your server, or perhaps even better, RADIUS debug logs from Mikrotik?
by hamster
Sat Feb 18, 2017 11:53 am
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

Tested this with the new v6.39rc33 - still not working.
by hamster
Thu Feb 16, 2017 11:34 am
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

mrz, I will gladly do that, if you can tell me where/how in Windows 10 "native client" can I do that? I just want to be able to configure this (otherwise wonderful new addition to ROS) reliably on my user's computers.
by hamster
Thu Feb 16, 2017 12:58 am
Forum: General
Topic: L2TP/IPSec for Road Warrior
Replies: 93
Views: 35326

Re: L2TP/IPSec for Road Warrior

@dackhack It should work fine if the clients are Mac computers, yes. Or even if one client is Windows and all the others are Macs. The problem will arise when 2 or more clients are Windows computers, behind the same public IP. Perhaps there's a registry hack for Windows to randomise the ports, but I...
by hamster
Thu Feb 16, 2017 12:44 am
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

Dear andriys, thanks for fighting the good fight. Your fight is now over :) Mikrotik has fixed the issue. I'm incredibly happy to report that the issue with IKEv2 + RADIUS is now in v6.39rc27 RESOLVED! With the same configuration as before, it suddenly now FOOKIN' WORKS! YISSS! 8) Edit: I got excite...
by hamster
Sat Jan 28, 2017 11:53 am
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

Dear mrz, this is still not working, even on 6.39rc20. Problem is still exactly the same. Instead of dismissing this issue like you have been doing so far and wasting my time and time of everyone else here, please forward it to someone who can actually see the problem here and take steps in order to...
by hamster
Mon Jan 23, 2017 7:25 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

On that, we agree. But, it seems like whatever Mikrotik router actually forwards to RADIUS server is wrong. Look, here's a screenshot of my configuration on NPS, note the enabled EAP-MSCHAPv2. https://image.ibb.co/eKGbJv/Capture.png Now, of course, it's most likely that I am doing something wrong. C...
by hamster
Sun Jan 22, 2017 1:36 am
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

@mrz, I'm sorry, I must be missing something here. If this is how this is supposed to work, I kindly ask you to provide us with a short example of a working configuration of IKEv2 + EAP RADIUS and please add a note if there's anything special that needs to be configured on NPS for this to start work...
by hamster
Fri Jan 20, 2017 6:49 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

@mrz, please see logs from RADIUS on my Windows server a few posts back. Connecting client in my case was Windows 10 machine, not IOS, and the problem is exactly the same - Mikrotik router simply does not pass the right information to RADIUS server, hence the login fails. But then again, I might be ...
by hamster
Mon Jan 16, 2017 10:53 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

Yes, maznu, exactly what I posted above - I have the same problem with Windows client and even more strange problem with Android client.
by hamster
Mon Jan 16, 2017 9:16 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

Well, I found a reason, why RADIUS isn't working with IPSec when using EAP RADIUS authentication over IKEv2, now on ROS v6.38.1. Here's the relevant part from security log in Windows Server 2012 R2 by Network Policy Server, when connecting from Windows 10 client. Instead of my user name, it sends my...
by hamster
Mon Jan 16, 2017 2:43 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

Thanks so much for your help achelon, but it seems like I'll have to wait for v6.39 to be released, as I don't like running release candidates in my production environment and IKEv2 and RADIUS in v6.38 seem to be more broken than working... P.S., Mikrotik, there's a typo in ipsec logs "child negitia...
by hamster
Sat Jan 14, 2017 9:37 pm
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80754

Re: Feature Req: IKEv2 server and client

I apologize if this has been answered before, but I spent about 10 hours already trying to make a working config... Does anyone have a working IKEv2 for road warriors config that I could borrow as my starting point? I'm using ROS v6.38.
by hamster
Sat Jan 14, 2017 1:53 am
Forum: General
Topic: Bad EAP size?
Replies: 0
Views: 807

Bad EAP size?

So, until now, I used L2TP/IPSec, with RADIUS authentication. It worked perfectly, except there was this tiny little problem with multiple clients behind the same NAT... :) With new ROS 6.38 I tried to set up IPSec with IKEv2 and also RADIUS authentication. Now I can't connect from my Android 6.0.1 ...
by hamster
Wed Jan 04, 2017 2:17 pm
Forum: General
Topic: L2TP/IPSec for Road Warrior
Replies: 93
Views: 35326

Re: L2TP/IPSec for Road Warrior

And of course, a prerequisite is that you have the ability to manage firewall on your ISP's router and configure port forwarding to your MikroTik...
by hamster
Tue Jan 03, 2017 1:49 pm
Forum: General
Topic: L2TP/IPSec for Road Warrior
Replies: 93
Views: 35326

Re: L2TP/IPSec for Road Warrior

Thanks for clarification, mrz. A follow-up question: will it also work with L2TP over IPSec and multiple Windows clients in one of the future releases of ROS?
by hamster
Sun Dec 11, 2016 2:58 pm
Forum: General
Topic: L2TP/IPSec for Road Warrior
Replies: 93
Views: 35326

Re: L2TP/IPSec for Road Warrior

I haven't tested out this personally yet, but it seems that a lot of work is being done on IPSec in the upcoming 6.38 release. We might not need to wait for ROSv7. Specifically, check out the changelog in 6.38rc29 release: "ipsec - added support unique policy generation which will allow multiple pee...