Community discussions

Search found 31 matches

by virtman
Tue Oct 16, 2018 1:05 pm
Forum: General
Topic: PCP support for CG-NAT on WAN
Replies: 2
Views: 374

PCP support for CG-NAT on WAN

Hi, I need support for PCP (Port Control Protocol) in the WAN connection. This is required because my ISP provider uses (and enforces) CG-NAT (NAT444), and to map incomming connections the PCP protocol is the only supported option. Any idea about how to handle this? FYI, https://en.wikipedia.org/wik...
by virtman
Fri Mar 10, 2017 1:57 pm
Forum: Announcements
Topic: v6.38.5 [current]
Replies: 66
Views: 25709

Re: v6.38.5 [current]

virtman - We test also CHR before release. This is something specific in your case. Please write to support@mikrotik.com and describe problem and CHR. I think so, however this is common problem, not specific to my case: check it... install a fresh 6.38.3 CHR in ESXi 6.5... then update to 6.38.5... ...
by virtman
Fri Mar 10, 2017 1:40 pm
Forum: Announcements
Topic: v6.38.5 [current]
Replies: 66
Views: 25709

Re: v6.38.5 [current]

Hi, WARNING: Don't upgrade to this version (v.6.38.5) if you use CHRs !!!!!! All my licensed instances after the upgrade when boot: Loading system with initrd XZ-compressed data is corrupt -- System halted_ I check with a fresh install of CHR in free mode... and after the upgrade... the same message...
by virtman
Fri Mar 10, 2017 1:24 pm
Forum: Announcements
Topic: v6.37.5 [bugfix] is released!
Replies: 35
Views: 13398

Re: v6.37.5 [bugfix] is released!

/* deleted */ (incorrect version)
by virtman
Wed Mar 08, 2017 11:17 am
Forum: Forwarding Protocols
Topic: IMGP-proxy MFC static entry "source" to all?
Replies: 0
Views: 296

IMGP-proxy MFC static entry "source" to all?

Hi, I'm using igmp-proxy for routing multicast traffic in my LAN. The problem is with some traffic that needs to be allways in the LAN. For such traffic I use one MFC static entry... but the problem is the enforced source parameter... Anyone knows how to use "all" as a source, like 0.0.0.0/0 ? The p...
by virtman
Wed Mar 01, 2017 2:32 pm
Forum: General
Topic: SSTP Mikrotik-to-Mikrotik with RC4
Replies: 3
Views: 569

Re: SSTP Mikrotik-to-Mikrotik with RC4

SSTP will always try to use AES. It will try to switch to RC4 only if AES fails. There is no configuration option to force RC4 on RouterOS. So, I think this can be improved... AES uses much more CPU than RC4. Why not include the option for forcing RC4? Perhaps the best solution is provide the optio...
by virtman
Wed Mar 01, 2017 2:15 pm
Forum: General
Topic: SSTP Mikrotik-to-Mikrotik with RC4
Replies: 3
Views: 569

SSTP Mikrotik-to-Mikrotik with RC4

Hi, I like to use SSTP for a VPN over TCP, as it uses only one TCP port and it's very easy to setup. Now I have running one VPN of this kind, but I don't know how to change the ENCRYPTION algorithm. I like to use RC4 (aka Arcfour128) as it's less CPU consuming than AES256 (the default). In the docum...
by virtman
Wed Mar 01, 2017 12:18 pm
Forum: General
Topic: SSTP proxy authentication
Replies: 8
Views: 1232

Re: SSTP proxy authentication

Hi,

No one responds? I need this functionality!
No response from the mikrotik support e-mail... and I need put SSTP with Proxy Authentication in a lot (hundred) of hAP routers in roadwarrior.
NO SOLUTION? :(
by virtman
Wed Mar 01, 2017 12:15 pm
Forum: General
Topic: Change default 10sec. of chech-gateway
Replies: 0
Views: 208

Change default 10sec. of chech-gateway

Hi,

How I can reduce the default 10 seconds check-gateway value?

I need to change for one static gateway in between 4-6 seconds, instead of the current 20 seconds (=2 fails after each 10sec. in between two checks).

Please, help me!
Thank you.
by virtman
Tue Feb 07, 2017 1:10 pm
Forum: General
Topic: can add SOCK5?
Replies: 6
Views: 2226

Re: can add SOCK5?

But you'll have to be very (and I mean VERY ) convincing. Quite simple: HTTP proxy only supports TCP, and SOCKS5 can support UDP. Routing isn't the best solution in all environments, and proxies are instead a good solution in some cases. But UDP is required for some services. Then, please, add SOCK...
by virtman
Tue Feb 07, 2017 1:07 pm
Forum: General
Topic: Request: Clear Traffic Statistics in VPN interfaces
Replies: 1
Views: 376

Re: Request: Clear Traffic Statistics in VPN interfaces

No comment?
No more people testing VPN interfaces? I feel this quite simple function is a must have!
by virtman
Tue Feb 07, 2017 1:06 pm
Forum: General
Topic: L2TP with MPPE 40bit RSA
Replies: 5
Views: 1018

Re: L2TP with MPPE 40bit RSA

However, I need a solution for the problem to switch to non-encryption when several sync errors appears. Can you help me to overcome this problem?
Hi,

Problem solved forcing (="required") encryption in the ppp profile (instead of "yes").

I comment here only for reference.
by virtman
Tue Feb 07, 2017 1:04 pm
Forum: General
Topic: SSTP proxy authentication
Replies: 8
Views: 1232

Re: SSTP proxy authentication

This is a user forum. Contact Mikrotik support by email on support@mikrotik.com
Hi,

No response to my request after 2 months.
How I can request to implement SSTP proxy authentication?
by virtman
Mon Jan 16, 2017 11:22 am
Forum: General
Topic: L2TP with MPPE 40bit RSA
Replies: 5
Views: 1018

Re: L2TP with MPPE 40bit RSA

The current documentation at http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP describes: MPPE 40bit RC4 and MPPE 128bit RC4 encryption are supported. MPPE 40bit RC4 support was removed long time ago. Hi, Now I see that the documentation page is updated: the 40bit RC4 support is removed. OK. Also...
by virtman
Mon Jan 16, 2017 10:49 am
Forum: General
Topic: L2TP with MPPE 40bit RSA
Replies: 5
Views: 1018

Re: L2TP with MPPE 40bit RSA

Hi, Today I see this in my LOGs: jan/05/2017 08:46:39 ppp,error,critical 192.168.172.21: Encryption got out of sync - disabling jan/05/2017 10:10:01 ppp,error,critical 192.168.172.21: Encryption got out of sync - disabling jan/05/2017 10:56:21 ppp,error,critical 192.168.172.21: Encryption got out of...
by virtman
Mon Jan 16, 2017 10:38 am
Forum: General
Topic: Request: Clear Traffic Statistics in VPN interfaces
Replies: 1
Views: 376

Request: Clear Traffic Statistics in VPN interfaces

Hi,

I need to reset (set to zero) the Traffic Statistics of a L2TP tunnel. Can't do it without reseting the tunnel (that breaks the interface).
Plase, can you help me?

Thank you!
by virtman
Mon Jan 16, 2017 10:36 am
Forum: RouterBOARD hardware
Topic: MIKROTIK AS ONT
Replies: 5
Views: 2566

Re: MIKROTIK AS ONT

Hi, Take into account that ONT has a very complex management over the xPON network. Then it's very complex to replace a ONT with a router. It's not equal to a simple L1 medium access. So, the best solution it's put it in simple Bridge mode. I hope this help. Yeah, in fact, is like I use in this mom...
by virtman
Mon Jan 16, 2017 10:26 am
Forum: General
Topic: SSTP proxy authentication
Replies: 8
Views: 1232

Re: SSTP proxy authentication

So demand is probably low and it doesn't seem as priority for MikroTik. I don't understand why! SSTP is a protocol for typical roadwarrior or sporadic use. So, using it with a proxy is the most common scenario with the SSTP protocol (if not, you should use other VPN protocols over UDP or GRE). But,...
by virtman
Sun Jan 15, 2017 8:23 pm
Forum: General
Topic: SSTP proxy authentication
Replies: 8
Views: 1232

Re: SSTP proxy authentication

Hi,

We really need this function!
It's hard to implement it?
by virtman
Sun Jan 15, 2017 8:21 pm
Forum: General
Topic: L2TP with MPPE 40bit RSA
Replies: 5
Views: 1018

Re: L2TP with MPPE 40bit RSA

MPPE 40bit RC4 support was removed long time ago. Hi, An why? As I say we need to use L2TP with a light encryption (equal near to 'ofuscation' with a very low CPU overhard ). So, no encryption is not a solution for us. Please, can you provide one alternative? I request to reactivate MPPE 40bit. Reg...
by virtman
Sun Jan 15, 2017 8:14 pm
Forum: RouterBOARD hardware
Topic: MIKROTIK AS ONT
Replies: 5
Views: 2566

Re: MIKROTIK AS ONT

Hi, Instead of a full replace of your ONT hardware, try to put it in BRIDGE mode. Then bridge it to your Mikrotik. If all of your ONT servercices are standard (PPPoE, IPoE, etc.) then you can run it on your Mikrotik. It's like to use a xDSL hardware as a "modem" instead of a "router". Take into acco...
by virtman
Wed Jan 04, 2017 11:24 am
Forum: General
Topic: VRRP sharing configuration
Replies: 0
Views: 299

VRRP sharing configuration

Hi, I readed several times about sharing configs over multiple RouterOS devices. The VRRP protocol for using two devices as a main router is great. It really works very well, it's amazing! However, it's required to have the option of sharing, almost some, of the services configuration: firewall rule...
by virtman
Wed Jan 04, 2017 10:29 am
Forum: General
Topic: L2TP with MPPE 40bit RSA
Replies: 5
Views: 1018

L2TP with MPPE 40bit RSA

Hi, The current documentation at http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP describes: MPPE 40bit RC4 and MPPE 128bit RC4 encryption are supported. However, how I can select 40bit over 128bit using two RouterOS devices? Please, don't say that 40bit it's a weak encryption, or recomened IPSec...
by virtman
Wed Jan 04, 2017 10:14 am
Forum: General
Topic: v5.5 bug: after ssh-keys password login via ssh is blocked
Replies: 18
Views: 4853

Re: v5.5 bug: after ssh-keys password login via ssh is blocked

Hi Teamer,

Thanks a lot! This is that I need... and referenced at http://wiki.mikrotik.com/wiki/Manual:IP/SSH
The problem is that isn't in Winbox, and it's poorly described.

Regards.
by virtman
Wed Dec 28, 2016 9:11 am
Forum: General
Topic: SSTP proxy authentication
Replies: 8
Views: 1232

Re: SSTP proxy authentication

Hi managers!

You agree to add this functionality? I really need it in my roadwarriors routers.

Thank you!
by virtman
Wed Dec 28, 2016 9:09 am
Forum: General
Topic: v5.5 bug: after ssh-keys password login via ssh is blocked
Replies: 18
Views: 4853

Re: v5.5 bug: after ssh-keys password login via ssh is blocked

Hi,

I can't understand why this limitation is included. I agree to have available the option to "disable passwords when ssh-keys", but as an option.

So, please can you add the option for enable/disable this functionality?
by virtman
Wed Dec 21, 2016 5:38 pm
Forum: General
Topic: SSTP proxy authentication
Replies: 8
Views: 1232

Re: SSTP proxy authentication

Hi,

No one needs this? :(
by virtman
Wed Dec 21, 2016 5:36 pm
Forum: Virtualization
Topic: RouterOS in Vmware ESXi
Replies: 22
Views: 37696

Re: RouterOS in Vmware ESXi

Give it time, it will happen eventually. [...] look now at CHR, what a nice piece of software it is. One day they'll realize that tools are nice too. :) Yes! But consider that the CHR is now a PRODUCT from the RouterOS line, but it lacks a functionality required for a production environment. Until ...
by virtman
Mon Dec 12, 2016 11:44 am
Forum: Virtualization
Topic: RouterOS in Vmware ESXi
Replies: 22
Views: 37696

Re: RouterOS in Vmware ESXi

Hi,

When the CHR will include support for Open VM Tools?
Whitout these tools it's impossible at all to manage the Virtual Machine: no live migration, no proper scripting shutdown (power-off is not scriptable!), backup, etc.

Please, this a real requirement!
by virtman
Mon Dec 12, 2016 11:36 am
Forum: General
Topic: SSTP proxy authentication
Replies: 8
Views: 1232

SSTP proxy authentication

Hi, I suggest to add the option for simple proxy authentication in the SSTP protocol. It's very common to use the SSTP protocol for VPN when only an HTTP proxy is available. But in this scenario, the authentication of the proxy is also very common. So, we really need to have support for HTTP AUTH. P...
by virtman
Mon Dec 12, 2016 11:34 am
Forum: Virtualization
Topic: RouterOS in Vmware ESXi
Replies: 22
Views: 37696

Re: RouterOS in Vmware ESXi

Hi,

When the OpenVMTools will be integrated in CHR?
Whitout these tools is IMPOSIBLE to manage the virtual machine... live migration, controlled shutdown (power-off is not scriptable!!!), backup, etc.

Thank you!