Community discussions

Search found 180 matches

by JohnTRIVOLTA
Thu Jul 18, 2019 9:48 pm
Forum: Wireless Networking
Topic: Wireless AC performence issue
Replies: 2
Views: 129

Re: Wireless AC performence issue

This seems to be a common pattern, looks like it's pretty much impossible to achieve more than 250-300 Mbit/s real world single client throughput with Mikrotik ac WiFi.
In case you ever manage to break this limit please let me know how you did it :)
For exemple this test
.
by JohnTRIVOLTA
Thu Jul 18, 2019 2:33 pm
Forum: Wireless Networking
Topic: Wireless AC performence issue
Replies: 2
Views: 129

Wireless AC performence issue

Hi friends, I have a router RBM33G with two full-size mpci-e cards / AR9380 for 2.4GHz and AR9880-WLE900VX for 5GHz /. All works just fine. My laptop have Intel AC7260. The connectivity is perfect at 5GHz ~ 40dBm, but I only achieve about max 300Mb/ps - average 250Mb/ps. I expected some speeds in th...
by JohnTRIVOLTA
Sun Jul 14, 2019 10:15 pm
Forum: Wireless Networking
Topic: Wifi range is really bad for a reason
Replies: 5
Views: 471

Re: Wifi range is really bad for a reason

Fix the channel and change with no EU country for example Canada !
by JohnTRIVOLTA
Mon Jun 17, 2019 12:05 pm
Forum: Wireless Networking
Topic: wAP ac / cAP ac: no 2 streams with 80MHz?
Replies: 4
Views: 767

Re: wAP ac / cAP ac: no 2 streams with 80MHz?

I have a large network deployed with lots of hAP AC2 with CAPsMAN and I have no such problems!
https://i.postimg.cc/3RF708fz/ccr-7.png

P.S.
You ask for AC models only - my mistake! But with old version of ROS about 6.42/3.XX stable , there is no such problem i mean ?!
by JohnTRIVOLTA
Fri Jun 07, 2019 11:50 pm
Forum: General
Topic: PPTP in IPsec Tunnel
Replies: 1
Views: 112

Re: PPTP in IPsec Tunnel

Maybe the opposite may happen site to site ipsec over ppp connection !
I have already configured such a set up / site to site ipsec over sstp connection with BCP / and a double aes 256 encoding is obtained - the safest tunnel you can set :D
by JohnTRIVOLTA
Fri Jun 07, 2019 8:31 am
Forum: General
Topic: Time Based firewaal rules
Replies: 12
Views: 542

Re: Time Based firewaal rules

Synchronize time on routerboard with ntp client or manually ?
With ntp client!!!
NTP . In ROS this is System-SNTP client .
by JohnTRIVOLTA
Thu Jun 06, 2019 2:26 pm
Forum: General
Topic: Time Based firewaal rules
Replies: 12
Views: 542

Re: Time Based firewaal rules

Synchronize time on routerboard with ntp client or manually ?
by JohnTRIVOLTA
Wed Jun 05, 2019 7:45 pm
Forum: General
Topic: Traffic routing between isolated bridges/subnets
Replies: 3
Views: 209

Re: Traffic routing between isolated bridges/subnets

Check Interface List ... add other bridges in list LAN ?!
by JohnTRIVOLTA
Wed May 29, 2019 9:08 am
Forum: General
Topic: Simple config but Internet not working.
Replies: 8
Views: 369

Re: Simple config but Internet not working.

Change this rule:
/ip firewall nat add action=masquerade chain=srcnat
with
/ip firewall nat add action=masquerade chain=srcnat out-interface=ether13WAN
by JohnTRIVOLTA
Sun May 19, 2019 6:41 pm
Forum: Forwarding Protocols
Topic: L2TP+ipsec speeds
Replies: 7
Views: 722

Re: L2TP+ipsec speeds

Can you test L2TP ipsec with Multilink Protocol activated - MRRU=1600 on both sides ? Don't use tcp mss clamping - ppp profile set=no on both sites too ! Unsure how to use that setting properly, however with MTU=1420 and MRRU=1600, no clamp in FW nor PPP, I got about 5% less than with MTU=1460. Ser...
by JohnTRIVOLTA
Sun May 19, 2019 5:15 pm
Forum: Forwarding Protocols
Topic: L2TP+ipsec speeds
Replies: 7
Views: 722

Re: L2TP+ipsec speeds

After lowering the MTU/MRU to 1420 for L2TP+ipsec to avoid fragmentation, I have some expected results: L2TP+IPSec 280 280 120/120 208 200 80/80 Can you test L2TP ipsec with Multilink Protocol activated - MRRU=1600 on both sides ? Don't use tcp mss clamping - ppp profile set=no on both sites too !
by JohnTRIVOLTA
Sat May 18, 2019 11:26 pm
Forum: General
Topic: Block public proxy servers - HOW [SOLVED]
Replies: 12
Views: 473

Re: Block public proxy servers - HOW [SOLVED]

Blocking access to proxies doesn't sound like something that would help much. Unless you have some very strict filtering of all outgoing traffic, any worm will just use either custom ports, or if you block those, then regular https. And you pretty much have to allow that, if those 150 clients shoul...
by JohnTRIVOLTA
Sat May 18, 2019 11:09 pm
Forum: General
Topic: Block public proxy servers - HOW [SOLVED]
Replies: 12
Views: 473

Re: Block public proxy servers - HOW [SOLVED]

It really depends on what exactly you need it for and how persistent users you have. Maybe if you block the most obvious servers, they will give up. The major thing against you is that all they need is just one working server. Behind a ccr I have a very sensitive network with about 150 clients. The...
by JohnTRIVOLTA
Sat May 18, 2019 8:24 pm
Forum: General
Topic: Block public proxy servers - HOW [SOLVED]
Replies: 12
Views: 473

Re: Block public proxy servers - HOW [SOLVED]

I don't follow what happens in public proxy world, but what I got from Google was all without https, just http. But if you have different sources with https, then it's bad for you, because you can't see what's inside https connection, it's the whole point of https. And collecting address, good luck...
by JohnTRIVOLTA
Sat May 18, 2019 7:24 pm
Forum: General
Topic: Block public proxy servers - HOW [SOLVED]
Replies: 12
Views: 473

Re: Block public proxy servers - HOW [SOLVED]

For now, this stops traffic to proxies that do not use https / SSL /. Unfortunately, most of the public are over https ! Тhe only solution for now is that I have to collect their ip addresses in lists .
by JohnTRIVOLTA
Sat May 18, 2019 4:32 pm
Forum: General
Topic: Block public proxy servers - HOW [SOLVED]
Replies: 12
Views: 473

Re: Block public proxy servers - HOW [SOLVED]

I don't think you can. You can block some with L7 like this:
/ip firewall layer7-protocol
add name=proxy regexp="^(CONNECT\\ .*|GET\\ https\?:\\/\\/.*)\\ HTTP\\/1\\."
But it's far from perfect.
Тhank you very much Sob !
I will try it ... I hope I will not block with it another traffic? :D
by JohnTRIVOLTA
Fri May 17, 2019 9:34 pm
Forum: General
Topic: Block public proxy servers - HOW [SOLVED]
Replies: 12
Views: 473

Block public proxy servers - HOW [SOLVED]

Hi guys, I have not found a way to effectively block traffic to public proxies so as not to bypass the rules in the firewall ! If anyone has such a solution, please share their experience ! P.S. I want to ask, if i can add a firewall rule in filter section on forward chain with conten=https and one ...
by JohnTRIVOLTA
Thu May 16, 2019 12:10 pm
Forum: Wireless Networking
Topic: 40MHz channel on hAP Mini
Replies: 4
Views: 301

Re: 40MHz channel on hAP Mini

Your client wireless card may not be configured correctly to use 40MHz channel ?! Sometimes signal noise is the cause of the inability to use a wider frequency length !
by JohnTRIVOLTA
Mon May 06, 2019 9:06 pm
Forum: General
Topic: Port forwarding not working or something interfering possibly? 12 hrs later.. still don't know.
Replies: 7
Views: 364

Re: Port forwarding not working or something interfering possibly? 12 hrs later.. still don't know.

Have you forgotten to put a gateway address on the computer to which we forward(dst-nat) the port ?
by JohnTRIVOLTA
Mon Apr 22, 2019 11:37 am
Forum: General
Topic: How dynamic tunnels can be created?
Replies: 3
Views: 212

Re: How dynamic tunnels can be created?

Thanks JohnTrivolta for replying. I tried that but, I'm running a dhcp server and clients under the bridged interface can't obtain an ip from server. Played around with mtu's but can't get it working. If you have properly configured your BCP, you must successfully expand transparently /L2/ the hots...
by JohnTRIVOLTA
Sun Apr 21, 2019 3:16 pm
Forum: General
Topic: Trying to Understand MSS Clamping - Not Working? [SOLVED]
Replies: 9
Views: 511

Re: Trying to Understand MSS Clamping - Not Working? [SOLVED]

When i need some ppp based VPN i use multilink feature instead clamp mss ! You must set the MRRU = 1600 for example on both sides - try it !
by JohnTRIVOLTA
Sun Apr 21, 2019 8:42 am
Forum: General
Topic: How dynamic tunnels can be created?
Replies: 3
Views: 212

Re: How dynamic tunnels can be created?

Just use L2TP client with BCP on every clients router!
by JohnTRIVOLTA
Thu Apr 18, 2019 9:18 pm
Forum: Wireless Networking
Topic: CAP AC Vs HAP AC2
Replies: 3
Views: 494

Re: CAP AC Vs HAP AC2

An important difference - cAP AC has separate antennas for each chain /4/ and better wireless performance for that! hAP AC2 has 2 combined antennas for both frequencies!
by JohnTRIVOLTA
Mon Apr 15, 2019 12:50 pm
Forum: Beginner Basics
Topic: HAP mini IPSEC+EoIP performance?
Replies: 4
Views: 378

Re: HAP mini IPSEC+EoIP performance?

I think the hAP ac2 / RBD52G-5HacD2HnD-TC / is the right choice !
by JohnTRIVOLTA
Sun Apr 14, 2019 6:34 pm
Forum: Beginner Basics
Topic: HAP mini IPSEC+EoIP performance?
Replies: 4
Views: 378

Re: HAP mini IPSEC+EoIP performance?

Don't expect more than 10 mb/ps with AES 128 CBC , the eoip tunnel use lot of cpu resources too!
by JohnTRIVOLTA
Sun Mar 24, 2019 10:17 pm
Forum: General
Topic: ROS 6.44 - VPN L2TP not working
Replies: 23
Views: 3939

Re: ROS 6.44 - VPN L2TP not working

Since I upgraded to 6.44.*, I currently have patch 6.44.1 and device CCR1036-12G-4S, can not connect Windows 10 clients with IPSEC, get error when trying to connect and I have not changed at all the configuration in the clients or router I have the same problem. I reverted it with version 6.43.13 L...
by JohnTRIVOLTA
Sat Mar 23, 2019 6:02 am
Forum: General
Topic: PPPOE over PPTP or PPPOE over L2TP ?
Replies: 8
Views: 3122

Re: PPPOE over PPTP or PPPOE over L2TP ?

Does nobody have any Idea ;(
Just set MRRU=1610 on ppp connection on both sides !On the ppp profile dont use Change TCP MSS - put NO .
by JohnTRIVOLTA
Thu Mar 14, 2019 7:09 am
Forum: Beginner Basics
Topic: Simplest Route Rule Possible.
Replies: 13
Views: 560

Re: Simplest Route Rule Possible.

Sorry this discussion is NOT to include mangling LOL.
Ooo sorry .... by the way, all is clear and there is nothing to discuss, but I will follow the topic .
by JohnTRIVOLTA
Wed Mar 13, 2019 10:49 pm
Forum: Beginner Basics
Topic: Simplest Route Rule Possible.
Replies: 13
Views: 560

Re: Simplest Route Rule Possible.

Requirement: There is only one IP used in vlan55, I want to direct this ip 129.168.55.25 to go out my ether1 cable WANIP. Right now the cable WANIP is my secondary fail over wanip, the primary is fibre bell. For my email on cable I simply create a route rule with the mail server IP as the destinati...
by JohnTRIVOLTA
Wed Mar 13, 2019 10:32 pm
Forum: General
Topic: Restrict vpn user access
Replies: 1
Views: 143

Re: Restrict vpn user access

Hello, I managed to configure ovpn connection to my router. I set remote address of some user on 192.168.88.195. He is able to connect with every device in 192.168.88.0 network. How i can restrain his access and allow him only to connect only with one specific IP ? For instance, the user should be ...
by JohnTRIVOLTA
Mon Mar 04, 2019 5:01 pm
Forum: Beginner Basics
Topic: VPN server on sxt lte setup
Replies: 7
Views: 501

Re: VPN server on sxt lte setup

So if I put a vpn server under a public ip pc or routerboard I could connect the sxt routerboard to that server and example Android phone to same server and then with this" kind of bridge " see sxt contents with Android phone and viceversa ?
Еxactly !
by JohnTRIVOLTA
Mon Mar 04, 2019 4:14 pm
Forum: Beginner Basics
Topic: VPN server on sxt lte setup
Replies: 7
Views: 501

Re: VPN server on sxt lte setup

The ISP say that is possible by vpn. If would not possible to connect outside then why I can access with some proprietary app as synology or xiaomi to my nas or hub.? I think these app create a tunnel similar or equal to a vpn. A vpn tunnel would be as the vpn server goes outside of lan /internet a...
by JohnTRIVOLTA
Wed Feb 27, 2019 7:11 am
Forum: RouterBOARD hardware
Topic: Wireless USB dongle support?
Replies: 2
Views: 568

Re: Wireless USB dongle support?

ROS Version 6.X no longer supports WiFi USB adapters ! You can only use Woobm for management purpose or an older version of ROS !
by JohnTRIVOLTA
Sat Feb 23, 2019 8:38 pm
Forum: General
Topic: Hotspot - do not bypass dns router role how ?
Replies: 5
Views: 343

Re: Hotspot - do not bypass dns router role how ?

Wow, okay that is good to know. I wonder why hotspot functionality bypasses NAT rules??
This is my question too !
by JohnTRIVOLTA
Sat Feb 23, 2019 5:54 pm
Forum: General
Topic: Hotspot - do not bypass dns router role how ?
Replies: 5
Views: 343

Re: Hotspot - do not bypass dns router role how ?

Hello Anav, thanks for the quick answer! I already use these rules and work well, but they do not work on the hotspot network unfortunately. There are clients who put a static DNS address and thus jump my router and resolve to the their DNS. I think there must be some rule/s/ between the dynamic one...
by JohnTRIVOLTA
Sat Feb 23, 2019 3:14 pm
Forum: General
Topic: Hotspot - do not bypass dns router role how ?
Replies: 5
Views: 343

Hotspot - do not bypass dns router role how ?

Hello friends. I have a router that has multiple networks and the router has a roll for dns. I have a problem with the hotspot, and can not intercept and redirect the different dns server addresses manually seted from clients. The standard rule can not intercept addresses from hotspots network only....
by JohnTRIVOLTA
Tue Jan 29, 2019 10:23 pm
Forum: Beginner Basics
Topic: block inter VLAN traffic
Replies: 17
Views: 1050

Re: block inter VLAN traffic

Where is this export of configuration or at least that of the firewall? I did not see it anywhere, so I am confined to what is specifically asked! Everything else bordered on divination skills and I do not have ones!
by JohnTRIVOLTA
Mon Jan 28, 2019 10:54 pm
Forum: Beginner Basics
Topic: block inter VLAN traffic
Replies: 17
Views: 1050

Re: block inter VLAN traffic

That sounds silly JT. What are you trying to accomplish?? VLAN to VLAN traffic is blocked by default at layer 2. VLAN to VLAN traffic is blocked at layer 3 unless you allow it with an allow rule. THe only thing the OP requires is an allow VLAN to WAN rule! Тhis is my answer for pegasus123 - its fir...
by JohnTRIVOLTA
Mon Jan 28, 2019 8:57 pm
Forum: Beginner Basics
Topic: block inter VLAN traffic
Replies: 17
Views: 1050

Re: block inter VLAN traffic

I use only one filter rule . First i add all vlans in interface list - VLANs and then put the one filter rule:
/ip fi fi add action=drop chain=forward in-interface-list=VLANs out-interface-list=VLANs
by JohnTRIVOLTA
Sat Jan 26, 2019 8:32 pm
Forum: Wireless Networking
Topic: Reduce Wi-Fi transmitter power on schedule
Replies: 6
Views: 515

Re: Reduce Wi-Fi transmitter power on schedule

Oh man thank you! I did it wrong first time. Then I tried as you said but I cannot succeed. I made this to show how I did it. but it doesn't change anything .. i think https://ibb.co/RzVRqpW You forgot RUN in schedule : /system script run number=1 But this is not the main setup error. You must chan...
by JohnTRIVOLTA
Sat Jan 26, 2019 3:18 pm
Forum: Wireless Networking
Topic: Reduce Wi-Fi transmitter power on schedule
Replies: 6
Views: 515

Re: Reduce Wi-Fi transmitter power on schedule

Did you do this?
Аdd the script in the system section - scripts with changed values ​​as desired . Then add a schedule in system - schedule to run the script at a certain interval - an example of 15 minutes. That is all !
Image
by JohnTRIVOLTA
Sat Jan 26, 2019 12:54 pm
Forum: Wireless Networking
Topic: Reduce Wi-Fi transmitter power on schedule
Replies: 6
Views: 515

Re: Reduce Wi-Fi transmitter power on schedule

Simply set a minimum value /10dbm/ for the transmitting power of the wireless interface in the tx power section - all rates fixed and the script will work! Change the desired values in the script too !
by JohnTRIVOLTA
Fri Jan 25, 2019 7:10 am
Forum: General
Topic: IKEv2 Site-To-Site VPN
Replies: 4
Views: 619

Re: IKEv2 Site-To-Site VPN

Hello, the things you want can be configured, but you also need to set some settings in location A if you want a L2 level or extend transparently the LAN , if I understood right !
by JohnTRIVOLTA
Tue Jan 22, 2019 7:20 pm
Forum: General
Topic: IKEv2 site to site between 2 Mikrotik
Replies: 10
Views: 923

Re: IKEv2 site to site between 2 Mikrotik

I think your problem is in the balancing mode used /PCC/. In the second router, you do not use balancing, and there is no problem for initiate the connection. For the test, you can stop the wan ports and leave only the wan for ipsec and try it again.
by JohnTRIVOLTA
Tue Jan 22, 2019 6:57 am
Forum: General
Topic: IKEv2 site to site between 2 Mikrotik
Replies: 10
Views: 923

Re: IKEv2 site to site between 2 Mikrotik

I'm really sorry. I have only seen the beginning of both configurations without scrolling them!
Now, when I look at the config, I think that the traffic that is between the two networks should be marked to be exactly where / which WAN port / will come out for balancing!
by JohnTRIVOLTA
Mon Jan 21, 2019 6:30 pm
Forum: General
Topic: IKEv2 site to site between 2 Mikrotik
Replies: 10
Views: 923

Re: IKEv2 site to site between 2 Mikrotik

really hoping someone can point out what I'm doing wrong :(
I cant see any IpSec IKE2 Site to Site configuration ! You may have set up some L2TP with IpSec ppp connection and routing the networks on it - do you have any routes for them in both places ?
by JohnTRIVOLTA
Sun Jan 20, 2019 4:26 pm
Forum: Beginner Basics
Topic: how to do Dynamic nat 100 private ip with /24 public ip
Replies: 10
Views: 698

Re: how to do Dynamic nat 100 private ip with /24 public ip

I think this rules will work : /ip firewall address-list add address=192.168.0.1-192.168.0.100 list=100private_addresses #just add your private ip addresses in address list# /ip firewall nat add action=accept chain=srcnat src-address-list=!100private_addresses add action=netmap chain=srcnat src-addr...
by JohnTRIVOLTA
Sun Jan 20, 2019 12:52 pm
Forum: Beginner Basics
Topic: how to do Dynamic nat 100 private ip with /24 public ip
Replies: 10
Views: 698

Re: how to do Dynamic nat 100 private ip with /24 public ip

Hi
Can you please help me how to do Dynamic nat of apporx 100 private ip with /24 public ip pool . thanks
Use NETMAP for source nat !?
by JohnTRIVOLTA
Sun Jan 20, 2019 10:23 am
Forum: General
Topic: No country [SOLVED]
Replies: 4
Views: 539

Re: No country [SOLVED]

Try Debug and then russia2 for other frequencies .