Community discussions

MikroTik App

Search found 373 matches

  • 1
  • 2
by JohnTRIVOLTA
Wed Mar 20, 2024 7:43 pm
Forum: RouterBOARD hardware
Topic: M33G + 2x WLAN
Replies: 4
Views: 507

Re: M33G + 2x WLAN

I mean you have to run ROS version 7 with the old drivers - the package wireless not wifi-qcom-ac package !
by JohnTRIVOLTA
Tue Mar 19, 2024 10:32 pm
Forum: RouterBOARD hardware
Topic: M33G + 2x WLAN
Replies: 4
Views: 507

Re: M33G + 2x WLAN

Yes, but no new drivers for AC Radio!
Image
by JohnTRIVOLTA
Sun Mar 17, 2024 11:35 am
Forum: Wireless Networking
Topic: Netbox 5 AX, L11UG-5HaxD wont send data
Replies: 8
Views: 696

Re: Netbox 5 AX, L11UG-5HaxD wont send data

Why .width=20mhz ? Have you tried another channel, another frequency?
by JohnTRIVOLTA
Mon Mar 04, 2024 10:02 am
Forum: Beginner Basics
Topic: BTH not work
Replies: 0
Views: 176

BTH not work

Hello, i use hAP AX3 and ever since I purchased this board it fails to activate BTH. All the devices I've used have been activated and I've used them without a problem, but this one doesn't work! https://i.postimg.cc/XNQHY5pf/bth.png If it matters, i have public ip address, DDNS is enabled, i use ze...
by JohnTRIVOLTA
Thu Feb 29, 2024 3:22 pm
Forum: Beginner Basics
Topic: Wireguard LAN to LAN (one side behind NAT) not working
Replies: 16
Views: 3224

Re: Wireguard LAN to LAN (one side behind NAT) not working

Where have you allowed the handshake in the firewall rules?? The ip filter rules in this lab just accept everything - surely I don't have to specify this traffic specifically? On router B the allowed IP should be /interface wireguard peers add allowed-address=192.168.77.0/24,10.255.255.0/30 Done, b...
by JohnTRIVOLTA
Thu Feb 29, 2024 6:51 am
Forum: Beginner Basics
Topic: Wireguard LAN to LAN (one side behind NAT) not working
Replies: 16
Views: 3224

Re: Wireguard LAN to LAN (one side behind NAT) not working

I've come back to this after not working on it for some time. I implemented the steps mentioned in an earlier reply and I now see Wireguard initiation packets being sent from B to A, but A never responds or initiates a tunnel. My lab configs are as follows (anonymised) A: /interface ethernet set [ ...
by JohnTRIVOLTA
Tue Feb 27, 2024 7:54 pm
Forum: Wireless Networking
Topic: Wireless Bridge with hAP AX3 [SOLVED]
Replies: 6
Views: 1297

Re: Wireless Bridge with hAP AX3 [SOLVED]

...

JohnTRIVOLTA, do you mean that your AX3 on the latest beta ROS or did you upgrade your cAP AC to the v7 ROS?

...
I use always the same ROS version for all devices.In this case the latest beta version for both!
by JohnTRIVOLTA
Tue Feb 27, 2024 6:52 am
Forum: Wireless Networking
Topic: Wireless Bridge with hAP AX3 [SOLVED]
Replies: 6
Views: 1297

Re: Wireless Bridge with hAP AX3 [SOLVED]

I have hAP AX3 with cAP AC working as a repeater, using 5ghz to connect to the main router and virtual radio for AP. Everything works perfectly as I am on the latest beta ROS version - use a manually set channel on the main router! #my config /interface bridge add name=bridge-lan /interface wifi set...
by JohnTRIVOLTA
Wed Feb 21, 2024 7:56 pm
Forum: Wireless Networking
Topic: Do hAP ax2/3 support AP + STA mode?
Replies: 2
Views: 313

Re: Do hAP ax2/3 support AP + STA mode?

Yes, but STA/main mode/ + AP/virtual same frequency/ !
by JohnTRIVOLTA
Sun Feb 18, 2024 11:46 am
Forum: Wireless Networking
Topic: cAPsMAN 2 Load Balancing Group implementation
Replies: 1
Views: 302

Re: cAPsMAN 2 Load Balancing Group implementation

Anyone? Mikrotik staff? Can anyone help me?
by JohnTRIVOLTA
Fri Feb 16, 2024 10:26 am
Forum: Wireless Networking
Topic: cAPsMAN 2 Load Balancing Group implementation
Replies: 1
Views: 302

cAPsMAN 2 Load Balancing Group implementation

Hello, everyone! What settings do you make in capsman2 to perform the capsman1 function of Load Balancing Group?
by JohnTRIVOLTA
Thu Feb 15, 2024 11:26 pm
Forum: RouterBOARD hardware
Topic: how to use SIM slot in CCR1009-7G-1C-1S+ [SOLVED]
Replies: 5
Views: 826

Re: how to use SIM slot in CCR1009-7G-1C-1S+ [SOLVED]

....
By the way, what is a smart cart used for in a ccr?
Projects that have been abandoned by mikrotik, such as vpn tunnel crypto keys, etc.
by JohnTRIVOLTA
Thu Feb 15, 2024 9:38 pm
Forum: RouterBOARD hardware
Topic: how to use SIM slot in CCR1009-7G-1C-1S+ [SOLVED]
Replies: 5
Views: 826

Re: how to use SIM slot in CCR1009-7G-1C-1S+ [SOLVED]

With usb 3/4/5G modem! The router have sd slot and smart card slot only!
by JohnTRIVOLTA
Thu Feb 15, 2024 4:46 pm
Forum: Wireless Networking
Topic: WiFi Speed is low
Replies: 7
Views: 608

Re: WiFi Speed is low

Have you tried the wireless protocols nstreme, nv2 ? How much is the CPU load? What is the value of CCQ?
by JohnTRIVOLTA
Mon Feb 12, 2024 3:41 pm
Forum: Announcements
Topic: v7.14rc [testing] is released!
Replies: 176
Views: 47275

Re: v7.14rc [testing] is released!

No solution for the memory shortage in 15.3MB ARM devices? The solution is simple! Reset the device without def.conf. , after that make upgrade, or make netinstall with new npk version. The occupied space after the procedure is 14.9MB. Finally new setup based on old config, do not use old backup fi...
by JohnTRIVOLTA
Mon Feb 05, 2024 11:06 pm
Forum: General
Topic: RAW FORWARD chain [SOLVED]
Replies: 5
Views: 612

Re: RAW FORWARD chain [SOLVED]

P.S.
Such a chain may appear if you manually added it with an action=jump with exactly that name
by JohnTRIVOLTA
Mon Feb 05, 2024 10:51 pm
Forum: General
Topic: RAW FORWARD chain [SOLVED]
Replies: 5
Views: 612

Re: RAW FORWARD chain [SOLVED]

Always the RAW chain is before Input and Forward chains /in prerouting chain/ and in Output chain too!
by JohnTRIVOLTA
Sat Feb 03, 2024 1:29 pm
Forum: General
Topic: hAP ac lite slow ethernet [SOLVED]
Replies: 17
Views: 1101

Re: hAP ac lite slow ethernet [SOLVED]

I tested wired and wireless. The Wi-Fi 5 speed was limited to about the same speed (60Mbps). From memory, the lites only have only chain on Wi-Fi 5 so that's got a theoretical speed of ~450Mbps (?) but even that should translate on to nearly 100Mbps. The fact the wireless speed and Wi-Fi 5 speeds h...
by JohnTRIVOLTA
Sat Feb 03, 2024 8:45 am
Forum: General
Topic: hAP ac lite slow ethernet [SOLVED]
Replies: 17
Views: 1101

Re: hAP ac lite slow ethernet [SOLVED]

What model is the client wireless adapter and what is the speed at which it connected or you only tested wired?
by JohnTRIVOLTA
Fri Feb 02, 2024 7:08 am
Forum: General
Topic: CCR1009-8G-1S Throughput Speed
Replies: 20
Views: 943

Re: CCR1009-8G-1S Throughput Speed

We have a CCR1009-8G-1S and just upgraded to 1gig service. We are only getting around 800mpbs download speed. The isp says they can ping the modem at over 1gig. We have the wan on port 1, and the lan on port 2. We have fast track enabled. Looking at the block diagram for the router, should be move ...
by JohnTRIVOLTA
Fri Feb 02, 2024 6:55 am
Forum: General
Topic: CCR1009-8G-1S Throughput Speed
Replies: 20
Views: 943

Re: CCR1009-8G-1S Throughput Speed

Different board, but the same cores/processor! On board have 4 LANs, capsman/hybrid mode - new and old/, ether7 is a software trunk port. The combo port use sfp Ubiquiti for uplink/wan!
Image
by JohnTRIVOLTA
Thu Feb 01, 2024 9:48 pm
Forum: General
Topic: CCR1009-8G-1S Throughput Speed
Replies: 20
Views: 943

Re: CCR1009-8G-1S Throughput Speed

Image
No fasttrack!
by JohnTRIVOLTA
Mon Jan 22, 2024 5:58 pm
Forum: RouterBOARD hardware
Topic: RBM33G mPCIe#1 not detecting wireless module
Replies: 2
Views: 1968

Re: RBM33G mPCIe#1 not detecting wireless module

Which version of ROS is installed on RBM?
When the model was released /with ROS 6.40.5/, it detected only one wifi card. After a while, Mikrotik fixed this problem!
by JohnTRIVOLTA
Sun Jan 21, 2024 7:23 am
Forum: Beginner Basics
Topic: MikroTik Groove 52HPn Antenna
Replies: 11
Views: 898

Re: MikroTik Groove 52HPn Antenna

Аnd one more thing, the groove have a level 3 license - no AP Bridge mode.
NO, Its License level is 4 due to this page:
https://mikrotik.com/product/RBGrooveA-52HPnr2
You wrote that the model is RBGroove52HPn, not RBGrooveA-52HPn/r2/!
by JohnTRIVOLTA
Sat Jan 20, 2024 6:38 pm
Forum: Beginner Basics
Topic: MikroTik Groove 52HPn Antenna
Replies: 11
Views: 898

Re: MikroTik Groove 52HPn Antenna

Аnd one more thing, the groove have a level 3 license - no AP Bridge mode.
by JohnTRIVOLTA
Tue Jan 02, 2024 4:55 pm
Forum: Beginner Basics
Topic: Creating secure VPN tunnel between two MikroTik routers using IPsec?
Replies: 4
Views: 1004

Re: Creating secure VPN tunnel between two MikroTik routers using IPsec?

The easiest way is to configure an EoIP tunnel with IPSEC on top of the two public IP addresses /both sides/for transport.
by JohnTRIVOLTA
Sun Dec 31, 2023 12:52 pm
Forum: Beginner Basics
Topic: Terrible wifi speed - L009UiGS-2HaxD-IN - Wifi 6 (Router OS 7.13) [SOLVED]
Replies: 28
Views: 5064

Re: Terrible wifi speed - L009UiGS-2HaxD-IN - Wifi 6 (Router OS 7.13) [SOLVED]

This is your mistake in the settings:
/interface wifi channel
add frequency=2412,2432,2472 name=ch-2ghz width=20mhz
Change the setting like this:
/interface wifi channel
add frequency=2412 name=ch-2ghz
by JohnTRIVOLTA
Sun Dec 31, 2023 9:06 am
Forum: RouterBOARD hardware
Topic: hex 2gbps routing
Replies: 2
Views: 1009

Re: hex 2gbps routing

I assume you mean 1gbps full duplex, this is lumped together as a total throughput for up and down, looking at the block diagram there are two gigabit full duplex connections to the CPU, not four or more?! With a firewall of around 60 rules and fasttrack running I get around 1200-1300mb/ps total due...
by JohnTRIVOLTA
Sun Dec 31, 2023 8:32 am
Forum: Beginner Basics
Topic: Terrible wifi speed - L009UiGS-2HaxD-IN - Wifi 6 (Router OS 7.13) [SOLVED]
Replies: 28
Views: 5064

Re: Terrible wifi speed - L009UiGS-2HaxD-IN - Wifi 6 (Router OS 7.13) [SOLVED]

If your client adapter is 2xMIMO/2T2R/ at 2.4GHz gen6/ax/ I achieve speeds above 300mb/ps up/down, with adapter gen.5 /AC/ achieve speeds above 200, and with gen 4 /N/ achieve around 150. If you use 1xMIMO /1T1R/, divide the speeds in half to get the maximum throughput . And if the adapter only supp...
by JohnTRIVOLTA
Sat Dec 30, 2023 10:43 am
Forum: Wireless Networking
Topic: sxtsq 5ac ptp wifiwave2
Replies: 1
Views: 624

Re: sxtsq 5ac ptp wifiwave2

This is an l3 licensed device that can only create one wireless connection /only has bridge mode/! As a bridging device, it can be connected in two modes for now - station and station bridge mode with ROS 7.13. With new beta 7.14.xx the station pseudobridge mode is also supported /CLI only/ .
by JohnTRIVOLTA
Sat Dec 23, 2023 8:45 am
Forum: Wireless Networking
Topic: Will there be a wifi 6E 4SS device soon?
Replies: 2
Views: 906

Will there be a wifi 6E 4SS device soon?

Will there soon be a new product based on QCN9024/9074 , 4SS (4 spatial streams), 4T4R (4×4) MU-MIMO?
by JohnTRIVOLTA
Thu Dec 21, 2023 11:40 am
Forum: Beginner Basics
Topic: connected, no internet [SOLVED]
Replies: 5
Views: 1092

Re: connected, no internet [SOLVED]

Do you have snat for LAN addresses ?
by JohnTRIVOLTA
Thu Dec 21, 2023 11:36 am
Forum: Beginner Basics
Topic: Some websites don't work [SOLVED]
Replies: 24
Views: 1777

Re: Some websites don't work [SOLVED]

Again and again !
add this rule:
/ip fi m add chain=forward protocol=tcp connection-state=new tcp-flags=syn action=change-mss new-mss=clamp-to-pmtu
by JohnTRIVOLTA
Wed Dec 20, 2023 1:07 pm
Forum: Wireless Networking
Topic: WifiWave2 white list... [SOLVED]
Replies: 16
Views: 1783

Re: WifiWave2 white list... [SOLVED]

I disable the rule, connect the phone, add it via "add to Access List".Everything works. If you enable the rule, the router does not allow the phone to connect to the network, despite the fact that the mac address is in the allowed list. It works for me, but not with capsman, only in the ...
by JohnTRIVOLTA
Wed Dec 20, 2023 12:50 pm
Forum: Wireless Networking
Topic: WifiWave2 white list... [SOLVED]
Replies: 16
Views: 1783

Re: WifiWave2 white list... [SOLVED]

If you add this rule, then everything is blocked.
It works for me. Try to choose the interface?
by JohnTRIVOLTA
Wed Dec 20, 2023 12:23 pm
Forum: Wireless Networking
Topic: WifiWave2 white list... [SOLVED]
Replies: 16
Views: 1783

Re: WifiWave2 white list... [SOLVED]

It is clear that you need to add all the necessary ones to the Access list, but in the end you need a forbidding entry that says enables blocking by mac address?
Just add last rule with only reject action - this is enough !
by JohnTRIVOLTA
Wed Dec 20, 2023 11:59 am
Forum: Wireless Networking
Topic: WifiWave2 white list... [SOLVED]
Replies: 16
Views: 1783

Re: WifiWave2 white list... [SOLVED]

Good day! Tell me how to create a white list now and most importantly how to prohibit access to the network via WI-FI to those who are prohibited from doing so.? It was logically and understandably organized in the old CAPsMAN... Likewise, you have an access list where you add who should be accepte...
by JohnTRIVOLTA
Sun Dec 17, 2023 5:25 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257353

Re: v7.13 [stable] is released!

Why station pseudobridge work with old drivers on RBM33G, but not with basebox2 ? This is my question! As I already wrote: it is probably a bug ... either in ROS on basebox2 or in config applied to basebox2. If you suspect a bug in ROS (I guess you do), then make supout.rif of non-working basebox2 ...
by JohnTRIVOLTA
Sun Dec 17, 2023 5:21 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257353

Re: v7.13 [stable] is released!

IMO wifi interface in straight station mode is useless as bridge port by definition. Because only that particular device (as an L3 entity) can communicate via wireless in station mode. Focus on the question that interests me please! I tested again with a different board/NetMetal 5/ and with the old...
by JohnTRIVOLTA
Sun Dec 17, 2023 5:06 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257353

Re: v7.13 [stable] is released!

Why would you add a station mode interface to a bridge? This makes no sense at all and cannot produce any usable result. Тo try to somehow get l2 connectivity working. Leave this modе aside, the question isn't about it. Why station pseudobridge work with old drivers on RBM33G, but not with basebox2...
by JohnTRIVOLTA
Sun Dec 17, 2023 5:01 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257353

Re: v7.13 [stable] is released!

Basebox2 does not work in any mode
Well, make up your mind, you wrote in your previous post that ...
Station standalone mode works on both boards /Basebox2 or RBM33G/
Make a difference between wifi station mode alone and wifi station mode as a bridgeport in the bridge!
by JohnTRIVOLTA
Sun Dec 17, 2023 2:43 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257353

Re: v7.13 [stable] is released!

If basebox2 works in station mode but not in station-pseudobridge, then it's the pseudobridge function on basebox2 which is broken. Pseudobridge doesn't "offload" anything on the other end if the radio link. Basebox2 does not work in any mode and rbm33g only works with station pseudobridg...
by JohnTRIVOLTA
Sun Dec 17, 2023 2:19 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257353

Re: v7.13 [stable] is released!

@JohnTRIVOLTA, I think you should focus on getting straight "station" to pass traffic. That's the most straight forward station mode and should work in any case, regardless the vendor and/or driver generation of either AP or station. After you get station working, pseudobridge should be a...
by JohnTRIVOLTA
Sun Dec 17, 2023 1:30 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257353

Re: v7.13 [stable] is released!

OK, but why device with the wifi card /AR9888/ with old drivers on RBM33G, works with a device with new drivers /cAP AC/ in station pseudobridge mode transparently? Because station-pseudobridge uses standard 802.11 over the air, the "pseudobridge" magic happens entirely inside station dev...
by JohnTRIVOLTA
Sun Dec 17, 2023 12:31 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257353

Re: v7.13 [stable] is released!

Station bridge mode - the radio does not connect You can't use station bridge mode between old wireless and new wifi driver, it requires the same driver on both sides. This is documented in the manual. OK, but why device with the wifi card /AR9888/ with old drivers on RBM33G, works with a device wi...
by JohnTRIVOLTA
Sun Dec 17, 2023 11:06 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257353

Re: v7.13 [stable] is released!

Hmm, now i tested 3 modes - station, station bridge and station pseudobridge. I have basebox2 with second 5ghz radio and cAPac, both with last stable 7.13 version. Basebox2 is connected to the cAPac on main 2ghz radio to cAPac and second 5ghz radio work in AP mode. The two radios /4 gen/ are in the ...
by JohnTRIVOLTA
Sun Dec 17, 2023 9:19 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257353

Re: v7.13 [stable] is released!

Yup, already in beta versions. Tested it as well.
I'm talking about old devices connected to the new ones or with new wave2 drivers. For me work station pseudobridge mode, but in the stationbridge mode does not pass traffic, in station mode pass only L2.
by JohnTRIVOLTA
Sat Dec 16, 2023 4:46 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257353

Re: v7.13 [stable] is released!

Upgraded two LHG XL52 ac (PtP setup), settings were intact, no issue with signal (-42), devices register themselves on one another (both 2GHz and 5GHz), but can't see other LHG via Winbox. Any clues ? EDIT: on 7.12.1 was working perfectly. Are you using the new wifi package? If yes, it does not sup...
by JohnTRIVOLTA
Sat Dec 16, 2023 12:05 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257353

Re: v7.13 [stable] is released!

I've uploaded routeros-arm-6.49.11.npk, hit downgrade button, LHG reboots with 7.13 version
If you have another packet except the main uninstall him first. Then make downgrade procedure!
by JohnTRIVOLTA
Fri Dec 08, 2023 12:48 pm
Forum: Wireless Networking
Topic: Mikrotik is blocking few sites
Replies: 8
Views: 2295

Re: Mikrotik is blocking few sites

MTU was set to 1500 by default, I selected 1460, 1430, 1380, 1300, 1280. Now I set it to 1360, the videos began to open better, but not ideally. Websites still blocked. Model Mikrotik CCR1036-8G-2S, Problem with opening websites, YouTube videos do not play, videos on Instagram do not play, pictures...
by JohnTRIVOLTA
Fri Dec 08, 2023 9:27 am
Forum: Wireless Networking
Topic: Mikrotik is blocking few sites
Replies: 8
Views: 2295

Re: Mikrotik is blocking few sites

Or add this rule:
/ip fi m add chain=forward protocol=tcp connection-state=new tcp-flags=syn action=change-mss new-mss=clamp-to-pmtu
by JohnTRIVOLTA
Mon Nov 27, 2023 11:10 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88689

Re: v7.13beta [testing] is released!

I bought over 100 of them and they were all 256MB! hAP ac2 (I believe it's almost identical inside apart from number of ether ports) has officially 128MB RAM. However, some early batches came with 256MB RAM (I happen to have one of those). Are your cAP acs early birds as well? Yes, factory software...
by JohnTRIVOLTA
Mon Nov 27, 2023 10:56 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88689

Re: v7.13beta [testing] is released!

But the same specs page you linked above lists 128MB ... hmm. You ok?
I bought over 100 of them and they were all 256MB! I think they wrote it wrong, it's even commented if I'm not messing around in threads back.
by JohnTRIVOLTA
Mon Nov 27, 2023 10:43 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88689

Re: v7.13beta [testing] is released!

And they probably won't. cAP ac and hAP ac2 are in the same boat, too little memory (RAM) for the full featured drivers.
They could ship some -smallbuffers version of drivers for these devices, but doubt that this will see any light.
The cAP AC have 256MB and I think they are enough.
by JohnTRIVOLTA
Mon Nov 27, 2023 10:31 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88689

Re: v7.13beta [testing] is released!

cAP AC is IPQ4018 based and support max 300mbps data rate in the 2.4GHz band[...]
yes yes.. with the MikroTik drivers, not with the Wave2 capable ones.
Clear. They haven't updated the specs yet!
by JohnTRIVOLTA
Mon Nov 27, 2023 10:23 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88689

Re: v7.13beta [testing] is released!

It's documented at https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-Benefits 400Mb/s maximum data rate in the 2.4GHz band for IPQ4019 interfaces Probably some proprietary extension of the standard from qcom. cAP AC is IPQ4018 based and support max 300mbps data rate in the 2.4GHz band: Specifica...
by JohnTRIVOLTA
Mon Nov 27, 2023 9:17 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88689

Re: v7.13beta [testing] is released!

I observe strange bit rate between cAP ac and Huawei Nova 5T on 2GHz band - 400mb/ps!
Image
by JohnTRIVOLTA
Fri Nov 24, 2023 10:58 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88689

Re: v7.13beta [testing] is released!

...I think yours is a specific, local problem with your setup. Yes, I think I understand what the problem is in this case. I use pppoe in vlan on built backbone with vlans to transport L2 traffic /network/ with eoip on both ends - CCR2116 and cAP ACs. I noticed that in the tests, only one processor...
by JohnTRIVOLTA
Fri Nov 24, 2023 5:28 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88689

Re: v7.13beta [testing] is released!

Something strange happens. If i set the 5ghz radio on the cAP AC with local settings i will achieve over 400mb/ps download, but when i use capsman wave2 i will only get 150~170 mb/ps. The tests are provided with cuple cAP ACs in different buildings on3-4m. distance and clear LOS!
by JohnTRIVOLTA
Sat Nov 18, 2023 9:15 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88689

Re: v7.13beta [testing] is released!

Wave 2 driver works fine on cAP AC. But only the TV BOX /old MXQ Pro with android 5.1 - 2016/ can't be connected to the LAN via 2GHz radio anymore! https://i.postimg.cc/pdr1KdDY/mqx-pro.png Had the same problem here, the fix was disabling management frame protection. Thank you very much Z0ltan! I d...
by JohnTRIVOLTA
Sat Nov 18, 2023 4:25 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88689

Re: v7.13beta [testing] is released!

/interface wifi security add authentication-types=wpa2-psk,wpa3-psk disabled=no management-protection=allowed name=secWPA3 wps=disable Try to changed to /interface wifi security add authentication-types=wpa-psk,wpa2-psk disabled=no management-protection=allowed name=secWPA3 wps=disable to support y...
by JohnTRIVOLTA
Sat Nov 18, 2023 11:16 am
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88689

Re: v7.13beta [testing] is released!

What security settings do you have on 2ghz channel ?

Some old devices only want as low as WPA.
WPA/WPA2, with the old driver /wireless package/ work fine! All of the other devices can be connected without a problem!
by JohnTRIVOLTA
Sat Nov 18, 2023 10:51 am
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88689

Re: v7.13beta [testing] is released!

Wave 2 driver works fine on cAP AC. But only the TV BOX /old MXQ Pro with android 5.1 - 2016/ can't be connected to the LAN via 2GHz radio anymore!
Image
by JohnTRIVOLTA
Mon Nov 13, 2023 8:59 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 88689

Re: v7.13beta [testing] is released!

Yes, WPA3 on AC devices, etc. Also old and new type of CAPsMAN can be managed on the same router. Not as a unified mechanism, but two separate and parallel systems on the same router.
Wave 2 driver for ipq4xxx ?!
by JohnTRIVOLTA
Fri Oct 20, 2023 3:28 pm
Forum: General
Topic: CCR2116 disappointing can't do >2gbps PPPOE, single CPU >95%
Replies: 5
Views: 2019

Re: CCR2116 disappointing can't do >2gbps PPPOE, single CPU >95%

Are you using ppp multilink /MLPPP/?
by JohnTRIVOLTA
Mon Sep 18, 2023 8:51 pm
Forum: General
Topic: Multicast IPTV over EOIP Tunnel over L2TP
Replies: 7
Views: 1192

Re: Multicast IPTV over EOIP Tunnel over L2TP

Use terminal via winbox and paste:
ip fi f add chain=input protocol=gre place-before=0
by JohnTRIVOLTA
Sun Sep 17, 2023 8:52 pm
Forum: General
Topic: Multicast IPTV over EOIP Tunnel over L2TP
Replies: 7
Views: 1192

Re: Multicast IPTV over EOIP Tunnel over L2TP

Allow GRE Protocol on both sites ! Don't forget to put EoIP tunnels on tv bridges.
by JohnTRIVOLTA
Sat Sep 02, 2023 10:02 pm
Forum: Beginner Basics
Topic: Connectivity Issues with Amazon Echo Alexa and Fire TV on MikroTik RouterOS
Replies: 10
Views: 2400

Re: Connectivity Issues with Amazon Echo Alexa and Fire TV on MikroTik RouterOS

Just add this rule and try again:
/ip firewall mangle add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
by JohnTRIVOLTA
Sun Jul 23, 2023 12:22 pm
Forum: Beginner Basics
Topic: RB750GL sometimes stops communicating, advice needed
Replies: 15
Views: 1564

Re: RB750GL sometimes stops communicating, advice needed

Maybe have network loop !?
by JohnTRIVOLTA
Sun May 28, 2023 10:49 pm
Forum: Beginner Basics
Topic: Block communication between multiple ports
Replies: 9
Views: 1039

Re: Block communication between multiple ports

Bridge-filter ... bridge-horizon !
by JohnTRIVOLTA
Thu May 18, 2023 2:59 pm
Forum: Wireless Networking
Topic: List of supported wifi modules
Replies: 27
Views: 5248

Re: List of supported wifi modules

I don't know of a wireless/radio module that works on both frequencies at the same time!
by JohnTRIVOLTA
Wed May 17, 2023 2:14 pm
Forum: Wireless Networking
Topic: List of supported wifi modules
Replies: 27
Views: 5248

Re: List of supported wifi modules

Why not ? Just use the necessary antenna pigtails!
Is there any difference in which connectors to connect pigtails for sector antennas?
At one end, the connectors are like those for the wifi card, and at the other end, they are like those for the sector antenna cables.
by JohnTRIVOLTA
Wed May 17, 2023 1:24 pm
Forum: Wireless Networking
Topic: List of supported wifi modules
Replies: 27
Views: 5248

Re: List of supported wifi modules

yes, of course. You can turn off chains in advanced options, can even assign different ones for TX/RX...
This is you about my question, can the module be used with two sector antennas?
Why not ? Just use the necessary antenna pigtails!
by JohnTRIVOLTA
Tue May 16, 2023 10:00 pm
Forum: Wireless Networking
Topic: List of supported wifi modules
Replies: 27
Views: 5248

Re: List of supported wifi modules

I've used a lot of adapters based on AR93XX, AR98XX and they all worked correctly! Example:
Image
Image
by JohnTRIVOLTA
Mon May 15, 2023 6:11 pm
Forum: Wireless Networking
Topic: RBM33G and usb Wi-Fi
Replies: 6
Views: 1632

Re: RBM33G and usb Wi-Fi

No. Мikrotik stopped supporting the usb wifi adapter with the 6th version of ROS . Also only atheros based adapters were supported! Do you know why they stopped supporting USB Wi-Fi? And does it mean that if I find a USB Wi-Fi with an Atheros chip, it will work on MikroTik? I don't know why Mikroti...
by JohnTRIVOLTA
Sun May 14, 2023 9:10 pm
Forum: Wireless Networking
Topic: RBM33G and usb Wi-Fi
Replies: 6
Views: 1632

Re: RBM33G and usb Wi-Fi

No. Мikrotik stopped supporting the usb wifi adapter with the 6th version of ROS . Also only atheros based adapters were supported!
by JohnTRIVOLTA
Sat Apr 22, 2023 11:22 pm
Forum: Wireless Networking
Topic: Wave2 - Bridge.Ports vs. Wifi.Datapath
Replies: 20
Views: 6552

Re: Wave2 - Bridge.Ports vs. Wifi.Datapath

it's the same, wireless interfaces are placed manually in the bridge, or with datapath are dynamically joined to the bridge!
by JohnTRIVOLTA
Wed Mar 15, 2023 9:28 am
Forum: Beginner Basics
Topic: RB750GL - RouterOS 7.6, Bridge or switch?
Replies: 8
Views: 752

Re: RB750GL - RouterOS 7.6, Bridge or switch?

Bridge vlan filtering performance results :
Image
by JohnTRIVOLTA
Sat Mar 04, 2023 9:17 pm
Forum: General
Topic: Can not access to the remote LAN through wireguard
Replies: 7
Views: 946

Re: Can not access to the remote LAN through wireguard

Use srcnat ! wg peer - allowed address=0.0.0.0/0
 ip fi n add chain=srcnat src-address=172.16.129.0/24 dst-address=172.16.0.0/24 action=src-nat to-addresses=172.16.0.1
by JohnTRIVOLTA
Sat Mar 04, 2023 8:28 pm
Forum: General
Topic: Using pihole behind the Mikrotik DNS server
Replies: 5
Views: 1402

Re: Using pihole behind the Mikrotik DNS server

Use redirect rules for both/tcp and udp/ 53 ports in filter nat section except pihole ip , if you think someone can setup other dns address of clients!
I prefer to use adguard - on a container in routerboard if possible!
by JohnTRIVOLTA
Sat Mar 04, 2023 12:03 am
Forum: General
Topic: ROSE storage
Replies: 18
Views: 5419

Re: ROSE storage

offtopic
trivolta in Bulgarian it is three volts for voltage, but written in latin letters, do not confuse with travolta - the actor!
best regards - the smartass
by JohnTRIVOLTA
Fri Mar 03, 2023 11:00 am
Forum: General
Topic: ROSE storage
Replies: 18
Views: 5419

Re: ROSE storage

O.K. I have RB 4011 based on arm... WHERE should I put SATA or NVMe disks ??? and how???
Please add a freakin' sentence which will describe it just a bit more....
Ok, where does it say that all ARM devices are supported? ... It is assumed that as you read, you can also think!
by JohnTRIVOLTA
Sat Feb 25, 2023 2:40 pm
Forum: General
Topic: L41G-2axD /hAP AX Lite/ USB support ?
Replies: 5
Views: 848

Re: L41G-2axD /hAP AX Lite/ USB support ?

I want to use an lte modem on it for a backup connection and I want to know for sure about this usb support.
by JohnTRIVOLTA
Sat Feb 25, 2023 11:31 am
Forum: General
Topic: L41G-2axD /hAP AX Lite/ USB support ?
Replies: 5
Views: 848

L41G-2axD /hAP AX Lite/ USB support ?

Hi does anyone know if the hAP AX Lite supports usb ! I want to use it with this USB C OTG Cable /2 in 1 Type C to USB A Adapter with PD Charging/?
Image
by JohnTRIVOLTA
Sun Feb 19, 2023 1:05 pm
Forum: General
Topic: 2 DHCP Server Site to Site EoIP IPsec
Replies: 8
Views: 929

Re: 2 DHCP Server Site to Site EoIP IPsec

Thanks will explore this option... Another question... I have 3 sites... Main Head office Network Server: 10.10.20.0/24 Site 2: 10.10.30.0/24 and Site 3: 10.10.40/24 both sites 2 and 3 to connect to my Server site 10.10.20.0/24... I cannot acheive this when i create 2 seperate bridges for the tunne...
by JohnTRIVOLTA
Sun Feb 19, 2023 10:40 am
Forum: General
Topic: 2 DHCP Server Site to Site EoIP IPsec
Replies: 8
Views: 929

Re: 2 DHCP Server Site to Site EoIP IPsec

Use DHCP snooping on both bridges! I use xx.xxx.xxx.1 ip address for R1 with dhcp pool 10-130, and xx.xxx.xxx.254 ip address for R2 and dhcp pool 131-240.
by JohnTRIVOLTA
Wed Aug 10, 2022 1:26 pm
Forum: RouterBOARD hardware
Topic: hAP ax² dual band Wi-Fi 6 (802.11ax)
Replies: 287
Views: 66734

Re: hAP ax² dual band Wi-Fi 6 (802.11ax)

In official Wireless capabilities show Wireless 5 GHz Max data rate is 867 Mbit/s, but shouldn't it be 1200 Mbit/s ?
Image
by JohnTRIVOLTA
Tue Jun 07, 2022 9:43 am
Forum: General
Topic: Site to site IKE2 PSK traffic issue
Replies: 0
Views: 289

Site to site IKE2 PSK traffic issue

I've made a connection between two sites with ike2 psk - Cisco ASA and Mikrotik. I have 2 policies for pair of two networks , net A to net B and net C to net D and respectively 4 SPIs. But the traffic pass only between the nets of the last policy that has been activated ! By disabling this policy th...
by JohnTRIVOLTA
Mon May 30, 2022 10:23 pm
Forum: General
Topic: IPSec established but no ping [SOLVED]
Replies: 36
Views: 5554

Re: IPSec established but no ping [SOLVED]

At first lоок I do not see a rule for snat exception and there are no routing rules for the LANs in routerboard!
by JohnTRIVOLTA
Fri Apr 08, 2022 9:24 pm
Forum: General
Topic: V7.2 OpenVPN
Replies: 23
Views: 9133

Re: V7.2 OpenVPN

I downgraded to v.7.1.5 and now my mmips and arm boards are working fine with OpenVPN udp ! Hi, Unfortunately, these two routers I upgraded are with dude server and dude is not available in V7.1.5. I have to go back to 6.49.5. Possible? I don't know, there is always the possibility of something goi...
by JohnTRIVOLTA
Fri Apr 08, 2022 9:12 pm
Forum: General
Topic: V7.2 OpenVPN
Replies: 23
Views: 9133

Re: V7.2 OpenVPN

Switch back to the last version that worked and stick to it. If possible, I would do that right away but I have no idea if it is going to work. The devices are all on a remote locations and if i brick them then I will have even bigger problems. ;( Did You ever try to downgrade to latest V6 from any...
by JohnTRIVOLTA
Tue Apr 05, 2022 9:40 pm
Forum: Announcements
Topic: v7.2 is released!
Replies: 359
Views: 60959

Re: v7.2 is released!

OpenVPN is not working anymore - log: 21:24:37 ovpn,info ovpn-out_1: initializing... 21:24:37 ovpn,info ovpn-out_1: connecting... 21:24:38 ovpn,info ovpn-out_1: using encoding - AES-256-CBC/SHA256 21:24:38 ovpn,info ovpn-out_1: connected 21:24:38 ovpn,info ovpn-out_1: terminating... - explicit peer ...
by JohnTRIVOLTA
Sat Mar 12, 2022 11:07 pm
Forum: General
Topic: RoMON not work over trunk
Replies: 4
Views: 1200

Re: RoMON not work over trunk

Thanks for the answers! My network backbone is made of old models cisco switchs - types of 2950 and 2960. Nothing special - access ports and trunks! My main router is mikrotik and i use few of cAPs ~ 20 units.Оn the mikrotik devices I do not use vlans. When i replace the 2950 with new one switch and...
by JohnTRIVOLTA
Sat Mar 12, 2022 3:58 pm
Forum: General
Topic: RoMON not work over trunk
Replies: 4
Views: 1200

Re: RoMON not work over trunk

Can anyone help, i haven't solved the problem yet?
by JohnTRIVOLTA
Wed Feb 16, 2022 5:35 pm
Forum: General
Topic: EoIP client for Windows
Replies: 8
Views: 10136

Re:

EoIP is possible only between two MikroTik routers.
and OpenWRT router ?
by JohnTRIVOLTA
Sat Jan 22, 2022 6:24 pm
Forum: Beginner Basics
Topic: USB port as a management port.
Replies: 18
Views: 5138

Re: USB port as a management port.

I wonder, is it possible to use RB5009 USB port as a management port? Without any USB-Ethernet-adapters?
Without or wiith some ethernet usb adapter ?
by JohnTRIVOLTA
Tue Jan 11, 2022 11:33 pm
Forum: Beginner Basics
Topic: Slow performance EOIP
Replies: 20
Views: 8968

Re: Slow performance EOIP

.....
Office is 1000/25
Home is 1000/1000
....
Your problem is in the bold number or 25mb/ps up - the office link!
by JohnTRIVOLTA
Fri Jan 07, 2022 10:08 pm
Forum: General
Topic: Two bridges over EoIP?
Replies: 11
Views: 1965

Re: Two bridges over EoIP?


For example, I do not want to be dependent on another - a third side in communications ! :idea:
EOIP over wireguard is not using a third party !!
I'm talking about a zerotier that you offer us all the time .
by JohnTRIVOLTA
Fri Jan 07, 2022 8:12 pm
Forum: General
Topic: Two bridges over EoIP?
Replies: 11
Views: 1965

Re: Two bridges over EoIP?

Two things I don't understand.

a. why not EOIP over wireguard
b. why not forget eoip+ipsec or eoip+wireguard and simply use zerotier??
For example, I do not want to be dependent on another - a third side in communications ! :idea:
by JohnTRIVOLTA
Tue Dec 28, 2021 9:06 pm
Forum: General
Topic: Wireguard and EoIP
Replies: 20
Views: 9275

Re: Wireguard and EoIP

Can we use the Wiregard tunnel/connection/ to transport eoip/s/ on it? Yes, why not. EoIP is literally Ethernet over IP, and Wireguard is an IP VPN, so no reason why it should not work. Thanks Sindy ! EoIP over Wireguard works, I tested it. But I want to replace some ppp connections that carry some...
by JohnTRIVOLTA
Tue Dec 28, 2021 4:29 pm
Forum: General
Topic: Wireguard and EoIP
Replies: 20
Views: 9275

Wireguard and EoIP

Can we use the Wiregard tunnel/connection/ to transport eoip/s/ on it?
by JohnTRIVOLTA
Mon Dec 27, 2021 9:39 pm
Forum: Announcements
Topic: Happy holidays!
Replies: 29
Views: 19427

Re: Happy holidays!

Happy Holidays!
by JohnTRIVOLTA
Sat Oct 30, 2021 8:41 am
Forum: Wireless Networking
Topic: New wireless attack using PMKID hash
Replies: 1
Views: 1755

Re: New wireless attack using PMKID hash

Reading: https://www.cyberark.com/resources/thre ... mple-trick

Tl;Dr they managed to retrieve 3,500 wireless passwords from 5,000 networks using the PMKID hash.
interface wireless security-profiles set disable-pmkid=yes
by JohnTRIVOLTA
Fri Oct 29, 2021 9:47 am
Forum: General
Topic: RoMON not work over trunk
Replies: 4
Views: 1200

RoMON not work over trunk

Hello friends. I came across a strange problem. After adding a few switches to the l2 backbone, I found that the romon frames do not pass through them. The switchеs are Cisco WS-C2960L-SM-24TS and romon discovery protocol does not detect other devices after them . Everything else works perfectly lik...
by JohnTRIVOLTA
Sun Oct 03, 2021 2:04 pm
Forum: General
Topic: Blocking Routers
Replies: 11
Views: 2000

Re: Blocking Routers

sysadmbonn, Some providers limit the maximum number of connections in this situation. You can plan the restriction by setting about 60 - 80 connections for client / device /. An example is a router with a speed plan with of up to 50 mb/ps and suitable for up to 3 devices. His net plan will be restri...
by JohnTRIVOLTA
Tue Jul 27, 2021 9:41 pm
Forum: General
Topic: L2TP/IPsec client routing through specific interface in dual WAN system [SOLVED]
Replies: 14
Views: 3522

Re: L2TP/IPsec client routing through specific interface in dual WAN system [SOLVED]

Hi! Maybe I am not clear. I will try to be as simple as possble. I have remote mtik l2tp/ipsec server with public ip (that public ip is dynamic so I am using ddns on it) and I want to connect to it from my RB951G (rb951g is l2tp/ipsec client) that has two WANs - usb lte modems (lte1 and lte2). I &q...
by JohnTRIVOLTA
Tue Jul 27, 2021 7:55 pm
Forum: General
Topic: L2TP/IPsec client routing through specific interface in dual WAN system [SOLVED]
Replies: 14
Views: 3522

Re: L2TP/IPsec client routing through specific interface in dual WAN system [SOLVED]

Now I understand exactly what you want. I thought you want the l2tp client as it is connected through lte1, the traffic to the public space to go through lte2 and the rules are for such a setup ! If you want to use lte2 as a server, then you have to mark the incoming traffic with the same mark, to a...
by JohnTRIVOLTA
Tue Jul 27, 2021 6:18 pm
Forum: General
Topic: L2TP/IPsec client routing through specific interface in dual WAN system [SOLVED]
Replies: 14
Views: 3522

Re: L2TP/IPsec client routing through specific interface in dual WAN system [SOLVED]

The traffic comes out through the lte 1 interface because it looks in the main routing table . ..... Snat rule ? /ip fi nat add chain=srcnat src-address=X.X.X.X24 action=masquerade out-interface=lte2 Yes, the route rule must be : /ip route rule add action=lookup interface=l2tp-client table=markforl2...
by JohnTRIVOLTA
Tue Jul 27, 2021 5:03 pm
Forum: General
Topic: L2TP/IPsec client routing through specific interface in dual WAN system [SOLVED]
Replies: 14
Views: 3522

Re: L2TP/IPsec client routing through specific interface in dual WAN system [SOLVED]

Ipsec is between public addresses ! If the client receives a dynamic ip address /some l2tp client private ip/ you put the whole network plus the interface as you added in the rule !
by JohnTRIVOLTA
Tue Jul 27, 2021 3:39 pm
Forum: General
Topic: L2TP/IPsec client routing through specific interface in dual WAN system [SOLVED]
Replies: 14
Views: 3522

Re: L2TP/IPsec client routing through specific interface in dual WAN system [SOLVED]

Just add this rule : replace X.X.X.X with ipsec client ip address
/ip r rule add src-address=X.X.X.X table=markforl2tp action=lookup
/ip fi nat add chain=srcnat src-address=X.X.X.X action=masquerade out-interface=lte2 place-before=0
by JohnTRIVOLTA
Tue Jul 27, 2021 1:08 pm
Forum: General
Topic: L2TP/IPsec client routing through specific interface in dual WAN system [SOLVED]
Replies: 14
Views: 3522

Re: L2TP/IPsec client routing through specific interface in dual WAN system [SOLVED]

Аdd route rule this IP ipsec client address to look in markforl2tp routing table !
by JohnTRIVOLTA
Sun Jul 11, 2021 8:08 am
Forum: Beginner Basics
Topic: [v6.48 on hap ac^2] Understanding routing-mark
Replies: 5
Views: 1124

Re: [v6.48 on hap ac^2] Understanding routing-mark

Not use mark rules, just add 3 rules on routing tables - each network to view its own routing table !
by JohnTRIVOLTA
Fri May 21, 2021 5:01 pm
Forum: Wireless Networking
Topic: RBM33G + QCA6174A mpci-e ?
Replies: 0
Views: 964

RBM33G + QCA6174A mpci-e ?

Hi , can the combination of the two devices - RBM33G + QCA6174A mpci-e, run the new wireless package wifivawe2 ? If not, it will be possible soon or never?
by JohnTRIVOLTA
Sun Apr 18, 2021 8:47 pm
Forum: Beginner Basics
Topic: VPN gateway of client
Replies: 5
Views: 1238

Re: VPN gateway of client

ok thank you, i'm on linux systems but now i'll search this method. But, i want know if there is a method to force this from server side. Or i need to configure all client computers? thank you very much Yes, you need to configure all client computers ! On linux/debian based/ PC : https://i.postimg....
by JohnTRIVOLTA
Sun Apr 18, 2021 7:23 pm
Forum: Beginner Basics
Topic: VPN gateway of client
Replies: 5
Views: 1238

Re: VPN gateway of client

Just uncheck "use default gateway on remote network" in advanced network settings on wan miniport L2 adapter!
Image
by JohnTRIVOLTA
Sat Feb 27, 2021 1:32 pm
Forum: General
Topic: EOIP TCP problem
Replies: 17
Views: 4566

Re: EOIP TCP problem

mlp can transport the full size of packet instead tcp mss clamping on L4 Can you explain why hidden fragmentation of 1500-byte TCP packets (i.e. 2 PPP packets per each payload one) should provide a better TCP throughput than transmission of 1462 byte TCP packets using one PPP packet per each payloa...
by JohnTRIVOLTA
Sat Feb 27, 2021 10:07 am
Forum: General
Topic: EOIP TCP problem
Replies: 17
Views: 4566

Re: EOIP TCP problem

@internetolog and @JohnTRIVOLTA: I've never had any problem with the stability of the L2TP connection (except for 6.48, but that's another story, 6.48.1 took care of it). My challenge is to get a single stream IPSec perform adequately. We need high file transfer performance on a single link. Lookin...
by JohnTRIVOLTA
Fri Feb 26, 2021 8:54 pm
Forum: Beginner Basics
Topic: PC can not reach internet, router can.
Replies: 9
Views: 1663

Re: PC can not reach internet, router can.

When pinging from the router, see what the value of TTL is? Paste here the firewall rules too !
by JohnTRIVOLTA
Fri Feb 26, 2021 3:18 pm
Forum: Wireless Networking
Topic: CAPsMAN unwanted interclient isolation
Replies: 6
Views: 2618

Re: CAPsMAN unwanted interclient isolation

May be i did not understand what exactly you want !
by JohnTRIVOLTA
Fri Feb 26, 2021 2:32 pm
Forum: Wireless Networking
Topic: CAPsMAN unwanted interclient isolation
Replies: 6
Views: 2618

Re: CAPsMAN unwanted interclient isolation

/caps-man configuration
add channel=bgn24-1 country=*** datapath.client-to-client-forwarding=no \
datapath.local-forwarding=no name=conf security.authentication-types=\
wpa2-psk security.passphrase=*** ssid=***
by JohnTRIVOLTA
Fri Feb 26, 2021 2:17 pm
Forum: General
Topic: Block Anydesk
Replies: 17
Views: 44511

Re: Block Anydesk

One simple solution :
1. redirect to router the DNS querys on port 53 udp and tcp .
2. block DOT port 453, 853 .
3. add stаtic record with regexp - ^(.*)(anydesk)(.*)$ and address 127.0.0.1 .
4. Try to block DOH dropping tcp 443 with dst.addr. list with known doh servers ip addresses .
by JohnTRIVOLTA
Thu Feb 25, 2021 10:55 pm
Forum: General
Topic: EOIP TCP problem
Replies: 17
Views: 4566

Re: EOIP TCP problem

L2TP is generally no solution for anything on mikrotik as it is not stable. See my corresponding question from 15th Feb. L2TP on IPSec is very slow with single TCP streams. And I have not found any solution for both. Has anyone? This is not dependant on high latency. L2TP has a stability problem pe...
by JohnTRIVOLTA
Mon Jan 25, 2021 3:49 pm
Forum: Wireless Networking
Topic: mantbox_52_15s
Replies: 7
Views: 3987

Re: mantbox_52_15s

Why not ? "Creating an efficient point-to-multipoint connection used to be tricky, but not anymore: mANTBox 52 15s works well in any setup"
by JohnTRIVOLTA
Mon Jan 25, 2021 3:36 pm
Forum: RouterBOARD hardware
Topic: hEX RB750GR3 Poor Performance
Replies: 5
Views: 1844

Re: hEX RB750GR3 Poor Performance

Try using a fast track if you are not currently using it !
by JohnTRIVOLTA
Tue Jan 05, 2021 10:51 pm
Forum: Beginner Basics
Topic: Route Routerboard's outgoing PPTP client connection
Replies: 3
Views: 686

Re: Route Routerboard's outgoing PPTP client connection

Hello everyone! I have a Routerboard with two independent, masqueraded WAN connections - main and backup. I would like to set up a PPTP Client interface, but to route it through the backup WAN despite of the primary WAN availability. Which would be the most elegant way to do that? Try this: 1. add ...
by JohnTRIVOLTA
Mon Jan 04, 2021 10:35 pm
Forum: General
Topic: Isolate two bridges at Layer 2 [SOLVED]
Replies: 7
Views: 2278

Re: Isolate two bridges at Layer 2 [SOLVED]

I think so . You can isolate them if they have IP addresses for example, but this is Layer 3 !
by JohnTRIVOLTA
Mon Jan 04, 2021 9:03 pm
Forum: General
Topic: Isolate two bridges at Layer 2 [SOLVED]
Replies: 7
Views: 2278

Re: Isolate two bridges at Layer 2 [SOLVED]

How the two bridges, talk each other at Layer 2 ? Give an example? What a connection they have?
by JohnTRIVOLTA
Sat Jan 02, 2021 9:26 pm
Forum: Beginner Basics
Topic: EoIP bridging over PPTP for remote IPTV [SOLVED]
Replies: 6
Views: 3500

Re: EoIP bridging over PPTP for remote IPTV [SOLVED]

Try to set PPTP MRRU=1600 on both sites and uncheck Clamp TCP MSS on EoIP tunnels too!
by JohnTRIVOLTA
Thu Dec 31, 2020 1:21 pm
Forum: Wireless Networking
Topic: cAP ac power consumption
Replies: 7
Views: 3250

Re: cAP ac power consumption

Cpu and ethernet ports consume more !
by JohnTRIVOLTA
Thu Dec 17, 2020 11:10 pm
Forum: Wireless Networking
Topic: 5ghz wireless radio randomly disappear
Replies: 7
Views: 2714

Re: 5ghz wireless radio randomly disappear

Your client is set to auto frequency and channel width setting?
I use fixed channel - viewtopic.php?f=7&t=170718#p834491
I try last RC ROS with skip DFS channels=all
by JohnTRIVOLTA
Thu Dec 17, 2020 7:46 am
Forum: Wireless Networking
Topic: 5ghz wireless radio randomly disappear
Replies: 7
Views: 2714

Re: 5ghz wireless radio randomly disappear

The issue appear today again , after 4 days !
by JohnTRIVOLTA
Sun Dec 13, 2020 1:14 pm
Forum: Wireless Networking
Topic: 5ghz wireless radio randomly disappear
Replies: 7
Views: 2714

Re: 5ghz wireless radio randomly disappear

I had a similar issue with RBM11G and R11e-5HacD. Now 6.46.8 installed and no problem
Thanks. I will test it again with this version !
by JohnTRIVOLTA
Sat Dec 12, 2020 10:21 pm
Forum: Wireless Networking
Topic: 5ghz wireless radio randomly disappear
Replies: 7
Views: 2714

Re: 5ghz wireless radio randomly disappear

Тhese are the interface settings: 2 R ;;; -- Wireless Radio 5.0 GHz -- name="wlan_5GHz" mtu=1500 l2mtu=1600 mac-address=00:00:00:36:59:75 arp=enabled interface-type=Atheros AR9888 mode=ap-bridge ssid="123456" frequency=5180 band=5ghz-n/ac channel-width=20/40/80mhz-Ceee secondary-...
by JohnTRIVOLTA
Sat Dec 12, 2020 11:13 am
Forum: Wireless Networking
Topic: 5ghz wireless radio randomly disappear
Replies: 7
Views: 2714

5ghz wireless radio randomly disappear

Hi guys i have rbm33g with two wireless card one for 2.4ghz /AR9370/ and other/QCA9880/ for 5 ghz . But sometimes 5ghz wireless radio disappear. In winbox all look OK , i disable/enable the interface but that not resolve the problem. Only when i reboot the routerbord the radio is available . This is...
by JohnTRIVOLTA
Sun Nov 01, 2020 8:58 pm
Forum: Beginner Basics
Topic: cofigure remotely routeros via a vpn only? [SOLVED]
Replies: 3
Views: 1112

Re: cofigure remotely routeros via a vpn only? [SOLVED]

Build your VPN network for this purpose. You can use any router as a server, with the others connected to it. I use on each PPP profile with a selected bridge/vpn br/ created for this purpose and a specified IP address from the VPN network. Example I have chosen to use sstp with certificates for VPN...
by JohnTRIVOLTA
Sat Aug 29, 2020 8:04 am
Forum: Beginner Basics
Topic: TWO PPPoE INTERFACES ON MIKROTIK
Replies: 2
Views: 586

Re: TWO PPPoE INTERFACES ON MIKROTIK

Hi Team, I'm new to MikroTiks. Could you please advise what will happen if the default routes are enabled on two separate PPPoE interface on MikroTik router? Thanks! If you have two last resort gateways, the gateway with larger IP address will be inactive .... if I'm not mistaken and this is vice v...
by JohnTRIVOLTA
Wed Jun 17, 2020 6:58 pm
Forum: RouterBOARD hardware
Topic: Successor to hAP AC Lite ?
Replies: 3
Views: 1903

Re: Successor to hAP AC Lite ?

The hap ac2 is the successor. We need a hap ac2 with a SFP port though very low range price - ........ low range price - RB751U-2HnD, RB951U-2HnD, RB952Ui-5ac2nD/hAP AC Lite/... mid range price - RB751G-2HnD, RB951G-2HnD, RB962UiGS-5HacT2HnT/hAP AC/, RBD52G-5HacD2HnD-TC/hAP AC2/... high range price...
by JohnTRIVOLTA
Tue Jun 16, 2020 9:46 pm
Forum: RouterBOARD hardware
Topic: Successor to hAP AC Lite ?
Replies: 3
Views: 1903

Successor to hAP AC Lite ?

Hi,does anyone know if there will be a successor to hap ac lite soon ? In the low price range there is nothing new for a long time - I think 5 years at least! I imagine it with the same type enclosure, but with a different hardware board for example with QCA9563 processor, gigabit ethernet ports wit...
by JohnTRIVOLTA
Mon Jun 15, 2020 12:26 am
Forum: General
Topic: Block ICMP tunnel - best practice
Replies: 5
Views: 2152

Re: Block ICMP tunnel - best practice

You could try something like that. This will drop icmp ping request pakets where the ip packet is bigger then 92 bytes and sets a rate limit with 3 pakets per second with a 10 packets burst. /ip firewall filter add action=drop chain=forward icmp-options=8:0 limit=3,10:packet packet-size=93-65535 pr...
by JohnTRIVOLTA
Sun Jun 14, 2020 10:00 pm
Forum: General
Topic: Block ICMP tunnel - best practice
Replies: 5
Views: 2152

Re: Block ICMP tunnel - best practice

Well, I think ICMP tunnels mainly use the Echo (type 8) / Echo Reply (type 0) so I guess you simply need to block that. There is not much else you can do. I don't think you want to go building L7 firewall rules which look into the packets ... It will kill performance anyway. Block all ICMP altogeth...
by JohnTRIVOLTA
Sun Jun 14, 2020 9:18 pm
Forum: General
Topic: Block ICMP tunnel - best practice
Replies: 5
Views: 2152

Block ICMP tunnel - best practice

Hello friends. How do you block icmp tunnels, which is the most appropriate and correct way?
Thanks in advance !
by JohnTRIVOLTA
Sun Jun 14, 2020 2:04 pm
Forum: General
Topic: L2TP BCP Problem
Replies: 4
Views: 1316

Re: L2TP BCP Problem

I think that this Bridge Control Protocol can only pass untagged traffic through the ppp connection and probably on one of the bridges you have set VID/s/ .
by JohnTRIVOLTA
Wed Jun 03, 2020 4:56 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 348
Views: 171957

Re: v6.47 [stable] is released!

Same problem with sector writes value - RB433AH :
Image
Image
by JohnTRIVOLTA
Thu May 28, 2020 3:23 pm
Forum: General
Topic: Blocking Internet access
Replies: 7
Views: 1923

Re: Blocking Internet access

/ip fi n add chain=srcnat place-before=0 src-address=XXX.XXX.XXX.XXX
by JohnTRIVOLTA
Fri May 15, 2020 8:14 pm
Forum: RouterBOARD hardware
Topic: RB953GS-5HnT-RP manufacturing defect
Replies: 2
Views: 1307

Re: RB953GS-5HnT-RP manufacturing defect

This routerboard is not arm based and this is more like a problem from shocks during transport ! Show the original packaging of the product?
by JohnTRIVOLTA
Fri May 08, 2020 8:57 am
Forum: Wireless Networking
Topic: Outdoor MikroTik AP option(s)
Replies: 12
Views: 10088

Re: Outdoor MikroTik AP option(s)

Does anyone know if MikroTik plans on releasing an updated outdoor WiFi AP anytime soon? Something similar to the wAP AC but on ARM and not MIPSBE? I'm planning on installing an additional AP at home for the backyard and it seems the best option available is the wAP AC. I'd happily wait for an upda...
by JohnTRIVOLTA
Wed May 06, 2020 4:13 pm
Forum: General
Topic: add multiple IP addresses to an interface [SOLVED]
Replies: 4
Views: 4532

Re: add multiple IP addresses to an interface [SOLVED]

It doesn't matter which ip address you use . If necessary, allow the required port on input chain with accept action !
P.S. And use SSH instead telnet !
by JohnTRIVOLTA
Wed Apr 08, 2020 4:40 pm
Forum: General
Topic: RB433AH Fasttrack
Replies: 7
Views: 2663

Re: RB433AH Fasttrack

bematft , i have rb433ah too with 2 ar9223 wifi cards . My ISP gives me 100/100mb/ps pppoe client . I achieve real 95/95 with 80-85% cpu load with fasttracking enabled over lan ethernet . Over wifi the load increase much more - same load only ~60mb/ps . https://i.postimg.cc/pXZVCGS7/rb433ah-speed.png
by JohnTRIVOLTA
Sun Apr 05, 2020 11:39 am
Forum: General
Topic: IPSec site-to-site tunnel problems
Replies: 5
Views: 1952

Re: IPSec site-to-site tunnel problems

Can you check the rule "add action=drop chain=input comment="Drop All Incoming Connections" in-interface=ether1" is last on input chain in filter section and same rules on both sites?
by JohnTRIVOLTA
Sun Apr 05, 2020 10:43 am
Forum: General
Topic: IPSec site-to-site tunnel problems
Replies: 5
Views: 1952

Re: IPSec site-to-site tunnel problems

Add accept rule for ipsec-esp too .
by JohnTRIVOLTA
Sun Apr 05, 2020 10:08 am
Forum: RouterBOARD hardware
Topic: HEX VLAN configuration question
Replies: 8
Views: 4176

Re: HEX VLAN configuration question

Unfortunately, that didn't work for me. /interface bridge add name=bridge_trunk add name=bridge_vlan10 add name=bridge_vlan20 add name=bridge_vlan30 /interface ethernet set [ find default-name=ether1 ] comment="-- WAN --" /interface vlan add interface=bridge_trunk name=vlan10 vlan-id=10 a...
by JohnTRIVOLTA
Sat Apr 04, 2020 9:19 pm
Forum: Wireless Networking
Topic: cAP ac (wifi repeater) - issues with bandwidth
Replies: 21
Views: 6539

Re: cAP ac (wifi repeater) - issues with bandwidth

Bandwidth test from client 192.168.1.131 to internet, but connected to wlan 5GHz Vodafone on AP place ? Do you use station pseudobridge mode !
by JohnTRIVOLTA
Fri Mar 27, 2020 12:34 pm
Forum: Announcements
Topic: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!
Replies: 59
Views: 247567

Re: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!

Live streaming of empty room? :D Can't open a beer in front of your computer and can't put a question under the streaming? 8) P.S. Presentations attendees should use some conferencing software platform, and streaming should be as before or what is being projected from the platform /the mikrotik pre...
by JohnTRIVOLTA
Fri Mar 27, 2020 11:54 am
Forum: Announcements
Topic: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!
Replies: 59
Views: 247567

Re: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!

Is there anything planned like a virtual mum /VMUM/ - like live streaming ?
by JohnTRIVOLTA
Thu Mar 12, 2020 2:54 pm
Forum: General
Topic: CRS354-48G-4S+2Q+ unable to switch to switchos
Replies: 5
Views: 3438

Re: CRS354-48G-4S+2Q+ unable to switch to switchos

This switch model have only ROS installed for now ! Maybe in future will be added and SWOS too !
by JohnTRIVOLTA
Wed Mar 11, 2020 4:59 pm
Forum: RouterBOARD hardware
Topic: RBM33G with two WifiCards
Replies: 9
Views: 6014

Re: RBM33G with two WifiCards

This is not true ! I'm with such a two wifi card !
Image
Image
by JohnTRIVOLTA
Sat Feb 01, 2020 9:26 am
Forum: General
Topic: EoIP over PPTP problem - only one side comes up?
Replies: 6
Views: 2176

Re: EoIP over PPTP problem - only one side comes up?

The network 192.168.199.0/24 last ip address is 192.168.199.254 not 255/broadcast network address/ . Change it .
P.S. You can use ppp connection with Multilink protocol with minimum MRRU 1542 /EoIP tunnel adds at least 42 byte overhead/ instead using tcp mss clamping in EoIP !
by JohnTRIVOLTA
Thu Jan 02, 2020 1:56 pm
Forum: RouterOS beta
Topic: ros v7 beta4 recursive route
Replies: 7
Views: 5589

Re: ros v7 beta4 recursive route

Your config seems wrong, hence I posted the links. i.e. you have 2 routes with a scope of 10, so how must the recursive route decide which route to use? In this case, what I did for review should be properly inactive, not invalid ... but any other configuration with multiple WANs and recursive path...
by JohnTRIVOLTA
Thu Jan 02, 2020 12:56 pm
Forum: RouterOS beta
Topic: ros v7 beta4 recursive route
Replies: 7
Views: 5589

Re: ros v7 beta4 recursive route

The route rule works under ROS v6.xx and does not work with ROS v7.xx?
by JohnTRIVOLTA
Thu Jan 02, 2020 11:07 am
Forum: RouterOS beta
Topic: ros v7 beta4 recursive route
Replies: 7
Views: 5589

ros v7 beta4 recursive route

Hi guys, how can i configure recursive route for failover ? Directly connected route rule to public address is active(with scope 10), but the second route rule with dst. all nets with the getaway set with same public address is invalid - red color !? https://i.postimg.cc/wj1GP7pc/recursivertoutes.png
by JohnTRIVOLTA
Mon Dec 30, 2019 10:23 am
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 179716

Re: v6.47beta [testing] is released!

I moved the question in ros v7.0beta4 topic !
by JohnTRIVOLTA
Sun Nov 17, 2019 8:51 am
Forum: Forwarding Protocols
Topic: Ethernet forwarding
Replies: 4
Views: 2682

Re: Ethernet forwarding

If I understand correctly, you should use bridge ! Add and set the ip address of the bridge for WAN and put ether2 and ether3 into it.
by JohnTRIVOLTA
Thu Oct 24, 2019 12:09 pm
Forum: RouterOS beta
Topic: 7.0beta3 available in testing?
Replies: 40
Views: 16847

Re: 7.0beta3 available in testing?

MAC connection is fragile and is only to be used for setting up IP address. Then you can reconnect and use the device normally. MAC is only for emergency access.
Hi Normis,
Do you plan on implementing Pseudo Ethernet in next betas ?
by JohnTRIVOLTA
Mon Oct 21, 2019 8:01 pm
Forum: General
Topic: Virtual or pseudo ethernet interfaces possible?
Replies: 18
Views: 24202

Re: Virtual or pseudo ethernet interfaces possible?

Thank you SOB for your comprehensive answer!
by JohnTRIVOLTA
Mon Oct 21, 2019 8:56 am
Forum: General
Topic: Virtual or pseudo ethernet interfaces possible?
Replies: 18
Views: 24202

Re: Virtual or pseudo ethernet interfaces possible?

It seems that it's possible to misuse VRRP for that: /interface vrrp add interface=ether1 name=vrrp1 vrid=1 add interface=ether1 name=vrrp2 vrid=2 add interface=ether1 name=vrrp3 vrid=3 # VRRP interface needs some static address to come up: /ip address add address=127.0.0.2/32 interface=vrrp1 netwo...
by JohnTRIVOLTA
Thu Oct 17, 2019 6:04 am
Forum: General
Topic: Block all wesites except one
Replies: 19
Views: 4541

Re: Block all wesites except one

Or just do source nat for specific destination address only ! Example? Disable or delete the gobal nat rule first, after that you can add: /ip firewall nat add chain=srcnat dst-address=AAA:BBB:CCC:DDD action=masquerade out-interface=WAN\ AAA:BBB:CCC:DDD - replace with CHMS(Cloud Hospital Management...
by JohnTRIVOLTA
Wed Oct 16, 2019 10:03 pm
Forum: General
Topic: Block all wesites except one
Replies: 19
Views: 4541

Re: Block all wesites except one

Or just do source nat for specific destination address only !
by JohnTRIVOLTA
Sun Sep 29, 2019 10:10 am
Forum: General
Topic: BCP and VLANs
Replies: 5
Views: 2022

Re: BCP and VLANs

which one is better BCP or EOIP? i run layer 2 network BCP with some PPP Multilink Protocol is better choice for me .I choose L3 reconstruction against L4 re/segmenting. Pros = bigger MTU, smaller CPU usage, no issues due to MSS for some services , one ppp tunnel for transport many EoIPs respective...
by JohnTRIVOLTA
Fri Sep 27, 2019 9:36 pm
Forum: Beginner Basics
Topic: VPN between two routers
Replies: 8
Views: 2561

Re: VPN between two routers

I dont need connect to router, i can do it. I need connect to last router LAN.
I need two VPN connections on one IP, but for two devices.

First vpn is working fine, it is my management vpn. But i need another connection directly to last routers lan.
Try to allow gre on 941 input chain too !
by JohnTRIVOLTA
Thu Sep 26, 2019 8:16 am
Forum: General
Topic: L2TP iPSEC Mikrotik to Mikrotik Problem with web UI
Replies: 10
Views: 2373

Re: L2TP iPSEC Mikrotik to Mikrotik Problem with web UI

maybe TCP MTU/MSS issue check this https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle#Change_MSS I'm stuck almost for months now looking for the solution but still no luck. Just set L2TP MRRU=1580 on both sites and reconnect the tunnel ! I've tried it all but still no luck. And now what is th...
by JohnTRIVOLTA
Wed Sep 25, 2019 11:04 pm
Forum: Beginner Basics
Topic: VPN between two routers
Replies: 8
Views: 2561

Re: VPN between two routers

Set RoMON on all devices for example .
by JohnTRIVOLTA
Wed Sep 25, 2019 6:07 pm
Forum: General
Topic: L2TP iPSEC Mikrotik to Mikrotik Problem with web UI
Replies: 10
Views: 2373

Re: L2TP iPSEC Mikrotik to Mikrotik Problem with web UI

I'm stuck almost for months now looking for the solution but still no luck.
Just set L2TP MRRU=1580 on both sites and reconnect the tunnel !
by JohnTRIVOLTA
Mon Sep 16, 2019 10:12 pm
Forum: Wireless Networking
Topic: hAP AC2+cAP AC Roaming is a joke [SOLVED]
Replies: 70
Views: 57296

Re: hAP AC2+cAP AC Roaming is a joke [SOLVED]

I hope in new ROSv7 have a lot of improvements, optimization and other protocol aviability in wireless part ! The Roaming works well, but only for reconnecting to device with strongest signal like 802.11k !
by JohnTRIVOLTA
Mon Sep 16, 2019 7:30 pm
Forum: Wireless Networking
Topic: hAP AC2+cAP AC Roaming is a joke [SOLVED]
Replies: 70
Views: 57296

Re: hAP AC2+cAP AC Roaming is a joke [SOLVED]

Do you want to let us know with this post that you have found the right brand of wireless networking devices for you? This is CapsMan with а few of cAP ac with connected and powered by them mAP Lites. Same SSID, roaming, shaper with QOS etc...no packet loss , just no problems !!! https://i.postimg.c...
by JohnTRIVOLTA
Sun Sep 15, 2019 10:07 pm
Forum: Beginner Basics
Topic: Not working. What am i missing!?
Replies: 7
Views: 2440

Re: Not working. What am i missing!?

Thanks for your suggestion, but sadly it did not help.
No firwall /filter, nat, etc/ = no internet !
by JohnTRIVOLTA
Sun Sep 15, 2019 9:23 pm
Forum: RouterBOARD hardware
Topic: Audience
Replies: 56
Views: 30719

Re: Audience

Can anyone post a single export file of basic configuration when Audience connecting to the other audience device with mesh setup? I have to know out exactly what is configured in ROS !
by JohnTRIVOLTA
Thu Sep 12, 2019 6:05 pm
Forum: Wireless Networking
Topic: what is the optimum wireless configuration?
Replies: 9
Views: 5522

Re: what is the optimum wireless configuration?

What speeds do you expect to reach ? For me, you need to fix - channel-width=20/40mhz-Ce frequency-mode=superchannel installation=indoor !
After all, it all depends on whether there is radio interference and how strong it is!
by JohnTRIVOLTA
Mon Sep 09, 2019 7:02 pm
Forum: General
Topic: RBM33G can`t connect winbox neither by IP
Replies: 9
Views: 2432

Re: RBM33G can`t connect winbox neither by IP

Hmmm, try to use RS232 serial port !
by JohnTRIVOLTA
Mon Sep 09, 2019 4:11 pm
Forum: General
Topic: RBM33G can`t connect winbox neither by IP
Replies: 9
Views: 2432

Re: RBM33G can`t connect winbox neither by IP

Is there plugged any additional peripheral devices - wifi, Lte pci-e card or usb etc...If answer is Yes, remove them and try again .
by JohnTRIVOLTA
Fri Sep 06, 2019 10:23 am
Forum: General
Topic: RBM33G can`t connect winbox neither by IP
Replies: 9
Views: 2432

Re: RBM33G can`t connect winbox neither by IP

Reset the router and try again !
by JohnTRIVOLTA
Thu Sep 05, 2019 11:47 am
Forum: Beginner Basics
Topic: Dual dynamic ISP WAN, dual LAN setup
Replies: 16
Views: 10858

Re: Dual dynamic ISP WAN, dual LAN setup

Yes for all questions !
by JohnTRIVOLTA
Thu Sep 05, 2019 9:00 am
Forum: Beginner Basics
Topic: Dual dynamic ISP WAN, dual LAN setup
Replies: 16
Views: 10858

Re: Dual dynamic ISP WAN, dual LAN setup

I created some config - test it ! /ip dhcp-client add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=ether1 use-peer-dns=no use-peer-ntp=no add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=ether11 use-peer-dns=no use-peer-ntp=no /ip address add...
by JohnTRIVOLTA
Wed Sep 04, 2019 1:53 pm
Forum: Beginner Basics
Topic: How I can block VPN progrmas [SOLVED]
Replies: 6
Views: 2382

Re: How I can block VPN progrmas [SOLVED]

The correct method is to allow the necessary services and then block all other traffic on forward chain!
by JohnTRIVOLTA
Wed Sep 04, 2019 1:06 pm
Forum: General
Topic: How Block DHCP in Bridge betwen two interfaces [SOLVED]
Replies: 6
Views: 2125

Re: How Block DHCP in Bridge betwen two interfaces [SOLVED]

/interface bridge filter add action=drop chain=forward dst-mac-address=FF:FF:FF:FF:FF:FF/FF:FF:FF:FF:FF:FF dst-port=67 ip-protocol=udp mac-protocol=ip out-interface=ether2 add action=drop chain=forward dst-mac-address=FF:FF:FF:FF:FF:FF/FF:FF:FF:FF:FF:FF dst-port=67 ip-protocol=udp mac-protocol=ip o...
by JohnTRIVOLTA
Wed Sep 04, 2019 11:31 am
Forum: General
Topic: How Block DHCP in Bridge betwen two interfaces [SOLVED]
Replies: 6
Views: 2125

Re: How Block DHCP in Bridge betwen two interfaces [SOLVED]

/interface bridge filter add action=drop chain=forward dst-mac-address=FF:FF:FF:FF:FF:FF/FF:FF:FF:FF:FF:FF dst-port=67 ip-protocol=udp mac-protocol=ip out-interface=ether2 add action=drop chain=forward dst-mac-address=FF:FF:FF:FF:FF:FF/FF:FF:FF:FF:FF:FF dst-port=67 ip-protocol=udp mac-protocol=ip ou...
by JohnTRIVOLTA
Tue Sep 03, 2019 9:43 pm
Forum: Beginner Basics
Topic: Forwarding traffic
Replies: 4
Views: 1612

Re: Forwarding traffic

I use a similar configuration for L2 transparent connectivity. I use L2TP IPsec with BCP on bridges to the both sides. I usе DHCP on main office with address XX.XX.XX.1/24/respectively gateway for network/ with dhcp-pool from 2-99, and on remote office with address XX.XX.XX.254/24 /respectively gate...
by JohnTRIVOLTA
Tue Aug 13, 2019 4:18 pm
Forum: Beginner Basics
Topic: Automatic Failover
Replies: 2
Views: 2024

Re: Automatic Failover

by JohnTRIVOLTA
Tue Jul 23, 2019 8:37 pm
Forum: RouterBOARD hardware
Topic: My Groove AC is dead
Replies: 13
Views: 4693

Re: My Groove AC is dead

I think the board is the same like nonAC Groove with different cpu and ethernet port !
by JohnTRIVOLTA
Tue Jul 23, 2019 6:58 pm
Forum: RouterBOARD hardware
Topic: My Groove AC is dead
Replies: 13
Views: 4693

Re: My Groove AC is dead

Try to hard reset the device by shorting special hole of board . After that try netinstall or try after few of days.
I have several boards / mipsbe based / groove, 951 series with same issue... for me this issue comming from bad flash memory and only full format/netinstall/ may solve the problem .
by JohnTRIVOLTA
Thu Jul 18, 2019 9:48 pm
Forum: Wireless Networking
Topic: Wireless AC performence issue
Replies: 3
Views: 1994

Re: Wireless AC performence issue

This seems to be a common pattern, looks like it's pretty much impossible to achieve more than 250-300 Mbit/s real world single client throughput with Mikrotik ac WiFi.
In case you ever manage to break this limit please let me know how you did it :)
For exemple this test
.
by JohnTRIVOLTA
Thu Jul 18, 2019 2:33 pm
Forum: Wireless Networking
Topic: Wireless AC performence issue
Replies: 3
Views: 1994

Wireless AC performence issue

Hi friends, I have a router RBM33G with two full-size mpci-e cards / AR9380 for 2.4GHz and AR9880-WLE900VX for 5GHz /. All works just fine. My laptop have Intel AC7260. The connectivity is perfect at 5GHz ~ 40dBm, but I only achieve about max 300Mb/ps - average 250Mb/ps. I expected some speeds in th...
by JohnTRIVOLTA
Sun Jul 14, 2019 10:15 pm
Forum: Wireless Networking
Topic: Wifi range is really bad for a reason
Replies: 19
Views: 11400

Re: Wifi range is really bad for a reason

Fix the channel and change with no EU country for example Canada !
by JohnTRIVOLTA
Mon Jun 17, 2019 12:05 pm
Forum: Wireless Networking
Topic: wAP ac / cAP ac: no 2 streams with 80MHz?
Replies: 4
Views: 2905

Re: wAP ac / cAP ac: no 2 streams with 80MHz?

I have a large network deployed with lots of hAP AC2 with CAPsMAN and I have no such problems!
https://i.postimg.cc/3RF708fz/ccr-7.png

P.S.
You ask for AC models only - my mistake! But with old version of ROS about 6.42/3.XX stable , there is no such problem i mean ?!
by JohnTRIVOLTA
Fri Jun 07, 2019 11:50 pm
Forum: General
Topic: PPTP in IPsec Tunnel
Replies: 1
Views: 1108

Re: PPTP in IPsec Tunnel

Maybe the opposite may happen site to site ipsec over ppp connection !
I have already configured such a set up / site to site ipsec over sstp connection with BCP / and a double aes 256 encoding is obtained - the safest tunnel you can set :D
by JohnTRIVOLTA
Fri Jun 07, 2019 8:31 am
Forum: General
Topic: Time Based firewaal rules
Replies: 12
Views: 2813

Re: Time Based firewaal rules

Synchronize time on routerboard with ntp client or manually ?
With ntp client!!!
NTP . In ROS this is System-SNTP client .
by JohnTRIVOLTA
Thu Jun 06, 2019 2:26 pm
Forum: General
Topic: Time Based firewaal rules
Replies: 12
Views: 2813

Re: Time Based firewaal rules

Synchronize time on routerboard with ntp client or manually ?
by JohnTRIVOLTA
Wed Jun 05, 2019 7:45 pm
Forum: General
Topic: Traffic routing between isolated bridges/subnets
Replies: 3
Views: 1029

Re: Traffic routing between isolated bridges/subnets

Check Interface List ... add other bridges in list LAN ?!
by JohnTRIVOLTA
Wed May 29, 2019 9:08 am
Forum: General
Topic: Simple config but Internet not working.
Replies: 8
Views: 3253

Re: Simple config but Internet not working.

Change this rule:
/ip firewall nat add action=masquerade chain=srcnat
with
/ip firewall nat add action=masquerade chain=srcnat out-interface=ether13WAN
by JohnTRIVOLTA
Sun May 19, 2019 6:41 pm
Forum: Forwarding Protocols
Topic: L2TP+ipsec speeds
Replies: 7
Views: 7302

Re: L2TP+ipsec speeds

Can you test L2TP ipsec with Multilink Protocol activated - MRRU=1600 on both sides ? Don't use tcp mss clamping - ppp profile set=no on both sites too ! Unsure how to use that setting properly, however with MTU=1420 and MRRU=1600, no clamp in FW nor PPP, I got about 5% less than with MTU=1460. Ser...
by JohnTRIVOLTA
Sun May 19, 2019 5:15 pm
Forum: Forwarding Protocols
Topic: L2TP+ipsec speeds
Replies: 7
Views: 7302

Re: L2TP+ipsec speeds

After lowering the MTU/MRU to 1420 for L2TP+ipsec to avoid fragmentation, I have some expected results: L2TP+IPSec 280 280 120/120 208 200 80/80 Can you test L2TP ipsec with Multilink Protocol activated - MRRU=1600 on both sides ? Don't use tcp mss clamping - ppp profile set=no on both sites too !
by JohnTRIVOLTA
Sat May 18, 2019 11:26 pm
Forum: General
Topic: Block public proxy servers - HOW [SOLVED]
Replies: 12
Views: 3477

Re: Block public proxy servers - HOW [SOLVED]

Blocking access to proxies doesn't sound like something that would help much. Unless you have some very strict filtering of all outgoing traffic, any worm will just use either custom ports, or if you block those, then regular https. And you pretty much have to allow that, if those 150 clients shoul...
by JohnTRIVOLTA
Sat May 18, 2019 11:09 pm
Forum: General
Topic: Block public proxy servers - HOW [SOLVED]
Replies: 12
Views: 3477

Re: Block public proxy servers - HOW [SOLVED]

It really depends on what exactly you need it for and how persistent users you have. Maybe if you block the most obvious servers, they will give up. The major thing against you is that all they need is just one working server. Behind a ccr I have a very sensitive network with about 150 clients. The...
by JohnTRIVOLTA
Sat May 18, 2019 8:24 pm
Forum: General
Topic: Block public proxy servers - HOW [SOLVED]
Replies: 12
Views: 3477

Re: Block public proxy servers - HOW [SOLVED]

I don't follow what happens in public proxy world, but what I got from Google was all without https, just http. But if you have different sources with https, then it's bad for you, because you can't see what's inside https connection, it's the whole point of https. And collecting address, good luck...
by JohnTRIVOLTA
Sat May 18, 2019 7:24 pm
Forum: General
Topic: Block public proxy servers - HOW [SOLVED]
Replies: 12
Views: 3477

Re: Block public proxy servers - HOW [SOLVED]

For now, this stops traffic to proxies that do not use https / SSL /. Unfortunately, most of the public are over https ! Тhe only solution for now is that I have to collect their ip addresses in lists .
by JohnTRIVOLTA
Sat May 18, 2019 4:32 pm
Forum: General
Topic: Block public proxy servers - HOW [SOLVED]
Replies: 12
Views: 3477

Re: Block public proxy servers - HOW [SOLVED]

I don't think you can. You can block some with L7 like this: /ip firewall layer7-protocol add name=proxy regexp="^(CONNECT\\ .*|GET\\ https\?:\\/\\/.*)\\ HTTP\\/1\\." But it's far from perfect. Тhank you very much Sob ! I will try it ... I hope I will not block with it another traffic? :D
by JohnTRIVOLTA
Fri May 17, 2019 9:34 pm
Forum: General
Topic: Block public proxy servers - HOW [SOLVED]
Replies: 12
Views: 3477

Block public proxy servers - HOW [SOLVED]

Hi guys, I have not found a way to effectively block traffic to public proxies so as not to bypass the rules in the firewall ! If anyone has such a solution, please share their experience ! P.S. I want to ask, if i can add a firewall rule in filter section on forward chain with conten=https and one ...
by JohnTRIVOLTA
Thu May 16, 2019 12:10 pm
Forum: Wireless Networking
Topic: 40MHz channel on hAP Mini
Replies: 4
Views: 1321

Re: 40MHz channel on hAP Mini

Your client wireless card may not be configured correctly to use 40MHz channel ?! Sometimes signal noise is the cause of the inability to use a wider frequency length !
by JohnTRIVOLTA
Mon May 06, 2019 9:06 pm
Forum: General
Topic: Port forwarding not working or something interfering possibly? 12 hrs later.. still don't know.
Replies: 7
Views: 1387

Re: Port forwarding not working or something interfering possibly? 12 hrs later.. still don't know.

Have you forgotten to put a gateway address on the computer to which we forward(dst-nat) the port ?
by JohnTRIVOLTA
Mon Apr 22, 2019 11:37 am
Forum: General
Topic: How dynamic tunnels can be created?
Replies: 3
Views: 1031

Re: How dynamic tunnels can be created?

Thanks JohnTrivolta for replying. I tried that but, I'm running a dhcp server and clients under the bridged interface can't obtain an ip from server. Played around with mtu's but can't get it working. If you have properly configured your BCP, you must successfully expand transparently /L2/ the hots...
by JohnTRIVOLTA
Sun Apr 21, 2019 3:16 pm
Forum: General
Topic: Trying to Understand MSS Clamping - Not Working? [SOLVED]
Replies: 13
Views: 9026

Re: Trying to Understand MSS Clamping - Not Working? [SOLVED]

When i need some ppp based VPN i use multilink feature instead clamp mss ! You must set the MRRU = 1600 for example on both sides - try it !
by JohnTRIVOLTA
Sun Apr 21, 2019 8:42 am
Forum: General
Topic: How dynamic tunnels can be created?
Replies: 3
Views: 1031

Re: How dynamic tunnels can be created?

Just use L2TP client with BCP on every clients router!
by JohnTRIVOLTA
Thu Apr 18, 2019 9:18 pm
Forum: Wireless Networking
Topic: CAP AC Vs HAP AC2
Replies: 5
Views: 6773

Re: CAP AC Vs HAP AC2

An important difference - cAP AC has separate antennas for each chain /4/ and better wireless performance for that! hAP AC2 has 2 combined antennas for both frequencies!
by JohnTRIVOLTA
Mon Apr 15, 2019 12:50 pm
Forum: Beginner Basics
Topic: HAP mini IPSEC+EoIP performance?
Replies: 4
Views: 1768

Re: HAP mini IPSEC+EoIP performance?

I think the hAP ac2 / RBD52G-5HacD2HnD-TC / is the right choice !
by JohnTRIVOLTA
Sun Apr 14, 2019 6:34 pm
Forum: Beginner Basics
Topic: HAP mini IPSEC+EoIP performance?
Replies: 4
Views: 1768

Re: HAP mini IPSEC+EoIP performance?

Don't expect more than 10 mb/ps with AES 128 CBC , the eoip tunnel use lot of cpu resources too!
by JohnTRIVOLTA
Sun Mar 24, 2019 10:17 pm
Forum: General
Topic: ROS 6.44 - VPN L2TP not working
Replies: 28
Views: 25955

Re: ROS 6.44 - VPN L2TP not working

Since I upgraded to 6.44.*, I currently have patch 6.44.1 and device CCR1036-12G-4S, can not connect Windows 10 clients with IPSEC, get error when trying to connect and I have not changed at all the configuration in the clients or router I have the same problem. I reverted it with version 6.43.13 L...
by JohnTRIVOLTA
Sat Mar 23, 2019 6:02 am
Forum: General
Topic: PPPOE over PPTP or PPPOE over L2TP ?
Replies: 8
Views: 4911

Re: PPPOE over PPTP or PPPOE over L2TP ?

Does nobody have any Idea ;(
Just set MRRU=1610 on ppp connection on both sides !On the ppp profile dont use Change TCP MSS - put NO .
by JohnTRIVOLTA
Thu Mar 14, 2019 7:09 am
Forum: Beginner Basics
Topic: Simplest Route Rule Possible.
Replies: 13
Views: 1909

Re: Simplest Route Rule Possible.

Sorry this discussion is NOT to include mangling LOL.
Ooo sorry .... by the way, all is clear and there is nothing to discuss, but I will follow the topic .
by JohnTRIVOLTA
Wed Mar 13, 2019 10:49 pm
Forum: Beginner Basics
Topic: Simplest Route Rule Possible.
Replies: 13
Views: 1909

Re: Simplest Route Rule Possible.

Requirement: There is only one IP used in vlan55, I want to direct this ip 129.168.55.25 to go out my ether1 cable WANIP. Right now the cable WANIP is my secondary fail over wanip, the primary is fibre bell. For my email on cable I simply create a route rule with the mail server IP as the destinati...
by JohnTRIVOLTA
Wed Mar 13, 2019 10:32 pm
Forum: General
Topic: Restrict vpn user access
Replies: 1
Views: 2152

Re: Restrict vpn user access

Hello, I managed to configure ovpn connection to my router. I set remote address of some user on 192.168.88.195. He is able to connect with every device in 192.168.88.0 network. How i can restrain his access and allow him only to connect only with one specific IP ? For instance, the user should be ...
by JohnTRIVOLTA
Mon Mar 04, 2019 5:01 pm
Forum: Beginner Basics
Topic: VPN server on sxt lte setup
Replies: 7
Views: 3896

Re: VPN server on sxt lte setup

So if I put a vpn server under a public ip pc or routerboard I could connect the sxt routerboard to that server and example Android phone to same server and then with this" kind of bridge " see sxt contents with Android phone and viceversa ?
Еxactly !
by JohnTRIVOLTA
Mon Mar 04, 2019 4:14 pm
Forum: Beginner Basics
Topic: VPN server on sxt lte setup
Replies: 7
Views: 3896

Re: VPN server on sxt lte setup

The ISP say that is possible by vpn. If would not possible to connect outside then why I can access with some proprietary app as synology or xiaomi to my nas or hub.? I think these app create a tunnel similar or equal to a vpn. A vpn tunnel would be as the vpn server goes outside of lan /internet a...
by JohnTRIVOLTA
Wed Feb 27, 2019 7:11 am
Forum: RouterBOARD hardware
Topic: Wireless USB dongle support?
Replies: 2
Views: 2377

Re: Wireless USB dongle support?

ROS Version 6.X no longer supports WiFi USB adapters ! You can only use Woobm for management purpose or an older version of ROS !
by JohnTRIVOLTA
Sat Feb 23, 2019 8:38 pm
Forum: General
Topic: Hotspot - do not bypass dns router role how ?
Replies: 5
Views: 1843

Re: Hotspot - do not bypass dns router role how ?

Wow, okay that is good to know. I wonder why hotspot functionality bypasses NAT rules??
This is my question too !
by JohnTRIVOLTA
Sat Feb 23, 2019 5:54 pm
Forum: General
Topic: Hotspot - do not bypass dns router role how ?
Replies: 5
Views: 1843

Re: Hotspot - do not bypass dns router role how ?

Hello Anav, thanks for the quick answer! I already use these rules and work well, but they do not work on the hotspot network unfortunately. There are clients who put a static DNS address and thus jump my router and resolve to the their DNS. I think there must be some rule/s/ between the dynamic one...
by JohnTRIVOLTA
Sat Feb 23, 2019 3:14 pm
Forum: General
Topic: Hotspot - do not bypass dns router role how ?
Replies: 5
Views: 1843

Hotspot - do not bypass dns router role how ?

Hello friends. I have a router that has multiple networks and the router has a roll for dns. I have a problem with the hotspot, and can not intercept and redirect the different dns server addresses manually seted from clients. The standard rule can not intercept addresses from hotspots network only....
by JohnTRIVOLTA
Tue Jan 29, 2019 10:23 pm
Forum: Beginner Basics
Topic: block inter VLAN traffic
Replies: 17
Views: 20659

Re: block inter VLAN traffic

Where is this export of configuration or at least that of the firewall? I did not see it anywhere, so I am confined to what is specifically asked! Everything else bordered on divination skills and I do not have ones!
by JohnTRIVOLTA
Mon Jan 28, 2019 10:54 pm
Forum: Beginner Basics
Topic: block inter VLAN traffic
Replies: 17
Views: 20659

Re: block inter VLAN traffic

That sounds silly JT. What are you trying to accomplish?? VLAN to VLAN traffic is blocked by default at layer 2. VLAN to VLAN traffic is blocked at layer 3 unless you allow it with an allow rule. THe only thing the OP requires is an allow VLAN to WAN rule! Тhis is my answer for pegasus123 - its fir...
by JohnTRIVOLTA
Mon Jan 28, 2019 8:57 pm
Forum: Beginner Basics
Topic: block inter VLAN traffic
Replies: 17
Views: 20659

Re: block inter VLAN traffic

I use only one filter rule . First i add all vlans in interface list - VLANs and then put the one filter rule:
/ip fi fi add action=drop chain=forward in-interface-list=VLANs out-interface-list=VLANs
by JohnTRIVOLTA
Sat Jan 26, 2019 8:32 pm
Forum: Wireless Networking
Topic: Reduce Wi-Fi transmitter power on schedule
Replies: 6
Views: 2160

Re: Reduce Wi-Fi transmitter power on schedule

Oh man thank you! I did it wrong first time. Then I tried as you said but I cannot succeed. I made this to show how I did it. but it doesn't change anything .. i think https://ibb.co/RzVRqpW You forgot RUN in schedule : /system script run number=1 But this is not the main setup error. You must chan...
by JohnTRIVOLTA
Sat Jan 26, 2019 3:18 pm
Forum: Wireless Networking
Topic: Reduce Wi-Fi transmitter power on schedule
Replies: 6
Views: 2160

Re: Reduce Wi-Fi transmitter power on schedule

Did you do this?
Аdd the script in the system section - scripts with changed values ​​as desired . Then add a schedule in system - schedule to run the script at a certain interval - an example of 15 minutes. That is all !
Image
by JohnTRIVOLTA
Sat Jan 26, 2019 12:54 pm
Forum: Wireless Networking
Topic: Reduce Wi-Fi transmitter power on schedule
Replies: 6
Views: 2160

Re: Reduce Wi-Fi transmitter power on schedule

Simply set a minimum value /10dbm/ for the transmitting power of the wireless interface in the tx power section - all rates fixed and the script will work! Change the desired values in the script too !
by JohnTRIVOLTA
Fri Jan 25, 2019 7:10 am
Forum: General
Topic: IKEv2 Site-To-Site VPN
Replies: 4
Views: 2062

Re: IKEv2 Site-To-Site VPN

Hello, the things you want can be configured, but you also need to set some settings in location A if you want a L2 level or extend transparently the LAN , if I understood right !
by JohnTRIVOLTA
Tue Jan 22, 2019 7:20 pm
Forum: General
Topic: IKEv2 site to site between 2 Mikrotik
Replies: 10
Views: 3628

Re: IKEv2 site to site between 2 Mikrotik

I think your problem is in the balancing mode used /PCC/. In the second router, you do not use balancing, and there is no problem for initiate the connection. For the test, you can stop the wan ports and leave only the wan for ipsec and try it again.
by JohnTRIVOLTA
Tue Jan 22, 2019 6:57 am
Forum: General
Topic: IKEv2 site to site between 2 Mikrotik
Replies: 10
Views: 3628

Re: IKEv2 site to site between 2 Mikrotik

I'm really sorry. I have only seen the beginning of both configurations without scrolling them!
Now, when I look at the config, I think that the traffic that is between the two networks should be marked to be exactly where / which WAN port / will come out for balancing!
by JohnTRIVOLTA
Mon Jan 21, 2019 6:30 pm
Forum: General
Topic: IKEv2 site to site between 2 Mikrotik
Replies: 10
Views: 3628

Re: IKEv2 site to site between 2 Mikrotik

really hoping someone can point out what I'm doing wrong :(
I cant see any IpSec IKE2 Site to Site configuration ! You may have set up some L2TP with IpSec ppp connection and routing the networks on it - do you have any routes for them in both places ?
by JohnTRIVOLTA
Sun Jan 20, 2019 4:26 pm
Forum: Beginner Basics
Topic: how to do Dynamic nat 100 private ip with /24 public ip
Replies: 10
Views: 5229

Re: how to do Dynamic nat 100 private ip with /24 public ip

I think this rules will work : /ip firewall address-list add address=192.168.0.1-192.168.0.100 list=100private_addresses #just add your private ip addresses in address list# /ip firewall nat add action=accept chain=srcnat src-address-list=!100private_addresses add action=netmap chain=srcnat src-addr...
by JohnTRIVOLTA
Sun Jan 20, 2019 12:52 pm
Forum: Beginner Basics
Topic: how to do Dynamic nat 100 private ip with /24 public ip
Replies: 10
Views: 5229

Re: how to do Dynamic nat 100 private ip with /24 public ip

Hi
Can you please help me how to do Dynamic nat of apporx 100 private ip with /24 public ip pool . thanks
Use NETMAP for source nat !?
by JohnTRIVOLTA
Sun Jan 20, 2019 10:23 am
Forum: General
Topic: No country [SOLVED]
Replies: 4
Views: 2641

Re: No country [SOLVED]

Try Debug and then russia2 for other frequencies .
by JohnTRIVOLTA
Mon Jan 07, 2019 3:51 pm
Forum: Beginner Basics
Topic: SSTP VPN speed is too slow between MT router and client
Replies: 3
Views: 4145

Re: SSTP VPN speed is too slow between MT router and client

30/5 Mbps respectively only you have maximum 5 Mbps on client downstream !
by JohnTRIVOLTA
Thu Dec 20, 2018 10:19 pm
Forum: General
Topic: Ipsec Site to Site with certificate
Replies: 5
Views: 2704

Re: Ipsec Site to Site with certificate

Hi I try to configure a connection between two ccr1009 and encrypt this with ipsec. If I try to use psk everything works fine. But I wanna use instead certificates. I search for some time but I didn't found any tutorial how to do this. So I wanna ask would this be possible? Thanks Just try , use IK...
by JohnTRIVOLTA
Mon Dec 17, 2018 12:25 am
Forum: Wireless Networking
Topic: wAP ac is slow with manager forwarding and high CPU
Replies: 9
Views: 3380

Re: wAP ac is slow with manager forwarding and high CPU

I have same issue ! With netbox 5 , 1 client /my laptop/ achieved max only 46 mbit/s when i transfer some file/s/ via ftp from my local nas. The laptop wireless adapter AR5BWB222 300/300 connectivity .
Image
by JohnTRIVOLTA
Sun Dec 16, 2018 10:59 pm
Forum: Beginner Basics
Topic: Connect three locations
Replies: 9
Views: 2442

Re: Connect three locations

I am not sure what I have to do, but if I understand I have to create two firewall--> nat rules: In one of remote routers: 0 chain=srcnat action=src-nat to-addresses=172.31.32.3 src-address=192.168.10.0/24 dst-address=192.168.11.0/24 log=no log-prefix="" In other remote router: 0 chain=sr...
by JohnTRIVOLTA
Sun Dec 16, 2018 9:30 pm
Forum: Beginner Basics
Topic: Connect three locations
Replies: 9
Views: 2442

Re: Connect three locations

My guess is that on routers 2 and 3 your masquerade rules masquerade too much. Whatever sent from e.g. site 2 towards site 1 and site 3 should probably not be masqueraded ... You could try to rewrite masquerade rules to match outgoing interfaces or something ... + must select outgoing interface in ...
by JohnTRIVOLTA
Sun Dec 16, 2018 8:35 pm
Forum: Beginner Basics
Topic: Connect three locations
Replies: 9
Views: 2442

Re: Connect three locations

I do nor heva any limitations in filter
You don't have rules in the routers at all ?
by JohnTRIVOLTA
Sun Dec 16, 2018 8:02 pm
Forum: Beginner Basics
Topic: Connect three locations
Replies: 9
Views: 2442

Re: Connect three locations

May be necessary to add accept rules for the three networks in the forward chains on filter section on the three routers
  • 1
  • 2