Community discussions

Search found 40 matches

by effndc
Wed Feb 06, 2019 7:01 pm
Forum: Wireless Networking
Topic: WAP ac 5GHz issues with iPhone XS
Replies: 142
Views: 16920

Re: WAP ac 5GHz issues with iPhone XS

So far my iPhone XS has been the most stable it has been on my WiFi network since disabling AC, and IPv6 has been working perfectly fine since the change as well (where I had my tunnel disabled since getting my XS).
by effndc
Mon Jan 28, 2019 12:26 am
Forum: Wireless Networking
Topic: WAP ac 5GHz issues with iPhone XS
Replies: 142
Views: 16920

Re: WAP ac 5GHz issues with iPhone XS

Have you tried to see if it works using IPv6 with "ac" disabled on your WiFi radio (i.e. just 5GHz-A/N)? I don't recall if I had, I just tested it now and interestingly enough my wireless throughput is improved by 20% or more with AC disabled. Currently everything is "working" with IPv6 active (wit...
by effndc
Sat Jan 26, 2019 8:13 pm
Forum: Wireless Networking
Topic: WAP ac 5GHz issues with iPhone XS
Replies: 142
Views: 16920

Re: WAP ac 5GHz issues with iPhone XS

I don't know why this forum seems to so inconsistently subscribe me to email notifications on replies. In my case, my iPhone XS refuses to use my network period if I have my Hurricane Electric IPv6 tunnel active. I don't know if it is some broken pMTU thing on iPhone XS, which is rather strange as m...
by effndc
Tue Sep 25, 2018 3:17 am
Forum: Wireless Networking
Topic: WAP ac 5GHz issues with iPhone XS
Replies: 142
Views: 16920

Re: WAP ac 5GHz issues with iPhone XS

This problem gets even more unusual, as it really seems to be something about the IPv6 tunnel I have from Hurricane Electric. Which even makes less sense when it works over 2.4GHz.
by effndc
Tue Sep 25, 2018 2:36 am
Forum: Wireless Networking
Topic: WAP ac 5GHz issues with iPhone XS
Replies: 142
Views: 16920

Re: WAP ac 5GHz issues with iPhone XS

I notice you don't have a country set for your wireless interface. You should set that, otherwise the interface may be able to select a frequency that is not allowed in your country and the phone may then refuse to connect. There are other potential issues, but that jumps out as a possibility. This...
by effndc
Tue Sep 25, 2018 2:07 am
Forum: Wireless Networking
Topic: WAP ac 5GHz issues with iPhone XS
Replies: 142
Views: 16920

WAP ac 5GHz issues with iPhone XS

I am seeing a really odd issue/conflict between the new iPhone XS and the Mikrotik WAP ac (RouterBOARD wAP G-5HacT2HnD) currently running 6.43.2. The iPhone XS does not work well with the Mikrotik on 5GHz, the problem seems worst on 80MHz channels (Ceee) and the absolute worst is in the higher frequ...
by effndc
Mon Aug 13, 2018 9:10 pm
Forum: General
Topic: MOAB mother of all blacklists
Replies: 88
Views: 10802

Re: MOAB mother of all blacklists

You don't include any detail on how your blacklists are created or maintained, what the source sample is to determine which sites should be blacklisted, etc. So why exactly would someone decide to pay you $60/year for a service with no specifications of what the service is? Especially when there are...
by effndc
Sat Dec 16, 2017 5:44 am
Forum: General
Topic: Winbox can't connect to wAP MAC address
Replies: 5
Views: 1942

Re: Winbox can't connect to wAP MAC address

Did you check your firewall on Windows? It blocks many such systems from working, I don't use Windows so I can't provide much guidance on that specifically.

You can always try to reset the wAP to system defaults by holding the reset button: https://wiki.mikrotik.com/wiki/Manual:Reset_button
by effndc
Fri Oct 27, 2017 11:05 pm
Forum: Wireless Networking
Topic: Chromecast Audio connection impossible
Replies: 3
Views: 957

Re: Chromecast Audio connection impossible

What are your settings for multicast helper? Chromecast and Airplay, AFAIK, both operate using multicast and you need "full helper" enabled to get it to work reliably in my experience (AirPlay).
by effndc
Fri Oct 27, 2017 10:55 pm
Forum: Beginner Basics
Topic: Access to subnet
Replies: 1
Views: 265

Re: Access to subnet

A bridge is a OSI layer 1/2 thing, what you need is layer3 routing. You cannot bridge between subnets, you can only route between subnets. At the MAC layer perhaps your devices could communicate (e.g. ARP), however IP is a layer3 protocol. You either have to have the same subnet on both computers (w...
by effndc
Thu Oct 26, 2017 8:18 pm
Forum: Beginner Basics
Topic: 52ac + hAP ac - Is this enough for my RV?
Replies: 11
Views: 1348

Re: 52ac + hAP ac - Is this enough for my RV?

The configuration is probably pretty common for any WISP, you have a CPE (customer premise equipment) that connects to the service provider, and then you have the hardware that provides network services to the customer itself. Perhaps this will get you on the right path: https://mum.mikrotik.com//pr...
by effndc
Wed Oct 25, 2017 3:14 am
Forum: Beginner Basics
Topic: Hurricane Electric Tunnel Broker implementation help
Replies: 3
Views: 1403

Re: Hurricane Electric Tunnel Broker implementation help

Why are you using 100.64.0.0/24? You should be using RFC1918 space, that is reserved IP space and could be in use by your service provider (where it is intended). Are you saying that the 186.124.238.xxx address is actually assigned to another device? I am not sure that will work, I believe you must ...
by effndc
Wed Oct 25, 2017 2:22 am
Forum: Beginner Basics
Topic: gateway router config failure, DHCP clients do not get addresses, DNS doesn't work properly [SOLVED]
Replies: 31
Views: 4396

Re: gateway router config failure, DHCP clients do not get addresses, DNS doesn't work properly [SOLVED]

To simplify the client DNS, just use the Mikrotik as the DNS server that is used by clients. Obviously you can replace the IP addresses with whatever name servers you want, and you can use something like namebench to find the fastest options once you get your system working. /ip dns set allow-remote...
by effndc
Wed Oct 25, 2017 2:08 am
Forum: Beginner Basics
Topic: 52ac + hAP ac - Is this enough for my RV?
Replies: 11
Views: 1348

Re: 52ac + hAP ac - Is this enough for my RV?

BTW, I won't speak to the legality/ethics of using "free" WiFi that you don't have a business relationship with. If you are truly permanently fixed in a location you could check into getting your own Internet service delivered, or you could volunteer some of your time to improve the service the RV p...
by effndc
Wed Oct 25, 2017 2:05 am
Forum: Beginner Basics
Topic: 52ac + hAP ac - Is this enough for my RV?
Replies: 11
Views: 1348

Re: 52ac + hAP ac - Is this enough for my RV?

I've actually been planning to do something similar, as WiFiRanger is ridiculously expensive for what it is...since I am a technical professional I can't justify the premium for their "make it easy" software. I think the hardware you have have selected is fine, since you are stationary in an RV park...
by effndc
Thu Oct 19, 2017 6:48 pm
Forum: Beginner Basics
Topic: VPN and ping with big packet size. help me
Replies: 2
Views: 371

Re: VPN and ping with big packet size. help me

Maximum ethernet default packet size is 1500-bytes, anything larger doesn't prove/disprove anything. When you add any tunnel, the end-to-end MTU size decreases (or is forced to fragment) as you are now having to wrap the full packet within another packet. Management access may also have additional f...
by effndc
Thu Oct 19, 2017 6:38 pm
Forum: Beginner Basics
Topic: 750gr3 low memory....
Replies: 5
Views: 618

Re: 750gr3 low memory....

What other packages do you have installed and configured? I have Dude server running on mine and it hasn't been an issue in the 10-months or so I've had it. /system resource print uptime: 2d22h27m1s version: 6.40.4 (stable) build-time: Oct/02/2017 08:38:30 factory-software: 6.36.1 free-memory: 124.2...
by effndc
Thu Oct 19, 2017 6:34 pm
Forum: Beginner Basics
Topic: Websites not being blocked/logged?
Replies: 6
Views: 651

Re: Websites not being blocked/logged?

Does your transparent proxy capture HTTPS or is it only applying to HTTP? Facebook and Twitter both primarily use HTTPS which doesn't work with all proxy configurations.
by effndc
Mon Oct 16, 2017 8:29 pm
Forum: Wireless Networking
Topic: Two Wifi ssid from same AP on different vlan?
Replies: 1
Views: 447

Re: Two Wifi ssid from same AP on different vlan?

Please tell us what model of MikroTik router you have, as the configuration may vary somewhat depending on the mode the interfaces operate in. You may also want to post your "/interface export hide-sensitive" output and I am sure we can give more direct guidance. I have several SSIDs isolated to var...
by effndc
Sat Oct 14, 2017 12:19 am
Forum: Wireless Networking
Topic: When coming AC Wave2 chip?
Replies: 41
Views: 7478

Re: When coming AC Wave2 chip?

I can get 748megabits over a 60-second iperf3 UDP test, with some intervals being as high as 948megabits. This is with an older MacBook Pro and the WAP ac being on the other side of 1 wall, total distance of ~15'.
by effndc
Mon Jul 10, 2017 9:47 pm
Forum: Beginner Basics
Topic: How to block PPTP/LT2P VPN user from accessing internet
Replies: 3
Views: 888

Re: How to block PPTP/LT2P VPN user from accessing internet

Easiest option is to edit the existing masquerade tool under Firewall --> NAT. Edit it to add a source IP address subnet of your network that you want to have access to the internet, so if you are using 192.168.1.0/24 you would put that into the Src Address field. This will only allow that address t...
by effndc
Fri Jul 07, 2017 2:27 am
Forum: Wireless Networking
Topic: Slow WiFi (Mikrotik WAP)
Replies: 31
Views: 17481

Re: Slow WiFi (Mikrotik WAP)

You likely need to provide more info, start with telling us what model of access point you are using and then how that connects to the rest of your network. You may also want to include the configuration from your access point (run /export compact hide-sensitive). To make it easier when you paste th...
by effndc
Fri Jul 07, 2017 1:53 am
Forum: General
Topic: Cant connect to github.com from LAN
Replies: 4
Views: 864

Re: Cant connect to github.com from LAN

You are using invalid IP addresses on your network, you cannot use 192.0.0.0/8 and expect to reach the Internet with consistency. Github happens to use 192.30.x.x for some of their servers, perhaps other IPs in different regions. $ host github.com github.com has address 192.30.255.112 github.com has...
by effndc
Fri Jul 07, 2017 1:17 am
Forum: Beginner Basics
Topic: How to block PPTP/LT2P VPN user from accessing internet
Replies: 3
Views: 888

Re: How to block PPTP/LT2P VPN user from accessing internet

Either through firewall or NAT rule changes, you could configure that subnet with explicit allow destination list and then have a deny all to block access to anything not in the approved destination list...or you could look at your NAT policy and have it actually specify the allowed source subnets f...
by effndc
Wed Feb 22, 2017 2:26 am
Forum: General
Topic: HE IPv6 tunnel PPPoE issue - Not MSS related
Replies: 4
Views: 769

Re: HE IPv6 tunnel PPPoE issue - Not MSS related

Additionally, I don't see any troubleshooting steps that you've taken. Confirm you can ping each of these from routerOS, the Hurricane Electric Server IPv4 Address and HE Server IPv6 Address. From there you should try to ping some known web site's IPv6 address: google.com has IPv6 address 2607:f8b0:...
by effndc
Wed Feb 22, 2017 1:29 am
Forum: General
Topic: ssh/scp file autocompletition
Replies: 1
Views: 552

Re: ssh/scp file autocompletition

Autocompletion is provided by the shell (bash in this case) and the ROS shell isn't bash, so autocompletion doesn't exist other than for routerOS CLI commands AFAIK.
by effndc
Wed Feb 22, 2017 1:27 am
Forum: General
Topic: UNTAGGED AND TAGGED VLAN ON HEX LITE
Replies: 3
Views: 1673

Re: UNTAGGED AND TAGGED VLAN ON HEX LITE

I assume your AP is directly connected to your HEx Lite so that you can actually pass VLAN tags. The untagged default/native network already exists, otherwise you wouldn't be able to access anything. You are looking to add a new VLAN for your guest network, so you need to create the VLAN on the swit...
by effndc
Wed Feb 22, 2017 12:36 am
Forum: General
Topic: How to know how much time PPP is connected?
Replies: 1
Views: 275

Re: How to know how much time PPP is connected?

My impression is that Winbox calculates that value based on last-link-up-time vs current time.
by effndc
Wed Feb 22, 2017 12:20 am
Forum: General
Topic: HE IPv6 tunnel PPPoE issue - Not MSS related
Replies: 4
Views: 769

Re: HE IPv6 tunnel PPPoE issue - Not MSS related

Any particular reason you are trying to IPv6 mangle? Your devices should all get native IPv6 addresses, NAT (mangle) shouldn't be necessary at all. Here is what I have for my IPv6 firewall: /ipv6 firewall filter add action=accept chain=input comment="Allow related&established" connection-state=estab...
by effndc
Sat Feb 11, 2017 11:54 pm
Forum: Wireless Networking
Topic: Very poor transfer rates on WAPac & 5GHz channel selection
Replies: 5
Views: 1276

Re: Very poor transfer rates on WAPac & 5GHz channel selection

Well I think I made some progress, one I didn't know that having Winbox open showing interface counters put such a massive CPU load on the boxes. That alone made a difference in bandwidth of transfers, I also stumbled onto this deck from Baltic Networks: http://www.balticnetworks.com/docs/802.11AC%2...
by effndc
Sat Feb 11, 2017 3:57 am
Forum: Wireless Networking
Topic: Very poor transfer rates on WAPac & 5GHz channel selection
Replies: 5
Views: 1276

Re: Very poor transfer rates on WAPac & 5GHz channel selection

Just to make sure all things are the same as the last test (which was conducted a year ago) I reconfigured my AirPort Extreme and added it back to the hard wired network. if I connect to the AirPort Extreme on 5Ghz (channel 161) the client bounces between a Tx rate of 878Mbps and 1053Mbps and 1170Mb...
by effndc
Sat Feb 11, 2017 2:59 am
Forum: Wireless Networking
Topic: Very poor transfer rates on WAPac & 5GHz channel selection
Replies: 5
Views: 1276

Very poor transfer rates on WAPac & 5GHz channel selection

I am seeing really abysmal performance on my new Mikrotik WAP ac (RBwAPG-5HacT2HnD-US) units. I was using Netspot to create heat maps with active scanning to compare to my previous network (Apple AirPort Extremes) in order to finalize placement and noticed really low transfer rates using iperf3. Tra...
by effndc
Wed Feb 08, 2017 12:47 am
Forum: Beginner Basics
Topic: Problems setting up simple AP with single ethernet port WAP ac
Replies: 9
Views: 3072

Re: Problems setting up simple AP with single ethernet port WAP ac

Thanks for the pointers. I guess I must have done something off the first try, this time I went ahead and followed that guidance with a few more steps. I created the bridge, added an administrative MAC (copy of ether1) and set a DHCP client on the bridge. I was then able to add ether1 to the bridge ...
by effndc
Tue Feb 07, 2017 12:14 am
Forum: Beginner Basics
Topic: Problems setting up simple AP with single ethernet port WAP ac
Replies: 9
Views: 3072

Re: Problems setting up simple AP with single ethernet port WAP ac

I was working on this this weekend, what I did: Reset without configuration Configure wan1 & wan2 and enabled them Added virtual wan3 (bound to wan1) & wan4 (bound to wan2) for my guest vlan Put it all in one bridge. Ran into some disconnects but in the end it all worked. Do the clients receive an ...
by effndc
Mon Feb 06, 2017 8:59 pm
Forum: Beginner Basics
Topic: Problems setting up simple AP with single ethernet port WAP ac
Replies: 9
Views: 3072

Re: Problems setting up simple AP with single ethernet port WAP ac

Just to rule out the RC RouterOS as a problem I downgraded this back to the release build 6.38.1 I am able to get my VLAN10 and VLAN1003 segments to work, but not the one that corresponds to the default LAN (VLAN1) segment. The clients that connect to what should be VLAN1 get this error from the 750...
by effndc
Mon Feb 06, 2017 7:57 pm
Forum: Beginner Basics
Topic: Problems setting up simple AP with single ethernet port WAP ac
Replies: 9
Views: 3072

Re: Problems setting up simple AP with single ethernet port WAP ac

Thanks for the responses. Here is the 750gr3 configuration, I removed my static DHCP leases, firewall filters, netwatch configuration, and scripts for the ddns and maintaining the HE IPv6 tunnel and obfuscated a few other items. # feb/06/2017 09:17:15 by RouterOS 6.39rc20 # software id = ABD4-FNNE #...
by effndc
Sun Feb 05, 2017 1:50 am
Forum: Beginner Basics
Topic: Problems setting up simple AP with single ethernet port WAP ac
Replies: 9
Views: 3072

Problems setting up simple AP with single ethernet port WAP ac

I cannot figure out what I am doing wrong, I am taking two brand new WAP ac units (RBwAPG-5HacT2HnD-US) and just trying to configure them as a pure hard wired access point. I have tried to do this with CAPsMAN which never works either, so trying to configure it as a basic IP without CAPsMAN for now....
by effndc
Wed Feb 01, 2017 11:16 pm
Forum: Wireless Networking
Topic: CAPsMAN with WAP ac and tagged VLAN bridging not working
Replies: 0
Views: 974

CAPsMAN with WAP ac and tagged VLAN bridging not working

I had originally posted this to the Beginners Basics but perhaps that wasn't the right place, so I am posting it to Wireless Networking and deleting the other thread. I tried doing some searches, have tried a dozen different settings and I must be missing something. My setup is this, I have Internet...
by effndc
Wed Feb 01, 2017 12:56 am
Forum: Beginner Basics
Topic: Port-forwarding does not work, but why?
Replies: 24
Views: 2772

Re: Port-forwarding does not work, but why?

So the public IP address is assigned to a PPPoE connection on the Mikrotik? Do you have firewall forward rules to accept the incoming connection? dst-nat only tells the system what you want the packets re-written to, it doesn't give it permission to actually forward the traffic. You likely need to a...
by effndc
Tue Jan 31, 2017 6:53 pm
Forum: Beginner Basics
Topic: How to Port Forward from Dynamic WAN IP to Internal Address
Replies: 5
Views: 1389

Re: How to Port Forward from Dynamic WAN IP to Internal Address

I am using the following rule with no results: /if firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=30080 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.31 to-ports=80 You likely need to add an associated firewall rule above your forward drop rule, perhaps somethi...