Kunci
May 12, 2014, 6:17pm
1
Hi,
First sorry for my bad english.
I replaced my Linksys soho routers in my two locations to Mikrotik RB2011UiAS-RM.
I put back my old Linksys routers, then the logmein speed is really became faster.
Thanks,
The problem is not on routerboard, there is securely in your configuration.
I also use 2011UiAS (working with ROS 6.7 and the following two when I have updated the board: 6.11 / 6.12)
Kunci
May 13, 2014, 8:10pm
3
rextended:
The problem is not on routerboard, there is securely in your configuration.
I also use 2011UiAS (working with ROS 6.7 and the following two when I have updated the board: 6.11 / 6.12)
Yes, I think there is wrong configuration, but what?
All settings are default settings, I set only the queues limit to maximum and some firewall rules.
I use 6.12.
Thanks,
Put your “/export compact” on the forum, someone can find where your problem are.
Kunci
May 15, 2014, 6:04am
5
OK. Thanks.
# may/15/2014 07:52:46 by RouterOS 6.12
# software id = 63M5-UV36
#
/interface bridge
add admin-mac=4C:5E:0C:35:F1:07 auto-mac=no l2mtu=1598 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1492 mtu=1492 name=ether1-gateway
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=\
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=\
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=\
ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=\
ether10-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.2.100-192.168.2.199
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
/port
set 0 name=serial0
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \
default-route-distance=1 dial-on-demand=no disabled=no interface=\
ether1-gateway keepalive-timeout=60 max-mru=1492 max-mtu=1492 mrru=\
disabled name=pppoe-out1 password=*** profile=default service-name=\
DigiNet use-peer-dns=yes user=***
/queue simple
add dst=192.168.2.0/24 name=maximum packet-marks=no-mark queue=\
ethernet-default/ethernet-default target=192.168.2.0/24
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=sfp1
/ip address
add address=192.168.2.1/24 comment="default configuration" interface=ether2 \
network=192.168.2.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
ether1-gateway
/ip dhcp-server network
add address=192.168.2.0/24 comment="default configuration" dns-server=\
192.168.2.1 gateway=192.168.2.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1h cache-size=8192KiB \
max-udp-packet-size=8192 query-server-timeout=4s
/ip dns static
add address=192.168.2.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add chain=forward comment="default configuration" connection-state=\
established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
protocol=tcp src-address-list=ftp_blacklist
add chain=output content="530 Login incorrect" dst-limit=\
1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h chain=output content="530 Login incorrect" \
protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add chain=input comment="Accept established connections" connection-state=\
established
add chain=input comment="Accept related connections" connection-state=related
add action=drop chain=input comment="Drop invalid connections" \
connection-state=invalid
add chain=input comment=UDP protocol=udp
add chain=input comment="Allow limited pings" limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="Drop excess pings" protocol=icmp
add chain=input comment="From our LAN" in-interface=bridge-local src-address=\
192.168.2.0/24
add action=log chain=input comment="Log everything else" log-prefix=\
"DROP INPUT"
add action=drop chain=input comment="Drop everything else"
/ip firewall nat
add chain=srcnat dst-address=192.168.1.0/24 src-address=192.168.2.0/24
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=pppoe-out1 to-addresses=0.0.0.0
/ip ipsec peer
add address=188.6.17.190/32 secret=****
/ip ipsec policy
add dst-address=192.168.1.0/24 sa-dst-address=188.6.17.190 sa-src-address=\
195.38.98.3 src-address=192.168.2.0/24 tunnel=yes
/ip upnp
set allow-disable-external-interface=no
/lcd
set backlight-timeout=never default-screen=stats time-interval=hour
/lcd pin
set pin-number=****
/lcd interface
set sfp1 interface=sfp1
set ether1-gateway interface=ether1-gateway
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6-master-local interface=ether6-master-local
set ether7-slave-local interface=ether7-slave-local
set ether8-slave-local interface=ether8-slave-local
set ether9-slave-local interface=ether9-slave-local
set ether10-slave-local interface=ether10-slave-local
/snmp
set contact=**** location="****" trap-community=\
public
/system clock
set time-zone-name=Europe/Budapest
/system identity
set name=MikroTik_Kistarcsa
/system ntp client
set enabled=yes mode=unicast primary-ntp=193.225.14.182 secondary-ntp=\
188.227.227.31
/system scheduler
add comment="Update No-IP DDNS" interval=5m name=no-ip_ddns_update on-event=\
no-ip_ddns_update policy=ftp,read,write,test,winbox,api start-date=\
may/03/2014 start-time=13:40:04
/system script
add name=no-ip_ddns_update policy=ftp,read,write,test,winbox,api source="# No-\
IP automatic Dynamic DNS update\r\
\n#\r\
\n#--------------- Change Values in this section to match your setup -----\
-------------\r\
\n\r\
\n# No-IP User account info\r\
\n:local noipuser \"****\"\r\
\n:local noippass \"****\"\r\
\n\r\
\n# Set the hostname or label of network to be updated.\r\
\n# Hostnames with spaces are unsupported. Replace the value in the quotat\
ions below with your host names.\r\
\n# To specify multiple hosts, separate them with commas.\r\
\n:local noiphost \"****.no-ip.org\"\r\
\n\r\
\n# Change to the name of interface that gets the dynamic IP address\r\
\n:local inetinterface \"pppoe-out1\"\r\
\n\r\
\n#-----------------------------------------------------------------------\
-------------\r\
\n# No more changes need\r\
\n\r\
\n:local previousIP\r\
\n\r\
\nif ( [:len [/file find name=(\"no-ip_ddns_previousip.txt\")]] > 0 ) do={\
\r\
\n:set previousIP [/file get (\"no-ip_ddns_previousip.txt\") contents]\r\
\n}\r\
\n\r\
\n\r\
\n:if ([/interface get \$inetinterface value-name=running]) do={\r\
\n# Get the current IP on the interface\r\
\n:local currentIP [/ip address get [find interface=\"\$inetinterface\" di\
sabled=no] address]\r\
\n\r\
\n# Strip the net mask off the IP address\r\
\n:for i from=( [:len \$currentIP] - 1) to=0 do={\r\
\n:if ( [:pick \$currentIP \$i] = \"/\") do={ \r\
\n:set currentIP [:pick \$currentIP 0 \$i]\r\
\n} \r\
\n}\r\
\n\r\
\n:if (\$currentIP != \$previousIP) do={\r\
\n:log info \"No-IP: Current IP (\$currentIP) is not equal to previous IP \
(\$previousIP), update needed\"\r\
\n\r\
\n# The update URL. Note the \"\\3F\" is hex for question mark (\?). Requi\
red since \? is a special character in commands.\r\
\n:local url \"http://dynupdate.no-ip.com/nic/update\\3Fmyip=\$currentIP\"\
\r\
\n:local noiphostarray\r\
\n:set noiphostarray [:toarray \$noiphost]\r\
\n:foreach host in=\$noiphostarray do={\r\
\n:log info \"No-IP: Sending update for \$host\"\r\
\n/tool fetch url=(\$url . \"&hostname=\$host\") user=\$noipuser password=\
\$noippass mode=http dst-path=(\"no-ip_ddns_update-\" . \$host . \".txt\")\
\r\
\n:log info \"No-IP: Host \$host updated on No-IP with IP \$currentIP\"\r\
\n/file print file=(\"no-ip_ddns_previousip.txt\")\r\
\n:delay 3\r\
\n/file set contents=\"\$currentIP\" (\"no-ip_ddns_previousip.txt\")\r\
\n}\r\
\n} else={\r\
\n:log info \"No-IP: Previous IP \$previousIP is equal to current IP, no u\
pdate needed\"\r\
\n}\r\
\n} else={\r\
\n:log info \"No-IP: \$inetinterface is not currently running, so therefor\
e will not update.\"\r\
\n}"
add name=no-ip_ipsec policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=":global RemoteSite0 [:resolve ****.no-ip.org]\r\
\n:global LocalSite0 [:resolve ****.no-ip.org]\r\
\n:global remoteip0 [ /ip ipsec policy get 0 sa-dst-address]\r\
\n:global localip0 [/ip ipsec policy get 0 sa-src-address]\r\
\n#set condition for change ip of ipsec tunnel \r\
\nif (\$remoteip0!=\$RemoteSite0) do={/ip ipsec policy set 0 sa-dst-addres\
s=\$RemoteSite0\r\
\n/ip ipsec peer set 0 address=\$RemoteSite0 \r\
\n:log info \"ipsec remote ip update.\" }\r\
\nif (\$localip0!=\$LocalSite0) do={/ip ipsec policy set 0 sa-src-address=\
\$LocalSite0 \r\
\n:log info \"ipsec local ip update.\" }"
/tool graphing interface
add allow-address=192.168.2.0/24
/tool graphing queue
add allow-address=192.168.2.0/24
/tool graphing resource
add allow-address=192.168.2.0/24
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=sfp1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=sfp1
add interface=bridge-local
I’m not sure it has something to do with the speed, but I’ve seen your local LAN ip is on ether2 but it should be on the local bridge.
Try out using a RHUB remote support server and check if you get a better remote support access speed.