Community discussions

 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Basic Mikrotik Training Videos - FREE - *Update 03/15/2010*

Tue Dec 08, 2009 9:33 pm

I've started a series of class videos that include slides on the Mikrotik Router OS.

This is the main listing, all current and new videos will be listed here: http://gregsowell.com/?page_id=951

Mikrotik Basics - getting a standard network configured/some tools/functions : http://gregsowell.com/?p=957

Mikrotik Security - some security best practices/using the firewall: http://gregsowell.com/?p=1076

Intro to Networking - Basically a CCNA Boot camp video: http://gregsowell.com/?p=954

*Update 01/04/2010* Mikrotik VPN - http://gregsowell.com/?p=1290
This class covers:
# PPTP Client connections
# IPSec – Mikrotik to Mikrotik
# IPSec – Mikrotik to Mikrotik – Multiple Subnets
# IPSec – Mikrotik to Mikrotik – Private IP on WAN Interface
# IPSec – Mikrotik to Cisco Router
# IPSec – Mikrotik to Cisco ASA
# IPSec – Mikrotik to Cisco Router Multiple Subnets
# IPIP Tunnel w/IPSec – Mikrotik to Mikrotik
# IPIP Tunnel w/IPSec – Mikrotik to Cisco Router
# DPD
# Some basic troubleshooting

*Update 03/15/2010* Mikrotik Routing - http://gregsowell.com/?p=1611
This class covers:
# The concept of routing
# Static routing
# Concept of RIP
# OSPF and its implementation
# BGP implementation and some of its options

All I ask in return is a little feedback.

Thanks,

Greg
Last edited by gregsowell on Mon Mar 15, 2010 4:11 pm, edited 2 times in total.
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24277
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Basic Mikrotik Training Videos - FREE

Wed Dec 09, 2009 10:58 am

Wow, this is so great! Thank you for that and I hope everyone enjoys it.
No answer to your question? How to write posts
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE

Wed Dec 09, 2009 4:43 pm

Wow, this is so great! Thank you for that and I hope everyone enjoys it.
Normunds, thanks for taking a look! =)
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
fosben
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Thu Dec 14, 2006 4:50 pm

Re: Basic Mikrotik Training Videos - FREE

Fri Dec 11, 2009 12:18 pm

Nice one! very good work
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE

Fri Dec 11, 2009 4:20 pm

Nice one! very good work
Ha, thanks Fosben. :D
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
Pilgrim
Member Candidate
Member Candidate
Posts: 265
Joined: Sun Mar 30, 2008 1:04 pm

Re: Basic Mikrotik Training Videos - FREE

Fri Dec 11, 2009 7:58 pm

Awesome great stuff.

Thanks,

rgs Pilgrim
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE

Fri Dec 11, 2009 9:22 pm

Awesome great stuff.

Thanks,

rgs Pilgrim
Thanks Pilgrim...I aims to please...heh.
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
crown2000
just joined
Posts: 2
Joined: Fri Nov 23, 2007 11:02 pm

Re: Basic Mikrotik Training Videos - FREE

Fri Dec 11, 2009 9:35 pm

Realy it's great.

Thanks gregsowell.
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE

Fri Dec 11, 2009 9:44 pm

Realy it's great.

Thanks gregsowell.
Crown...thanks...I'm honored to see this is your first post...hehe :lol:
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
User avatar
vzouh
just joined
Posts: 12
Joined: Tue Dec 01, 2009 3:59 pm
Contact:

Re: Basic Mikrotik Training Videos - FREE

Fri Dec 18, 2009 7:03 am

Nice work ...
Thank you so much for the good work you've done
 
akosenko
newbie
Posts: 46
Joined: Fri Aug 21, 2009 8:56 am
Location: Lipetsk, Russia

Re: Basic Mikrotik Training Videos - FREE

Fri Dec 18, 2009 9:54 am

Big thanks, It's great pdf slides. Continue in the same spirit :), it's very helpful and very clear. I would like to see more information on QoS (simple queue, queue tree, examples, equal bandwidth sharing with NAT), most standard QoS applications.
 
xezen
Long time Member
Long time Member
Posts: 628
Joined: Fri May 30, 2008 10:23 am
Location: South Africa

Re: Basic Mikrotik Training Videos - FREE

Fri Dec 18, 2009 2:29 pm

good work
If i dont No Ask someone That Does!
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE

Fri Dec 18, 2009 4:31 pm

Thanks guys!

Right now I'm working on a VPN class. I'm about half way through it. The battle is how much detail to put into them...I want to put enough to cover most situations, but not so much that people get lost. Also, if I put in too much time I risk suffering the wrath of my wife...hehehe :lol:

Again, thanks for checking them out and leaving feedback!

Greg
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
w0lt
Member
Member
Posts: 485
Joined: Wed Apr 02, 2008 2:12 pm
Location: Minnesota USA

Re: Basic Mikrotik Training Videos - FREE

Fri Dec 18, 2009 5:49 pm

Greg,
Thanks for the great instructional videos. I say this because being visual I tend to get lost in specification and technical reading material. One of the criticisms I have of online documentation is that it often doesn't describe the context of the examples adequately enough for me. In my opinion, you've made a pretty good stab at that. You've indicated that your next project will deal with VPN's. I await it with great anticipation. I might suggest a future project dealing with Proxy's such as the WEB Proxy that is built in, IGMP-Proxy, and deploying something like Squid and how to take advantage of it.

Thanks again o' MTK Guru,

-tp
MTCNA - 2011

" The Bitterness of Poor Quality Remains Long After the Sweetness of Low Price is Forgotten "

Image
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE

Fri Dec 18, 2009 6:26 pm

TP,

Thanks dude! I'm very much a hands on, physical kind of person, so videos work well for me too.

Some proxy stuff does sound interesting, though I think I'm going to do a lite QoS one first. I'm not looking forward to the QoS one because it's going to take me forever to build the slides...sooo many options and scenarios. I'm thinking about doing a two part class. Part one will be the average stuff, then part two will be more advanced...we'll see. :)

Greg
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE

Fri Dec 18, 2009 10:09 pm

**Spam post was removed**
Last edited by gregsowell on Mon Dec 21, 2009 6:57 pm, edited 2 times in total.
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
w0lt
Member
Member
Posts: 485
Joined: Wed Apr 02, 2008 2:12 pm
Location: Minnesota USA

Re: Basic Mikrotik Training Videos - FREE

Sat Dec 19, 2009 1:18 am

Shameless Plug - Dennis
MTCNA - 2011

" The Bitterness of Poor Quality Remains Long After the Sweetness of Low Price is Forgotten "

Image
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24277
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Basic Mikrotik Training Videos - FREE

Tue Dec 22, 2009 12:25 pm

Just so I look as cool as everyone else
what, Greg doesn't have any MikroTik certificates? Janis says you were in his class ;)
No answer to your question? How to write posts
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE

Tue Dec 22, 2009 4:03 pm

Just so I look as cool as everyone else
what, Greg doesn't have any MikroTik certificates? Janis says you were in his class ;)
HA! Normands I have my MCNA, MikrotikCNA...Even if I had some M$ certs I would deny it...hehehehe
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24277
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Basic Mikrotik Training Videos - FREE

Tue Dec 22, 2009 4:10 pm

Didn't you also attend the advanced training by MikroTik ?
No answer to your question? How to write posts
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE

Tue Dec 22, 2009 4:25 pm

Nope. I don't have any money for training...hehe. I did ask him a lot of questions, though...questions are free ;)
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
Laurence
just joined
Posts: 3
Joined: Sun Dec 20, 2009 11:22 pm

Re: Basic Mikrotik Training Videos - FREE

Sun Dec 27, 2009 8:43 pm

Great Work.

Thanks. These will help heaps.
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE

Tue Dec 29, 2009 6:03 pm

Laurence,

Great! I'm glad you found them useful.

BTW ALL, I FINISHED THE VPN CLASS! I'll post again when I have it scheduled, but I think I will put it up next Monday.
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Mon Jan 04, 2010 4:18 pm

Alright, as per the update at the top, I've completed the VPN class(link is in the top of the thread). I poured quite a few hours into this one, so I hope you enjoy it.
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
Pilgrim
Member Candidate
Member Candidate
Posts: 265
Joined: Sun Mar 30, 2008 1:04 pm

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Wed Jan 06, 2010 8:19 pm

Thanks, Greg, really great stuff again.

rgs Pilgrim
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Wed Jan 06, 2010 8:30 pm

Thanks for checking out the new one Pilgrim, glad you liked it.
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
xezen
Long time Member
Long time Member
Posts: 628
Joined: Fri May 30, 2008 10:23 am
Location: South Africa

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Thu Jan 07, 2010 7:47 am

good work do you have anything on mikrotik and squid as i see that there is lots of info on your webpage
If i dont No Ask someone That Does!
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Thu Jan 07, 2010 4:05 pm

good work do you have anything on mikrotik and squid as i see that there is lots of info on your webpage
Xezen,

I wish I could say that I do, but I've never had the need to run a cache server. Sorry, sir. :?
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
xezen
Long time Member
Long time Member
Posts: 628
Joined: Fri May 30, 2008 10:23 am
Location: South Africa

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Thu Jan 07, 2010 6:45 pm

thats a good reason why not
If i dont No Ask someone That Does!
 
titius
Member
Member
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Fri Jan 08, 2010 2:29 am

Thank you very much
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Fri Jan 08, 2010 5:31 am

Thank you very much
NP Titius. Just by me lunch next time I'm in your neck of the woods ;)
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
wifijack
just joined
Posts: 7
Joined: Thu Sep 03, 2009 10:49 am

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Fri Jan 08, 2010 5:49 pm

Hey Gregsowell.

Many, many thanks for all the work you have put in to produce these.
For someone like me, struggling and starting with Mikrotik they are a great help.
I'm hoping I can find a solution to my VPN routing issue in your latest one

Long may you continue and thanks again - your help is greatly appreciated.

Jack.
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Fri Jan 08, 2010 6:22 pm

Hey Gregsowell.

Many, many thanks for all the work you have put in to produce these.
For someone like me, struggling and starting with Mikrotik they are a great help.
I'm hoping I can find a solution to my VPN routing issue in your latest one

Long may you continue and thanks again - your help is greatly appreciated.

Jack.

Ha, thanks Jack! I hope the solution to your VPN issue is in there also...:) If not, drop me a line and let me know.
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
Myron
Member Candidate
Member Candidate
Posts: 253
Joined: Sat Sep 05, 2009 3:17 am
Location: Boracay, Philippines

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Tue Jan 19, 2010 4:55 am

hi gregg

i follow your ipsec video tutorial this afternoon and i try my 2 mik router with public static ip each, but it doesnt handshake the log shows nothing, router a ROS 3.30 <<<>>> ROS 4.2 or incompatible in deffrent version of ROS?
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Tue Jan 19, 2010 5:07 am

hi gregg

i follow your ipsec video tutorial this afternoon and i try my 2 mik router with public static ip each, but it doesnt handshake the log shows nothing, router a ROS 3.30 <<<>>> ROS 4.2 or incompatible in deffrent version of ROS?
Myron,

If you went to system->logging-> and added IPSec to go to memeory, then saw nothing in the logs while testing, you most likely don't have a policy configured correctly. When you try and ping via winbox, specify source interface and test...does it say packet rejected? Did you add the src-nat accept?

Greg
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
Myron
Member Candidate
Member Candidate
Posts: 253
Joined: Sat Sep 05, 2009 3:17 am
Location: Boracay, Philippines

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Tue Jan 19, 2010 7:54 am

hi gregg

i follow your ipsec video tutorial this afternoon and i try my 2 mik router with public static ip each, but it doesnt handshake the log shows nothing, router a ROS 3.30 <<<>>> ROS 4.2 or incompatible in deffrent version of ROS?
Myron,

If you went to system->logging-> and added IPSec to go to memeory, then saw nothing in the logs while testing, you most likely don't have a policy configured correctly. When you try and ping via winbox, specify source interface and test...does it say packet rejected? Did you add the src-nat accept?

Greg
im gonna reconfig tonight gregg i update you soon whats result :D anyway thanks for reply

regards
 
Myron
Member Candidate
Member Candidate
Posts: 253
Joined: Sat Sep 05, 2009 3:17 am
Location: Boracay, Philippines

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Wed Jan 20, 2010 4:48 am

hi gregg

i follow your ipsec video tutorial this afternoon and i try my 2 mik router with public static ip each, but it doesnt handshake the log shows nothing, router a ROS 3.30 <<<>>> ROS 4.2 or incompatible in deffrent version of ROS?
Myron,

If you went to system->logging-> and added IPSec to go to memeory, then saw nothing in the logs while testing, you most likely don't have a policy configured correctly. When you try and ping via winbox, specify source interface and test...does it say packet rejected? Did you add the src-nat accept?

Greg
im gonna reconfig tonight gregg i update you soon whats result :D anyway thanks for reply

regards
hi gregg heres my setup :)

router a

/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
add action=memory disabled=no prefix="" topics=ipsec

/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
/ip ipsec peer
add address=x.x.x.202/32:500 auth-method=pre-shared-key dh-group=modp1024 disabled=no dpd-interval=\
disable-dpd dpd-maximum-failures=1 enc-algorithm=3des exchange-mode=main generate-policy=no hash-algorithm=md5 \
lifebytes=0 lifetime=1d nat-traversal=no proposal-check=obey secret=12345 send-initial-contact=yes
/ip ipsec policy
add action=encrypt disabled=no dst-address=10.2.1.0/24:any ipsec-protocols=esp level=require priority=0 proposal=\
default protocol=all sa-dst-address=x.x.x.202 sa-src-address=x.x.x.201 src-address=10.2.2.0/24:any \
tunnel=yes

/ip firewall nat
add action=masquerade chain=srcnat comment=WAN disabled=no out-interface=WAN
add action=masquerade chain=srcnat comment="Hotel src nat" disabled=no src-address=10.12.0.0/24

router b

/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
add action=memory disabled=no prefix="" topics=ipsec

/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m name=default \
pfs-group=modp1024
/ip ipsec peer
add address=x.x.x.202/32:500 auth-method=pre-shared-key dh-group=modp1024 disabled=no \
dpd-interval=disable-dpd dpd-maximum-failures=1 enc-algorithm=3des exchange-mode=main \
generate-policy=yes hash-algorithm=sha1 lifebytes=0 lifetime=1d nat-traversal=no \
proposal-check=obey secret=12345 send-initial-contact=yes
/ip ipsec policy
add action=encrypt disabled=no dst-address=10.2.2.0/24:any ipsec-protocols=esp level=require \
priority=0 proposal=default protocol=all sa-dst-address=x.x.x.201 sa-src-address=\
x.x.x.202 src-address=10.2.1.0/24:any tunnel=yes

/ip firewall nat
add action=masquerade chain=srcnat comment="to outbound" disabled=no out-interface=ether1
add action=masquerade chain=srcnat comment="" disabled=no src-address=10.2.1.0/24

in log it shows nothing to handsake :( or maybe need to reboot the mikrotik?
 
Myron
Member Candidate
Member Candidate
Posts: 253
Joined: Sat Sep 05, 2009 3:17 am
Location: Boracay, Philippines

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Wed Jan 20, 2010 7:03 am

hi gregg atlast the log shows invalid hehehe >>>>>>> invalid exchange type 243 from 98.237.177.6(500) is this someone/other IP's? :?
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Wed Jan 20, 2010 4:38 pm

Add this as nat rule # 0 on both of your routers.
/ip firewall nat
add action=accept chain=srcnat comment="nat bypass" disabled=no out-interface=ether1 dst-address=10.0.0.0/8 place-before=0
You need to make sure traffic that needs to traverse your tunnel isn't being NAT'd. This, when placed first in your nat rules, will perform no action on traffic headed to 10.0.0.0/8.
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
User avatar
hilton
Long time Member
Long time Member
Posts: 635
Joined: Thu Sep 07, 2006 5:12 pm
Location: Jozi (aka Johannesburg), South Africa

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Thu Jan 28, 2010 5:09 pm

Hi Greg

Great work here, thanks very much. I just have one question if I may?

My set-up is site A connecting to sites B and C and both VPNs are IPSec. All have dynamic IP addresses and I managed to get these to work with the use of a script to resolve the dynamic host names of the respective sites.

When the connection drops to one of the remote sites, these are re-established by manually flushing the installed SAs. How could I flush the installed SA for only one of the VPNs? I don't want to drop the one that is still up?

Thanks again.
Regards
Hilton
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Thu Jan 28, 2010 5:16 pm

Hi Greg

Great work here, thanks very much. I just have one question if I may?

My set-up is site A connecting to sites B and C and both VPNs are IPSec. All have dynamic IP addresses and I managed to get these to work with the use of a script to resolve the dynamic host names of the respective sites.

When the connection drops to one of the remote sites, these are re-established by manually flushing the installed SAs. How could I flush the installed SA for only one of the VPNs? I don't want to drop the one that is still up?

Thanks again.
Hilton, hello.

You should be able to use DPD (Dead Peer Detection). DPD will check to see if the peer is responding and if it becomes unresponsive, it should flush the old SAs. See if that doesn't do the trick for you.

On a side note, I wouldn't mind having a peek at that script you wrote ;) hehe.
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
User avatar
hilton
Long time Member
Long time Member
Posts: 635
Joined: Thu Sep 07, 2006 5:12 pm
Location: Jozi (aka Johannesburg), South Africa

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Thu Jan 28, 2010 5:28 pm

Hi Greg

Thanks for the quick response.

Firstly here is the script. It's VERY basic which makes me wonder what I forgot?
/ip ipsec policy set numbers=0 sa-dst-address=[:resolve remote.host.tld]
/ip ipsec peer set numbers=0 address=[:resolve remote.host.tld]
I run this on both sides.

I have set the DPD to 10 seconds with a max failure of 2. Let's see what happens.
Regards
Hilton
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 01/04/2010*

Thu Jan 28, 2010 5:35 pm

Hi Greg

Thanks for the quick response.

Firstly here is the script. It's VERY basic which makes me wonder what I forgot?
/ip ipsec policy set numbers=0 sa-dst-address=[:resolve remote.host.tld]
/ip ipsec peer set numbers=0 address=[:resolve remote.host.tld]
I run this on both sides.

I have set the DPD to 10 seconds with a max failure of 2. Let's see what happens.
Cool 8)
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/2010*

Mon Mar 15, 2010 4:15 pm

Alright, I know it took me forever, but I've got the routing video complete and up. I recorded this one at the end of a long day so I get tongue tied a couple of times, but other than that it should be intelligible...heh.

Have a look: http://gregsowell.com/?p=1611
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
User avatar
hilton
Long time Member
Long time Member
Posts: 635
Joined: Thu Sep 07, 2006 5:12 pm
Location: Jozi (aka Johannesburg), South Africa

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/2010*

Mon Mar 15, 2010 4:37 pm

Thanks Greg!
Regards
Hilton
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/2010*

Mon Mar 15, 2010 4:47 pm

Thanks Greg!
Say that after you have seen the video...hehehe :lol: I'm hoping this one is as useful as the others!
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
User avatar
hilton
Long time Member
Long time Member
Posts: 635
Joined: Thu Sep 07, 2006 5:12 pm
Location: Jozi (aka Johannesburg), South Africa

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/2010*

Mon Mar 15, 2010 4:51 pm

Can't wait to the cat nail you :-)
Regards
Hilton
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/2010*

Mon Mar 15, 2010 5:06 pm

Can't wait to the cat nail you :-)
Hilton, I'm glad to see you are so concerned with my personal well being...hehehe
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
doctor
just joined
Posts: 12
Joined: Thu Sep 03, 2009 6:48 am

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Thu Apr 08, 2010 5:08 am

hii greg thnx for ur effort .. i have a ques , i provide internet to clients of about 100 , my prob is that whenever a problem occurs in a single client all others are affected , high latency ping times are shown , even wireless links are affected with latency , but when i block this client everything works fine .. my ques is how to isolate each client on network so that no one is affected ?
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Thu Apr 08, 2010 5:14 pm

hii greg thnx for ur effort .. i have a ques , i provide internet to clients of about 100 , my prob is that whenever a problem occurs in a single client all others are affected , high latency ping times are shown , even wireless links are affected with latency , but when i block this client everything works fine .. my ques is how to isolate each client on network so that no one is affected ?
Doctor,

You would be better served asking this question as a new topic in the beginner forum as you will have many users offering advice. I would say that you first need to find out what they are doing that is affecting you so you know how to properly combat the issue. Are they using too much bandwidth, are they attacking other users, are they attacking your infrastructure, etc?
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
doctor
just joined
Posts: 12
Joined: Thu Sep 03, 2009 6:48 am

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Thu Apr 08, 2010 8:47 pm

well , actually sometimes it's just a virus affecting and attacking the whole network , sometimes a client network card that is causing the high ping delays and other stupid reasons that break down the network ... i tried firewall filters rules for blocking virus but no effect cuz they may pass through network pcs be4 passing through mikrotik .. what do u think we can do greg ?
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Fri Apr 09, 2010 4:24 am

If you are routing at every tower, you can put RLs on clients out there. You can also do mangles for people opening high numbers of connections and block them if need be.
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
xezen
Long time Member
Long time Member
Posts: 628
Joined: Fri May 30, 2008 10:23 am
Location: South Africa

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Wed Apr 28, 2010 9:43 am

is there any place were i can download the video as i have low bandwith and cant stream so good


avi or mp4? or something like that your videos are a grate help helps with small detailed problems
If i dont No Ask someone That Does!
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Wed Apr 28, 2010 4:09 pm

Xezen,

I don't have a direct download, as I'm trying to force you poor soles to keep returning to my site ;)

But if you were to get any number of "flash downloaders", I'm betting you could find them. You could also do a wireshark to see what the mp4 file is named...I can't make it too easy, now can I?
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
Myron
Member Candidate
Member Candidate
Posts: 253
Joined: Sat Sep 05, 2009 3:17 am
Location: Boracay, Philippines

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Wed Aug 04, 2010 5:55 pm

hi gregg thanks for your videos and guidelines and i learn a lot your the man gregg :D :D , my IPSEC works fine without any issue, now my question is what is the defrence between ipsec and ipsec+ipip tunnel? which more secure and more stable?

thanks
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Wed Aug 04, 2010 6:03 pm

I don't see how IPIP over IPSec makes any sense to use.

One of IPSec's drawbacks is that it can only encapsulate unicast packets, which means that you cannot send broadcasts or multicasts over IPSec tunnels. Many routing protocols require multicast packets, and many other applications require broadcasts to function right. One of IPSec's advantages is that it provides excellent security.
A common solution to this conflict of interests is to first encapsulate the traffic in a tunneling protocol that can tunnel broadcasts, multicasts and unicasts (such as GRE, for example, or EoIP on RouterOS). Those the original packets are now encapsulated in the packets of the tunnel, and those tunnel packets are unicast, so you can send them across an IPSec tunnel - effectively sending broadcasts and multicasts over IPSec by adding another layer of abstraction.

IPIP is limited to unicast IPv4 only, so I don't see what you gain by wrapping your packets in IPIP before sending them across IPSec. IPIP provides absolutely no security whatsoever, so IPSec+IPIP is exactly as secure as IPSec by itself since the only security provided is coming from the IPSec portion.

You cannot ever gain stability from adding more tunnel layers as communication is going to be as stable as the least stable tunneling protocol used. If IPIP were more stable than IPSec then the combination would still be as stable as IPSec is by itself. If IPIP were less stable than IPSec the combination would be as stable IPIP is by itself.

Hope that helps explain the concepts adequately.
 
Myron
Member Candidate
Member Candidate
Posts: 253
Joined: Sat Sep 05, 2009 3:17 am
Location: Boracay, Philippines

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Thu Aug 05, 2010 5:42 am

I don't see how IPIP over IPSec makes any sense to use.

One of IPSec's drawbacks is that it can only encapsulate unicast packets, which means that you cannot send broadcasts or multicasts over IPSec tunnels. Many routing protocols require multicast packets, and many other applications require broadcasts to function right. One of IPSec's advantages is that it provides excellent security.
A common solution to this conflict of interests is to first encapsulate the traffic in a tunneling protocol that can tunnel broadcasts, multicasts and unicasts (such as GRE, for example, or EoIP on RouterOS). Those the original packets are now encapsulated in the packets of the tunnel, and those tunnel packets are unicast, so you can send them across an IPSec tunnel - effectively sending broadcasts and multicasts over IPSec by adding another layer of abstraction.

IPIP is limited to unicast IPv4 only, so I don't see what you gain by wrapping your packets in IPIP before sending them across IPSec. IPIP provides absolutely no security whatsoever, so IPSec+IPIP is exactly as secure as IPSec by itself since the only security provided is coming from the IPSec portion.

You cannot ever gain stability from adding more tunnel layers as communication is going to be as stable as the least stable tunneling protocol used. If IPIP were more stable than IPSec then the combination would still be as stable as IPSec is by itself. If IPIP were less stable than IPSec the combination would be as stable IPIP is by itself.

I don't see how IPIP over IPSec makes any sense to use.

One of IPSec's drawbacks is that it can only encapsulate unicast packets, which means that you cannot send broadcasts or multicasts over

Hope that helps explain the concepts adequately.


Hope that helps explain the concepts adequately.
wow!! fully detailed information and excellent explanation fewi, damn now i know the flow, function and combination in tunneling method.

thanks fewi
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Thu Aug 05, 2010 6:04 am

I don't see how IPIP over IPSec makes any sense to use.

One of IPSec's drawbacks is that it can only encapsulate unicast packets, which means that you cannot send broadcasts or multicasts over IPSec tunnels. Many routing protocols require multicast packets, and many other applications require broadcasts to function right. One of IPSec's advantages is that it provides excellent security.
A common solution to this conflict of interests is to first encapsulate the traffic in a tunneling protocol that can tunnel broadcasts, multicasts and unicasts (such as GRE, for example, or EoIP on RouterOS). Those the original packets are now encapsulated in the packets of the tunnel, and those tunnel packets are unicast, so you can send them across an IPSec tunnel - effectively sending broadcasts and multicasts over IPSec by adding another layer of abstraction.

IPIP is limited to unicast IPv4 only, so I don't see what you gain by wrapping your packets in IPIP before sending them across IPSec. IPIP provides absolutely no security whatsoever, so IPSec+IPIP is exactly as secure as IPSec by itself since the only security provided is coming from the IPSec portion.

You cannot ever gain stability from adding more tunnel layers as communication is going to be as stable as the least stable tunneling protocol used. If IPIP were more stable than IPSec then the combination would still be as stable as IPSec is by itself. If IPIP were less stable than IPSec the combination would be as stable IPIP is by itself.

Hope that helps explain the concepts adequately.
Pretty great assessment fewi! IPIP actually can transmit multicast, so it it suitable for dynamic routing. I've done ipip tunnels with ipsec encryption and running pim inside! :)
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Thu Aug 05, 2010 6:26 am

I was unaware that IPIP can do multicast.

The Linux Foundation IPIP documentation claims they can only do unicast IPv4:
http://www.linuxfoundation.org/collabor ... /tunneling
IPIP kind of tunnels is the simplest one. It has the lowest overhead, but can incapsulate only IPv4 unicast traffic, so you will not be able to setup OSPF, RIP or any other multicast-based protocol.
The Mikrotik wiki does refer to RFC2003 - I read that and while it does mention that multicast tunneling for the purposes of getting routing protocols across tunnels can be a motivation, that is the only mention I can find.

Do you have any insight on why the Linux Foundation says it can't be done?

I'm genuinely curious. I usually use EoIP or GRE
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Thu Aug 05, 2010 6:33 am

I was unaware that IPIP can do multicast.

The Linux Foundation IPIP documentation claims they can only do unicast IPv4:
http://www.linuxfoundation.org/collabor ... /tunneling
IPIP kind of tunnels is the simplest one. It has the lowest overhead, but can incapsulate only IPv4 unicast traffic, so you will not be able to setup OSPF, RIP or any other multicast-based protocol.
The Mikrotik wiki does refer to RFC2003 - I read that and while it does mention that multicast tunneling for the purposes of getting routing protocols across tunnels can be a motivation, that is the only mention I can find.

Do you have any insight on why the Linux Foundation says it can't be done?

I'm genuinely curious. I usually use EoIP or GRE

I wish I knew...:) MTK does some modification and they seem to occasionally leave out features...

You have some crazy karma, BTW and not without reason...thanks for your insight!
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Thu Aug 05, 2010 6:55 am

I have way too much karma. But work lets me idle here all day...you have too little, given the rather awesome videos in this thread, and your other posts. I'm looking forward to your MUM troubleshooting presentation.

I'll play with IPIP in a lab some tomorrow.
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Thu Aug 05, 2010 7:01 am

I have way too much karma. But work lets me idle here all day...you have too little, given the rather awesome videos in this thread, and your other posts. I'm looking forward to your MUM troubleshooting presentation.

I'll play with IPIP in a lab some tomorrow.

hehehe...I look forward to making a fool of myself in front of you :P Lets hope that if you don't learn anything that you will at least get a couple of good laughs ;)
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
kenyloveg
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Tue Jul 14, 2009 3:25 pm

Re: Basic Mikrotik Training Videos - FREE - *Update 03/15/20

Sun Aug 15, 2010 2:03 pm

Hi, gregsowell
People like me behind the great firewall would appreciate if you can upload your videos to somewhere else for us to download.
Thank you.

Who is online

Users browsing this forum: No registered users and 18 guests