[Mikrotik] Mikrotik distributor needed
hello folks any distributor that can sell a MUM voocher ? i want to buy one through paypal. befaure sunday, please thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] SFP module for RB2011
I get the prolines from Cdw. On Aug 22, 2012, at 6:25 PM, Chris Hudson wrote: > Any supplier on those? > > Chris > > -Original Message- > From: mikrotik-boun...@mail.butchevans.com > [mailto:mikrotik-boun...@mail.butchevans.com] On Behalf Of Rick Smith > Sent: Wednesday, August 22, 2012 5:10 PM > To: Mikrotik discussions > Subject: Re: [Mikrotik] SFP module for RB2011 > > I haven't had one that didn't work. > I'm using Proline adapters right now both mm and smf. I've tested with Cisco > mm and smf adapters as well both long and short haul and they work great. > > I have a 2011 on the end of a 3 mile smf run and it's been great for a month > now. > > R > > > > On Aug 22, 2012, at 5:53 PM, Chris Hudson wrote: > >> I need an SFP module for a RB2011 that is either 1310nm 40km or 1550nm > 80km. >> >> >> Any recommendations? >> >> Chris >> >> ___ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > > > - > No virus found in this message. > Checked by AVG - www.avg.com > Version: 2012.0.2197 / Virus Database: 2437/5217 - Release Date: 08/22/12 > > - > No virus found in this message. > Checked by AVG - www.avg.com > Version: 2012.0.2197 / Virus Database: 2437/5217 - Release Date: 08/22/12 > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] SFP module for RB2011
Any supplier on those? Chris -Original Message- From: mikrotik-boun...@mail.butchevans.com [mailto:mikrotik-boun...@mail.butchevans.com] On Behalf Of Rick Smith Sent: Wednesday, August 22, 2012 5:10 PM To: Mikrotik discussions Subject: Re: [Mikrotik] SFP module for RB2011 I haven't had one that didn't work. I'm using Proline adapters right now both mm and smf. I've tested with Cisco mm and smf adapters as well both long and short haul and they work great. I have a 2011 on the end of a 3 mile smf run and it's been great for a month now. R On Aug 22, 2012, at 5:53 PM, Chris Hudson wrote: > I need an SFP module for a RB2011 that is either 1310nm 40km or 1550nm 80km. > > > Any recommendations? > > Chris > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS - No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2197 / Virus Database: 2437/5217 - Release Date: 08/22/12 - No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2197 / Virus Database: 2437/5217 - Release Date: 08/22/12 ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] SFP module for RB2011
I haven't had one that didn't work. I'm using Proline adapters right now both mm and smf. I've tested with Cisco mm and smf adapters as well both long and short haul and they work great. I have a 2011 on the end of a 3 mile smf run and it's been great for a month now. R On Aug 22, 2012, at 5:53 PM, Chris Hudson wrote: > I need an SFP module for a RB2011 that is either 1310nm 40km or 1550nm 80km. > > > Any recommendations? > > Chris > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
[Mikrotik] SFP module for RB2011
I need an SFP module for a RB2011 that is either 1310nm 40km or 1550nm 80km. Any recommendations? Chris ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] IPSec for mobile
Very strange.. but the problem isn't Mikrotik but WiFi/iPhone. Try to connect with Windows PC/Client and check latency 2012/8/22 Meftah Tayeb : > DUDE, local! > *LOCAL* BACKBONE! > is my own routers i'm simulating it here befaure i travel > but latency is very HIGH :-P > > - Original Message - From: "Sim" > To: "Mikrotik discussions" > Sent: Wednesday, August 22, 2012 9:55 PM > > Subject: Re: [Mikrotik] IPSec for mobile > > >> Reduce lacency? >> >> Contact your 3G/WiFi/Provider ;- >> >> Bye! >> >> 2012/8/22 Meftah Tayeb : >>> >>> DUDE, you rocks >>> i'm connected to my VPN! >>> but, but; evean in a local network... i have latency of 130MS! >>> :P >>> anyway how can i reduce it please? >>> thank you >>> >>> - Original Message - From: "Sim" >>> To: "Mikrotik discussions" >>> Sent: Wednesday, August 22, 2012 9:50 PM >>> >>> Subject: Re: [Mikrotik] IPSec for mobile >>> >>> For security reason L2TP isn't good. Ipsec + L2TP is the only way supported by iPhone (it ask you "security/secret" and not only password). You can also check this: http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP My post was for all device tested with : WindowsXP, 7, iPhone and Android! Check: "Do not forget to allow: - UDP 500 (Dst.Port), - UDP 1701, - UDP 4500 (Nat-Traversal) - and Protocol 50 (ESP) in the firewall filter settings. (Input chain, accept). " 2012/8/22 Meftah Tayeb : > > > question, sim > is l2tp itself alone good? > i think it's working only L2TP. > > - Original Message - From: "Sim" > To: "Mikrotik discussions" > Sent: Wednesday, August 22, 2012 9:41 PM > > Subject: Re: [Mikrotik] IPSec for mobile > > >> The config posted in precedent email is correct and work in my 3 >> Mikrotik. >> Have you opened/forwarded corrected port/proto? >> >> >> 2012/8/22 Meftah Tayeb : >>> >>> >>> >>> ok so >>> i did your suggestion but l2tp server not replying >>> log: >>> Telnet 172.28.2.1 >>> 19:28:32 ipsec,debug,packet encryption(aes) >>> 19:28:32 ipsec,debug,packet hmac(hmac_sha1) >>> 19:28:32 ipsec,debug,packet call pfkey_send_update_nat >>> 19:28:32 ipsec,debug,packet pfkey update sent. >>> 19:28:32 ipsec,debug,packet encryption(aes) >>> 19:28:32 ipsec,debug,packet hmac(hmac_sha1) >>> 19:28:32 ipsec,debug,packet call pfkey_send_add_nat >>> 19:28:32 ipsec,debug,packet pfkey add sent. >>> 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 >>> 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. >>> 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 >>> 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. >>> 19:28:32 ipsec IPsec-SA established: ESP/Transport >>> 172.28.1.5[0]->41.221.20.110[0] spi=40327812(0x26 >>> 75a84) >>> 19:28:32 ipsec,debug === >>> 19:28:32 ipsec IPsec-SA established: ESP/Transport >>> 41.221.20.110[0]->172.28.1.5[0] spi=48155402(0x2d >>> ecb0a) >>> 19:28:32 ipsec,debug === >>> 19:28:32 ipsec,debug,packet such policy does not already exist: >>> 172.28.1.5/32[0] 41.221.20.110/32[0] >>> proto=udp dir=in >>> 19:28:32 ipsec,debug,packet such policy does not already exist: >>> 41.221.20.110/32[0] 172.28.1.5/32[0] >>> proto=udp dir=out >>> 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 >>> 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 >>> 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ >>> 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 >>> 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 >>> 19:28:33 l2tp,debug,packet (M) >>> Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 >>> 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 >>> 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 >>> 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 >>> 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn >>> 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 >>> 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 >>> 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP >>> 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 >>> 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 >>> 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 >>> 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 >>> 19:28:33 l2tp,debug,packet (M) Host-Name="Edge01-493-Alger" >>> 19:28:33 l2tp,debug,packet Vendor-Name="MikroTik" >>> 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 >>> 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 >>> [admin@Edge01-493-Alger] /ppp secret> >>
Re: [Mikrotik] IPSec for mobile
DUDE, local! *LOCAL* BACKBONE! is my own routers i'm simulating it here befaure i travel but latency is very HIGH :-P - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 9:55 PM Subject: Re: [Mikrotik] IPSec for mobile Reduce lacency? Contact your 3G/WiFi/Provider ;- Bye! 2012/8/22 Meftah Tayeb : DUDE, you rocks i'm connected to my VPN! but, but; evean in a local network... i have latency of 130MS! :P anyway how can i reduce it please? thank you - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 9:50 PM Subject: Re: [Mikrotik] IPSec for mobile For security reason L2TP isn't good. Ipsec + L2TP is the only way supported by iPhone (it ask you "security/secret" and not only password). You can also check this: http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP My post was for all device tested with : WindowsXP, 7, iPhone and Android! Check: "Do not forget to allow: - UDP 500 (Dst.Port), - UDP 1701, - UDP 4500 (Nat-Traversal) - and Protocol 50 (ESP) in the firewall filter settings. (Input chain, accept). " 2012/8/22 Meftah Tayeb : question, sim is l2tp itself alone good? i think it's working only L2TP. - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 9:41 PM Subject: Re: [Mikrotik] IPSec for mobile The config posted in precedent email is correct and work in my 3 Mikrotik. Have you opened/forwarded corrected port/proto? 2012/8/22 Meftah Tayeb : ok so i did your suggestion but l2tp server not replying log: Telnet 172.28.2.1 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_update_nat 19:28:32 ipsec,debug,packet pfkey update sent. 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_add_nat 19:28:32 ipsec,debug,packet pfkey add sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. 19:28:32 ipsec IPsec-SA established: ESP/Transport 172.28.1.5[0]->41.221.20.110[0] spi=40327812(0x26 75a84) 19:28:32 ipsec,debug === 19:28:32 ipsec IPsec-SA established: ESP/Transport 41.221.20.110[0]->172.28.1.5[0] spi=48155402(0x2d ecb0a) 19:28:32 ipsec,debug === 19:28:32 ipsec,debug,packet such policy does not already exist: 172.28.1.5/32[0] 41.221.20.110/32[0] proto=udp dir=in 19:28:32 ipsec,debug,packet such policy does not already exist: 41.221.20.110/32[0] 172.28.1.5/32[0] proto=udp dir=out 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 19:28:33 l2tp,debug,packet (M) Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 19:28:33 l2tp,debug,packet (M) Host-Name="Edge01-493-Alger" 19:28:33 l2tp,debug,packet Vendor-Name="MikroTik" 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 [admin@Edge01-493-Alger] /ppp secret> - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 4:44 PM Subject: Re: [Mikrotik] IPSec for mobile iPhone IPsec is for Cisco (see logo). Use L2TP+IPsec (first choice on your mobile device) Regards 2012/8/22 Meftah Tayeb : thank you a lot ! is L2TP required? or IPSec can work alone ? - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 4:39 PM Subject: Re: [Mikrotik] IPSec for mobile Hi, this is that you need :-) # Server & Preshared (1234567abcdef) config /interface l2tp-server server set enabled=yes /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des,aes-256 \ lifetime=30m name=default pfs-group=modp1024 /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no \ dpd-interval=2m d
Re: [Mikrotik] IPSec for mobile
Reduce lacency? Contact your 3G/WiFi/Provider ;- Bye! 2012/8/22 Meftah Tayeb : > DUDE, you rocks > i'm connected to my VPN! > but, but; evean in a local network... i have latency of 130MS! > :P > anyway how can i reduce it please? > thank you > > - Original Message - From: "Sim" > To: "Mikrotik discussions" > Sent: Wednesday, August 22, 2012 9:50 PM > > Subject: Re: [Mikrotik] IPSec for mobile > > >> For security reason L2TP isn't good. >> Ipsec + L2TP is the only way supported by iPhone (it ask you >> "security/secret" and not only password). >> >> You can also check this: >> http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP >> >> My post was for all device tested with : WindowsXP, 7, iPhone and Android! >> >> Check: >> "Do not forget to allow: >> - UDP 500 (Dst.Port), >> - UDP 1701, >> - UDP 4500 (Nat-Traversal) >> - and Protocol 50 (ESP) >> in the firewall filter settings. (Input chain, accept). " >> >> >> 2012/8/22 Meftah Tayeb : >>> >>> question, sim >>> is l2tp itself alone good? >>> i think it's working only L2TP. >>> >>> - Original Message - From: "Sim" >>> To: "Mikrotik discussions" >>> Sent: Wednesday, August 22, 2012 9:41 PM >>> >>> Subject: Re: [Mikrotik] IPSec for mobile >>> >>> The config posted in precedent email is correct and work in my 3 Mikrotik. Have you opened/forwarded corrected port/proto? 2012/8/22 Meftah Tayeb : > > > ok so > i did your suggestion but l2tp server not replying > log: > Telnet 172.28.2.1 > 19:28:32 ipsec,debug,packet encryption(aes) > 19:28:32 ipsec,debug,packet hmac(hmac_sha1) > 19:28:32 ipsec,debug,packet call pfkey_send_update_nat > 19:28:32 ipsec,debug,packet pfkey update sent. > 19:28:32 ipsec,debug,packet encryption(aes) > 19:28:32 ipsec,debug,packet hmac(hmac_sha1) > 19:28:32 ipsec,debug,packet call pfkey_send_add_nat > 19:28:32 ipsec,debug,packet pfkey add sent. > 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 > 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. > 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 > 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. > 19:28:32 ipsec IPsec-SA established: ESP/Transport > 172.28.1.5[0]->41.221.20.110[0] spi=40327812(0x26 > 75a84) > 19:28:32 ipsec,debug === > 19:28:32 ipsec IPsec-SA established: ESP/Transport > 41.221.20.110[0]->172.28.1.5[0] spi=48155402(0x2d > ecb0a) > 19:28:32 ipsec,debug === > 19:28:32 ipsec,debug,packet such policy does not already exist: > 172.28.1.5/32[0] 41.221.20.110/32[0] > proto=udp dir=in > 19:28:32 ipsec,debug,packet such policy does not already exist: > 41.221.20.110/32[0] 172.28.1.5/32[0] > proto=udp dir=out > 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 > 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 > 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ > 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 > 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 > 19:28:33 l2tp,debug,packet (M) > Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 > 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 > 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 > 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 > 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn > 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 > 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 > 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP > 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 > 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 > 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 > 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 > 19:28:33 l2tp,debug,packet (M) Host-Name="Edge01-493-Alger" > 19:28:33 l2tp,debug,packet Vendor-Name="MikroTik" > 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 > 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 > [admin@Edge01-493-Alger] /ppp secret> > > > - Original Message - From: "Sim" > To: "Mikrotik discussions" > Sent: Wednesday, August 22, 2012 4:44 PM > > Subject: Re: [Mikrotik] IPSec for mobile > > >> iPhone IPsec is for Cisco (see logo). >> >> Use L2TP+IPsec (first choice on your mobile device) >> >> Regards >> >> 2012/8/22 Meftah Tayeb : >>> >>> >>> >>> thank you a lot ! >>> is L2TP required? >>> or IPSec can work alone ? >>> >>> - Original Message - From: "Sim" >>> To: "Mikrotik discussions" >>> Sent: Wednesday, August 22, 2012 4:39 PM >>> Subject: Re: [Mikrotik] IPSec for mobile >>> >>> >>>
Re: [Mikrotik] IPSec for mobile
DUDE, you rocks i'm connected to my VPN! but, but; evean in a local network... i have latency of 130MS! :P anyway how can i reduce it please? thank you - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 9:50 PM Subject: Re: [Mikrotik] IPSec for mobile For security reason L2TP isn't good. Ipsec + L2TP is the only way supported by iPhone (it ask you "security/secret" and not only password). You can also check this: http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP My post was for all device tested with : WindowsXP, 7, iPhone and Android! Check: "Do not forget to allow: - UDP 500 (Dst.Port), - UDP 1701, - UDP 4500 (Nat-Traversal) - and Protocol 50 (ESP) in the firewall filter settings. (Input chain, accept). " 2012/8/22 Meftah Tayeb : question, sim is l2tp itself alone good? i think it's working only L2TP. - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 9:41 PM Subject: Re: [Mikrotik] IPSec for mobile The config posted in precedent email is correct and work in my 3 Mikrotik. Have you opened/forwarded corrected port/proto? 2012/8/22 Meftah Tayeb : ok so i did your suggestion but l2tp server not replying log: Telnet 172.28.2.1 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_update_nat 19:28:32 ipsec,debug,packet pfkey update sent. 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_add_nat 19:28:32 ipsec,debug,packet pfkey add sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. 19:28:32 ipsec IPsec-SA established: ESP/Transport 172.28.1.5[0]->41.221.20.110[0] spi=40327812(0x26 75a84) 19:28:32 ipsec,debug === 19:28:32 ipsec IPsec-SA established: ESP/Transport 41.221.20.110[0]->172.28.1.5[0] spi=48155402(0x2d ecb0a) 19:28:32 ipsec,debug === 19:28:32 ipsec,debug,packet such policy does not already exist: 172.28.1.5/32[0] 41.221.20.110/32[0] proto=udp dir=in 19:28:32 ipsec,debug,packet such policy does not already exist: 41.221.20.110/32[0] 172.28.1.5/32[0] proto=udp dir=out 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 19:28:33 l2tp,debug,packet (M) Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 19:28:33 l2tp,debug,packet (M) Host-Name="Edge01-493-Alger" 19:28:33 l2tp,debug,packet Vendor-Name="MikroTik" 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 [admin@Edge01-493-Alger] /ppp secret> - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 4:44 PM Subject: Re: [Mikrotik] IPSec for mobile iPhone IPsec is for Cisco (see logo). Use L2TP+IPsec (first choice on your mobile device) Regards 2012/8/22 Meftah Tayeb : thank you a lot ! is L2TP required? or IPSec can work alone ? - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 4:39 PM Subject: Re: [Mikrotik] IPSec for mobile Hi, this is that you need :-) # Server & Preshared (1234567abcdef) config /interface l2tp-server server set enabled=yes /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des,aes-256 \ lifetime=30m name=default pfs-group=modp1024 /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no \ dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=yes \ hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes port=500 secret=1234567abcdef send-initial-contact=yes # ADD Client (change user, psw, ips) /ppp secret add name=user password=12345 profile=default-encryption local-address=192.168.255.10 remote-address=192.1
Re: [Mikrotik] IPSec for mobile
For security reason L2TP isn't good. Ipsec + L2TP is the only way supported by iPhone (it ask you "security/secret" and not only password). You can also check this: http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP My post was for all device tested with : WindowsXP, 7, iPhone and Android! Check: "Do not forget to allow: - UDP 500 (Dst.Port), - UDP 1701, - UDP 4500 (Nat-Traversal) - and Protocol 50 (ESP) in the firewall filter settings. (Input chain, accept). " 2012/8/22 Meftah Tayeb : > question, sim > is l2tp itself alone good? > i think it's working only L2TP. > > - Original Message - From: "Sim" > To: "Mikrotik discussions" > Sent: Wednesday, August 22, 2012 9:41 PM > > Subject: Re: [Mikrotik] IPSec for mobile > > >> The config posted in precedent email is correct and work in my 3 Mikrotik. >> Have you opened/forwarded corrected port/proto? >> >> >> 2012/8/22 Meftah Tayeb : >>> >>> ok so >>> i did your suggestion but l2tp server not replying >>> log: >>> Telnet 172.28.2.1 >>> 19:28:32 ipsec,debug,packet encryption(aes) >>> 19:28:32 ipsec,debug,packet hmac(hmac_sha1) >>> 19:28:32 ipsec,debug,packet call pfkey_send_update_nat >>> 19:28:32 ipsec,debug,packet pfkey update sent. >>> 19:28:32 ipsec,debug,packet encryption(aes) >>> 19:28:32 ipsec,debug,packet hmac(hmac_sha1) >>> 19:28:32 ipsec,debug,packet call pfkey_send_add_nat >>> 19:28:32 ipsec,debug,packet pfkey add sent. >>> 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 >>> 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. >>> 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 >>> 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. >>> 19:28:32 ipsec IPsec-SA established: ESP/Transport >>> 172.28.1.5[0]->41.221.20.110[0] spi=40327812(0x26 >>> 75a84) >>> 19:28:32 ipsec,debug === >>> 19:28:32 ipsec IPsec-SA established: ESP/Transport >>> 41.221.20.110[0]->172.28.1.5[0] spi=48155402(0x2d >>> ecb0a) >>> 19:28:32 ipsec,debug === >>> 19:28:32 ipsec,debug,packet such policy does not already exist: >>> 172.28.1.5/32[0] 41.221.20.110/32[0] >>> proto=udp dir=in >>> 19:28:32 ipsec,debug,packet such policy does not already exist: >>> 41.221.20.110/32[0] 172.28.1.5/32[0] >>> proto=udp dir=out >>> 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 >>> 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 >>> 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ >>> 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 >>> 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 >>> 19:28:33 l2tp,debug,packet (M) >>> Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 >>> 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 >>> 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 >>> 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 >>> 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn >>> 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 >>> 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 >>> 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP >>> 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 >>> 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 >>> 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 >>> 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 >>> 19:28:33 l2tp,debug,packet (M) Host-Name="Edge01-493-Alger" >>> 19:28:33 l2tp,debug,packet Vendor-Name="MikroTik" >>> 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 >>> 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 >>> [admin@Edge01-493-Alger] /ppp secret> >>> >>> >>> - Original Message - From: "Sim" >>> To: "Mikrotik discussions" >>> Sent: Wednesday, August 22, 2012 4:44 PM >>> >>> Subject: Re: [Mikrotik] IPSec for mobile >>> >>> iPhone IPsec is for Cisco (see logo). Use L2TP+IPsec (first choice on your mobile device) Regards 2012/8/22 Meftah Tayeb : > > > thank you a lot ! > is L2TP required? > or IPSec can work alone ? > > - Original Message - From: "Sim" > To: "Mikrotik discussions" > Sent: Wednesday, August 22, 2012 4:39 PM > Subject: Re: [Mikrotik] IPSec for mobile > > > >> Hi, this is that you need :-) >> >> # Server & Preshared (1234567abcdef) config >> /interface l2tp-server server set enabled=yes >> >> /ip ipsec proposal >> set [ find default=yes ] auth-algorithms=sha1 disabled=no >> enc-algorithms=3des,aes-256 \ >> lifetime=30m name=default pfs-group=modp1024 >> >> /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key >> dh-group=modp1024 disabled=no \ >> dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des >> exchange-mode=main-l2tp generate-policy=yes \ >> hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes >> port=500 secret=1234567abcdef send-in
Re: [Mikrotik] IPSec for mobile
question, sim is l2tp itself alone good? i think it's working only L2TP. - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 9:41 PM Subject: Re: [Mikrotik] IPSec for mobile The config posted in precedent email is correct and work in my 3 Mikrotik. Have you opened/forwarded corrected port/proto? 2012/8/22 Meftah Tayeb : ok so i did your suggestion but l2tp server not replying log: Telnet 172.28.2.1 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_update_nat 19:28:32 ipsec,debug,packet pfkey update sent. 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_add_nat 19:28:32 ipsec,debug,packet pfkey add sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. 19:28:32 ipsec IPsec-SA established: ESP/Transport 172.28.1.5[0]->41.221.20.110[0] spi=40327812(0x26 75a84) 19:28:32 ipsec,debug === 19:28:32 ipsec IPsec-SA established: ESP/Transport 41.221.20.110[0]->172.28.1.5[0] spi=48155402(0x2d ecb0a) 19:28:32 ipsec,debug === 19:28:32 ipsec,debug,packet such policy does not already exist: 172.28.1.5/32[0] 41.221.20.110/32[0] proto=udp dir=in 19:28:32 ipsec,debug,packet such policy does not already exist: 41.221.20.110/32[0] 172.28.1.5/32[0] proto=udp dir=out 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 19:28:33 l2tp,debug,packet (M) Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 19:28:33 l2tp,debug,packet (M) Host-Name="Edge01-493-Alger" 19:28:33 l2tp,debug,packet Vendor-Name="MikroTik" 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 [admin@Edge01-493-Alger] /ppp secret> - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 4:44 PM Subject: Re: [Mikrotik] IPSec for mobile iPhone IPsec is for Cisco (see logo). Use L2TP+IPsec (first choice on your mobile device) Regards 2012/8/22 Meftah Tayeb : thank you a lot ! is L2TP required? or IPSec can work alone ? - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 4:39 PM Subject: Re: [Mikrotik] IPSec for mobile Hi, this is that you need :-) # Server & Preshared (1234567abcdef) config /interface l2tp-server server set enabled=yes /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des,aes-256 \ lifetime=30m name=default pfs-group=modp1024 /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no \ dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=yes \ hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes port=500 secret=1234567abcdef send-initial-contact=yes # ADD Client (change user, psw, ips) /ppp secret add name=user password=12345 profile=default-encryption local-address=192.168.255.10 remote-address=192.168.255.254 service=l2tp # Debug /system logging add action=memory topics=l2tp /system logging add action=memory topics=ipsec Regards 2012/8/22 Meftah Tayeb : hello folks i'm traveling these days and i'lle love to be in my home network i have a iPhone4S i want to do IPSec or L2TP (no pptp) into my rb493G any idea please? IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/m
Re: [Mikrotik] IPSec for mobile
The config posted in precedent email is correct and work in my 3 Mikrotik. Have you opened/forwarded corrected port/proto? 2012/8/22 Meftah Tayeb : > ok so > i did your suggestion but l2tp server not replying > log: > Telnet 172.28.2.1 > 19:28:32 ipsec,debug,packet encryption(aes) > 19:28:32 ipsec,debug,packet hmac(hmac_sha1) > 19:28:32 ipsec,debug,packet call pfkey_send_update_nat > 19:28:32 ipsec,debug,packet pfkey update sent. > 19:28:32 ipsec,debug,packet encryption(aes) > 19:28:32 ipsec,debug,packet hmac(hmac_sha1) > 19:28:32 ipsec,debug,packet call pfkey_send_add_nat > 19:28:32 ipsec,debug,packet pfkey add sent. > 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 > 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. > 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 > 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. > 19:28:32 ipsec IPsec-SA established: ESP/Transport > 172.28.1.5[0]->41.221.20.110[0] spi=40327812(0x26 > 75a84) > 19:28:32 ipsec,debug === > 19:28:32 ipsec IPsec-SA established: ESP/Transport > 41.221.20.110[0]->172.28.1.5[0] spi=48155402(0x2d > ecb0a) > 19:28:32 ipsec,debug === > 19:28:32 ipsec,debug,packet such policy does not already exist: > 172.28.1.5/32[0] 41.221.20.110/32[0] > proto=udp dir=in > 19:28:32 ipsec,debug,packet such policy does not already exist: > 41.221.20.110/32[0] 172.28.1.5/32[0] > proto=udp dir=out > 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 > 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 > 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ > 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 > 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 > 19:28:33 l2tp,debug,packet (M) > Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 > 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 > 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 > 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 > 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn > 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 > 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 > 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP > 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 > 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 > 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 > 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 > 19:28:33 l2tp,debug,packet (M) Host-Name="Edge01-493-Alger" > 19:28:33 l2tp,debug,packet Vendor-Name="MikroTik" > 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 > 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 > [admin@Edge01-493-Alger] /ppp secret> > > > - Original Message - From: "Sim" > To: "Mikrotik discussions" > Sent: Wednesday, August 22, 2012 4:44 PM > > Subject: Re: [Mikrotik] IPSec for mobile > > >> iPhone IPsec is for Cisco (see logo). >> >> Use L2TP+IPsec (first choice on your mobile device) >> >> Regards >> >> 2012/8/22 Meftah Tayeb : >>> >>> thank you a lot ! >>> is L2TP required? >>> or IPSec can work alone ? >>> >>> - Original Message - From: "Sim" >>> To: "Mikrotik discussions" >>> Sent: Wednesday, August 22, 2012 4:39 PM >>> Subject: Re: [Mikrotik] IPSec for mobile >>> >>> >>> Hi, this is that you need :-) # Server & Preshared (1234567abcdef) config /interface l2tp-server server set enabled=yes /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des,aes-256 \ lifetime=30m name=default pfs-group=modp1024 /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no \ dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=yes \ hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes port=500 secret=1234567abcdef send-initial-contact=yes # ADD Client (change user, psw, ips) /ppp secret add name=user password=12345 profile=default-encryption local-address=192.168.255.10 remote-address=192.168.255.254 service=l2tp # Debug /system logging add action=memory topics=l2tp /system logging add action=memory topics=ipsec Regards 2012/8/22 Meftah Tayeb : > > > hello folks > i'm traveling these days and i'lle love to be in my home network > i have a iPhone4S > i want to do IPSec or L2TP (no pptp) into my rb493G > any idea please? > IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. > thank you >Meftah Tayeb > IT Consulting > http://www.tmvoip.com/ phone: +21321656139 > Mobile: +213660347746 > > __ Information from ESET NOD32 Antivirus, version of virus > signature > database 7404 (20120821) __ > > The message
Re: [Mikrotik] IPSec for mobile
ok so i did your suggestion but l2tp server not replying log: Telnet 172.28.2.1 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_update_nat 19:28:32 ipsec,debug,packet pfkey update sent. 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_add_nat 19:28:32 ipsec,debug,packet pfkey add sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. 19:28:32 ipsec IPsec-SA established: ESP/Transport 172.28.1.5[0]->41.221.20.110[0] spi=40327812(0x26 75a84) 19:28:32 ipsec,debug === 19:28:32 ipsec IPsec-SA established: ESP/Transport 41.221.20.110[0]->172.28.1.5[0] spi=48155402(0x2d ecb0a) 19:28:32 ipsec,debug === 19:28:32 ipsec,debug,packet such policy does not already exist: 172.28.1.5/32[0] 41.221.20.110/32[0] proto=udp dir=in 19:28:32 ipsec,debug,packet such policy does not already exist: 41.221.20.110/32[0] 172.28.1.5/32[0] proto=udp dir=out 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 19:28:33 l2tp,debug,packet (M) Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 19:28:33 l2tp,debug,packet (M) Host-Name="Edge01-493-Alger" 19:28:33 l2tp,debug,packet Vendor-Name="MikroTik" 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 [admin@Edge01-493-Alger] /ppp secret> - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 4:44 PM Subject: Re: [Mikrotik] IPSec for mobile iPhone IPsec is for Cisco (see logo). Use L2TP+IPsec (first choice on your mobile device) Regards 2012/8/22 Meftah Tayeb : thank you a lot ! is L2TP required? or IPSec can work alone ? - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 4:39 PM Subject: Re: [Mikrotik] IPSec for mobile Hi, this is that you need :-) # Server & Preshared (1234567abcdef) config /interface l2tp-server server set enabled=yes /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des,aes-256 \ lifetime=30m name=default pfs-group=modp1024 /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no \ dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=yes \ hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes port=500 secret=1234567abcdef send-initial-contact=yes # ADD Client (change user, psw, ips) /ppp secret add name=user password=12345 profile=default-encryption local-address=192.168.255.10 remote-address=192.168.255.254 service=l2tp # Debug /system logging add action=memory topics=l2tp /system logging add action=memory topics=ipsec Regards 2012/8/22 Meftah Tayeb : hello folks i'm traveling these days and i'lle love to be in my home network i have a iPhone4S i want to do IPSec or L2TP (no pptp) into my rb493G any idea please? IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, vers
Re: [Mikrotik] IPSec for mobile
You can use "send all traffic" over iPhone or use the same internal IPs (with proxyarp) 2012/8/22 Ty Featherling : > How are the IP addresses at the end siginificant. That is the part I can't > wrap my head around with tunnels. I get the it will assign IPs to the > endpoints on the tunnel but are they just arbitrary, non-routable > addresses? Is the iPhone in this case going to find itself attached to this > router but with a 192.168.255.254 address? Do you then need to src.nat your > way out into the world beyond? > > -Ty > > On Wed, Aug 22, 2012 at 8:39 AM, Sim wrote: > >> Hi, this is that you need :-) >> >> # Server & Preshared (1234567abcdef) config >> /interface l2tp-server server set enabled=yes >> >> /ip ipsec proposal >> set [ find default=yes ] auth-algorithms=sha1 disabled=no >> enc-algorithms=3des,aes-256 \ >> lifetime=30m name=default pfs-group=modp1024 >> >> /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key >> dh-group=modp1024 disabled=no \ >> dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des >> exchange-mode=main-l2tp generate-policy=yes \ >> hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes >> port=500 secret=1234567abcdef send-initial-contact=yes >> >> # ADD Client (change user, psw, ips) >> /ppp secret add name=user password=12345 profile=default-encryption >> local-address=192.168.255.10 remote-address=192.168.255.254 >> service=l2tp >> >> >> # Debug >> /system logging add action=memory topics=l2tp >> /system logging add action=memory topics=ipsec >> >> >> Regards >> >> >> 2012/8/22 Meftah Tayeb : >> > hello folks >> > i'm traveling these days and i'lle love to be in my home network >> > i have a iPhone4S >> > i want to do IPSec or L2TP (no pptp) into my rb493G >> > any idea please? >> > IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. >> > thank you >> >Meftah Tayeb >> > IT Consulting >> > http://www.tmvoip.com/ phone: +21321656139 >> > Mobile: +213660347746 >> > >> > __ Information from ESET NOD32 Antivirus, version of virus >> signature >> > database 7404 (20120821) __ >> > >> > The message was checked by ESET NOD32 Antivirus. >> > >> > http://www.eset.com >> > >> > >> > >> > ___ >> > Mikrotik mailing list >> > Mikrotik@mail.butchevans.com >> > http://www.butchevans.com/mailman/listinfo/mikrotik >> > >> > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> ___ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> > -- next part -- > An HTML attachment was scrubbed... > URL: > <http://www.butchevans.com/pipermail/mikrotik/attachments/20120822/cf027b6d/attachment.html> > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] IPSec for mobile
How are the IP addresses at the end siginificant. That is the part I can't wrap my head around with tunnels. I get the it will assign IPs to the endpoints on the tunnel but are they just arbitrary, non-routable addresses? Is the iPhone in this case going to find itself attached to this router but with a 192.168.255.254 address? Do you then need to src.nat your way out into the world beyond? -Ty On Wed, Aug 22, 2012 at 8:39 AM, Sim wrote: > Hi, this is that you need :-) > > # Server & Preshared (1234567abcdef) config > /interface l2tp-server server set enabled=yes > > /ip ipsec proposal > set [ find default=yes ] auth-algorithms=sha1 disabled=no > enc-algorithms=3des,aes-256 \ > lifetime=30m name=default pfs-group=modp1024 > > /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key > dh-group=modp1024 disabled=no \ > dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des > exchange-mode=main-l2tp generate-policy=yes \ > hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes > port=500 secret=1234567abcdef send-initial-contact=yes > > # ADD Client (change user, psw, ips) > /ppp secret add name=user password=12345 profile=default-encryption > local-address=192.168.255.10 remote-address=192.168.255.254 > service=l2tp > > > # Debug > /system logging add action=memory topics=l2tp > /system logging add action=memory topics=ipsec > > > Regards > > > 2012/8/22 Meftah Tayeb : > > hello folks > > i'm traveling these days and i'lle love to be in my home network > > i have a iPhone4S > > i want to do IPSec or L2TP (no pptp) into my rb493G > > any idea please? > > IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. > > thank you > >Meftah Tayeb > > IT Consulting > > http://www.tmvoip.com/ phone: +21321656139 > > Mobile: +213660347746 > > > > __ Information from ESET NOD32 Antivirus, version of virus > signature > > database 7404 (20120821) __ > > > > The message was checked by ESET NOD32 Antivirus. > > > > http://www.eset.com > > > > > > > > ___ > > Mikrotik mailing list > > Mikrotik@mail.butchevans.com > > http://www.butchevans.com/mailman/listinfo/mikrotik > > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -- next part -- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20120822/cf027b6d/attachment.html> ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] IPSec for mobile
thank you DUDE, shortly! - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 4:44 PM Subject: Re: [Mikrotik] IPSec for mobile iPhone IPsec is for Cisco (see logo). Use L2TP+IPsec (first choice on your mobile device) Regards 2012/8/22 Meftah Tayeb : thank you a lot ! is L2TP required? or IPSec can work alone ? - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 4:39 PM Subject: Re: [Mikrotik] IPSec for mobile Hi, this is that you need :-) # Server & Preshared (1234567abcdef) config /interface l2tp-server server set enabled=yes /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des,aes-256 \ lifetime=30m name=default pfs-group=modp1024 /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no \ dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=yes \ hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes port=500 secret=1234567abcdef send-initial-contact=yes # ADD Client (change user, psw, ips) /ppp secret add name=user password=12345 profile=default-encryption local-address=192.168.255.10 remote-address=192.168.255.254 service=l2tp # Debug /system logging add action=memory topics=l2tp /system logging add action=memory topics=ipsec Regards 2012/8/22 Meftah Tayeb : hello folks i'm traveling these days and i'lle love to be in my home network i have a iPhone4S i want to do IPSec or L2TP (no pptp) into my rb493G any idea please? IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] IPSec for mobile
iPhone IPsec is for Cisco (see logo). Use L2TP+IPsec (first choice on your mobile device) Regards 2012/8/22 Meftah Tayeb : > thank you a lot ! > is L2TP required? > or IPSec can work alone ? > > - Original Message - From: "Sim" > To: "Mikrotik discussions" > Sent: Wednesday, August 22, 2012 4:39 PM > Subject: Re: [Mikrotik] IPSec for mobile > > > >> Hi, this is that you need :-) >> >> # Server & Preshared (1234567abcdef) config >> /interface l2tp-server server set enabled=yes >> >> /ip ipsec proposal >> set [ find default=yes ] auth-algorithms=sha1 disabled=no >> enc-algorithms=3des,aes-256 \ >> lifetime=30m name=default pfs-group=modp1024 >> >> /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key >> dh-group=modp1024 disabled=no \ >> dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des >> exchange-mode=main-l2tp generate-policy=yes \ >> hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes >> port=500 secret=1234567abcdef send-initial-contact=yes >> >> # ADD Client (change user, psw, ips) >> /ppp secret add name=user password=12345 profile=default-encryption >> local-address=192.168.255.10 remote-address=192.168.255.254 >> service=l2tp >> >> >> # Debug >> /system logging add action=memory topics=l2tp >> /system logging add action=memory topics=ipsec >> >> >> Regards >> >> >> 2012/8/22 Meftah Tayeb : >>> >>> hello folks >>> i'm traveling these days and i'lle love to be in my home network >>> i have a iPhone4S >>> i want to do IPSec or L2TP (no pptp) into my rb493G >>> any idea please? >>> IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. >>> thank you >>>Meftah Tayeb >>> IT Consulting >>> http://www.tmvoip.com/ phone: +21321656139 >>> Mobile: +213660347746 >>> >>> __ Information from ESET NOD32 Antivirus, version of virus >>> signature >>> database 7404 (20120821) __ >>> >>> The message was checked by ESET NOD32 Antivirus. >>> >>> http://www.eset.com >>> >>> >>> >>> ___ >>> Mikrotik mailing list >>> Mikrotik@mail.butchevans.com >>> http://www.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >> >> ___ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> >> >> __ Information from ESET NOD32 Antivirus, version of virus >> signature database 7404 (20120821) __ >> >> The message was checked by ESET NOD32 Antivirus. >> >> http://www.eset.com >> >> >> > > > __ Information from ESET NOD32 Antivirus, version of virus signature > database 7404 (20120821) __ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] IPSec for mobile
thank you a lot ! is L2TP required? or IPSec can work alone ? - Original Message - From: "Sim" To: "Mikrotik discussions" Sent: Wednesday, August 22, 2012 4:39 PM Subject: Re: [Mikrotik] IPSec for mobile Hi, this is that you need :-) # Server & Preshared (1234567abcdef) config /interface l2tp-server server set enabled=yes /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des,aes-256 \ lifetime=30m name=default pfs-group=modp1024 /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no \ dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=yes \ hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes port=500 secret=1234567abcdef send-initial-contact=yes # ADD Client (change user, psw, ips) /ppp secret add name=user password=12345 profile=default-encryption local-address=192.168.255.10 remote-address=192.168.255.254 service=l2tp # Debug /system logging add action=memory topics=l2tp /system logging add action=memory topics=ipsec Regards 2012/8/22 Meftah Tayeb : hello folks i'm traveling these days and i'lle love to be in my home network i have a iPhone4S i want to do IPSec or L2TP (no pptp) into my rb493G any idea please? IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] IPSec for mobile
Hi, this is that you need :-) # Server & Preshared (1234567abcdef) config /interface l2tp-server server set enabled=yes /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des,aes-256 \ lifetime=30m name=default pfs-group=modp1024 /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no \ dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=yes \ hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes port=500 secret=1234567abcdef send-initial-contact=yes # ADD Client (change user, psw, ips) /ppp secret add name=user password=12345 profile=default-encryption local-address=192.168.255.10 remote-address=192.168.255.254 service=l2tp # Debug /system logging add action=memory topics=l2tp /system logging add action=memory topics=ipsec Regards 2012/8/22 Meftah Tayeb : > hello folks > i'm traveling these days and i'lle love to be in my home network > i have a iPhone4S > i want to do IPSec or L2TP (no pptp) into my rb493G > any idea please? > IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. > thank you >Meftah Tayeb > IT Consulting > http://www.tmvoip.com/ phone: +21321656139 > Mobile: +213660347746 > > __ Information from ESET NOD32 Antivirus, version of virus signature > database 7404 (20120821) __ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
[Mikrotik] IPSec for mobile
hello folks i'm traveling these days and i'lle love to be in my home network i have a iPhone4S i want to do IPSec or L2TP (no pptp) into my rb493G any idea please? IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS