Re: [Mikrotik] Multiple Default Routes
Correct i seen. - Original Message - From: Rory McCann rmm.li...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Monday, November 19, 2012 6:48 PM Subject: [Mikrotik] Multiple Default Routes Hey guys, I've got two internet connections - one is significantly slower than the other and is on the far side of my network. It is primarily used for failover if the wireless link fails. I would like to use this connection as a backup internet connection when my primary goes down, however I only want internet traffic routed to this internet connection if the primary is down. I don't want to load-balance or anything like that, just failover. Am I correct in my assumption that if I just make sure the slower connection has a higher distance, it will only use it when the primary is unavailable? Right now I have it set with simply a distance of 1 for my primary and 2 for the secondary. -- Rory McCann Minn-Kota Ag Products P: 701-403-4877 | E: r...@mkap.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
[Mikrotik] Dual default route load balancing
Hey, please can someone show me how can i load balance bethwan 2 internet connections ? they are one static and one PPPOE. i want to have 2 default route, not marking 2 diferent subnet for diferent route. thank Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] strange traceroute?
is all that the same ISP ? - Original Message - From: Damai damai7...@yahoo.com.sg To: mikrotik@mail.butchevans.com Sent: Tuesday, November 13, 2012 5:17 PM Subject: [Mikrotik] strange traceroute? Hi All, I have one main mikrotik router, connect to 4 router which each of them connected to a cable modem. All from one same ISP. For any IP/network range, I can select to going out from which cable modem. So one time my computer going out to internet from ModemA, tomorrow from ModemB, etc, by changing the routing rule/gateway at the main mikrotik router. When routing out from any cable modem, the traceroute should look like this: C:\Users\USERtracert www.yahoo.com Tracing route to ds-any-fp3-real.wa1.b.yahoo.com [72.30.38.140] over a maximum of 30 hops: 11 ms1 ms1 ms 192.168.0.xx 21 ms1 ms1 ms 192.168.xx.yy 3 8 ms14 ms 8 ms 10.75.xx.yy 416 ms20 ms18 ms be4-cg03-pe03.xxx [202.73.xx.yy] 516 ms15 ms23 ms be4-cg03-pe03.xxx [202.73.xx.yy] 626 ms23 ms35 ms fm-dyn-xxx-xx-xxx-xx.xxx [111.95.xxx.xx] 739 ms68 ms64 ms 203.208.192.xx 837 ms64 ms28 ms 203.208.153.xx 923 ms28 ms28 ms 203.208.166.197 10 226 ms 221 ms 230 ms so-2-0-0-0.plapx-cr2.ix.singtel.com [203.208.149 .182] 11 215 ms 219 ms 206 ms 203.208.171.238 12 221 ms 222 ms 194 ms 203.208.168.246 13 216 ms 205 ms 218 ms ae-1-d151.msr2.sp1.yahoo.com [216.115.107.79] 14 231 ms 195 ms 208 ms et-17-25.fab2-1-gdc.sp2.yahoo.com [98.136.16.23] 15 216 ms 226 ms 217 ms po-13.bas2-3-prd.sp2.yahoo.com [76.13.244.21] 16 224 ms 285 ms 240 ms ir1.fp.vip.sp2.yahoo.com [72.30.38.140] Trace complete. But when routing out from Modem4, the traceroute is very strange, just like this: C:\Users\USERtracert www.yahoo.com Tracing route to ds-any-fp3-real.wa1.b.yahoo.com [72.30.38.140] over a maximum of 30 hops: 11 ms1 ms1 ms 192.168.0.88 2 226 ms 287 ms 253 ms ir1.fp.vip.sp2.yahoo.com [72.30.38.140] Trace complete. What is the problem that cause this very short traceroute? Please help. Thanks. Anto ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
[Mikrotik] MPLS LDP label for default route
Hello, i have a MPLS backbone using RouterOs if i label default route in one of my Edges, any host in other edge's cant get the internet but can go anywhere else in my backbone any clue ? thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
[Mikrotik] Multicast Auto-RP
hello, can anyone tel me how to auto anounce rp capability automaticaly to all my participating router's ? thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Identifying high Packets Per Second connections
Sh, Sh; torsh, Josh ;) - Original Message - From: Ty Featherling tyfeatherl...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Tuesday, October 16, 2012 12:04 AM Subject: Re: [Mikrotik] Identifying high Packets Per Second connections TORCH! Why did I forget torch? Thanks Josh! -Ty On Mon, Oct 15, 2012 at 3:59 PM, Josh Luthman j...@imaginenetworksllc.comwrote: Torch would be super easy... Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Oct 15, 2012 at 4:57 PM, Ty Featherling tyfeatherl...@gmail.com wrote: I have a Ubiquiti AP that isn't performing as I would expect it to. Comparing it to another AP of the same type and customer count I noticed that this AP has as high of a packets/second count at 5Mbps as the other does at 10Mbps. That got me to wondering what was the source of those high packets/second. Is there any way using RouterOS to monitor or otherwise find the packets/second per connection or source address? Thanks, Ty -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20121015/723eb5c0/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20121015/5b150dcd/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20121015/b66ca4e6/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] RouterOS v6
i think we should have ButchOs soon. - Original Message - From: Butch Evans but...@butchevans.com To: 'Mikrotik discussions' mikrotik@mail.butchevans.com Cc: memb...@wispa.org; a...@afmug.com Sent: Monday, October 01, 2012 7:18 PM Subject: [Mikrotik] RouterOS v6 For anyone using my existing QOS script for RouterOS, DO NOT UPGRADE to routerOS v6. I am working on a script that will run on that version, but the changes in the global queues and how traffic is handled makes that version of ROS run very poorly with the script. I expect to have a fix in place soon, but wanted to warn those who are testing the RC version that performance will be poor or inconsistent at best with the scripts installed. -- * Butch Evans* Professional Network Consultation * * http://www.butchevans.com/ * Network Engineering * * http://store.wispgear.net/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE!* * NOTE THE NEW PHONE NUMBER: 702-537-0979 * ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Just a quick opinion needed...
no issue with it if you want wireless get smaller rb751 better - Original Message - From: Eric Tykwinski eric-l...@truenet.com To: mikrotik@mail.butchevans.com Sent: Tuesday, September 11, 2012 11:06 PM Subject: [Mikrotik] Just a quick opinion needed... Any suggestions for a small MT at my house to lab out some network gear? I'm looking at the RB2011L, which seems pretty decent for the price. Any words of caution, or will this be a good fit? ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
[Mikrotik] IPSec for mobile
hello folks i'm traveling these days and i'lle love to be in my home network i have a iPhone4S i want to do IPSec or L2TP (no pptp) into my rb493G any idea please? IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] IPSec for mobile
thank you DUDE, shortly! - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 4:44 PM Subject: Re: [Mikrotik] IPSec for mobile iPhone IPsec is for Cisco (see logo). Use L2TP+IPsec (first choice on your mobile device) Regards 2012/8/22 Meftah Tayeb tayeb.mef...@gmail.com: thank you a lot ! is L2TP required? or IPSec can work alone ? - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 4:39 PM Subject: Re: [Mikrotik] IPSec for mobile Hi, this is that you need :-) # Server Preshared (1234567abcdef) config /interface l2tp-server server set enabled=yes /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des,aes-256 \ lifetime=30m name=default pfs-group=modp1024 /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no \ dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=yes \ hash-algorithm=sha1 lifetime=1d my-id-user-fqdn= nat-traversal=yes port=500 secret=1234567abcdef send-initial-contact=yes # ADD Client (change user, psw, ips) /ppp secret add name=user password=12345 profile=default-encryption local-address=192.168.255.10 remote-address=192.168.255.254 service=l2tp # Debug /system logging add action=memory topics=l2tp /system logging add action=memory topics=ipsec Regards 2012/8/22 Meftah Tayeb tayeb.mef...@gmail.com: hello folks i'm traveling these days and i'lle love to be in my home network i have a iPhone4S i want to do IPSec or L2TP (no pptp) into my rb493G any idea please? IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] IPSec for mobile
ok so i did your suggestion but l2tp server not replying log: Telnet 172.28.2.1 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_update_nat 19:28:32 ipsec,debug,packet pfkey update sent. 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_add_nat 19:28:32 ipsec,debug,packet pfkey add sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. 19:28:32 ipsec IPsec-SA established: ESP/Transport 172.28.1.5[0]-41.221.20.110[0] spi=40327812(0x26 75a84) 19:28:32 ipsec,debug === 19:28:32 ipsec IPsec-SA established: ESP/Transport 41.221.20.110[0]-172.28.1.5[0] spi=48155402(0x2d ecb0a) 19:28:32 ipsec,debug === 19:28:32 ipsec,debug,packet such policy does not already exist: 172.28.1.5/32[0] 41.221.20.110/32[0] proto=udp dir=in 19:28:32 ipsec,debug,packet such policy does not already exist: 41.221.20.110/32[0] 172.28.1.5/32[0] proto=udp dir=out 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 19:28:33 l2tp,debug,packet (M) Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 19:28:33 l2tp,debug,packet (M) Host-Name=Edge01-493-Alger 19:28:33 l2tp,debug,packet Vendor-Name=MikroTik 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 [admin@Edge01-493-Alger] /ppp secret - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 4:44 PM Subject: Re: [Mikrotik] IPSec for mobile iPhone IPsec is for Cisco (see logo). Use L2TP+IPsec (first choice on your mobile device) Regards 2012/8/22 Meftah Tayeb tayeb.mef...@gmail.com: thank you a lot ! is L2TP required? or IPSec can work alone ? - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 4:39 PM Subject: Re: [Mikrotik] IPSec for mobile Hi, this is that you need :-) # Server Preshared (1234567abcdef) config /interface l2tp-server server set enabled=yes /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des,aes-256 \ lifetime=30m name=default pfs-group=modp1024 /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no \ dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=yes \ hash-algorithm=sha1 lifetime=1d my-id-user-fqdn= nat-traversal=yes port=500 secret=1234567abcdef send-initial-contact=yes # ADD Client (change user, psw, ips) /ppp secret add name=user password=12345 profile=default-encryption local-address=192.168.255.10 remote-address=192.168.255.254 service=l2tp # Debug /system logging add action=memory topics=l2tp /system logging add action=memory topics=ipsec Regards 2012/8/22 Meftah Tayeb tayeb.mef...@gmail.com: hello folks i'm traveling these days and i'lle love to be in my home network i have a iPhone4S i want to do IPSec or L2TP (no pptp) into my rb493G any idea please? IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http
Re: [Mikrotik] IPSec for mobile
question, sim is l2tp itself alone good? i think it's working only L2TP. - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 9:41 PM Subject: Re: [Mikrotik] IPSec for mobile The config posted in precedent email is correct and work in my 3 Mikrotik. Have you opened/forwarded corrected port/proto? 2012/8/22 Meftah Tayeb tayeb.mef...@gmail.com: ok so i did your suggestion but l2tp server not replying log: Telnet 172.28.2.1 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_update_nat 19:28:32 ipsec,debug,packet pfkey update sent. 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_add_nat 19:28:32 ipsec,debug,packet pfkey add sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. 19:28:32 ipsec IPsec-SA established: ESP/Transport 172.28.1.5[0]-41.221.20.110[0] spi=40327812(0x26 75a84) 19:28:32 ipsec,debug === 19:28:32 ipsec IPsec-SA established: ESP/Transport 41.221.20.110[0]-172.28.1.5[0] spi=48155402(0x2d ecb0a) 19:28:32 ipsec,debug === 19:28:32 ipsec,debug,packet such policy does not already exist: 172.28.1.5/32[0] 41.221.20.110/32[0] proto=udp dir=in 19:28:32 ipsec,debug,packet such policy does not already exist: 41.221.20.110/32[0] 172.28.1.5/32[0] proto=udp dir=out 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 19:28:33 l2tp,debug,packet (M) Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 19:28:33 l2tp,debug,packet (M) Host-Name=Edge01-493-Alger 19:28:33 l2tp,debug,packet Vendor-Name=MikroTik 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 [admin@Edge01-493-Alger] /ppp secret - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 4:44 PM Subject: Re: [Mikrotik] IPSec for mobile iPhone IPsec is for Cisco (see logo). Use L2TP+IPsec (first choice on your mobile device) Regards 2012/8/22 Meftah Tayeb tayeb.mef...@gmail.com: thank you a lot ! is L2TP required? or IPSec can work alone ? - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 4:39 PM Subject: Re: [Mikrotik] IPSec for mobile Hi, this is that you need :-) # Server Preshared (1234567abcdef) config /interface l2tp-server server set enabled=yes /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des,aes-256 \ lifetime=30m name=default pfs-group=modp1024 /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no \ dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=yes \ hash-algorithm=sha1 lifetime=1d my-id-user-fqdn= nat-traversal=yes port=500 secret=1234567abcdef send-initial-contact=yes # ADD Client (change user, psw, ips) /ppp secret add name=user password=12345 profile=default-encryption local-address=192.168.255.10 remote-address=192.168.255.254 service=l2tp # Debug /system logging add action=memory topics=l2tp /system logging add action=memory topics=ipsec Regards 2012/8/22 Meftah Tayeb tayeb.mef...@gmail.com: hello folks i'm traveling these days and i'lle love to be in my home network i have a iPhone4S i want to do IPSec or L2TP (no pptp) into my rb493G any idea please? IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET
Re: [Mikrotik] IPSec for mobile
DUDE, you rocks i'm connected to my VPN! but, but; evean in a local network... i have latency of 130MS! :P anyway how can i reduce it please? thank you - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 9:50 PM Subject: Re: [Mikrotik] IPSec for mobile For security reason L2TP isn't good. Ipsec + L2TP is the only way supported by iPhone (it ask you security/secret and not only password). You can also check this: http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP My post was for all device tested with : WindowsXP, 7, iPhone and Android! Check: Do not forget to allow: - UDP 500 (Dst.Port), - UDP 1701, - UDP 4500 (Nat-Traversal) - and Protocol 50 (ESP) in the firewall filter settings. (Input chain, accept). 2012/8/22 Meftah Tayeb tayeb.mef...@gmail.com: question, sim is l2tp itself alone good? i think it's working only L2TP. - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 9:41 PM Subject: Re: [Mikrotik] IPSec for mobile The config posted in precedent email is correct and work in my 3 Mikrotik. Have you opened/forwarded corrected port/proto? 2012/8/22 Meftah Tayeb tayeb.mef...@gmail.com: ok so i did your suggestion but l2tp server not replying log: Telnet 172.28.2.1 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_update_nat 19:28:32 ipsec,debug,packet pfkey update sent. 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_add_nat 19:28:32 ipsec,debug,packet pfkey add sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. 19:28:32 ipsec IPsec-SA established: ESP/Transport 172.28.1.5[0]-41.221.20.110[0] spi=40327812(0x26 75a84) 19:28:32 ipsec,debug === 19:28:32 ipsec IPsec-SA established: ESP/Transport 41.221.20.110[0]-172.28.1.5[0] spi=48155402(0x2d ecb0a) 19:28:32 ipsec,debug === 19:28:32 ipsec,debug,packet such policy does not already exist: 172.28.1.5/32[0] 41.221.20.110/32[0] proto=udp dir=in 19:28:32 ipsec,debug,packet such policy does not already exist: 41.221.20.110/32[0] 172.28.1.5/32[0] proto=udp dir=out 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 19:28:33 l2tp,debug,packet (M) Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 19:28:33 l2tp,debug,packet (M) Host-Name=Edge01-493-Alger 19:28:33 l2tp,debug,packet Vendor-Name=MikroTik 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 [admin@Edge01-493-Alger] /ppp secret - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 4:44 PM Subject: Re: [Mikrotik] IPSec for mobile iPhone IPsec is for Cisco (see logo). Use L2TP+IPsec (first choice on your mobile device) Regards 2012/8/22 Meftah Tayeb tayeb.mef...@gmail.com: thank you a lot ! is L2TP required? or IPSec can work alone ? - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 4:39 PM Subject: Re: [Mikrotik] IPSec for mobile Hi, this is that you need :-) # Server Preshared (1234567abcdef) config /interface l2tp-server server set enabled=yes /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des,aes-256 \ lifetime=30m name=default pfs-group=modp1024 /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no \ dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=yes \ hash-algorithm=sha1 lifetime=1d my-id-user-fqdn= nat
Re: [Mikrotik] IPSec for mobile
DUDE, local! *LOCAL* BACKBONE! is my own routers i'm simulating it here befaure i travel but latency is very HIGH :-P - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 9:55 PM Subject: Re: [Mikrotik] IPSec for mobile Reduce lacency? Contact your 3G/WiFi/Provider ;- Bye! 2012/8/22 Meftah Tayeb tayeb.mef...@gmail.com: DUDE, you rocks i'm connected to my VPN! but, but; evean in a local network... i have latency of 130MS! :P anyway how can i reduce it please? thank you - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 9:50 PM Subject: Re: [Mikrotik] IPSec for mobile For security reason L2TP isn't good. Ipsec + L2TP is the only way supported by iPhone (it ask you security/secret and not only password). You can also check this: http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP My post was for all device tested with : WindowsXP, 7, iPhone and Android! Check: Do not forget to allow: - UDP 500 (Dst.Port), - UDP 1701, - UDP 4500 (Nat-Traversal) - and Protocol 50 (ESP) in the firewall filter settings. (Input chain, accept). 2012/8/22 Meftah Tayeb tayeb.mef...@gmail.com: question, sim is l2tp itself alone good? i think it's working only L2TP. - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 9:41 PM Subject: Re: [Mikrotik] IPSec for mobile The config posted in precedent email is correct and work in my 3 Mikrotik. Have you opened/forwarded corrected port/proto? 2012/8/22 Meftah Tayeb tayeb.mef...@gmail.com: ok so i did your suggestion but l2tp server not replying log: Telnet 172.28.2.1 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_update_nat 19:28:32 ipsec,debug,packet pfkey update sent. 19:28:32 ipsec,debug,packet encryption(aes) 19:28:32 ipsec,debug,packet hmac(hmac_sha1) 19:28:32 ipsec,debug,packet call pfkey_send_add_nat 19:28:32 ipsec,debug,packet pfkey add sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. 19:28:32 ipsec IPsec-SA established: ESP/Transport 172.28.1.5[0]-41.221.20.110[0] spi=40327812(0x26 75a84) 19:28:32 ipsec,debug === 19:28:32 ipsec IPsec-SA established: ESP/Transport 41.221.20.110[0]-172.28.1.5[0] spi=48155402(0x2d ecb0a) 19:28:32 ipsec,debug === 19:28:32 ipsec,debug,packet such policy does not already exist: 172.28.1.5/32[0] 41.221.20.110/32[0] proto=udp dir=in 19:28:32 ipsec,debug,packet such policy does not already exist: 41.221.20.110/32[0] 172.28.1.5/32[0] proto=udp dir=out 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 19:28:33 l2tp,debug,packet (M) Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 19:28:33 l2tp,debug,packet (M) Host-Name=Edge01-493-Alger 19:28:33 l2tp,debug,packet Vendor-Name=MikroTik 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 [admin@Edge01-493-Alger] /ppp secret - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 4:44 PM Subject: Re: [Mikrotik] IPSec for mobile iPhone IPsec is for Cisco (see logo). Use L2TP+IPsec (first choice on your mobile device) Regards 2012/8/22 Meftah Tayeb tayeb.mef...@gmail.com: thank you a lot ! is L2TP required? or IPSec can work alone ? - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, August 22, 2012 4:39 PM Subject: Re: [Mikrotik] IPSec for mobile Hi, this is that you need :-) # Server Preshared (1234567abcdef) config /interface l2tp-server
[Mikrotik] Mikrotik distributor needed
hello folks any distributor that can sell a MUM voocher ? i want to buy one through paypal. befaure sunday, please thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7404 (20120821) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Sip Captur on RouterOs
then how do i read it ? - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Thursday, August 16, 2012 1:15 AM Subject: Re: [Mikrotik] Sip Captur on RouterOs Yes - /tool sniffer Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Aug 15, 2012 at 4:21 PM, Meftah Tayeb tayeb.mef...@gmail.comwrote: Hello everyone; i would love to captur sip packet for a specific host on my RouterOs (RB493G) is that easy enough? how can i use it? thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7389 (20120815) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __**_ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20120815/470d73cd/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7389 (20120815) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7389 (20120815) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Sip Captur on RouterOs
not pocible here due to text to speech limitation - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Thursday, August 16, 2012 2:25 AM Subject: Re: [Mikrotik] Sip Captur on RouterOs Most people use Wireshark. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Aug 15, 2012 at 5:24 PM, Meftah Tayeb tayeb.mef...@gmail.comwrote: then how do i read it ? - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Thursday, August 16, 2012 1:15 AM Subject: Re: [Mikrotik] Sip Captur on RouterOs Yes - /tool sniffer Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Aug 15, 2012 at 4:21 PM, Meftah Tayeb tayeb.mef...@gmail.com wrote: Hello everyone; i would love to captur sip packet for a specific host on my RouterOs (RB493G) is that easy enough? how can i use it? thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7389 (20120815) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotikhttp://www.butchevans.com/**mailman/listinfo/mikrotik http**://www.butchevans.com/mailman/**listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/**pipermail/mikrotik/** attachments/20120815/470d73cd/**attachment.htmlhttp://www.butchevans.com/pipermail/mikrotik/attachments/20120815/470d73cd/attachment.html __**_ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7389 (20120815) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7389 (20120815) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __**_ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20120815/6b5b05fe/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7389 (20120815) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7389 (20120815) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Sip Captur on RouterOs
text to speech readability on windows i am blind and using screen reader a described here: http://www.freedomscientific.com see Jaws thank you;-) - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Thursday, August 16, 2012 2:43 AM Subject: Re: [Mikrotik] Sip Captur on RouterOs What's the limitation? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Aug 15, 2012 at 5:36 PM, Meftah Tayeb tayeb.mef...@gmail.comwrote: not pocible here due to text to speech limitation - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Thursday, August 16, 2012 2:25 AM Subject: Re: [Mikrotik] Sip Captur on RouterOs Most people use Wireshark. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Aug 15, 2012 at 5:24 PM, Meftah Tayeb tayeb.mef...@gmail.com wrote: then how do i read it ? - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Thursday, August 16, 2012 1:15 AM Subject: Re: [Mikrotik] Sip Captur on RouterOs Yes - /tool sniffer Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Aug 15, 2012 at 4:21 PM, Meftah Tayeb tayeb.mef...@gmail.com wrote: Hello everyone; i would love to captur sip packet for a specific host on my RouterOs (RB493G) is that easy enough? how can i use it? thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7389 (20120815) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __**_ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik http**://www.butchevans.com/mailman/listinfo/mikrotikhttp://www.butchevans.com/**mailman/listinfo/mikrotik http**://www.butchevans.com/**mailman/**listinfo/mikrotikhttp://www.butchevans.com/mailman/**listinfo/mikrotik ht**tp://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/**http://www.butchevans.com/**pipermail/mikrotik/** attachments/20120815/470d73cd/attachment.htmlhttp://www.** butchevans.com/pipermail/**mikrotik/attachments/20120815/** 470d73cd/attachment.htmlhttp://www.butchevans.com/pipermail/mikrotik/attachments/20120815/470d73cd/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotikhttp://www.butchevans.com/**mailman/listinfo/mikrotik http**://www.butchevans.com/mailman/**listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7389 (20120815) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7389 (20120815) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotikhttp://www.butchevans.com/**mailman/listinfo/mikrotik http**://www.butchevans.com/mailman/**listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/**pipermail/mikrotik/** attachments/20120815/6b5b05fe/**attachment.htmlhttp://www.butchevans.com/pipermail/mikrotik/attachments/20120815/6b5b05fe/attachment.html __**_ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7389 (20120815) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7389
Re: [Mikrotik] IPROUTE2 multiple GW
you need to mark your VPN subnet and add a default route for it makr it in /ip firewall mangle add and mark route using action action use mark-routing and in new-routing-mark name it vpn or something src-address should be your vpn subnet E.G: 10.10.10.0/29 and go to /ip route add gateway=adsl dst-address=0.0.0.0 routing-mark=vpn - Original Message - From: Sim simvi...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Monday, July 30, 2012 9:36 PM Subject: [Mikrotik] IPROUTE2 multiple GW Hello! I need to convert this Linux config to Mikrotik config. I've TWO internet lines: HDSL and ADSL. HDSL is the default gateway (ETH2) I need to connect to Mikrotik (VPN) from ADSL PORT. In this way all connection from/to ADSL will be forwarded over them and not over default gw. In linux I use iproute2 as this example where: - 80.90.100.92 is the IP of LOCAL DEVICE (Miktorik in this case) and - 80.90.100.94 is the ADSL GW Script: *Code:* #Table ADSL ip route add table adsl to 80.90.100.88/29 dev eth0 ip route add table adsl to 192.168.200.0/24 dev eth1 ip route add table adsl to 90.100.120.150/29 dev eth2 ip route add table adsl to default via 80.90.100.94 metric 1 #Create ip rule add from 80.90.100.92/32 table adsl Thanks and best regards! -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20120730/5daafa09/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7340 (20120730) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7340 (20120730) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] User Manager
calling you Karl - Original Message - From: Carl Jeptha wispli...@airnet.ca To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Friday, July 27, 2012 4:45 PM Subject: [Mikrotik] User Manager Hi, We are looking for someone to assist with the setting up of the above. -- You have a Good Day now, Carl A Jeptha http://www.airnet.ca Office Phone: 1-877-534-0021 ext 206 Office Hours: 9:00am - 5:00pm oovoo cajeptha ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7334 (20120727) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7334 (20120727) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
[Mikrotik] Route marking problem
Hello, i have 2 Links in my MT one DSL and one fiber i use DSL for our lan and fiber for my server. i want the lan subnet's (172.16.100.0/24) for now to go out through DSL and servers (172.16.101.0/24 through Fiber so i did in firewall mangle mark the traffic comming from 172.16.100.0/24 as a lan and added a default route (0.0.0.0) with routing mark of lan to the DSL router while the server subnet (172.16.101.0/24 remind unmarked all is working werll so far nat also same using address list but for now my server's can't ping my lan and my lan can't ping my servers any idea ? thank you all Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7324 (20120724) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Route marking problem
done it but still no effect :( thank you - Original Message - From: Chupaka chup...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Tuesday, July 24, 2012 3:02 PM Subject: Re: [Mikrotik] Route marking problem /ip fi man add chain=prerouting dst-address=172.16.0.0/12 action=accept place-before=0 -- Подпись: (добавляется в конце всех исходящих писем) 2012/7/24 Meftah Tayeb tayeb.mef...@gmail.com Hello, i have 2 Links in my MT one DSL and one fiber i use DSL for our lan and fiber for my server. i want the lan subnet's (172.16.100.0/24) for now to go out through DSL and servers (172.16.101.0/24 through Fiber so i did in firewall mangle mark the traffic comming from 172.16.100.0/24as a lan and added a default route (0.0.0.0) with routing mark of lan to the DSL router while the server subnet (172.16.101.0/24 remind unmarked all is working werll so far nat also same using address list but for now my server's can't ping my lan and my lan can't ping my servers any idea ? thank you all Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7324 (20120724) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __**_ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20120724/eafa9415/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7324 (20120724) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Route marking problem
traceroute from 172.16.101.254 to 172.16.100.2 show only 172.16.100.1 and then only * - Original Message - From: Chupaka chup...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Tuesday, July 24, 2012 4:02 PM Subject: Re: [Mikrotik] Route marking problem show traceroute from one subnet to another one -- Подпись: (добавляется в конце всех исходящих писем) 2012/7/24 Meftah Tayeb tayeb.mef...@gmail.com done it but still no effect :( thank you - Original Message - From: Chupaka chup...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Tuesday, July 24, 2012 3:02 PM Subject: Re: [Mikrotik] Route marking problem /ip fi man add chain=prerouting dst-address=172.16.0.0/12 action=accept place-before=0 -- Подпись: (добавляется в конце всех исходящих писем) 2012/7/24 Meftah Tayeb tayeb.mef...@gmail.com Hello, i have 2 Links in my MT one DSL and one fiber i use DSL for our lan and fiber for my server. i want the lan subnet's (172.16.100.0/24) for now to go out through DSL and servers (172.16.101.0/24 through Fiber so i did in firewall mangle mark the traffic comming from 172.16.100.0/24as a lan and added a default route (0.0.0.0) with routing mark of lan to the DSL router while the server subnet (172.16.101.0/24 remind unmarked all is working werll so far nat also same using address list but for now my server's can't ping my lan and my lan can't ping my servers any idea ? thank you all Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7324 (20120724) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotikhttp://www.butchevans.com/**mailman/listinfo/mikrotik http**://www.butchevans.com/mailman/**listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/**pipermail/mikrotik/** attachments/20120724/eafa9415/**attachment.htmlhttp://www.butchevans.com/pipermail/mikrotik/attachments/20120724/eafa9415/attachment.html __**_ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7324 (20120724) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __**_ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20120724/46f2f482/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7325 (20120724) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Route marking problem
both gateway is 172.16.100.1 and 172.16.101.1 - Original Message - From: Chupaka chup...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Tuesday, July 24, 2012 4:12 PM Subject: Re: [Mikrotik] Route marking problem what addresses are on router's interfaces? because gateway of 172.16.101.254/24 subnet cannot be outside that subnet (172.16.100.1) or you may have more complicated setup - anyway we need moar info :) -- Подпись: (добавляется в конце всех исходящих писем) 2012/7/24 Meftah Tayeb tayeb.mef...@gmail.com traceroute from 172.16.101.254 to 172.16.100.2 show only 172.16.100.1 and then only * - Original Message - From: Chupaka chup...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Tuesday, July 24, 2012 4:02 PM Subject: Re: [Mikrotik] Route marking problem show traceroute from one subnet to another one -- Подпись: (добавляется в конце всех исходящих писем) 2012/7/24 Meftah Tayeb tayeb.mef...@gmail.com done it but still no effect :( thank you - Original Message - From: Chupaka chup...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Tuesday, July 24, 2012 3:02 PM Subject: Re: [Mikrotik] Route marking problem /ip fi man add chain=prerouting dst-address=172.16.0.0/12 action=accept place-before=0 -- Подпись: (добавляется в конце всех исходящих писем) 2012/7/24 Meftah Tayeb tayeb.mef...@gmail.com Hello, i have 2 Links in my MT one DSL and one fiber i use DSL for our lan and fiber for my server. i want the lan subnet's (172.16.100.0/24) for now to go out through DSL and servers (172.16.101.0/24 through Fiber so i did in firewall mangle mark the traffic comming from 172.16.100.0/24as a lan and added a default route (0.0.0.0) with routing mark of lan to the DSL router while the server subnet (172.16.101.0/24 remind unmarked all is working werll so far nat also same using address list but for now my server's can't ping my lan and my lan can't ping my servers any idea ? thank you all Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7324 (20120724) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __**_ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik http**://www.butchevans.com/mailman/listinfo/mikrotikhttp://www.butchevans.com/**mailman/listinfo/mikrotik http**://www.butchevans.com/**mailman/**listinfo/mikrotikhttp://www.butchevans.com/mailman/**listinfo/mikrotik ht**tp://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/**http://www.butchevans.com/**pipermail/mikrotik/** attachments/20120724/eafa9415/attachment.htmlhttp://www.** butchevans.com/pipermail/**mikrotik/attachments/20120724/** eafa9415/attachment.htmlhttp://www.butchevans.com/pipermail/mikrotik/attachments/20120724/eafa9415/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotikhttp://www.butchevans.com/**mailman/listinfo/mikrotik http**://www.butchevans.com/mailman/**listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7324 (20120724) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotikhttp://www.butchevans.com/**mailman/listinfo/mikrotik http**://www.butchevans.com/mailman/**listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/**pipermail/mikrotik/** attachments/20120724/46f2f482/**attachment.htmlhttp://www.butchevans.com/pipermail/mikrotik/attachments/20120724/46f2f482/attachment.html __**_ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version
Re: [Mikrotik] Route marking problem
ok, while try that thank you ! - Original Message - From: Scott Reed sr...@nwwnet.net To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Tuesday, July 24, 2012 11:56 PM Subject: Re: [Mikrotik] Route marking problem Add a route for 172.16.201.0/24 with gateway = 172.21.201.1 and routing table = lan The only routes 172.16.100.0/24 knows are the ones in the lan routing table. You have to tell that one everything it needs to be able to get to. On 7/24/2012 3:38 AM, Meftah Tayeb wrote: Hello, i have 2 Links in my MT one DSL and one fiber i use DSL for our lan and fiber for my server. i want the lan subnet's (172.16.100.0/24) for now to go out through DSL and servers (172.16.101.0/24 through Fiber so i did in firewall mangle mark the traffic comming from 172.16.100.0/24 as a lan and added a default route (0.0.0.0) with routing mark of lan to the DSL router while the server subnet (172.16.101.0/24 remind unmarked all is working werll so far nat also same using address list but for now my server's can't ping my lan and my lan can't ping my servers any idea ? thank you all Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7324 (20120724) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS - No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2197 / Virus Database: 2437/5150 - Release Date: 07/23/12 -- Scott Reed Owner NewWays Networking, LLC Wireless Networking Network Design, Installation and Administration Mikrotik Advanced Certified www.nwwnet.net (765) 855-1060 (765) 439-4253 (855) 231-6239 ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7325 (20120724) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7325 (20120724) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Need OSPF help !
i'm here email me - Original Message - From: Paul McCall pa...@pdmnet.net To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Monday, July 23, 2012 7:08 PM Subject: [Mikrotik] Need OSPF help ! Any of you experts want to remote in and fix an OSPF problem? (for pay) Can't find Butch Paul, PDMNet ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7322 (20120723) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7322 (20120723) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
[Mikrotik] OSPFV3 Strange messages
Hello while doing OSPFv3 i'm getting: 15:42:41 route,ospf,error src address=fe80::20c:42ff:fea9:cb23 15:42:51 route,ospf,error Discarding packet: locally originated 15:42:51 route,ospf,error src address=fe80::20c:42ff:fea9:cb23 15:43:01 route,ospf,error Discarding packet: locally originated 15:43:01 route,ospf,error src address=fe80::20c:42ff:fea9:cb23 15:43:11 route,ospf,error Discarding packet: locally originated 15:43:11 route,ospf,error src address=fe80::20c:42ff:fea9:cb23 15:43:21 route,ospf,error Discarding packet: locally originated 15:43:21 route,ospf,error src address=fe80::20c:42ff:fea9:cb23 15:43:31 route,ospf,error Discarding packet: locally originated 15:43:31 route,ospf,error src address=fe80::20c:42ff:fea9:cb23 15:43:41 route,ospf,error Discarding packet: locally originated 15:43:41 route,ospf,error src address=fe80::20c:42ff:fea9:cb23 15:43:51 route,ospf,error Discarding packet: locally originated 15:43:51 route,ospf,error src address=fe80::20c:42ff:fea9:cb23 15:44:01 route,ospf,error Discarding packet: locally originated any idea how to stop that flood log? thank you all Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 7317 (20120721) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Open Access Networks
i love the VAP/VPLS idea another economical idea is a VPNV4 VRF per ISP - Original Message - From: Troy Settle tset...@thewiredroad.net To: mikrotik@mail.butchevans.com Sent: Thursday, July 19, 2012 8:10 PM Subject: [Mikrotik] Open Access Networks Does anyone on this list operate an open access network? If so, what mechanism are you using to ensure that each customer is getting to the right ISP? Right now, we have a VLAN per customer, which is not fun to work with and not very extendable. One thought I have, is to do a VAP per ISP, then use MPLS/VPLS to bridge every AP (about 60) back to a core router. Each ISP would have their own bridge to get up to Layer 3. I could also skip the VAP part of that, and simply have each ISP register their client's MAC addresses so that we can use the proper DHCP pool. The downside to this, is when a customer changes their router, they'll have to contact their ISP for assistance. My network is about to triple in size, and I really need to find a new/better solution. Any thoughts? Thanks! -- Troy Settle, Network Administrator The Wired Road Authority 1117 E. Stuart Dr. Galax, VA 24333 (276) 238-0049 (office) (276) 237-3890 (cell) tset...@thewiredroad.net -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20120719/d72b4f3e/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7313 (20120719) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7313 (20120719) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] OSPF error: Discarding packet: locally originated
i have that kind of log on ospfv3 (ipv6 OSPF) - Original Message - From: Bill Prince part...@skylinebroadbandservice.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Friday, July 13, 2012 1:20 AM Subject: [Mikrotik] OSPF error: Discarding packet: locally originated Anyone know what these errors are (sample below)? Trolling the MT forums seems to be split about the cause. Some say it's a bug, others imply it's some interaction between active/passive on ospf interfaces. It doesn't seem to be too big a deal. We see one of these every 3-4 days or so; about 10 per month. Just curious if it's some sort of configuration problem or what. jun/26 20:14:27 route,ospf,error Discarding packet: locally originated jun/26 20:14:27 route,ospf,error src address=10.200.110.1 -- bp -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20120712/c250aea6/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 7293 (20120712) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 7293 (20120712) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] switch functionality
please, reexplain your setup need - Original Message - From: Ty Featherling tyfeatherl...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Friday, June 15, 2012 6:39 PM Subject: [Mikrotik] switch functionality I ask this about routerboards in general but I am dealing with a 750up at the moment. This model has a switch chip and ether2-5 are all tied to it. In order to get traditional switch functionality do I need to create a bridge and add those ports to the bridge? I tried slaving 3-5 to ether2 and that does the trick but then I only get stats for that one port. I have a dhcp server setup for downstream devices but I want to be able to manage each port as needed. Is a bridge the way to go? -Ty -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20120615/996df349/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 6830 (20120126) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 6830 (20120126) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] basic routing
LAUL i told you do that ;) - Original Message - From: Ty Featherling tyfeatherl...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Thursday, June 14, 2012 8:52 PM Subject: Re: [Mikrotik] basic routing After re-checking everything for the Nth time I reset-config on the RB and removed ALL config. I only added ip addresses to 2 interfaces and a default route. Using a static 207.235.23.2 address on my laptop it is WORKING FINE. /facepalm Note to self, if it doesn't work, start over at least once before going further. -Ty On Thu, Jun 14, 2012 at 11:02 AM, Jeromie Reeves jree...@18-30chat.netwrote: That is funky. Is it possible you did not have the network mask's correct? I know MT will default to a /32 and cisco to a class. Is is possible there are overlapping subnets someplace? That will kill routing in a hurry when using privates for links. On Wed, Jun 13, 2012 at 4:15 PM, Ty Featherling tyfeatherl...@gmail.com wrote: I started out that way. Adding the publics is the only thing that has fixed it. I went ahead and deleted the NAT rule altogether but it made no difference. I will reset the config and re-setup tomorrow to see if that helps. -Ty On Wed, Jun 13, 2012 at 6:11 PM, Scott Reed sr...@nwwnet.net wrote: And either delete or enable/disable the NAT rule to see if it has a problem. On 6/13/2012 7:04 PM, Jeromie Reeves wrote: No, It should not be required. I run my entire network on privates and only put publics where I need them. You have something fishy with the config. do you have 10.100.0.1 on the upstream router? If so, get rid of the 207.235.20.16 IP and keep the 10.100.0.2 then default route over those for 0.0.0.0/0 and 207.235.23.0/26. should work fine. If not, you still have something wrong in the config. I find it best to delete the default config even if disabled. On Wed, Jun 13, 2012 at 2:15 PM, Ty Featherlingtyfeatherling@** gmail.comtyfeatherl...@gmail.com wrote: Ok I got it finally. I have 10.100.0.2 AND 207.235.20.16 on ether1. I have 207.235.23.1/26 on ether2. I have default route to 207.235.20.1 (edge). I have return route from edge for 207.235.23.0/26 to 10.100.0.2. My laptop with 207.235.23.3 connected to RB ether2 can get online now. Is a public necessary on the outbound interface of the RB in order to get online? I take it that it is and that is why it hasn't worked til now. -Ty On Wed, Jun 13, 2012 at 3:44 PM, Ty Featherlingtyfeatherling@** gmail.com tyfeatherl...@gmail.comwrote: That is what I thought but when I look I see: /ip firewall nat add action=masquerade chain=srcnat comment=default configuration disabled=yes out-interface=\ ether1-gateway Is it just a bug and is somehow stuck in NAT even though disabled? Another example - when I ping from my machine behind the router the failure is Reply from 10.100.0.2: Destination host unreachable. -Ty On Wed, Jun 13, 2012 at 1:59 PM, Scott Reedsr...@nwwnet.net wrote: The router with address 10.100.0.2 is doing NAT. That is the only way I can see that you can have that address as the source on your outbound traffic. On 6/13/2012 2:43 PM, Ty Featherling wrote: Okay, after putting out fires for a few days I am back at looking at this issue. What I have found is that traffic from me on the 207.235.23.0/26subnet is leaving ether1 on the RB like it should but as a result is leaving AS 10.100.0.2. Since that is a private address it is not routable beyond my edge. That makes sense. I replaced the private ips between the two routers with public addresses and while I do have connectivity with the world that way, it is only because I am routed as the new public IP assigned to the RB's ether1. NAT is NOT enabled. Can anyone verify my thinking or explain what SHOULD be happening here? -Ty On Wed, Jun 6, 2012 at 9:02 PM, Ty Featherlingtyfeatherling@ **gm** ail.com http://gmail.comtyfeatherling@gmail.**com tyfeatherl...@gmail.com wrote: After checking routes that was the first thing I checked. I'm still baffled. -Ty On Jun 6, 2012 8:34 PM, Blake Covarrubiasblake@beamspeed. com bl...@beamspeed.com wrote: /ip firewall nat, to be precise. Otherwise, no. -- Blake Covarrubias On Jun 6, 2012, at 4:31 PM, Ty Featherling wrote: Would it be somewhere other than ip firewall? -Ty On Jun 6, 2012 5:44 PM, Butch Evansbut...@butchevans.com wrote: On Wed, 2012-06-06 at 11:50 -0500, Ty Featherling wrote: I am trying to route my first tower with mikrotik. I have a private /30 setup between my edge router and ether1 of the RB. I have a private /24 setup for an ap and it's cpe on ether2. I have a subnet of public addresses to use for clients of this AP and the gateway for those is set as an address on ether2 as well. Default route is the gateway for ether1 which is our edge router. There is a route on the edge router routing that
Re: [Mikrotik] basic routing
ok, so my conclusion is: ip route you null0 ;-) :-P - Original Message - From: Ty Featherling tyfeatherl...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Thursday, June 14, 2012 8:58 PM Subject: Re: [Mikrotik] basic routing Yes you did Tayeb! I know, I know. I was so busy trying EVERYTHING else. Lesson learned. -Ty On Thu, Jun 14, 2012 at 11:07 AM, Meftah Tayeb tayeb.mef...@gmail.comwrote: LAUL i told you do that ;) - Original Message - From: Ty Featherling tyfeatherl...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Thursday, June 14, 2012 8:52 PM Subject: Re: [Mikrotik] basic routing After re-checking everything for the Nth time I reset-config on the RB and removed ALL config. I only added ip addresses to 2 interfaces and a default route. Using a static 207.235.23.2 address on my laptop it is WORKING FINE. /facepalm Note to self, if it doesn't work, start over at least once before going further. -Ty On Thu, Jun 14, 2012 at 11:02 AM, Jeromie Reeves jree...@18-30chat.net wrote: That is funky. Is it possible you did not have the network mask's correct? I know MT will default to a /32 and cisco to a class. Is is possible there are overlapping subnets someplace? That will kill routing in a hurry when using privates for links. On Wed, Jun 13, 2012 at 4:15 PM, Ty Featherling tyfeatherl...@gmail.com wrote: I started out that way. Adding the publics is the only thing that has fixed it. I went ahead and deleted the NAT rule altogether but it made no difference. I will reset the config and re-setup tomorrow to see if that helps. -Ty On Wed, Jun 13, 2012 at 6:11 PM, Scott Reed sr...@nwwnet.net wrote: And either delete or enable/disable the NAT rule to see if it has a problem. On 6/13/2012 7:04 PM, Jeromie Reeves wrote: No, It should not be required. I run my entire network on privates and only put publics where I need them. You have something fishy with the config. do you have 10.100.0.1 on the upstream router? If so, get rid of the 207.235.20.16 IP and keep the 10.100.0.2 then default route over those for 0.0.0.0/0 and 207.235.23.0/26. should work fine. If not, you still have something wrong in the config. I find it best to delete the default config even if disabled. On Wed, Jun 13, 2012 at 2:15 PM, Ty Featherlingtyfeatherling@** gmail.comtyfeatherling@gmail.**com tyfeatherl...@gmail.com wrote: Ok I got it finally. I have 10.100.0.2 AND 207.235.20.16 on ether1. I have 207.235.23.1/26 on ether2. I have default route to 207.235.20.1 (edge). I have return route from edge for 207.235.23.0/26 to 10.100.0.2. My laptop with 207.235.23.3 connected to RB ether2 can get online now. Is a public necessary on the outbound interface of the RB in order to get online? I take it that it is and that is why it hasn't worked til now. -Ty On Wed, Jun 13, 2012 at 3:44 PM, Ty Featherlingtyfeatherling@** gmail.com tyfeatherl...@gmail.com**wrote: That is what I thought but when I look I see: /ip firewall nat add action=masquerade chain=srcnat comment=default configuration disabled=yes out-interface=\ ether1-gateway Is it just a bug and is somehow stuck in NAT even though disabled? Another example - when I ping from my machine behind the router the failure is Reply from 10.100.0.2: Destination host unreachable. -Ty On Wed, Jun 13, 2012 at 1:59 PM, Scott Reedsr...@nwwnet.net wrote: The router with address 10.100.0.2 is doing NAT. That is the only way I can see that you can have that address as the source on your outbound traffic. On 6/13/2012 2:43 PM, Ty Featherling wrote: Okay, after putting out fires for a few days I am back at looking at this issue. What I have found is that traffic from me on the 207.235.23.0/26subnet is leaving ether1 on the RB like it should but as a result is leaving AS 10.100.0.2. Since that is a private address it is not routable beyond my edge. That makes sense. I replaced the private ips between the two routers with public addresses and while I do have connectivity with the world that way, it is only because I am routed as the new public IP assigned to the RB's ether1. NAT is NOT enabled. Can anyone verify my thinking or explain what SHOULD be happening here? -Ty On Wed, Jun 6, 2012 at 9:02 PM, Ty Featherlingtyfeatherling@ **gm** ail.com http://gmail.com**tyfeatherling@gmail.**com tyfeatherl...@gmail.com wrote: After checking routes that was the first thing I checked. I'm still baffled. -Ty On Jun 6, 2012 8:34 PM, Blake Covarrubiasblake@beamspeed. com bl...@beamspeed.com wrote: /ip firewall nat, to be precise. Otherwise, no. -- Blake Covarrubias On Jun 6, 2012, at 4:31 PM, Ty Featherling wrote: Would it be somewhere other than ip firewall? -Ty On Jun 6, 2012 5:44 PM, Butch Evansbut...@butchevans.com wrote: On Wed, 2012-06-06 at 11:50 -0500, Ty
Re: [Mikrotik] IPV6 DHCP6PD configuration
Cisco Linksys E3200 using the BroadFUCK CPU. otherwise i would have put openwrt on it and i'm fine! - Original Message - From: Butch Evans but...@butchevans.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Friday, June 08, 2012 6:26 PM Subject: Re: [Mikrotik] IPV6 DHCP6PD configuration On Thu, 2012-06-07 at 07:49 +0300, Meftah Tayeb wrote: Butch; thank you for your help but my router right now is not getting dhcpv6pd at all ii added the dhcp6 pool in ipv6pool at you suggested, choused your /56 and recreated dhcp6 server on the right interface What type of device are you wanting this MT to give an address to? Windows and such, don't need the dhcp server. -- * Butch Evans* Professional Network Consultation * * http://www.butchevans.com/ * Network Engineering * * http://store.wispgear.net/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE!* * NOTE THE NEW PHONE NUMBER: 702-537-0979 * ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 6830 (20120126) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 6830 (20120126) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Ipv6 Firewall Question - PSD Field
same, not found on 5.17 - Original Message - From: Butch Evans but...@butchevans.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Friday, June 08, 2012 7:55 PM Subject: Re: [Mikrotik] Ipv6 Firewall Question - PSD Field On Fri, 2012-06-08 at 12:16 -0400, Keith Barber wrote: add chain=SanityCheck action=jump comment=Indentify low port scan and tarpit disabled=no dst-port=0-1023 jump-target=PortScan protocol=tcp psd=10,3s,3,1 PSD is not implemented as far as I know. I can tell you for certain it is not in 5.11. -- * Butch Evans* Professional Network Consultation * * http://www.butchevans.com/ * Network Engineering * * http://store.wispgear.net/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE!* * NOTE THE NEW PHONE NUMBER: 702-537-0979 * ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 6830 (20120126) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 6830 (20120126) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] basic routing
see my email directly to you - Original Message - From: Ty Featherling tyfeatherl...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Thursday, June 07, 2012 1:02 AM Subject: Re: [Mikrotik] basic routing My edge can ping any and everything. I have no firewall rules at all on the tik currently so no NAT. There is literally only the RB a couple of cisco switches and the cisco edge router. This IP block worked fine yesterday when the gateway was the edge router. I move it one router away and build my routes and it only works partway. -Ty On Wed, Jun 6, 2012 at 2:38 PM, Scott Reed sr...@nwwnet.net wrote: So work your way backwards. Can the edge ping aus1-ar3-ge-1-0-0-0.us.**twtelecom.nethttp://aus1-ar3-ge-1-0-0-0.us.twtelecom.net ? If not, the upstream must have something blocked or you are doing NAT somewhere that is messing up the address. Next hop back, can it ping aus1-ar3-ge-1-0-0-0.us.**twtelecom.nethttp://aus1-ar3-ge-1-0-0-0.us.twtelecom.net ? On 6/6/2012 3:10 PM, Ty Featherling wrote: I know. I always get the weird ones! -Ty On Wed, Jun 6, 2012 at 2:05 PM, Josh Luthmanjosh@** imaginenetworksllc.com j...@imaginenetworksllc.comwrote: Weird, I can ping it. 718 ms18 ms18 ms ash1-pr1-ae5-408.us.twtelecom.**nethttp://ash1-pr1-ae5-408.us.twtelecom.net [64.132.69.253] 854 ms55 ms56 ms aus1-ar3-ge-1-0-0-0.us.**twtelecom.nethttp://aus1-ar3-ge-1-0-0-0.us.twtelecom.net [66.192.246182] 965 ms67 ms66 ms 207.235.23.1 Does this look right? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Jun 6, 2012 at 2:53 PM, Ty Featherlingtyfeatherling@**gmail.comtyfeatherl...@gmail.com wrote: But it does. I repurposed this block from active use. It was in a greater DHCP pool. I pulled it out of the pool until all clients' leases expired so that I could move it to this router. Also. Try pinging 207.235.23.1 from where you are. -Ty On Wed, Jun 6, 2012 at 1:51 PM, Josh Luthman j...@imaginenetworksllc.com**wrote: Sounds like your upstream doesn't have that block routed. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Jun 6, 2012 at 2:45 PM, Ty Featherlingtyfeatherling@** gmail.com tyfeatherl...@gmail.com wrote: Nope. -Ty On Wed, Jun 6, 2012 at 1:41 PM, Josh Luthman j...@imaginenetworksllc.com**wrote: Can you ping the next hop out? That is the next router beyond the Cisco? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Jun 6, 2012 at 2:37 PM, Ty Featherling tyfeatherl...@gmail.com wrote: Damnit. Yes I had icmp echo blocked inbound to that network. Removed that and I am able to ping IN to 207.235.23.1. Still unabled to ping OUT from the RB or my PC behind it to the outside world. I CAN ping out to any IP on or attached to that Cisco though, just not beyond to the internet. -Ty On Wed, Jun 6, 2012 at 1:30 PM, Josh Luthman j...@imaginenetworksllc.com**wrote: That address is on the Cisco you're saying? Firewall on there sounds like your issue. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Jun 6, 2012 at 2:23 PM, Ty Featherling tyfeatherl...@gmail.com wrote: This may be telling - I just tried to ping 207.235.23.1 from my phone using 3g. The first two pings failed with 207.235.23.1 filtered by 207.114.255.186. That IP is my Edge router's internet upstream facing address. -Ty On Wed, Jun 6, 2012 at 1:20 PM, Ty Featherling tyfeatherl...@gmail.com wrote: Yes it can. It can ping 207.235.23.1 as well so it's route works. -Ty On Wed, Jun 6, 2012 at 11:33 AM, Meftah Tayeb tayeb.mef...@gmail.com wrote: what edge router is that ? - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: Mikrotik discussionsmikrotik@mail.**butchevans.commikrotik@mail.butchevans.com Sent: Wednesday, June 06, 2012 9:17 PM Subject: Re: [Mikrotik] basic routing Is this a /30 ? gig0/1 - 10.100.0.1 Can the Cisco ping 207.235.23.1 ? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Jun 6, 2012 at 2:12 PM, Ty Featherling tyfeatherl...@gmail.com wrote: Here's the config: Routerboard ether1 - 10.100.0.2/30 ether2 - 10.100.1.1/24 ether2 - 207.235.23.1/26 (public) ip route 0.0.0.0/0 10.100.0.1 Edge Cisco gig0/1 - 10.100.0.1 ip route 207.235.23.0 255.255.255.182 10.100.0.2 Now I have 2 CAP320 APs that are setup in a similar way. They have a 10.0.12.x address on their ethernet side and a 209.163.162.x/26 on the wireless side and acting as gateway for the customers. The default route on the AP pointing to the Edge router at 10.0.12.1 and a return route at the Edge pointing
Re: [Mikrotik] IPV6 DHCP6PD configuration
Butch; thank you for your help but my router right now is not getting dhcpv6pd at all ii added the dhcp6 pool in ipv6pool at you suggested, choused your /56 and recreated dhcp6 server on the right interface config atached belo thank you! - Original Message - From: Butch Evans but...@butchevans.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Thursday, June 07, 2012 1:37 AM Subject: Re: [Mikrotik] IPV6 DHCP6PD configuration On Wed, 2012-06-06 at 19:17 +0300, Meftah Tayeb wrote: Hello folks, i'm runing RouterOs 5.17 on a RB493G this RB493G have a Cisco Linksys E3200 linked it into eth2 i want to do DHCP6PD on it with a HE.NET tunnel the Edge point of my network is a cisco C2851 and the tunnel is working just fine from that point to the rb493g so, here's my actual situation My /48 prefix is: 2001:470:724d::/48 i want to exclude: 2001:470:724d:1::/64,2,3,4, and 5 /64 is reserved for diferent interconnection Best to just reserve something like a /56 then. That would be: 2001:470:724d::/56, which is 2001:470:724d::: through 2001:470:424d:00FF:: You would have 256 (8 bits of subnetting) /64 subnets reserved. Then, you can do a /56 pool like this: /ipv6 pool add name=lan prefix=2001:470:724d:100::/56 prefix=length=64 This pool is 256 subnets, with each being 64 bits long (/64) Next, you add the server (like you did below): /ipv6 dhcp-server add address-pool=lan authoritative=after-2sec-delay disabled=yes lan2 lease-time=3d name=lan This is correct. With the corrected pool as shown above, your devices that request dhcpv6-pd will obtain a /64 from the pool. In the Mikrotik, a route will be automatically generated for each assigned /64 from the pool. but all i get is a local link address or a something else on my pc while the E3200 get a 000 address on the wan side, biut receyve the /112 prefix from the RB493G am i doing something bad here? Mikrotik (by default) turns on RA for IPs adding in the global routing range. No need to change the settings under the RA settings (Mikrotik calls this neighbor discovery at IPv6-nd). Some operating systems will not like smaller than a /64 subnet, so that may be causing part of your issues. -- * Butch Evans* Professional Network Consultation * * http://www.butchevans.com/ * Network Engineering * * http://store.wispgear.net/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE!* * NOTE THE NEW PHONE NUMBER: 702-537-0979 * ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 6830 (20120126) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 6830 (20120126) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- next part -- A non-text attachment was scrubbed... Name: rb-493g.cfg.rsc Type: application/octet-stream Size: 26856 bytes Desc: not available URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20120607/ebf2cc2c/attachment.obj ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
[Mikrotik] IPV6 DHCP6PD configuration
Hello folks, i'm runing RouterOs 5.17 on a RB493G this RB493G have a Cisco Linksys E3200 linked it into eth2 i want to do DHCP6PD on it with a HE.NET tunnel the Edge point of my network is a cisco C2851 and the tunnel is working just fine from that point to the rb493g so, here's my actual situation My /48 prefix is: 2001:470:724d::/48 i want to exclude: 2001:470:724d:1::/64,2,3,4, and 5 /64 is reserved for diferent interconnection so here's the config: IPV6 Pools: [admin@Edge01-alger] /ipv6 pool ex # jan/06/2002 02:16:46 by RouterOS 5.17 # software id = PSHY-RWDJ # /ipv6 pool add name=lan prefix=2001:470:724d:10::/64 prefix-length=112 [admin@Edge01-alger] /ipv6 pool DHCPV6 Server: [admin@Edge01-alger] /ipv6 dhcp-server ex # jan/06/2002 02:17:26 by RouterOS 5.17 re id = PSHY-RWDJ# softwa # /ipv6 dhcp-server add address-pool=lan authoritative=after-2sec-delay disabled=yes lan2 lease-time=3d name=lan [admin@Edge01-alger] /ipv6 dhcp-server IPV6 ND: [admin@Edge01-alger] /ipv6 nd export # jan/06/2002 02:18:26 by RouterOS 5.17 # software id = PSHY-RWDJ # /ipv6 nd set [ find default=yes ] advertise-dns=no advertise-mac-address=yes disabled=\ no hop-limit=unspecified interface=all managed-address-configuration=no \ mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m \ ra-lifetime=30m reachable-time=unspecified retransmit-interval=\ unspecified add advertise-dns=yes advertise-mac-address=yes disabled=no hop-limit=\ unspecified interface=lan2 managed-address-configuration=yes mtu=\ unspecified other-configuration=yes ra-delay=3s ra-interval=3m20s-10m \ ra-lifetime=30m reachable-time=unspecified retransmit-interval=\ unspecified /ipv6 nd prefix add autonomous=no disabled=no interface=lan2 on-link=yes preferred-lifetime=\ 1w prefix=::/112 valid-lifetime=4w2d /ipv6 nd prefix default set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d [admin@Edge01-alger] /ipv6 nd for testing i gave a /112 out of a /64 but all i get is a local link address or a something else on my pc while the E3200 get a 000 address on the wan side, biut receyve the /112 prefix from the RB493G am i doing something bad here? thank you guys for your nice and active Mailing list! Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] basic routing
what edge router is that ? - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, June 06, 2012 9:17 PM Subject: Re: [Mikrotik] basic routing Is this a /30 ? gig0/1 - 10.100.0.1 Can the Cisco ping 207.235.23.1 ? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Jun 6, 2012 at 2:12 PM, Ty Featherling tyfeatherl...@gmail.com wrote: Here's the config: Routerboard ether1 - 10.100.0.2/30 ether2 - 10.100.1.1/24 ether2 - 207.235.23.1/26 (public) ip route 0.0.0.0/0 10.100.0.1 Edge Cisco gig0/1 - 10.100.0.1 ip route 207.235.23.0 255.255.255.182 10.100.0.2 Now I have 2 CAP320 APs that are setup in a similar way. They have a 10.0.12.x address on their ethernet side and a 209.163.162.x/26 on the wireless side and acting as gateway for the customers. The default route on the AP pointing to the Edge router at 10.0.12.1 and a return route at the Edge pointing all 209.163.162.x/26 traffic to 10.0.12.x and no issues. I say this to point out that I don't believe the upstream's config is the problem. -Ty On Wed, Jun 6, 2012 at 12:09 PM, Scott Reed sr...@nwwnet.net wrote: Does your public range include the address your upstream expects to see? If so, you need to either get your upstream to give you a /29 or /30 to use for connectivity or you are going to have to change how much of the block you send to the AP. Does your upstream know that the subnet on your inside router should be routed to your border router? If not, they need to add a route. On 6/6/2012 12:50 PM, Ty Featherling wrote: I am trying to route my first tower with mikrotik. I have a private /30 setup between my edge router and ether1 of the RB. I have a private /24 setup for an ap and it's cpe on ether2. I have a subnet of public addresses to use for clients of this AP and the gateway for those is set as an address on ether2 as well. Default route is the gateway for ether1 which is our edge router. There is a route on the edge router routing that subnet of publics back to the ether1 address of the RB. This all sounds right to me. This is being setup on my bench right now so I configured it as above then plugged my laptop into ether2 and gave myself a static public address within the range assigned to the RB. I can ping my gateway and all other ips assigned to the RB and ips on my network beyond the RB. I can ping the RB from the outside both on it's ether1 address and the public gateway assigned to ether2. I cannot reach the internet from my laptop. I have a static DNS address configured. I can ping the DNS server, but I get no internet response. Pings to google.com cannot find host. What am I missing? I'm going to lunch to clear my head. Any help appreciated. -Ty -- next part -- An HTML attachment was scrubbed... URL:http://www.butchevans.**com/pipermail/mikrotik/** attachments/20120606/5b63e0cb/**attachment.htmlhttp://www.butchevans.com/pipermail/mikrotik/attachments/20120606/5b63e0cb/attachment.html __**_ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS - No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2178 / Virus Database: 2433/5051 - Release Date: 06/06/12 -- Scott Reed Owner NewWays Networking, LLC Wireless Networking Network Design, Installation and Administration Mikrotik Advanced Certified www.nwwnet.net (765) 855-1060 (765) 439-4253 (855) 231-6239 __**_ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20120606/10415862/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 6830 (20120126) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 6830 (20120126) __ The message was checked
Re: [Mikrotik] basic routing
207.235.23.1 reply to me - Original Message - From: Ty Featherling tyfeatherl...@gmail.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, June 06, 2012 9:53 PM Subject: Re: [Mikrotik] basic routing But it does. I repurposed this block from active use. It was in a greater DHCP pool. I pulled it out of the pool until all clients' leases expired so that I could move it to this router. Also. Try pinging 207.235.23.1 from where you are. -Ty On Wed, Jun 6, 2012 at 1:51 PM, Josh Luthman j...@imaginenetworksllc.comwrote: Sounds like your upstream doesn't have that block routed. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Jun 6, 2012 at 2:45 PM, Ty Featherling tyfeatherl...@gmail.com wrote: Nope. -Ty On Wed, Jun 6, 2012 at 1:41 PM, Josh Luthman j...@imaginenetworksllc.comwrote: Can you ping the next hop out? That is the next router beyond the Cisco? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Jun 6, 2012 at 2:37 PM, Ty Featherling tyfeatherl...@gmail.com wrote: Damnit. Yes I had icmp echo blocked inbound to that network. Removed that and I am able to ping IN to 207.235.23.1. Still unabled to ping OUT from the RB or my PC behind it to the outside world. I CAN ping out to any IP on or attached to that Cisco though, just not beyond to the internet. -Ty On Wed, Jun 6, 2012 at 1:30 PM, Josh Luthman j...@imaginenetworksllc.comwrote: That address is on the Cisco you're saying? Firewall on there sounds like your issue. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Jun 6, 2012 at 2:23 PM, Ty Featherling tyfeatherl...@gmail.com wrote: This may be telling - I just tried to ping 207.235.23.1 from my phone using 3g. The first two pings failed with 207.235.23.1 filtered by 207.114.255.186. That IP is my Edge router's internet upstream facing address. -Ty On Wed, Jun 6, 2012 at 1:20 PM, Ty Featherling tyfeatherl...@gmail.com wrote: Yes it can. It can ping 207.235.23.1 as well so it's route works. -Ty On Wed, Jun 6, 2012 at 11:33 AM, Meftah Tayeb tayeb.mef...@gmail.com wrote: what edge router is that ? - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: Mikrotik discussions mikrotik@mail.butchevans.com Sent: Wednesday, June 06, 2012 9:17 PM Subject: Re: [Mikrotik] basic routing Is this a /30 ? gig0/1 - 10.100.0.1 Can the Cisco ping 207.235.23.1 ? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Jun 6, 2012 at 2:12 PM, Ty Featherling tyfeatherl...@gmail.com wrote: Here's the config: Routerboard ether1 - 10.100.0.2/30 ether2 - 10.100.1.1/24 ether2 - 207.235.23.1/26 (public) ip route 0.0.0.0/0 10.100.0.1 Edge Cisco gig0/1 - 10.100.0.1 ip route 207.235.23.0 255.255.255.182 10.100.0.2 Now I have 2 CAP320 APs that are setup in a similar way. They have a 10.0.12.x address on their ethernet side and a 209.163.162.x/26 on the wireless side and acting as gateway for the customers. The default route on the AP pointing to the Edge router at 10.0.12.1 and a return route at the Edge pointing all 209.163.162.x/26 traffic to 10.0.12.x and no issues. I say this to point out that I don't believe the upstream's config is the problem. -Ty On Wed, Jun 6, 2012 at 12:09 PM, Scott Reed sr...@nwwnet.net wrote: Does your public range include the address your upstream expects to see? If so, you need to either get your upstream to give you a /29 or /30 to use for connectivity or you are going to have to change how much of the block you send to the AP. Does your upstream know that the subnet on your inside router should be routed to your border router? If not, they need to add a route. On 6/6/2012 12:50 PM, Ty Featherling wrote: I am trying to route my first tower with mikrotik. I have a private /30 setup between my edge router and ether1 of the RB. I have a private /24 setup for an ap and it's cpe on ether2. I have a subnet of public addresses to use for clients of this AP and the gateway for those is set as an address on ether2 as well. Default route is the gateway for ether1 which is our edge router. There is a route on the edge router routing that subnet of publics back to the ether1 address of the RB. This all sounds right to me. This is being setup on my bench right now so I configured it as above then plugged my laptop into ether2 and gave myself a static public address within the range
Re: [Mikrotik] basic routing
good catch - Original Message - From: Micah Miller mi...@nbson.com To: 'Mikrotik discussions' mikrotik@mail.butchevans.com Sent: Wednesday, June 06, 2012 10:18 PM Subject: Re: [Mikrotik] basic routing ip route 207.235.23.0 255.255.255.182 10.100.0.2 subnet mask 255.255.255.182? typo? Should be .192 Micah Miller Network/Server Administrator Network Business Systems, Inc. Phone: 309-944-8823 email: mi...@nbson.com -Original Message- From: mikrotik-boun...@mail.butchevans.com [mailto:mikrotik-boun...@mail.butchevans.com] On Behalf Of Ty Featherling Sent: Wednesday, June 06, 2012 1:13 PM To: Mikrotik discussions Subject: Re: [Mikrotik] basic routing Here's the config: Routerboard ether1 - 10.100.0.2/30 ether2 - 10.100.1.1/24 ether2 - 207.235.23.1/26 (public) ip route 0.0.0.0/0 10.100.0.1 Edge Cisco gig0/1 - 10.100.0.1 ip route 207.235.23.0 255.255.255.182 10.100.0.2 Now I have 2 CAP320 APs that are setup in a similar way. They have a 10.0.12.x address on their ethernet side and a 209.163.162.x/26 on the wireless side and acting as gateway for the customers. The default route on the AP pointing to the Edge router at 10.0.12.1 and a return route at the Edge pointing all 209.163.162.x/26 traffic to 10.0.12.x and no issues. I say this to point out that I don't believe the upstream's config is the problem. -Ty On Wed, Jun 6, 2012 at 12:09 PM, Scott Reed sr...@nwwnet.net wrote: Does your public range include the address your upstream expects to see? If so, you need to either get your upstream to give you a /29 or /30 to use for connectivity or you are going to have to change how much of the block you send to the AP. Does your upstream know that the subnet on your inside router should be routed to your border router? If not, they need to add a route. On 6/6/2012 12:50 PM, Ty Featherling wrote: I am trying to route my first tower with mikrotik. I have a private /30 setup between my edge router and ether1 of the RB. I have a private /24 setup for an ap and it's cpe on ether2. I have a subnet of public addresses to use for clients of this AP and the gateway for those is set as an address on ether2 as well. Default route is the gateway for ether1 which is our edge router. There is a route on the edge router routing that subnet of publics back to the ether1 address of the RB. This all sounds right to me. This is being setup on my bench right now so I configured it as above then plugged my laptop into ether2 and gave myself a static public address within the range assigned to the RB. I can ping my gateway and all other ips assigned to the RB and ips on my network beyond the RB. I can ping the RB from the outside both on it's ether1 address and the public gateway assigned to ether2. I cannot reach the internet from my laptop. I have a static DNS address configured. I can ping the DNS server, but I get no internet response. Pings to google.com cannot find host. What am I missing? I'm going to lunch to clear my head. Any help appreciated. -Ty -- next part -- An HTML attachment was scrubbed... URL:http://www.butchevans.**com/pipermail/mikrotik/** attachments/20120606/5b63e0cb/**attachment.htmlhttp://www.butchevans .com/pipermail/mikrotik/attachments/20120606/5b63e0cb/attachment.html __**_ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butc hevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS - No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2178 / Virus Database: 2433/5051 - Release Date: 06/06/12 -- Scott Reed Owner NewWays Networking, LLC Wireless Networking Network Design, Installation and Administration Mikrotik Advanced Certified www.nwwnet.net (765) 855-1060 (765) 439-4253 (855) 231-6239 __**_ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/**mailman/listinfo/mikrotikhttp://www.butch evans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20120606/10415862/ attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS __ Information from ESET NOD32 Antivirus, version of virus signature database 6830 (20120126) __ The message was