|
I think it's a leftover feature from when UPnP allowed people to share dial-up connections which were metered by the minute, so being able to disconnect remotely was reasonably useful.
|
#
?
Dec 22, 2014 10:54
|
|
|
|
| # ? Apr 23, 2024 08:10 |
|
|
Sometimes we find customers are like "Our internet isn't working" and their PPPoE interface is disabled and we are just like "how the gently caress did that even happen". We wondered if someone was remotely loving with their interface using UPnP remotely.
|
|
#
?
Dec 22, 2014 11:38
|
|
|
Is there a reason to not drop all input from the pppoe-client interface?
|
|
#
?
Dec 22, 2014 12:26
|
|
|
FunOne posted:I have a RB750 connected to a Netgear DSL modem, the RB750 handles the PPPoE connection for AT&T. Yes, I hate it. Are you using the RB750 as a caching DNS server? There was a problem with RouterOS ignoring the ttl set by DNS servers and using something longer that kept coming up with Amazon and sites hosted on their infrastructure. Search for Amazon on the MikroTik forums and I'm sure you'll find some details. I personally have not had any problems, ymmv.
|
|
#
?
Dec 22, 2014 17:53
|
|
|
thebigcow posted:Are you using the RB750 as a caching DNS server? There was a problem with RouterOS ignoring the ttl set by DNS servers and using something longer that kept coming up with Amazon and sites hosted on their infrastructure. Search for Amazon on the MikroTik forums and I'm sure you'll find some details. Ooh, good memory. The other thing to try is to upgrade the firmware on the mikrotik. 6.23 has been working well for me out in the field. Make sure and upgrade the underlying routerboard firmware as well. Grab the firmware from MikroTik here: http://download2.mikrotik.com/routeros/6.23/routeros-mipsbe-6.23.npk Log into your MikroTik and click "New Terminal". Type: system router upgrade Hit enter, then "y" for yes and then reboot the router. It will upgrade the underlying Routerboard firmware so you don't get messed up in the next step. Drag and drop that into your router via Winbox and it will transfer over. Once it's in, reboot and it will load itself. Log back in when it starts responding again and open a terminal. Once again: system router upgrade Type "y" for yes and reboot. That will help rule out any problems that an older firmware may be causing.
|
|
#
?
Dec 22, 2014 19:04
|
|
|
gently caress, I forgot all about firmware versus router OS for like the last year. Time to upgrade a bunch of firmwares tonight...
|
|
#
?
Dec 22, 2014 21:03
|
|
|
jeeves posted:gently caress, I forgot all about firmware versus router OS for like the last year. Time to upgrade a bunch of firmwares tonight... Yeah. We deal with loads of radios (RB133's, RB411's and the like) so we have a pretty good workflow for upgrades. -> Upgrade to 3.30 and stop for MIPSLE. -> Upgrade to 3.30, then 4.17. Make sure routerboard firmware is up to date then update the license. -> Upgrade to 5.26, upgrade RB f/w. -> Upgrade to 6.23 (current and so far most bestest) and upgrade RB f/w. It requires loads of reboots to do this but the upshot is it almost never results in the radio hardlocking and becoming an unreachable piece of poo poo because of the bizarre interplay of RouterOS and the underlying Routerboard firmware. I'd stick to this process for the home routers unless you have one of the fancier ones with a serial port. Once you talk serial to the MikroTik then upgrade however you want. You can always netinstall and recover the firmware to something that works.
|
|
#
?
Dec 22, 2014 22:07
|
|
|
CuddleChunks posted:Yeah. We deal with loads of radios (RB133's, RB411's and the like) so we have a pretty good workflow for upgrades. Oh well, the things come up quick, like ~40sec. We just have like close to a hundred of them scattered around in our network now, heh.
|
|
#
?
Dec 23, 2014 00:11
|
|
|
thebigcow posted:Are you using the RB750 as a caching DNS server? There was a problem with RouterOS ignoring the ttl set by DNS servers and using something longer that kept coming up with Amazon and sites hosted on their infrastructure. Search for Amazon on the MikroTik forums and I'm sure you'll find some details. I am using the RB750 as a caching DNS server. I'm looking at the MikroTik forums but man do these people talk about Amazon AWS a lot. I didn't know about the firmware upgrade vs. OS upgrade, did that, but still having some issues. I tend to stay on the latest OS releases in general and this problem has persisted since I moved here. PPPoE to Amazon through DSL from AT&T. Google's DNS servers. RB750GL on 6.23.
|
|
#
?
Dec 23, 2014 01:01
|
|
|
Just set your DNS on your local machine to Google's temporarily to rule out / confirm a DNS issue with the Mikrotik.
|
|
#
?
Dec 23, 2014 01:22
|
|
|
Thanks Ants posted:Just set your DNS on your local machine to Google's temporarily to rule out / confirm a DNS issue with the Mikrotik. Did exactly that after my last post and still weird behavior. Basically if the pages from Amazon load they'll freeze or get stuck half way. This is what makes me think it is a network issue of some kind, like some kind of packet/pattern/etc. is getting lost and the whole thing just shuts down.
|
|
#
?
Dec 23, 2014 03:15
|
|
|
FunOne posted:Did exactly that after my last post and still weird behavior. Basically if the pages from Amazon load they'll freeze or get stuck half way. This is what makes me think it is a network issue of some kind, like some kind of packet/pattern/etc. is getting lost and the whole thing just shuts down. Ugh, I'm sorry you're still having problems. It sounds like you've set things up as simply as you can so now comes the really annoying poo poo. You can do this before contacting your ISP to see if it's a local equipment problem or something to bring up with them. - Plug yourself directly into the DSL modem with a single computer. - Setup PPPoE on that machine and connect up - See if your Amazon pages load normally If they do, one thing to try is to open a command prompt and type "ipconfig /all" without the quotes. This will tell you what DNS servers you got from your ISP. You might want to see if they help. Hopefully the problem persists and then you can call your ISP and tell them to fix their poo poo.
|
|
#
?
Dec 23, 2014 17:06
|
|
|
I have a RB951G-2HnD running 6.23 on firmware 3.19. I essentially used the QuickSet HomeAP settings to set it up, I have no strange requirements. The only tweak I do is disable "Use Peer DNS" on the DHCP client and set up my DNS to use unblock.us. I'm getting a strange thing where I can't connect to SMB share on a wired connection via my Android phone. My wired PC can get to the share without issues. Thinking that maybe a setting got borked during the 6.23 upgrade, I did a configuration reset and re-set things up (doesn't take too long to do). All was good this morning. Now (in the afternoon) I go to check my phone again, not working. The phone is on the network and can get to the internet fine, but SMB share not working (on multiple apps). I reboot the router, and once it comes up, it is all broken still, so I do the code:I expect it won't be tomorrow! Any ideas? EDIT: OK, so it may be the DNS setup causing it, I did the system reset-configuration and it was OK, then setup the DNS and it was not OK. Another symptom I am seeing is that the first time my PC (wired) connects to the SMB share, it is really slow to connect, but then it is OK. It seems to be linked to the "Use Peer DNS setting", with a non-working setup I can turn that setting on and it will be OK. But not for netflix.... ssergE fucked around with this message at 07:53 on Dec 24, 2014 |
|
#
?
Dec 24, 2014 07:43
|
|
|
This may be unrelated, but local dns on android 5.0 doesn't work properly (https://code.google.com/p/android/issues/detail?id=79504). It might be worth trying to connect to your share via IP.
|
|
#
?
Dec 24, 2014 10:21
|
|
|
robostac posted:This may be unrelated, but local dns on android 5.0 doesn't work properly (https://code.google.com/p/android/issues/detail?id=79504). It might be worth trying to connect to your share via IP. Thanks for the suggestion, but I am connecting via IP address, and everything was working fine with same everything except a different router (tomatoUSB). Just started using the routerboard in the last two days.
|
|
#
?
Dec 24, 2014 13:57
|
|
|
You can tweak some wireless settings and see if that helps. If you are connecting to the network share via IP then DNS won't matter. Edit this command to refer to whatever you called your wireless interface: code:
|
|
#
?
Dec 24, 2014 19:12
|
|
|
More update fun: 6.24 is on the /system packages update, but nothing is on their website or forum about an official release. As always I am kind of annoyed with the updates because nothing is a fully stable release ever, it's mostly just a monthly release of the current state of their fixes that are usually 4 steps forward and 1 step back.
|
|
#
?
Dec 24, 2014 20:54
|
|
|
jeeves posted:More update fun: 6.24 is on the /system packages update, but nothing is on their website or forum about an official release. Cisco is the same way, minus hilarious latvian changelogs. Pick the features that NEED to work, pick an iOS version with the minimal number of crippling bugs.
|
|
#
?
Dec 25, 2014 02:48
|
|
|
You're probably joking a bit, but that's not right at all. With Cisco and Juniper you stick with the same OS train and only get bug fixes, not features. Sure there's the occasionally bug introduced mid train but overwhelmingly it's bug fixes. RouterOS just does whatever they want and won't offer support unless you're on the latest version, which is always broken in numerous fun ways.
|
|
#
?
Dec 25, 2014 19:28
|
|
|
falz posted:You're probably joking a bit, but that's not right at all. Yeah my radio/wireless engineer is always like "oh I never update Mikrotik ever" but obviously they do fix stuff for newer versions (like vlan switch code on v6.13+ for CRS models). But it's like every 4 things they fix they break 3... so generally it keeps getting better, but I can't really always feel good about updating stuff. Basically they're in the mindset of constant beta versions without ever any actual stable version in sight.
|
|
#
?
Dec 25, 2014 19:53
|
|
|
CuddleChunks posted:You can tweak some wireless settings and see if that helps. If you are connecting to the network share via IP then DNS won't matter. Thanks again, but the wired computer has initial delays using the smb share as well with the "use peer DNS" setting off. Turning it on again everything is fine, both wired and wireless.
|
|
#
?
Dec 26, 2014 02:06
|
|
|
Another update, so I got back to my place after staying with my parents over Christmas and found that no DNS was being resolved at all (I had the "Use Peer Setting" on, which was the previously working configuration). Try rebooting, no good. Unplug router and plug in old router running TomatoUSB, everything is working again. Unless anyone has any ideas, time to put this MikroTik router back in the draw for another 6 months to see if any updates fix it. Really frustrating.
|
|
#
?
Dec 28, 2014 02:05
|
|
|
ipconfig /all on your workstation and make sure DNS servers are being passed to the client via DHCP. Unlike a lot of consumer routers, Mikrotik breaks it out into two settings: there are DNS servers for the router, and separate DNS servers associated with the DHCP scope. I'd recommend pushing Google or OpenDNS servers to your DHCP clients. There's no benefit to running it on the router.
|
|
#
?
Dec 28, 2014 02:54
|
|
|
DNS settings for the router itself (internal pings, internal package/update checks, etc) is kept in: /ip dns DHCP DNS settings that are pushed down to clients are kept in: /ip dhcp-server network Good example: /ip dhcp-server network add address=192.168.88.0/24 dns-server=8.8.8.8,4.2.2.2 gateway=192.168.88.1
|
|
#
?
Dec 28, 2014 07:05
|
|
|
Thanks jeeves and KS, you've hit the nail on the head. I checked the current DNS server being sent out and it was junk (from memory, 192.168.0.1 - no idea where that has come from - I have reset the settings a bunch of times). I changed the DNS server being sent out by DCHP to be the router itself, and then I could see the DNS cache in winbox being populated by my PC making queries. That made me look closer at the SMB issue (still occurring). On a hunch I added a static DNS entry for "storage.local" to point to the storage server (SMB). Bang, everything started to work. I find this interesting especially given I am connecting to the storage server via IP and not name on the wireless device. Oh well. Is it possible to have the built-in DNS server hand out IPs for xxx.local where xxx is the hostname that is sent for the DHCP request?
|
|
#
?
Dec 29, 2014 01:39
|
|
|
ssergE posted:Is it possible to have the built-in DNS server hand out IPs for xxx.local where xxx is the hostname that is sent for the DHCP request? Uhhh, yes. You just did that when you added "storage.local" to the DNS table. If you mean "can it magically figure out a local machine name and then what IP it is through something I don't have to manage by hand" then no. You can go into the local DHCP server table and click "Make Static" on all the devices you want to keep at a particular IP. Then add them one by one to the DNS cache with your name.local format. They should then stay at the designated IP and your DNS will have a reference to them. The devices themselves will work fine on other networks if you take them outside your home and then should come back to the designated IP when you return.
|
|
#
?
Dec 29, 2014 03:11
|
|
|
CuddleChunks posted:Uhhh, yes. You just did that when you added "storage.local" to the DNS table. Yeah I ended up doing that (making the IP address static) and adding a static DNS entry. Thanks.
|
|
#
?
Dec 29, 2014 03:50
|
|
|
I can somewhat endorse the use of these. They are easy to setup if you are just a shmoe wanting basic wifi and a nice router and they are cheap. In my experience the wifi signal is rather strong on these devices and they support -MPLS-. Very cheap and awesome solution. Working on learning the chain and how to implement good firewall rules. Nice writeup edit: also confirming that if you want to use these in an office setting that utilizes encryption like IPsec between locations you will definitely limit the amount of traffic. I have found it to be something like 10Mbps or less of IPsec traffic. If you go up to the more expensive models it can do better (not sure how much, if IPsec better or Cisco probably) rakonline fucked around with this message at 17:54 on Dec 31, 2014 |
|
#
?
Dec 31, 2014 17:45
|
|
|
So how is IPSec/VPN support in pfSense compared to Mikrotik? I can't seem to find a lot of comparisons/reviews. Or for that matter, how about general information comparing pfSense to Mikrotik? I want to start looking into funneling all LAN devices through a VPN (something like PIA) so I'd like to do this in the router rather than from individual devices. I just keep hearing about how IPSec performance isn't that great in Mikrotik. I also realize I keep asking about this repeatedly.
|
|
#
?
Jan 1, 2015 16:55
|
|
|
Like the Mikrotiks, IPsec throughput in pfSense will be limited by the CPU of the router. You should be able to get really excellent speeds (>100Mbps) with a modern x86 processor that supports AES-NI, assuming your VPN uses AES encryption. I'd also take a look at the Ubiquiti EdgeRouter since it has IPsec hardware acceleration and can reportedly push up to 100Mbps IPsec.
|
|
#
?
Jan 1, 2015 18:00
|
|
|
When thinking about IPSec on a Mikrotik remember that the main reason Mikrotiks are popular are for how reliable their low end stuff is for the price. 60$ gets you an RB750, ~$180 gets you their 24 port gigabit switch CRS. However, cheapness comes with a price of cpu and ram. The RB750 only has like a 600mhz CPU and 64mb of ram, a CRS has like the same cpu but double the ram. IPSec stuff uses a shitload of CPU, so that poo poo won't cut it. You have to start going up into their Cloud Core models (450-1200) before you get like 16/32core 1.2Ghz units, but then at that price point you may as well get a non-Mikrotik thing. Then again maybe non-Mikrotik units with those types of CPU are double the price already, so who knows?
|
|
#
?
Jan 1, 2015 18:17
|
|
|
The 1100AHx2 has hardware IPSec support but I've never seen actual numbers from anyone who wasn't using the least CPU intensive encryption that may or may not be broken by this point.
|
|
#
?
Jan 1, 2015 19:40
|
|
|
Cisco RV130s are cheap little boxes that claim 50Mbps of IPsec.
|
|
#
?
Jan 1, 2015 20:28
|
|
|
thebigcow posted:The 1100AHx2 has hardware IPSec support but I've never seen actual numbers from anyone who wasn't using the least CPU intensive encryption that may or may not be broken by this point. Yeah, I know what you mean. I'm interested in the Ubiquiti to see how its performance is regardless of using a questionably secure IPSec feature. My parents need a new router & AP solution and my thought is I try something different with decent IPSec capability and if I like it, I keep it and give them my MikroTik. Otherwise, they get the new hardware. So even the lowest-end Ubiquiti EdgeRouter Lite would be around $100 on Amazon without a WiFi AP? Doesn't look like it has WiFi built-in so I presume either a UAP or UAP-LR are needed as well. The Cisco RV130 sounds decent as well, but I don't see any mention of OpenVPN IPSec. PUBLIC TOILET fucked around with this message at 20:33 on Jan 1, 2015 |
|
#
?
Jan 1, 2015 20:30
|
|
|
The Edgerouter Lite tops out at ~12Mbps OpenVPN, as only IPsec has hardware offload implemented. Unlike the Mikrotik implementation, EdgeOS fully supports OpenVPN, including UDP mode. Also, you can install generic Debian packages. I run Yate on my ERL as a small PBX and SIP<->Google Voice bridge. You can probably reuse your parents' old router as an AP if you end up getting them an ERL (or other wired-only router), assuming they're happy with the coverage and throughput. A surprisingly decent alternative to the UniFi gear is the Zyxel 1120 series. I'm using an NWA1123-NI and it's been reliable with very good range. It's also significantly less expensive than the UAP-Pro for a dual band AP. SamDabbers fucked around with this message at 21:46 on Jan 1, 2015 |
|
#
?
Jan 1, 2015 21:38
|
|
|
thebigcow posted:The 1100AHx2 has hardware IPSec support but I've never seen actual numbers from anyone who wasn't using the least CPU intensive encryption that may or may not be broken by this point. They seem to recommend using AES-128 for maximum speed which is definitely not broken. Slower does not necessarily mean better when it comes to crypto.
|
|
#
?
Jan 2, 2015 17:13
|
|
|
Got an odd problem with wireless bridging. The wireless AP on my home network is an Apple Time Capsule, and I've got an old RouterBoard 433 with whichever card was popular at that time (probably an R52N, don't feel like opening it up to check). I've bridged wlan1 and all the Ethernet interfaces together, and have the radio in station pseudobridge mode. The goal is basically to use this old board as a wireless bridge for a few things downstairs, far away from any wires (I hate wall fishing). So, the setup is: [ Apple Time Capsule ] <--- wireless ---> [ RB433 ] <-- ethernet --> [ end devices ] When I tested the above with my desktop PC, everything worked great. The PC pulled a DHCP IP from the Time Capsule, got online, everything was spiffy. Took the device downstairs, plugged it into the TiVo, and... nothing. The wireless connection is good (probably too good, actually, something like 50 points of SNR). But the TiVo says it can't get a DHCP address. I probably could work around this by having the RB433 act as a DHCP server and do NAT on the Ethernet interfaces, but that's not ideal, because double-NAT always is terrible, and because it probably would limit my ability to manage the TiVo remotely. Anyone seen issues where some DHCP clients don't like being behind a Mikrotik bridge? Any suggestions for other configurations to try?
|
|
#
?
Jan 8, 2015 15:36
|
|
|
Have you tried any other equipment downstairs?
|
|
#
?
Jan 8, 2015 21:57
|
|
|
If you mean other wireless stuff generally, things work fine downstairs. Laptops, tablets, cell phones, et cetera. They all get addresses and can get online fine. I was able to Winbox into the device. It has a good RF connection, and if I open a terminal the RB433 can talk to the Internet itself. (The RB433 gets its own DHCP lease just fine.) It looks like there's something going on where either the DHCP request or response aren't being passed through the bridge. This evening, I hope to spend a bit of time with Torch, but if I can't figure it out tonight I may just go buy a different device that's explicitly designed for this job. Or maybe a cheap router that can run OpenWRT or DD-WRT maybe.
|
|
#
?
Jan 8, 2015 22:10
|
|
|
|
| # ? Apr 23, 2024 08:10 |
|
|
I meant other things wired to the bridge.
|
|
#
?
Jan 8, 2015 22:57
|
|