|
The lack of decent VPN capability isn't really a deal-breaker for me. It would have been nice to have a VPN service configured from the router, but I suppose if I want it that bad I'll just use it at the workstation-level. I've had little to no issues with my MikroTik since you folks helped me configure it. I wouldn't trade it for anything (unless it's a nice Cisco unit.) I would still recommend it for home networking to people that ask me.
|
#
¿
Aug 7, 2013 03:45
|
|
|
|
| # ¿ Apr 26, 2024 00:55 |
|
|
So the RB951G-2HnD supports jumbo frames up to 4074. I can see on mine the MAX-L2MTU is configured to 4074 already. If I want it to use the MAX of 4074, do I have to modify the "mpls-mtu" setting or will it just automatically start using it if I connect a device to it already configured for 4088?
|
|
#
¿
Aug 9, 2013 23:48
|
|
|
Just for the sake of curiosity, what's the most affordable MikroTik router out there with decent, responsive and reliable VPN support? (i.e. support for services like HostVPN) Or does that not exist? I'm assuming you don't really get that until you get into the more commercial-grade, rack-mount routers from MikroTik.
|
|
#
¿
Oct 1, 2013 01:36
|
|
|
Out of curiosity, is it necessary to specify your desired DNS server(s) under IP -> DHCP Server -> Networks -> (properties of DHCP network)? I had OpenDNS servers configured here, and also under IP -> DNS. I was rattling my brain trying to figure out why after updating IP -> DNS with new DNS servers the workstations on the network weren't updating their DNS servers. I had forgot I had it specified under DHCP Server as well. The only difference I can see after removing them from DHCP Server is now from a workstation under ipconfig /all, the workstation is talking to the router gateway first for DNS, then the other two DNS servers I've specified. Will this cause issues? Should I re-specify the DNS server addresses under DHCP Server or leave the fields empty? Do I need to specify a new NAT rule in Firewall to force all devices to use my desired DNS servers? It looks like things are working fine.
|
|
#
¿
Mar 8, 2014 00:50
|
|
|
Partycat posted:Generically, DNS under IP would be for the device itself. Under DHCP it is what it hands to clients. It is listed first, the others backup. It probably relays requests to the IP > DNS server, like any home router type thing. Your network hosts should use it first, then the others if lookup fails or times out. I'm sure you can turn off internal DNS server or remove its advertisement. Thanks for the clarification. Second question-- Has anyone experienced issues related to clients connected to your MikroTik router's WiFi randomly dropping the connection? I have a Chromecast, Android phone and WDTV Live that have not experienced loss of WiFi connectivity but I'm getting reports of an iPhone, Kindle and laptop losing connectivity randomly. Allegedly the devices will disconnect from the WiFi then reconnect when they feel like it. I haven't worked on troubleshooting the issue yet, but I imagine using Torch, monitoring IP -> Firewall -> Connections and watching the wireless clients under Quick Set would be my best bet, right? Just thought I would ask. Looking at other WiFi APs around me, it would appear as though I only share mine with two or three other networks in the same frequency.
|
|
#
¿
Mar 8, 2014 01:11
|
|
|
thebigcow posted:It could just be some insane power saving settings. Do they have a common wifi chip? I'm not too sure. The laptop I'm trying to sell on eBay for parts as it's had some water damage so I blame any hardware problems on that. The Kindle is one of the original ones so it's getting pretty old. The iPhone is a 4S that's fairly new so I'm not sure about that.
|
|
#
¿
Mar 8, 2014 17:28
|
|
|
Wow, this is definitely some strange stuff. Finally able to reproduce the issue on the Kindle and I monitored the log on my RB951G-2HnD. Below are screen-captures of what happened from the time the Kindle was initially used to maybe five minutes after using the Netflix app on it to stream to the Chromecast. (These are the two affected devices but the Kindle is the one with the most trouble in the log)   Haven't researched this yet as it just happened, but it sounds like the Kindle is sending data that the Mikrotik doesn't understand so it drops it from the WiFi completely, but that seems to happen after there's a group key exchange timeout. I don't see anything unusual occurring in Torch or in the Firewall connections. From a configuration standpoint on the Kindle, there's nothing I can change aside from what WiFi network to connect to. No advanced settings from what I can tell.
|
|
#
¿
Mar 8, 2014 19:00
|
|
|
Looks like some other devices are having issues now. My Nexus phone is receiving the same "extensive data loss" error in the MikroTik log as well as "data from unknown device, sending deauth". Not sure what's happening or what's causing it. Is my router making GBS threads the bed?
|
|
#
¿
Mar 8, 2014 19:33
|
|
|
Partycat posted:How is your network set up with regards to client authentication ?  I've enabled wireless debug logging now so hopefully that might provide some new information when the problem does occur again. PUBLIC TOILET fucked around with this message at 01:44 on Mar 9, 2014 |
|
#
¿
Mar 9, 2014 00:31
|
|
|
Well, should anyone encounter the same WiFi issues I've been experiencing with a MikroTik, there's an option in the advanced wireless configuration that may alleviate the problem.
Not a whole lot of information on it, but there's a short write up of the feature here.
|
|
#
¿
Mar 11, 2014 01:34
|
|
|
Still having clients dropping from the WiFi even enabling the Adaptive Noise Immunity setting. I'm pretty tired of this, what are some other robust WiFi routers out there I can use? I see some recommendations for the ASUS ones but I don't know how their interface is.
|
|
#
¿
Mar 31, 2014 01:07
|
|
|
CuddleChunks posted:Rexxed - the rb750gl should do well for you. I've got one at home and it's a real trooper. I think it's a safe bet to try that model. There are other routerboard models with a ton more power if needed. Well AirPort Extreme is all well and good, but I like the extensive configuration of the MikroTik equipment. Are there any other affordable, Cisco-alternative WiFi/router solutions out there that perform well? I see there's the Buffalo AirStation AC 1750 and the upcoming Linksys WRT1900AC. What about a MikroTik router/switch solution with an entirely separate WiFi AP solution (like Ubiquiti)? Would a Gigabit MikroTik router/switch with a Ubiquiti WiFi AP make more sense and be reliable?
|
|
#
¿
Mar 31, 2014 04:22
|
|
|
Anyone using one of the non-WiFi RouterBoards with a Cisco AP unit for WiFi access? If so, what models are you using and have you encountered any issues?
|
|
#
¿
Aug 15, 2014 22:26
|
|
|
PUBLIC TOILET posted:Anyone using one of the non-WiFi RouterBoards with a Cisco AP unit for WiFi access? If so, what models are you using and have you encountered any issues? Anyone?
|
|
#
¿
Aug 19, 2014 23:41
|
|
|
CuddleChunks posted:You mean like an RB750 wired router or one of the cloud core router thingies? I have the RB951G-2HnD now, but WiFi quality went straight to hell when I had a Chromecast on the network. Sold the Chromecast and now I'm looking at getting a new one. I'm afraid of running into the same WiFi issues once more. Some research seems to indicate that the Chromecast (when actively streaming), will consume the majority of WiFi bandwidth thus choking other WiFi devices. Will getting a non-WiFi Mikrotik and connecting it to a separate AP be the best way to go in this case? That is, if I experience issues again with the new Chromecast? I can get my hands on a Cisco Meraki AP but I don't know if that's going to work, or if that's overkill.
|
|
#
¿
Aug 20, 2014 06:06
|
|
|
falz posted:Or just use some WiFi scanning app to see how lovely the WiFi frequencies are and set your AP on the cleanest channel. 5ghz should give you choices here. Been there, done that. One of my thoughts was if I get a new, separate AP, then go with 5ghz. The built-in one with this MikroTik is only 2.4ghz. The Chromecast is WiFi only so a hard line is not going to work for it.
|
|
#
¿
Aug 21, 2014 03:35
|
|
|
Is there any reason to upgrade from v5.26 to v6.x? Mine's been solid on 5.26 for a while now but I'm curious to know if I'm missing out on anything important.
|
|
#
¿
Oct 8, 2014 00:15
|
|
|
So how is IPSec/VPN support in pfSense compared to Mikrotik? I can't seem to find a lot of comparisons/reviews. Or for that matter, how about general information comparing pfSense to Mikrotik? I want to start looking into funneling all LAN devices through a VPN (something like PIA) so I'd like to do this in the router rather than from individual devices. I just keep hearing about how IPSec performance isn't that great in Mikrotik. I also realize I keep asking about this repeatedly.
|
|
#
¿
Jan 1, 2015 16:55
|
|
|
thebigcow posted:The 1100AHx2 has hardware IPSec support but I've never seen actual numbers from anyone who wasn't using the least CPU intensive encryption that may or may not be broken by this point. Yeah, I know what you mean. I'm interested in the Ubiquiti to see how its performance is regardless of using a questionably secure IPSec feature. My parents need a new router & AP solution and my thought is I try something different with decent IPSec capability and if I like it, I keep it and give them my MikroTik. Otherwise, they get the new hardware. So even the lowest-end Ubiquiti EdgeRouter Lite would be around $100 on Amazon without a WiFi AP? Doesn't look like it has WiFi built-in so I presume either a UAP or UAP-LR are needed as well. The Cisco RV130 sounds decent as well, but I don't see any mention of OpenVPN IPSec. PUBLIC TOILET fucked around with this message at 20:33 on Jan 1, 2015 |
|
#
¿
Jan 1, 2015 20:30
|
|
|
I inherited a free RB951-2n that I'm configuring for my parents so I can finally ditch their old Linksys router. I was able to /export compact the configuration from my RB951G-2HnD and successfully import it into the RB951-2n and modify accordingly. I would like to configure the ability for me to remote into it from the WAN, what's the recommended method for this? I'm thinking I would disable the SSH service entirely (or leave it enabled but block WAN access to port 22 in the firewall altogether.) I could then leave the winbox service enabled and remote into it that way. Is this the easiest, user-friendly way? Should I change the winbox port in that case? Maybe configure a new firewall rule to only allow access from a specific IP address? Although I don't have a static WAN IP.
|
|
#
¿
Mar 20, 2015 03:32
|
|
|
thebigcow posted:Changing the port will keep an assortment of bots from banging on your door but isn't real security. http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention is someone elses script to drop after a number of failed connections. RouterOS supports SSH key log in but doesn't seem to have a way to turn off password log in. I should have noted that both routers are running v5.26. Isn't the cloud feature in version 6+?
|
|
#
¿
Mar 20, 2015 05:14
|
|
|
jeeves posted:Just upgrade to 6.27 unless the license on your Mikrotik won't let you. I like this idea. I might even try it on my router and remove the existing SSH firewall rule. The only thing I'm not sure about is how/where to start a whitelist for this. I looked around online but most of the information I see is how to create whitelists for a web proxy.
|
|
#
¿
Mar 21, 2015 02:14
|
|
|
jeeves posted:What questions about the whitelist do you have? Basically take your home IP, and add it to "/ip firewall address-list", and tag it with the name 'whitelist' (or anything). Then, when you make the firewall rule, the src-address-list=!whitelist command tells it to apply to any IP that is NOT on that 'whitelist' name you made before. Okay, thank you. I had a feeling it was the "Address Lists" option in Winbox under Firewall but I wasn't sure because I had never used that feature before. I wanted to confirm in my head where everything would appear within the Winbox interface once I thought about each command that jeeves had mentioned. Wouldn't I also have to build another firewall rule that forwards destination port 8291 from the WAN to the router's IP address? And also build a NAT rule for it? PUBLIC TOILET fucked around with this message at 04:24 on Mar 21, 2015 |
|
#
¿
Mar 21, 2015 03:36
|
|
|
The_Franz posted:No. The input firewall chain is for traffic going from the internet to the router itself. The forward chain is for traffic passing through the router (i.e. internet to LAN). Since traffic to the router is never going through NAT or being passed through to the LAN you just need the rule in the input chain. Thank you for the clarification. One other, unrelated issue. I'm working to configure a task in the scheduler where it will perform a "/system reboot" once a week at 6am. The time I entered was one week at 06:00 hours (because I figure it's measured in military time on the router.) I've been noticing that the router will instead reboot at around 12am. I checked the clock settings and they're set to New York/-4 GMT, but I think the current time is incorrect. I have Google's NTP servers specified for synchronization (time1.google.com/time2.google.com via IP address.) If I have NTP servers specified, should I then set the clock section to "manual" instead of New York/-4 GMT? Not sure why the clock is off but I don't know if it's a mis-configuration in my router, or if it's the fault of the Google NTP servers.
|
|
#
¿
Mar 23, 2015 16:35
|
|
|
thebigcow posted:When you say "I think the current time is incorrect" what do you mean? When I look at the clock settings, it shows me the current time in 24h format, but I'm pretty sure it's not the correct eastern time it should be. I would double-check via winbox but I can't at the moment because I apparently did not whitelist the correct IP address for remote access. I can however provide you with the configuration I currently have: code:
|
|
#
¿
Mar 23, 2015 18:13
|
|
|
Here's what I have:code:edit: it should read as 06:00:00 shouldn't it? edit 2: yeah, that was it. i'm an idiot. PUBLIC TOILET fucked around with this message at 23:20 on Mar 23, 2015 |
|
#
¿
Mar 23, 2015 23:09
|
|
|
So I'm not sure why but even after creating the whitelist and adding the appropriate IP address, attempting to connect to my router via winbox from one of the whitelisted IP addresses is being blocked. Below is a screen capture of the log: And here's what my firewall configuration looks like: code:PUBLIC TOILET fucked around with this message at 02:28 on Mar 25, 2015 |
|
#
¿
Mar 25, 2015 02:26
|
|
|
The_Franz posted:Packets hit rules in the order they are listed so you need to put your Winbox rule above the "drop everything" rule or the packet will be dropped before it hits the Winbox rule. You also need to have your Winbox rule accept whitelisted connections instead of dropping non-whitelisted connections or allowed packets will just fall through to the drop rule. Holy poo poo it works! Thanks everyone!
|
|
#
¿
Mar 26, 2015 14:15
|
|
|
jeeves posted:Yeah, I always forget that aspect of firewall filters because when I code them I always put them in order from the start. Of course I do so few filters on there (I just do the whitelist filters on initial installs, we have another guy who does followup filters) that I forget about the drag-and-drop aspect of the order. I've been quickly researching MikroTik books on Amazon to learn more about them. Any recommendations?
|
|
#
¿
Mar 26, 2015 20:01
|
|
|
Is there a write-up somewhere of what the new features are in RouterOS v6 compared to v5 aside from the changelog?
|
|
#
¿
Mar 30, 2015 20:00
|
|
|
Out of curiosity, is anyone using LTE for fail-over on their MikroTik routers? Looking at the supported LTE cards, but I'm not sure if anyone has specific recommendations. I'm thinking in my area the best LTE coverage is likely Verizon or T-Mobile. Is this functionality difficult to configure in RouterOS? I also see some of these devices were tested on certain RouterOS revisions.
|
|
#
¿
Apr 3, 2015 03:15
|
|
|
Does anyone else know if MikroTik's website still has the version 2 of winbox available for download? It seems like every time I use version 3 and upgrade to a new release candidate, new issues appear.
|
|
#
¿
Apr 28, 2015 02:10
|
|
|
So I'm looking to put together a new router/WiFi solution for someone to be used indoors within their home. The problem I'm concerned about is the WiFi range I might need to cover as much of the house as possible. The current router is located on the first floor at the east end of the house in an enclosed room. It's a crappy Linksys WRT54GL but it's been chugging along for a while now. People in said house currently complain about poor WiFi reception in the basement, upstairs on the second level and in the living room (which is the next room over from the enclosed room.) I can't truly move the router/WiFi to a different room because that would require re-cabling. I was leaning towards a MikroTik with built-in WiFi like the RB951G-2HnD, but my fear is it won't have the range needed to cover the house. Would it make sense to get a standard MikroTik router without built-in WiFi and connect a Ubiquiti AP to it? I was leaning towards a mix of something like a RB750 with a Ubiquiti UAP-LR or PicoStation. Or would it make more sense to just do Ubiquiti across the board (router and all)? I haven't tried using the Ubiquiti hardware yet.
|
|
#
¿
Jun 17, 2015 04:21
|
|
|
Option two doesn't sound too bad especially if I just try it with two MikroTiks first without the power-line adapters. So you're saying two MikroTik units with built-in WiFi, set only the WiFi portion of the routers to bridge mode but disable the remaining functionality of one router while the other one remains intact?
|
|
#
¿
Jun 17, 2015 16:37
|
|
|
A lot of the hardware sounds nice, but the items I'm interested in don't yet have prices. I also see a decent amount of the hardware doesn't include Gigabit ports which is a shame. Unless of course "fast ethernet" is Latvian for "Gigabit".
|
|
#
¿
Jun 24, 2015 02:03
|
|
|
thebigcow posted:Basically. There is a quickset for access points, this might be as easy as two mouse clicks. If you want to complicate things you can try the new capsman package for access point management. So I'm beginning to research this now and I'm wondering about something. Is it feasible/supported for me to do something like: Main router: RB951Ui-2HnD (located in one room connected via Ethernet to Verizon DSL modem) -> *WiFi bridge* (supplies connectivity to WiFi AP #1 & #2) -> WiFi AP #1: mAP 2n (located in another room, connects back to main router via WiFi bridge but also provides Internet access via WiFi) WiFi AP #2: mAP 2n (located in another room, connects back to main router via WiFi bridge but also provides Internet access via WiFi) Is this even possible or do I have to use power line network adapters to build the backbone between the mAP 2n units <-> RB951Ui-2HnD? It seems like the mAP 2n units spread around the house and making them connect back to the main router would resolve the WiFi coverage issues. PUBLIC TOILET fucked around with this message at 00:14 on Jun 26, 2015 |
|
#
¿
Jun 26, 2015 00:03
|
|
|
falz posted:You have to have two radios in a router if you want to have it be an AP and also bridge back to another. Or the power line adapters instead. Thanks.
|
|
#
¿
Jun 26, 2015 03:31
|
|
|
So I have an exported configuration (.rsc) from a MikroTik running version 5.26. I'm attempting to import it into a MikroTik running version 6.30. I've been using verbose mode while importing because the process is failing on multiple sections of the script. For instance, version 6.30 doesn't seem to understand the "l2mtu" variable or the "channel-width" variable. I'm guessing that I shouldn't waste my time trying to do this and should only stick to doing this between routers running the same version software (6.x to 6.x)? Would I be better off just upgrading all routers to 6.30 and doing an export from a working one then import on the one needing configuration? Or is there a way to import a 5.x configuration to a 6.x router?
|
|
#
¿
Jul 9, 2015 05:03
|
|
|
thebigcow posted:Its changed enough that I wouldn't try importing a 5.x config to 6.x. You could dump the old one to text for comparison. Yeah I thought so. I didn't yet compare the configurations side-by-side but I believe you regardless. I suppose I might as well do it by hand and export a generic 6.x configuration for future use.
|
|
#
¿
Jul 9, 2015 22:09
|
|
|
|
| # ¿ Apr 26, 2024 00:55 |
|
|
Oh look, v6.30.1 was released six days later and two of the fixes in the changelog are exactly the issues I've been running in to while setting up a new router. 
|
|
#
¿
Jul 18, 2015 04:18
|
|