|
Tried it in firefox and it just spins.
|
# ? Sep 11, 2012 05:04 |
|
|
# ? May 15, 2024 04:36 |
|
Firefox and Chrome both have problems where they don't support TLS 1.1 and the TLS 1.0 method seems to be mangled. If you use IE and turn off TLS 1.0 support then the site seems to load just fine.
|
# ? Sep 11, 2012 17:02 |
|
Got an SSL-related error too, not using a MikroTik router right now.
|
# ? Sep 12, 2012 11:01 |
|
This is going to be a bit of a derail, but I'm looking at helping setup a small hotspot system for a sailing club/marina. I'm looking to use a system that processes payments but allows the club to issue free tickets for some members and have control. I'll need 3 or 4 boxes, and am hoping to use mikrotik boxes because of the great service I've had from them. I'm looking at something like https://www.hotspotsystem.com to manage it, dose anyone have any thoughts on a provider like this?
|
# ? Sep 17, 2012 02:21 |
|
If you just need basic hot spot and payment processing functionality, Mikrotik can do that itself. Install the optional user-manager package, ideally on a separate unit (or one of the APs in a pinch), get PayPal integration and the ability to print up coupons. The user manager package is a bit quirky (the Web interface isn't that hot, for instance) but if the budget is tight it's certainly usable.
|
# ? Sep 17, 2012 03:25 |
|
Weird Uncle Dave posted:If you just need basic hot spot and payment processing functionality, Mikrotik can do that itself. Install the optional user-manager package, ideally on a separate unit (or one of the APs in a pinch), get PayPal integration and the ability to print up coupons. Thanks for the suggesting, I'm trying this now, with a single RB751U-2Hnd as a proof of concept. Unfortunately the Wireless performance on this model is a bit crap but it's what I have lying around so it will have to do. I'm pretty excited, once I got it up and running it seems like it dose 90% of what I want. If they like it I'll also have to setup an ominitik for the marina which will be interesting.
|
# ? Sep 19, 2012 02:51 |
|
Anyone in here using an iPhone/iPad with iOS 6 and a Mikrotik? I'm having some puzzling DNS issues behind a RB751U 5.7 in iOS 6.0. Nothing is resolving at all, no matter normal DHCP settings or everything static and 8.8.8.8. Just wondering if this is a known issue or if it's worth more digging.
|
# ? Sep 21, 2012 05:29 |
|
See if upgrading to 5.20 helps. One of my coworkers just uppped to iOS 6 but we don't have any RB751's running anything lower than 5.18.
|
# ? Sep 21, 2012 07:13 |
|
I feel a bit silly for not keeping up with updates. That was about the least painful upgrade of anything that has ever been. It had no effect on this problem, but I need to check this iPhone against other access points tomorrow before I waste any more time on this. I was just wondering if there was a quick "yeah this Apple DNS poo poo is broken" or "no I have an iPhone 5 right here that loves my Mikrotik." It's impossible to find any useful info on iOS 6 networking issues thanks to Apple's awesome work yesterday of breaking every single iOS device's wifi for half a day right when 6.0 was released.
|
# ? Sep 21, 2012 08:30 |
|
Can you give me an example of something that isn't working for you? I've got an RB751U setup with 5.20 f/w running b/g/n and wpa2. It's fresh out of the box and my iOS 5 phone is connecting to it just fine. My buddy's iOS 6 phone connected up without anything notable happening.
|
# ? Sep 21, 2012 17:50 |
|
So I'm taking on a part-lab, part practical application on my RB751U-2HnD. Thanks to some ISP weirdness while I was setting up a PPTP tunnel I decided to factory reset it so I may as well set it back up properly now. What I'm looking to do is make 2 virtual APs and separate them from each other and the default wifi/eth combo. That isn't too bad, I had it 90% of the way there before the reset. In retrospect I think I just forgot to make routes but it's the separation and bandwidth management that daunts me a little. I'm not that well versed in advanced networking, but I assume I'll have to put the virtual APs on separate VLANs to isolate the traffic and then use the tags to manage the bandwidth, but that's where I get lost. I'm trying to meter a 15/1.5 connection to 3/.3 for each AP and reserve the rest for the default profile.
|
# ? Sep 21, 2012 19:37 |
|
CuddleChunks posted:Can you give me an example of something that isn't working for you? I've got an RB751U setup with 5.20 f/w running b/g/n and wpa2. It's fresh out of the box and my iOS 5 phone is connecting to it just fine. DNS resolution just isn't happening at all. It works fine on wireless networks other than my Mikrotik and works fine over 3G data. This started happening immediately after updating the iPhone to iOS 6.0. I tried a few combinations of confirming the DNS being fed through DHCP looked normal, changing DHCP to send 8.8.8.8, using a static IP on the device and setting the DNS to the Mikrotik's IP, and using a static IP and 8.8.8.8 on the device. In all cases, I can ping 4.2.2.2 but google.com never resolves. I'm thinking this is going to be over my head. I tried wiping the iPhone's network settings totally but am not eager to wipe the entire iPhone. I will have to nab another iOS 6 device and give that a shot behind the Mikrotik, I suppose.
|
# ? Sep 21, 2012 20:20 |
|
ManicJason - turn off all your other machines and fire up the packet sniffer on your mikrotik. Try and go to a page on your phone, wait for it go fail and then see what packets got sent. That may help reveal what is going on here. Weirrrdddd.
|
# ? Sep 21, 2012 22:13 |
|
I upgraded an iPad to 6.0 as well and have identical symptoms. When I turn on packet sniffer and ping google.com, absolutely no traffic at all goes to or from the broken iOS devices. Everything looks normal when I ping 4.2.2.2. edit: I went ahead and reset all of the Mikrotik's settings, and things are fine. If anyone's dreadfully curious, here's the broken config. All of the weird tunneling stuff should be disabled. The only other oddness I noticed was that I was setting the Mikrotik's IP on the wireless and ether2 interfaces separately but to the same IP instead of their shared bridge. ManicJason fucked around with this message at 22:31 on Sep 22, 2012 |
# ? Sep 22, 2012 22:07 |
|
What IP address do your iOS devices get from the mikrotik? After you clear the wireless profile and reconnect does it pick up an IP and show up properly in the DHCP server's list of leases? Oh, and try turning off 802.11n support. Set the wireless to only use 802.11g (assuming you have all modern wifi devices and no legacy b clients lingering). Sometimes the n-support in Mikrotik is really fussy. CuddleChunks fucked around with this message at 01:48 on Sep 23, 2012 |
# ? Sep 23, 2012 01:45 |
|
Resetting the Mikrotik config and starting from scratch solved the problems. I was getting 192.168.1.150 from DHCP, which was in the normal range and showed up under leases. N is still on after I reset the Mikrotik to defaults and the problem went away, so I doubt that was it. If I recall correctly, I didn't use the magic default configuration when I set the router up a year ago, so I may have done something technically wrong that was corrected when I reset it to defaults today.
|
# ? Sep 23, 2012 02:44 |
|
What's the current word on UPnP? I've always had it off in the past, due to security , but I've turned it on at a few locations to allow Xboxes and etc. to work properly. Replaced an ancient ipcop machine at my parents' place with a RB750GL, and I turned on UPnP to let things like Dish DVRs work properly, and hey, it's also more convenient for my laptop and torrent client to happily find its own port to use. OK to leave on and enabled, or is it a horrid security risk I should close immediately?
|
# ? Sep 23, 2012 19:51 |
|
I leave it on at work and home.
|
# ? Sep 24, 2012 04:59 |
|
I don't think there's anything to worry about in a home setting. If you were at a hotspot or a public network then you'd want to lock that down.
|
# ? Sep 24, 2012 06:08 |
|
I don't know how the MikroTik daemon works, but some daemons will allow port mappings to be made by one host for another host, or for ports < 1024. This could allow a node on your network to expose another node from behind the firewall, depending on your firewall's configuration. Something like miniupnpd has options to mitigate this.
|
# ? Sep 24, 2012 18:23 |
|
NAT isn't supposed to be a firewall
|
# ? Sep 25, 2012 01:24 |
|
NOTinuyasha posted:NAT isn't supposed to be a firewall No, but the upnp daemon may take it upon itself to open a hole in the firewall as well as create a NAT mapping to make sure traffic flows through.
|
# ? Sep 25, 2012 02:39 |
|
Does anyone know how difficult it may be to configure a commercial VPN service with a MikroTik? I've been experimenting with various VPN services on my current router (Linksys WRT54GL w/TomatoUSB ) but I'm experiencing the same download speed issues regardless of the VPN service I choose. I'm starting to believe that this router just can't handle the load required to download any large files while it's connected to a VPN. I've been meaning to buy RB751G-2HnD for a while now, but I don't know if it's going to have the same issue or not. Has anyone configured a commercial VPN with the RB751G-2HnD and can attest to its file download performance while it's connected to the VPN? How complicated would it be to configure this in the RouterOS? Or would I achieve better VPN performance with something like the RB2011UAS-2HnD-IN? PUBLIC TOILET fucked around with this message at 21:24 on Sep 30, 2012 |
# ? Sep 30, 2012 21:11 |
|
COCKMOUTH.GIF posted:Has anyone configured a commercial VPN with the RB751G-2HnD and can attest to its file download performance while it's connected to the VPN? How complicated would it be to configure this in the RouterOS? Or would I achieve better VPN performance with something like the RB2011UAS-2HnD-IN? I can't comment on commercial VPN providers, but I did recently setup a VPN with a 750GL (same CPU as the 751G) on one end and an RB2011 on the other. With both units in my Of course, if you want to use 3DES or AES-256 encryption the throughput would be lower than this due to additional CPU overhead.
|
# ? Sep 30, 2012 22:21 |
|
The_Franz posted:I can't comment on commercial VPN providers, but I did recently setup a VPN with a 750GL (same CPU as the 751G) on one end and an RB2011 on the other. With both units in my Wow. That's pretty impressive. I'm looking at the CPU usage in TomatoUSB now when I'm downloading a file through the VPN. I'm hitting 100% on average every minute and around 60% every five minutes.
|
# ? Sep 30, 2012 22:58 |
|
Obviously your high usage requires you to be an early adopter of the CCR.
|
# ? Oct 1, 2012 00:19 |
|
I am getting sick of flaky home routers. My current one overheats when I try and stream movies. I was looking at this as a possible solution, but the 2.4 ghz spectrum is saturated where I am and I was hoping to go with a 5 ghz device. It seems like the only 5 ghz parts they have are outdoor/ruggedized. Am I missing a 751G equivalent with 5 ghz wireless-N? Trying to decide between something like this and just rolling the dice on another linksys box that may or may not be terrible. edit: to be clear, I was looking at the pre-built stuff. If I have to build it, I guess I could... KS fucked around with this message at 02:38 on Oct 1, 2012 |
# ? Oct 1, 2012 02:29 |
|
COCKMOUTH.GIF posted:Does anyone know how difficult it may be to configure a commercial VPN service with a MikroTik? I've been experimenting with various VPN services on my current router (Linksys WRT54GL w/TomatoUSB ) but I'm experiencing the same download speed issues regardless of the VPN service I choose. I'm starting to believe that this router just can't handle the load required to download any large files while it's connected to a VPN. I've been meaning to buy RB751G-2HnD for a while now, but I don't know if it's going to have the same issue or not. I own a RB751U-2HnD and run a PPP tunnel to my preferred commercial VPN server on a 15M connection without experiencing any noticeable slowdown compared to running the VPN client on my PC, or compared to my non-tunneled connection for that matter. You can add the connection in the Mikrotik, apply to a single internal IP or range, then just switch it on and off in RouterOS as you need. I had a WRT54G 3.1 running DD-WRT that I'd tried to get to run it (I think using OpenVPN) before and it wasn't nearly as robust (for obvious reasons). Edit: Let me run a couple speedtests & a large file download test for you. Edit2: 18.28 down, 1.55 up, ping 14ms. I started to download an Ubuntu liveCD, it got about 700KB down, dipping down to 500 and spiking to 800+. 83MB downloaded in 2min. TX297 fucked around with this message at 05:53 on Oct 1, 2012 |
# ? Oct 1, 2012 05:37 |
|
Why not add some speed holes and/or a fan if overheating is the only problem? AFAIK 5ghz is going to have problems with range as soon as you go through solid objects, it may not be an improvement depending on your building. And you are going to have devices that simply do not have a 5ghz radio as an option so you'll still need a 2.4 ghz ap sitting around. You could get something like this with whatever combination of three radio cards and antennas that you want but it's pricey.
|
# ? Oct 1, 2012 05:51 |
|
I'm looking into putting a device in for vpn purposes. Need about 120 users in the database only expecting 30 simultaneous users at any time. This is over estimated by fifty percent. Would a MikroTik be appropriate for this situation? If so, which model? Would prefer to setup an ipsec vpn.
|
# ? Oct 4, 2012 04:26 |
|
It would probably be a poor fit. There's no crypto accelerator chip on the Routerboard line that MikroTiks run on. IPSEC VPNs are an option to setup but they are much more hassle than other types. Managing the database of users is clumsy as poo poo compared to centralized databases that you get with other gear. Frankly, a Sonicwall NSA 2400 is likely a much better fit despite its hefty price tag. I'm assuming they need to move a few megabits of data each for their tunnels. The Sonicwall line, or whatever other security appliance you choose, is going to make this task much less stressful for you and your users. Now, if you wanted to *route* some serious data and didn't want to pay Cisco prices, then the Mikrotik 1100AH would be a sweet fit for you. Vroom vroom!
|
# ? Oct 4, 2012 05:17 |
|
The RB1100AHx2 supposedly has IPSEC acceleration but I haven't seen IPSEC benchmarks or documentation beyond one line on the brochure so who knows how much it does. Also everything CuddleChunks said.
|
# ? Oct 4, 2012 17:26 |
|
I think RB1200 does as well, both for AES-128 only(?) I think. Documentation and confirmation seems to be hard to come by. If you need cheap crap to fit your needs, there's some embeded Cyrix (I think) x86 CPU that has built in crypto. Not remembering its exact name/model/etc though. Edit: v just suggesting if he has no budget which is my assumption since he's looking at Mikrotik. falz fucked around with this message at 18:12 on Oct 4, 2012 |
# ? Oct 4, 2012 17:36 |
|
If you're building something that thirty users will be relying on at a time, you shouldn't be looking at embedded crap.
|
# ? Oct 4, 2012 17:56 |
|
thebigcow posted:The RB1100AHx2 supposedly has IPSEC acceleration but I haven't seen IPSEC benchmarks or documentation beyond one line on the brochure so who knows how much it does. Also everything CuddleChunks said. Mikrotik says 800Mbps, although they don't say what kind of encryption they used. Probably AES-128, but who knows.
|
# ? Oct 4, 2012 18:11 |
|
Also, you should look at Juniper's SA SSLVN appliances. They're the best VPN devices I've experienced and have given the best user experience since you can do all sorts of fancy stuff and don't have to launch a traditional VPN client if you don't want to. Licensing can get expensive but it should be per concurrent user.
|
# ? Oct 4, 2012 18:16 |
|
I'm beginning to think there are some very odd issues between Apple OSs and RouterOS. Since I wiped all of my Mikrotik's settings and started over to resolve the mysterious iOS 6.0 issue, my OSX 10.7 box has started committing wifi suicide about once an hour. The OS still thinks the connection is fine, but I cannot as much as ping the AP. It never auto-recovers in sitting for 30 minutes or so; I didn't test beyond that. I think I'm going to have to buy a non-Mikrotik AP since I do development work on Apple devices, and this is getting downright painful. edit: After checking in the logs, it looks like I'm having this problem. ManicJason fucked around with this message at 21:46 on Oct 5, 2012 |
# ? Oct 5, 2012 21:43 |
|
Man that's weird. Let's try and setup a basic connection for testing. Sorry for the hassle here but you'll need to do two things: Open a terminal window and run my little script to setup a new wifi security profile and then you'll need to change your wifi over to use that. I'd recommend changing the name of the wireless network so you can go back to the old system smoothly. Open Winbox and log into your router Click New Terminal on the left right-click on the terminal and paste the following: code:
|
# ? Oct 5, 2012 23:25 |
|
CuddleChunks, does your company use any SXTs?
|
# ? Oct 7, 2012 07:55 |
|
|
# ? May 15, 2024 04:36 |
|
We used a few and switched to more directional Mikrotik antennas. They're fine for a shorter point to point link (we could get 70mbps fdx on a ~1km link) Depending on what you're looking for, look at Ubiquiti instead. What are you trying to do?
|
# ? Oct 7, 2012 14:14 |