Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > More for Less: MikroTik Talk
 
  • Post
  • Reply
PuTTY riot
Nov 16, 2002

Scaramouche posted:

my-crow-tick

unless you speak spanish/portuguese then apparently it's me crow teek

* # ¿ Mar 29, 2011 15:05
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 2, 2024 15:44
  • Quote
PuTTY riot
Nov 16, 2002

Weird Uncle Dave posted:

There are several different ways to do failover on Mikrotik, but none of them seem to handle the particular weird failure mode I'm trying to cover. Doing failover by just setting two default gateways, and using check-gateway is easy, and often "good enough." I want to handle the possibility that the failure is four or five hops upstream, though. (I work for an ISP and want to handle the rare possibility that all our upstreams are broken, so the end-user could still see everything within our network but not anything beyond that.)

I don't think I can just use a simple ping test to see if Upstream 1 is up, because let's say I ping something like 4.2.2.2. My script tests it, sees it can't ping that IP, switches to the secondary connection, pings, that IP suddenly is pingable again, switches back to the primary connection that's really still broken...

Meanwhile, pinging something like my network's default gateway would have the same problem in reverse if it really is a last-mile outage.

Any suggestions on getting out of this without a bunch of really complicated and fragile scripts?

what about pinging the gateway from the other connection?

primary-->no check
secondary-->ping primary router wan IP

I'm probably missing something obvious but it seems like that line of thought might get you somewhere?

* # ¿ May 16, 2011 20:06
  • Quote
PuTTY riot
Nov 16, 2002
 Am I going to run into any issues/gotchas switching from DSL (static IP block) to a metro-e setup? I'm assuming I just unplug dsl, plug into the other modem, and adjust the IP ranges? I shouldn't need to do anything else, right? I can't start on this until later but here's my fair warning that I might be blowing up this thread in a few hours.

* # ¿ May 17, 2011 22:25
  • Quote
PuTTY riot
Nov 16, 2002

CuddleChunks posted:

I turned off all the services except winbox because I didn't want them facing the internet. It's not a big deal I just didn't want my log to fill up with ssh bots probing the port.



ugh

e:http://whois.domaintools.com/202.57.42.173

PuTTY riot fucked around with this message at 22:55 on May 17, 2011

* # ¿ May 17, 2011 22:51
  • Quote
PuTTY riot
Nov 16, 2002
 That went off without a hitch, really couldn't have been any easier. (Oxford MS by the way, no idea why it says Miami)
* # ¿ May 18, 2011 02:13
  • Quote
PuTTY riot
Nov 16, 2002
 ok, one more question for tonight. I've got a sharepoint site and a staging site, and right now i'm using something similar to:


/ip dns static add name=123.com address=192.168.0.2

to resolve the internal IP. Is there a way to do this outside of DNS? My laptop users have ipconfig /flushdns once in a while. Say 123.com resolves to 123.123.123.123 externally. Can I instead do something like redirect all traffic outbound with a 123.123.123.123 destination to 192.168.0.2?

* # ¿ May 18, 2011 04:18
  • Quote
PuTTY riot
Nov 16, 2002
 Does anyone have any experience with this guy?
http://www.ubnt.com/unifi

Would you recommend running 2-3 of these in an office of ~25 users? Is there something better I could be running? N over 100mbit seems kind of silly to me, but I guess that's the tradeoff for PoE. The software looks pretty cool. Can I tie it into our (as of now non-existent) AD domain for authentication? Do these do better mounted on the wall or ceiling? Also I kind of dig the smoke alarm look.

* # ¿ May 23, 2011 15:22
  • Quote
PuTTY riot
Nov 16, 2002
 I've got a pptp VPN set up here at work that I created a few weeks ago. When I connect to the VPN from home, I can browse the internet fine, and my IP shows up as my work's IP. Problem is, I can't see any of the 10.0.1.x stuff. What am I forgetting to do or doing improperly?

* # ¿ Sep 15, 2011 21:01
  • Quote
PuTTY riot
Nov 16, 2002

Nitr0 posted:

Your work has a firewall?

the firewall/router/whatever is the mikrotik which is also running the vpn

* # ¿ Sep 15, 2011 21:25
  • Quote
PuTTY riot
Nov 16, 2002

Nitr0 posted:

Nothing silly like overlapping ip ranges?

I don't think so, originally I setup the Local/Remote addresses under the secrets tab under PPP using 10.0.0.20 and 10.0.0.21, but I changed it to 10.0.1.20 and 10.0.1.21 thinking that might be my issue. Didn't seem to affect anything, still can't ping 10.0.1.99 as a vpn client outside of the office. DHCP could potentially overlap since it's set to 10.0.1.0/24 (which I can change I guess), but i'm looking at leases and they're all in the 10.0.1.100-254 range.


e: would changing it to 10.0.1.0/25 be a good idea? That should keep the range between 10.0.1.128 and 10.0.1.255

e2: 'IP-->Pool' in winbox is the thing keeping the dhcp range between 10.0.1.100-199 I guess

PuTTY riot fucked around with this message at 21:54 on Sep 15, 2011

* # ¿ Sep 15, 2011 21:44
  • Quote
PuTTY riot
Nov 16, 2002
 before connecting to vpn:

after:



I'm assuming it has something to do with the subnet mask being 255.255.255.255.

* # ¿ Sep 15, 2011 23:01
  • Quote
PuTTY riot
Nov 16, 2002

Nitr0 posted:

lol. Are you on telus?

Looks like multiple problems. You have no gateway so that's not going to work. If you're on telus then check this thread

http://www.dslreports.com/forum/r26300507-PPTP-VPN-connections-fail-through-Telus.

That thread looks like it fails before gre authentication though so I don't think it's your problem.

I'm in the US, uverse at home metro-e AT&T at work. Why is the gateway relevant for LAN traffic and if it wouldn't work why does WAN traffic across the VPN work? I am getting a work ip from home according to whatismyip.com.

* # ¿ Sep 15, 2011 23:27
  • Quote
PuTTY riot
Nov 16, 2002

CuddleChunks posted:

I just set this up at home as a test. Follow the instructions in the Mikrotik Wiki and make sure you are in the same network range as your other network devices AND that you setup Proxy-ARP on the ethernet interface hosting those other connections. That's the missing step I needed in order to start talking to machines on my remote LAN.

code:
[admin@RemoteOffice] /interface ethernet> set Office arp=proxy-arp
[admin@RemoteOffice] /interface ethernet> print
Flags: X - disabled, R - running
  #    NAME                 MTU   MAC-ADDRESS         ARP
  0  R ether1              1500  00:30:4F:0B:7B:C1 enabled
  1  R ether2              1500  00:30:4F:06:62:12 proxy-arp
[admin@RemoteOffice] interface ethernet>
That's pasted from the wiki.

This is exactly what I was missing. It's working like it should now, thanks a bunch.

* # ¿ Sep 16, 2011 04:41
  • Quote
PuTTY riot
Nov 16, 2002

* # ¿ Sep 16, 2011 06:39
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 2, 2024 15:44
  • Quote
PuTTY riot
Nov 16, 2002

CuddleChunks posted:

Ditched the programming guide I made way back when because it's just plain mortifying now.

That's too bad, I was trying to find it to show a coworker.

* # ¿ Jul 5, 2016 20:51
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > More for Less: MikroTik Talk