Joined: Jan 2003
From: BSRPPG51 Access Concentrator
QUOTE(PC_CHEAH @ May 7 2020, 02:41 PM)
I suppose they do not support ipv6, I intend to block ipv6 for my vpn tunnel device on the router side. Not very sure how to do that on ipv6 firewall.
Considering how ipleak.net works, IPv6 route leak is inevitable. No good way to disable IPv6 for a device when connected to the VPN due to the inflexibility of routerOS' IKEv2 implementation, routerOS' hopeless IPv6 stack and, if you use TM Unifi, their IPv6 limitations too. The latter two is especially infuriating.
Joined: Jan 2003
From: BSRPPG51 Access Concentrator
QUOTE(PC_CHEAH @ May 7 2020, 05:11 PM)
after disabling ipv6, all websites I browse just connection timed out, but I'm able to ping IP addresses.
I doubt the dns are also a problem. the dynamic servers below are vpn dns es.
» Click to show Spoiler - click again to hide... «
DNS es I get from my PC
I think it query the router first (custom DNS) and not the vpn dnses below, could this be the cause of the timeout? From mikrotik forums, they said it is the encrypted packets not getting delivered to the vpn tunnel. Not sure what can I do about this.
If you set up the DNS server directly on the computer ethernet adapter (try using Google DNS), will you still see the same problem?
Joined: Jan 2003
From: BSRPPG51 Access Concentrator
QUOTE(PC_CHEAH @ May 9 2020, 05:34 PM)
It didn't work though, my VPN devices also get the dns I set.
Go to /ip ipsec mode-config and then delete Surfshark's mode-config connection mark and address list. Then disable IPv6. Restart the router, then try going to ipleak.net
Joined: Jan 2003
From: BSRPPG51 Access Concentrator
QUOTE(sam_01 @ Jul 10 2021, 12:39 AM)
» Click to show Spoiler - click again to hide... «
Hey All,
Just got myself a HA AC2. I've been wanting to learn how to configure VLAN filtering and managed to get it running for Unifi PPPoE and HyppTV. Hopefully this will help anyone who is interested
CODE
Reference: https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering This setup is basically a combination of Example #1 and Example #3. Physical connections: Port 1 - To BTU Port 5 - to IPTV box.
# -------------- VLAN configuration ----------------------- # # Using default bridge. # Disable VLAN filtering first. /interface bridge set bridge vlan-filtering=no
# Configure PVID 600 on port 5. This is for traffic from IPTV box to Mikrotik. /interface bridge port add bridge=bridge comment=defconf interface=ether3 add bridge=bridge comment=defconf interface=ether4 add bridge=bridge comment=defconf interface=wlan1 add bridge=bridge comment=defconf interface=wlan2 add bridge=bridge comment=defconf interface=ether1 add bridge=bridge interface=ether5 pvid=600 # Create 2 VLANs 500 (PPPoE)& 600 (HyppTV). # For VLAN500, tag port 1 and bridge. # For VLAN600, tag port 1 and untag port 5. This for traffic from Mikrotik to IPTV. /interface bridge vlan add bridge=bridge comment=PPPoE tagged=ether1,bridge vlan-ids=500 add bridge=bridge comment=iptv tagged=ether1 untagged=ether5 vlan-ids=600 # Important! - Enable VLAN filtering. Without this PVID will not be in effect. /interface bridge set bridge vlan-filtering=yes # Check system logs. Wait for PPPoE to connect. # Reboot your IPTV box.
For hAP ac, the old way of having a separate dedicated bridge for IPTV is still relevant. But for other routers with shit switch chips (looking at you RB4011iGS and RB1100AH et. al), the method above IS THE ONLY WAY you can use to have IPTV without any penalty to performance.
Joined: Jan 2003
From: BSRPPG51 Access Concentrator
QUOTE(go626201 @ Jul 21 2021, 01:05 PM)
Finally, i almost want to buy the RB4011 already,thanks for your news. If i didn't saw your post i might buy it on 25 July from shopee...
Wonderful setup.
Should be available very shortly from now. If Australians prices to be taken into context, Malaysia's prices should be similar to RB4011iGS when it first appears in SubTel's shop.
Joined: Jan 2003
From: BSRPPG51 Access Concentrator
QUOTE(Gaara92 @ Oct 29 2021, 09:00 PM)
what is the advantages of having the higher speed port connected to the cpu itself? I have seen the comparison in the video it says the performance is doubled compared to rb4011?
So that WAN network doesn't have to waste CPU-switch 10Gbps link capacity. With RB4011, I put WAN interface on the SFP+ cage, and all Internet traffic has its own dedicated lane to the CPU (for routing et. al), before going to the two port-multipliers through their own dedicated 2.5Gb links. For RB5009, no matter if you use 2.5Gb port or the SFP+ for WAN interface, all raw Internet traffic will go through the 10Gbps link first for routing or other things before going through the 10Gbps link again to the switches.
Joined: Jan 2003
From: BSRPPG51 Access Concentrator
QUOTE(w00t @ Oct 31 2023, 03:51 PM)
Best uptime so far for Office router (Mikrotik RB4011iGS+) with firmware 7.7 still . Before tried with higher version firmware but seems to messed up existing VLAN and QOS settings. Max MTU was set to 1480 and Max MRU set to 1440.
I think it is about time you redo your VLAN config. Multiple bridges is so 5 years ago. One bridge to rule them all.
Joined: Jan 2003
From: BSRPPG51 Access Concentrator
QUOTE(maxiscool @ Dec 5 2023, 09:02 PM)
I noticed recently my ipv6 missing again as well. Once I upgraded to latest firmware 7.12 it restored momentarily and one day it gone. Not sure if related to Unifi or mikortik ipv6 settings
It's Unifi problem, occasionally the BRAS failed to offer IPv6 prefixes to the DHCP clients and this problem will fix itself a couple of weeks later.
Joined: Jan 2003
From: BSRPPG51 Access Concentrator
QUOTE(kwss @ Jan 6 2024, 09:26 PM)
It's a Mikrotik problem. It's TM problem. So many people complain about gaming and others but you never say it's IPv4 problem.
Yes, this is Mikrotik and TM problem with IPv6, therefore disabling IPv6 is a perfectly valid option. You don't lose anything by doing that, and there is no need to chuck out a perfectly working Mikrotik RB750Gr3. And if Quanta is still hell-bent on having good IPv6 functionality with the RB750Gr3, nuking routerOS and installing OpenWRT is another viable option.
May 7 2020, 04:33 PM
Quote
. Before tried with higher version firmware but seems to messed up existing VLAN and QOS settings. Max MTU was set to 1480 and Max MRU set to 1440.
0.0411sec
0.21
7 queries
GZIP Disabled