on RB4011iGS+:
after upgrading to 6.47.1 all of my ikev2 tunnels (RSA auth with certificates) stopped working. (peer's ID does not match certificate).

测试a second device, same issue. I had to revert to 6.46.3.

Anyone else saw that?

Ralf.

Why not instead use a WOL software, there are many and free, wake your Computer, get Informed as soon as it is active and then do your RDP Session ? What is the practical reason for waking a Computer up on the first attempt of an RDP Session ? Just wondering... Zacharias, there are remote users in ...

Hi, I was asked if it was possible to wake up internal pcs automatically when they are accessed the first time over VPN (RDP). Since dhcp isn't used, I had to create an arp/IP mapping. I used the following rules and script in order to achieve it: 1. Create a firewall rule that adds the target PC to ...

anyone with an idea?

Ralf

Hi, I already tried a lot of things but didn't solve the problem: Roadwarrior Clients (OpenVPN) should be masqueraded with an internal address to access some external (IPSEC Tunnel) sites, the Roadwarrior network can't be included in these IPSEC tunnels. So a client R.R.R.100 willing to access F.F.F...

remark: /ip firewall nat add action=dst-nat chain=dstnat src-address=b.b.b.1 dst-address=a.a.a.1 to-addresses=a.a.a.70 didn't work, I've to chain=srcnat action=masquerade src-address-list=b.b.b.b dst-address-list=(part of a.a.a.a) out-interface=B1 for translating the source-ip of b.b.b.b to my own i...

sob,
it worked (after deleting my previous raw notrack prerouting rules for vpn traffic)!!
thx a lot!

Ralf.

thx sob, will give it a try in my lab.

Ralf.

nobody to help a bit?

Hi, how can I achieve it in an elegant way to nat before packets are entering the ipsecv2 vpn: Site1: client in Site 1 internal network: a.a.a.1/24 mtk: a.a.a.10/24, a.a.a.11/24, a.a.a.12/24 (and so on mtk should use up to 70 addresses) Site2: server in Site2 internal network b.b.b.1/24, b.b.b.2/24 ...

Pukkita,

thx for the explanation, after some hours “in the lab” trying different scenarios, the way it’s done in RouterOS is much more logical and comprehensive.

Ralf

{TLDR Version: This only works if the next hop provides proxy arp.} When you say "use interface X" as the next hop, you're saying "dump it on this interface, and something will take care of it for you." For PPP, tunnels, PVCs, or any non-multi-access type of interface, there's o...

Hi, after testing RB4011iGS+ I ended up buying some for ourself and our customers. Really a nice piece of h/w and a mighty OS. I've been able to test several VPN scenarios with different h/w vendors, speedtests, advanced routing features, netflow monitoring etc. all of that is working like a charm a...