This post is quite useful actually.

I also thought my RB450G just broke after many years with only serial port green flashing, but i plugged in 12V with 3A and its alive again!

Isn't EoIP using GRE? *) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160); So make sure you're allowing GRE before dropping invalid connections. You are right, the problem is in GRE state matching, but why EoIP tunnels is in invalid connection state now? EoIP is based...

Isn't EoIP using GRE?

*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);

So make sure you're allowing GRE before dropping invalid connections.

You are right, the problem is in GRE state matching, but why EoIP tunnels is in invalid connection state now?

There is critical issue for me, firewall input chain with drop action on invalid connection state now drops incoming EoIP packets with no reason.

No tx power inforamtion. @ 2G show zeros, @ 5G nothing at all.

6.42.11

CHR should run containers, docker or whatever. clarify please. why and how? In every single setup i put a Mikrotik device on a border, this is followed by various services, often requiring few resources, web frontend TLS, some PHP scripts, some databases and so on. If i could run these on Mikrotik ...

CHR should run containers, docker or whatever.

Can't connect with winbox. http://deem.ru/temp/2015-07-27%2015-16-59_RouterOS_WinBox_Error.png That is most likely a VM software config issue. Depends on how you set up your virtual NIC and how it is connected to the host PC. VirtualBox has NAT by default, configure it to use Bridge or reconfigure ...

Can't connect with winbox.

Sometimes sites are really unavailable, an ISP have problems with its channels or you are simply banned etc.

From your screenshot it seems the default config works pretty well.

You have to isolate your problem, noone can help you with such poor info.

And check your ISP btw (http://deem.ru/ip/).

1) Check "Change TCP MSS" at your PPP profile (should be "yes") 2) Then check it is correctly applied at IP > Firewall > Mangle after PPP call http://deem.ru/images/mikrotik/2015-04-02_15-31-03_PPP_Profile_TCP_MSS_yes.png http://deem.ru/images/mikrotik/2015-04-02_15-32-43_Mangle_...

You MUST help your router with a routing decision, he should be confused with 5 equal default routes. 1) Use 5 simple masquerades (without src-address) 2) Use 5 "mark routing" in mangle prerouting chain with appropriate src-address > dst-address 3) Use 5 ip routes with appropriate marks fr...

/queue simple add target="your-EoIP-interface"

try PPTP without encryption then everything will works fine. How can we live without encryption nowadays? I found a better solution — to strip IPv4 options: ip firewall mangle add chain=postrouting protocol=tcp src-port=8291 action=strip-ipv4-options Apply this code on every router with the issue. ...

Joining this issue.

I tried everything: changing MSS, changing MTU/MRU, checking with sniffers etc...

Winbox keeps disconnecting when running over VPN.

In sniffer i found a TCP packet with wrong CRC, after that one side becoming in strange state.

ROS 6.15 very easy to reproduce.

Have: 3 networks (or more) (192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24 = home 1, home 2, home 3) 3 ISPs (on each) 3 DHCP servers (on each) Need: 1 broadcast domain (192.168.0.0/20) Smart routes between physical networks (so they don't go through other link if they have own, but if this link is d...

Are you talking about SSTP?
Certificate contains DNS name and you have sstp client with latest routeros version where you specify DNS as connect to address?

1) Yes.
2) Yes.

Certificate "Common Name" = DNS name of a server. Windows clients have no problem with this setup.

“服务器的IP地址不匹配证书”when "Connect To" is a DNS-address, but, it seems, ROS does IP-address match instead of DNS-address match with certificate.

Did some research, it seems what the question becomes "how to emulate a double (triple?) packet processing on an ethernet interface?"

It is possible with MetaROUTER feature, but is it possible with a single ROS?

Perhaps something is happening in the packet flow and queuing that isn't what you expect

Agreed. Check the statistics of upload/download queues separately. It seems only one is used for all traffic.

Simple queues work fine if you understand what you do.

I can do a double queue then my ISP is something like PPPoE. But what should i do if i got my ISP directly on an ethernet interface? In this case packets pass a queue just once :( This question can be expanded to triple and so on queues. Is there any way to make it on single ROS? Maybe i should flus...