Hi all, Two questions: 1) Any idea why a routerboard which has not had an admin password assigned to it would suddenly not accept the blank password and give a “incorrect password” error through winbox? Firewall rules were in place to only allow ip addressed from the internal LAN to connect so I’m pretty sure they weren’t hacked and the password changed. 2) ADSL and MikroTik - the ongoing saga. I was following with much interest the recent thread started by Mike about which ADSL modem to use. Seems the TP-Link 8817 is the one to go for, however I have tried this modem in various installs and have still has intermittent slowness and just plain weird packet loss / latency. When I use MikroTik’s as a simple DHCP client in conjunction with a cable modem everything seems fine, which means there is something amiss with the PPPoE dialler? I have tried messing with MTU settings in various places, but I really can’t see MTU misconfiguration accounting for a loss of 8-10Mbps at times? I have had so many problems with residential ADSL performance with MikroTik routers I am unfortunately now looking for alternatives to MikroTik. Configurations I have tried: - Bridging various brands of modem, setting up PPPoE client on gateway interface of MikroTik. Performance using this method (in my experience) is terribly inconsistent and sometimes just downright awful. Modem sync speed is normally fine, download speeds are inconsistent and often very poor. ISP reckons they can see “authentication dropouts” from the PPPoE client. - Using the modem as a router and routing between the two (192.168.x.x) subnets using the MikroTik. This leads to double NAT issues, although strangely performance seems more consistent than option 1. - Using the MikroTik as a simple layer 2 bridge / switch which is assigned a static IP in the DHCP range assigned to the gateway (have also tried DHCP). This seems to give the best performance but it seems to obviate buying a MikroTik when it is not even being used as a router. Also means that I have to rely on the (often inferior) feature set of the modem to manage the network. It seems to me (and I don’t really have any hard evidence to back this up, just experience) that the PPPoE client on the MikroTik is rather unstable compared to those running on the various modems I have tried, and any noise / glitches on the line will cause it to misbehave. So, anyone have any suggestions on alternate configurations (static routes?) Thoughts? Ben
Hi Ben, regarding point two, ensure the dhcp server on the modem is turned off when in bridge mode or this type of problem may occur. Regarding instability of MikroTik pppoe, any issues I have had have been related to other things, mostly ADSL noise. As far as I am concerned, there is nothing more stable than tplink 8817 and mikrotik. For these sites. Regards Matt On 27/10/2014 12:59 pm, "Ben Jackson" <ben@elogik.net> wrote:
Hi all,
Two questions:
1) Any idea why a routerboard which has not had an admin password assigned to it would suddenly not accept the blank password and give a “incorrect password” error through winbox? Firewall rules were in place to only allow ip addressed from the internal LAN to connect so I’m pretty sure they weren’t hacked and the password changed.
2) ADSL and MikroTik - the ongoing saga. I was following with much interest the recent thread started by Mike about which ADSL modem to use. Seems the TP-Link 8817 is the one to go for, however I have tried this modem in various installs and have still has intermittent slowness and just plain weird packet loss / latency.
When I use MikroTik’s as a simple DHCP client in conjunction with a cable modem everything seems fine, which means there is something amiss with the PPPoE dialler? I have tried messing with MTU settings in various places, but I really can’t see MTU misconfiguration accounting for a loss of 8-10Mbps at times?
I have had so many problems with residential ADSL performance with MikroTik routers I am unfortunately now looking for alternatives to MikroTik. Configurations I have tried:
- Bridging various brands of modem, setting up PPPoE client on gateway interface of MikroTik. Performance using this method (in my experience) is terribly inconsistent and sometimes just downright awful. Modem sync speed is normally fine, download speeds are inconsistent and often very poor. ISP reckons they can see “authentication dropouts” from the PPPoE client.
- Using the modem as a router and routing between the two (192.168.x.x) subnets using the MikroTik. This leads to double NAT issues, although strangely performance seems more consistent than option 1.
- Using the MikroTik as a simple layer 2 bridge / switch which is assigned a static IP in the DHCP range assigned to the gateway (have also tried DHCP). This seems to give the best performance but it seems to obviate buying a MikroTik when it is not even being used as a router. Also means that I have to rely on the (often inferior) feature set of the modem to manage the network.
It seems to me (and I don’t really have any hard evidence to back this up, just experience) that the PPPoE client on the MikroTik is rather unstable compared to those running on the various modems I have tried, and any noise / glitches on the line will cause it to misbehave.
So, anyone have any suggestions on alternate configurations (static routes?)
Thoughts?
Ben
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
+ 1 on that comment Matt, although I have seen issue 1 previously a reboot usually resolves it, I can't remember any more particulars around it but I have had it happen on rare occasions, always on a remote device of course.... Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Matt Chipman Sent: Monday, 27 October 2014 1:16 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] ADSL: The Sequel Hi Ben, regarding point two, ensure the dhcp server on the modem is turned off when in bridge mode or this type of problem may occur. Regarding instability of MikroTik pppoe, any issues I have had have been related to other things, mostly ADSL noise. As far as I am concerned, there is nothing more stable than tplink 8817 and mikrotik. For these sites. Regards Matt On 27/10/2014 12:59 pm, "Ben Jackson" <ben@elogik.net> wrote:
Hi all,
Two questions:
1) Any idea why a routerboard which has not had an admin password assigned to it would suddenly not accept the blank password and give a “incorrect password” error through winbox? Firewall rules were in place to only allow ip addressed from the internal LAN to connect so I’m pretty sure they weren’t hacked and the password changed.
2) ADSL and MikroTik - the ongoing saga. I was following with much interest the recent thread started by Mike about which ADSL modem to use. Seems the TP-Link 8817 is the one to go for, however I have tried this modem in various installs and have still has intermittent slowness and just plain weird packet loss / latency.
When I use MikroTik’s as a simple DHCP client in conjunction with a cable modem everything seems fine, which means there is something amiss with the PPPoE dialler? I have tried messing with MTU settings in various places, but I really can’t see MTU misconfiguration accounting for a loss of 8-10Mbps at times?
I have had so many problems with residential ADSL performance with MikroTik routers I am unfortunately now looking for alternatives to MikroTik. Configurations I have tried:
- Bridging various brands of modem, setting up PPPoE client on gateway interface of MikroTik. Performance using this method (in my experience) is terribly inconsistent and sometimes just downright awful. Modem sync speed is normally fine, download speeds are inconsistent and often very poor. ISP reckons they can see “authentication dropouts” from the PPPoE client.
- Using the modem as a router and routing between the two (192.168.x.x) subnets using the MikroTik. This leads to double NAT issues, although strangely performance seems more consistent than option 1.
- Using the MikroTik as a simple layer 2 bridge / switch which is assigned a static IP in the DHCP range assigned to the gateway (have also tried DHCP). This seems to give the best performance but it seems to obviate buying a MikroTik when it is not even being used as a router. Also means that I have to rely on the (often inferior) feature set of the modem to manage the network.
It seems to me (and I don’t really have any hard evidence to back this up, just experience) that the PPPoE client on the MikroTik is rather unstable compared to those running on the various modems I have tried, and any noise / glitches on the line will cause it to misbehave.
So, anyone have any suggestions on alternate configurations (static routes?)
Thoughts?
Ben
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Thanks Matt, yes I always make sure the modem is set to pure bridge mode with nothing "surplus to requirements" switched on. The Draytek vigor 120 will automatically disable DHCP when bridge mode is enabled, the TP-Links I’ve used don’t and require you to to flick another switch. Alas, this doesn’t solve the issues I’ve seen! :( Ben Jackson w: www.elogik.net m: 0404 924745 e: ben@elogik.net On 27 Oct 2014, at 1:16 pm, Matt Chipman <mrbc42@gmail.com> wrote:
Hi Ben, regarding point two, ensure the dhcp server on the modem is turned off when in bridge mode or this type of problem may occur.
Regarding instability of MikroTik pppoe, any issues I have had have been related to other things, mostly ADSL noise. As far as I am concerned, there is nothing more stable than tplink 8817 and mikrotik. For these sites.
Regards
Matt On 27/10/2014 12:59 pm, "Ben Jackson" <ben@elogik.net> wrote:
Hi all,
Two questions:
1) Any idea why a routerboard which has not had an admin password assigned to it would suddenly not accept the blank password and give a “incorrect password” error through winbox? Firewall rules were in place to only allow ip addressed from the internal LAN to connect so I’m pretty sure they weren’t hacked and the password changed.
2) ADSL and MikroTik - the ongoing saga. I was following with much interest the recent thread started by Mike about which ADSL modem to use. Seems the TP-Link 8817 is the one to go for, however I have tried this modem in various installs and have still has intermittent slowness and just plain weird packet loss / latency.
When I use MikroTik’s as a simple DHCP client in conjunction with a cable modem everything seems fine, which means there is something amiss with the PPPoE dialler? I have tried messing with MTU settings in various places, but I really can’t see MTU misconfiguration accounting for a loss of 8-10Mbps at times?
I have had so many problems with residential ADSL performance with MikroTik routers I am unfortunately now looking for alternatives to MikroTik. Configurations I have tried:
- Bridging various brands of modem, setting up PPPoE client on gateway interface of MikroTik. Performance using this method (in my experience) is terribly inconsistent and sometimes just downright awful. Modem sync speed is normally fine, download speeds are inconsistent and often very poor. ISP reckons they can see “authentication dropouts” from the PPPoE client.
- Using the modem as a router and routing between the two (192.168.x.x) subnets using the MikroTik. This leads to double NAT issues, although strangely performance seems more consistent than option 1.
- Using the MikroTik as a simple layer 2 bridge / switch which is assigned a static IP in the DHCP range assigned to the gateway (have also tried DHCP). This seems to give the best performance but it seems to obviate buying a MikroTik when it is not even being used as a router. Also means that I have to rely on the (often inferior) feature set of the modem to manage the network.
It seems to me (and I don’t really have any hard evidence to back this up, just experience) that the PPPoE client on the MikroTik is rather unstable compared to those running on the various modems I have tried, and any noise / glitches on the line will cause it to misbehave.
So, anyone have any suggestions on alternate configurations (static routes?)
Thoughts?
Ben
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
To add to the pot ... We have MANY installations of the 8817 and RB450/G RB2011 RB751 RB951 and have no issues with the hardware or combination. On 27 October 2014 13:23, Ben Jackson <ben@elogik.net> wrote:
Thanks Matt, yes I always make sure the modem is set to pure bridge mode with nothing "surplus to requirements" switched on. The Draytek vigor 120 will automatically disable DHCP when bridge mode is enabled, the TP-Links I’ve used don’t and require you to to flick another switch.
Alas, this doesn’t solve the issues I’ve seen! :(
Ben Jackson w: www.elogik.net m: 0404 924745 e: ben@elogik.net
On 27 Oct 2014, at 1:16 pm, Matt Chipman <mrbc42@gmail.com> wrote:
Hi Ben, regarding point two, ensure the dhcp server on the modem is turned off when in bridge mode or this type of problem may occur.
Regarding instability of MikroTik pppoe, any issues I have had have been related to other things, mostly ADSL noise. As far as I am concerned, there is nothing more stable than tplink 8817 and mikrotik. For these sites.
Regards
Matt On 27/10/2014 12:59 pm, "Ben Jackson" <ben@elogik.net> wrote:
Hi all,
Two questions:
1) Any idea why a routerboard which has not had an admin password assigned to it would suddenly not accept the blank password and give a “incorrect password” error through winbox? Firewall rules were in place to only allow ip addressed from the internal LAN to connect so I’m pretty sure they weren’t hacked and the password changed.
2) ADSL and MikroTik - the ongoing saga. I was following with much interest the recent thread started by Mike about which ADSL modem to use. Seems the TP-Link 8817 is the one to go for, however I have tried this modem in various installs and have still has intermittent slowness and just plain weird packet loss / latency.
When I use MikroTik’s as a simple DHCP client in conjunction with a cable modem everything seems fine, which means there is something amiss with the PPPoE dialler? I have tried messing with MTU settings in various places, but I really can’t see MTU misconfiguration accounting for a loss of 8-10Mbps at times?
I have had so many problems with residential ADSL performance with MikroTik routers I am unfortunately now looking for alternatives to MikroTik. Configurations I have tried:
- Bridging various brands of modem, setting up PPPoE client on gateway interface of MikroTik. Performance using this method (in my experience) is terribly inconsistent and sometimes just downright awful. Modem sync speed is normally fine, download speeds are inconsistent and often very poor. ISP reckons they can see “authentication dropouts” from the PPPoE client.
- Using the modem as a router and routing between the two (192.168.x.x) subnets using the MikroTik. This leads to double NAT issues, although strangely performance seems more consistent than option 1.
- Using the MikroTik as a simple layer 2 bridge / switch which is assigned a static IP in the DHCP range assigned to the gateway (have also tried DHCP). This seems to give the best performance but it seems to obviate buying a MikroTik when it is not even being used as a router. Also means that I have to rely on the (often inferior) feature set of the modem to manage the network.
It seems to me (and I don’t really have any hard evidence to back this up, just experience) that the PPPoE client on the MikroTik is rather unstable compared to those running on the various modems I have tried, and any noise / glitches on the line will cause it to misbehave.
So, anyone have any suggestions on alternate configurations (static routes?)
Thoughts?
Ben
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- Best Regards Denis Hancock | Network Support | 1300 139 593 Skype denis.hancock.melbourne | http://www.samurai.com.au We run Google Apps for Business - want to know more ?
Good point Denis, forgot to mention I am using the RB2011UiAS-RM almost exclusively. On 27 Oct 2014, at 2:01 pm, Denis Hancock <denis.hancock@samurai.com.au> wrote:
To add to the pot ...
We have MANY installations of the 8817 and RB450/G RB2011 RB751 RB951 and have no issues with the hardware or combination.
On 27 October 2014 13:23, Ben Jackson <ben@elogik.net> wrote:
Thanks Matt, yes I always make sure the modem is set to pure bridge mode with nothing "surplus to requirements" switched on. The Draytek vigor 120 will automatically disable DHCP when bridge mode is enabled, the TP-Links I’ve used don’t and require you to to flick another switch.
Alas, this doesn’t solve the issues I’ve seen! :(
Ben Jackson w: www.elogik.net m: 0404 924745 e: ben@elogik.net
On 27 Oct 2014, at 1:16 pm, Matt Chipman <mrbc42@gmail.com> wrote:
Hi Ben, regarding point two, ensure the dhcp server on the modem is turned off when in bridge mode or this type of problem may occur.
Regarding instability of MikroTik pppoe, any issues I have had have been related to other things, mostly ADSL noise. As far as I am concerned, there is nothing more stable than tplink 8817 and mikrotik. For these sites.
Regards
Matt On 27/10/2014 12:59 pm, "Ben Jackson" <ben@elogik.net> wrote:
Hi all,
Two questions:
1) Any idea why a routerboard which has not had an admin password assigned to it would suddenly not accept the blank password and give a “incorrect password” error through winbox? Firewall rules were in place to only allow ip addressed from the internal LAN to connect so I’m pretty sure they weren’t hacked and the password changed.
2) ADSL and MikroTik - the ongoing saga. I was following with much interest the recent thread started by Mike about which ADSL modem to use. Seems the TP-Link 8817 is the one to go for, however I have tried this modem in various installs and have still has intermittent slowness and just plain weird packet loss / latency.
When I use MikroTik’s as a simple DHCP client in conjunction with a cable modem everything seems fine, which means there is something amiss with the PPPoE dialler? I have tried messing with MTU settings in various places, but I really can’t see MTU misconfiguration accounting for a loss of 8-10Mbps at times?
I have had so many problems with residential ADSL performance with MikroTik routers I am unfortunately now looking for alternatives to MikroTik. Configurations I have tried:
- Bridging various brands of modem, setting up PPPoE client on gateway interface of MikroTik. Performance using this method (in my experience) is terribly inconsistent and sometimes just downright awful. Modem sync speed is normally fine, download speeds are inconsistent and often very poor. ISP reckons they can see “authentication dropouts” from the PPPoE client.
- Using the modem as a router and routing between the two (192.168.x.x) subnets using the MikroTik. This leads to double NAT issues, although strangely performance seems more consistent than option 1.
- Using the MikroTik as a simple layer 2 bridge / switch which is assigned a static IP in the DHCP range assigned to the gateway (have also tried DHCP). This seems to give the best performance but it seems to obviate buying a MikroTik when it is not even being used as a router. Also means that I have to rely on the (often inferior) feature set of the modem to manage the network.
It seems to me (and I don’t really have any hard evidence to back this up, just experience) that the PPPoE client on the MikroTik is rather unstable compared to those running on the various modems I have tried, and any noise / glitches on the line will cause it to misbehave.
So, anyone have any suggestions on alternate configurations (static routes?)
Thoughts?
Ben
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
--
Best Regards
Denis Hancock | Network Support | 1300 139 593 Skype denis.hancock.melbourne | http://www.samurai.com.au
We run Google Apps for Business - want to know more ? _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi!
1) Any idea why a routerboard which has not had an admin password assigned to it would suddenly not accept the blank password and give a "incorrect password" error through winbox? Firewall rules were in place to only allow ip addressed from the internal LAN to connect so I'm pretty sure they weren't hacked and the password changed.
Allowed addresses? If you set allowed address attribute for user, then when attempt to access from some other address will fail as if bad credentials. Watch out for '0.0.0.0' instead of '0.0.0.0/0'! ;-)
2) ADSL and MikroTik - the ongoing saga. I was following with much interest the recent thread started by Mike about which ADSL modem to use. Seems the TP-Link 8817 is the one to go for, however I have tried this modem in various installs and have still has intermittent slowness and just plain weird packet loss / latency.
Check MTU on pppoe client? Sometimes MTU discovery can be broken by bad bridges on ISP access network causing unexpected fragmentation of pppoe packets. Try reducing MTU on your pppoe session like so: /ip firewall mangle add protocol=tcp tcp-flags=syn action=change-mss new-mss=<new-size> chain=forward out-interface=<interface-name> Change '<interface-name>' for the actual interface, e.g. 'pppoe-out1' Change '<new-size>' for a smaller value, start with something VERY small, like 1300 and then work your way up again until it breaks. Cheers! Mike.
Hi Mike, I always set the only allowed subnet via winbox to be the internal LAN, and we would only ever connect from the internal LAN. I’ve tested this setting thouroughly and I know my rule is OK, so I don’t believe this is the problem. This has also happened on routers that I haven’t personally set up, and that don’t have that rule in the firewall config. Regarding MTU, I have done exactly as you guys have mentioned with the mangle rule, testing the maximum packet size using ping with the do not fragment bit set, normally this comes out to be 1452, however I am still having problems with some of my clients. I’m starting to think perhaps I have just had a run of bad luck with crappy ADSL lines on residential customer sites. Ben On 27 Oct 2014, at 2:18 pm, Mike Everest <mike@duxtel.com> wrote:
Hi!
1) Any idea why a routerboard which has not had an admin password assigned to it would suddenly not accept the blank password and give a "incorrect password" error through winbox? Firewall rules were in place to only allow ip addressed from the internal LAN to connect so I'm pretty sure they weren't hacked and the password changed.
Allowed addresses? If you set allowed address attribute for user, then when attempt to access from some other address will fail as if bad credentials. Watch out for '0.0.0.0' instead of '0.0.0.0/0'! ;-)
2) ADSL and MikroTik - the ongoing saga. I was following with much interest the recent thread started by Mike about which ADSL modem to use. Seems the TP-Link 8817 is the one to go for, however I have tried this modem in various installs and have still has intermittent slowness and just plain weird packet loss / latency.
Check MTU on pppoe client? Sometimes MTU discovery can be broken by bad bridges on ISP access network causing unexpected fragmentation of pppoe packets. Try reducing MTU on your pppoe session like so:
/ip firewall mangle add protocol=tcp tcp-flags=syn action=change-mss new-mss=<new-size> chain=forward out-interface=<interface-name>
Change '<interface-name>' for the actual interface, e.g. 'pppoe-out1' Change '<new-size>' for a smaller value, start with something VERY small, like 1300 and then work your way up again until it breaks.
Cheers!
Mike.
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi Ben, at 1452 this could still be too high, this is assuming that your ISP is running a true 1500 byte MTU on their network, I usually go with an MTU of 1480 to play it safe and an MSS of 1440, it seems to be a reliable combination. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben Jackson Sent: Monday, 27 October 2014 8:39 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] ADSL: The Sequel Hi Mike, I always set the only allowed subnet via winbox to be the internal LAN, and we would only ever connect from the internal LAN. I've tested this setting thouroughly and I know my rule is OK, so I don't believe this is the problem. This has also happened on routers that I haven't personally set up, and that don't have that rule in the firewall config. Regarding MTU, I have done exactly as you guys have mentioned with the mangle rule, testing the maximum packet size using ping with the do not fragment bit set, normally this comes out to be 1452, however I am still having problems with some of my clients. I'm starting to think perhaps I have just had a run of bad luck with crappy ADSL lines on residential customer sites. Ben On 27 Oct 2014, at 2:18 pm, Mike Everest <mike@duxtel.com> wrote:
Hi!
1) Any idea why a routerboard which has not had an admin password assigned to it would suddenly not accept the blank password and give a "incorrect password" error through winbox? Firewall rules were in place to only allow ip addressed from the internal LAN to connect so I'm pretty sure they weren't hacked and the password changed.
Allowed addresses? If you set allowed address attribute for user, then when attempt to access from some other address will fail as if bad credentials. Watch out for '0.0.0.0' instead of '0.0.0.0/0'! ;-)
2) ADSL and MikroTik - the ongoing saga. I was following with much interest the recent thread started by Mike about which ADSL modem to use. Seems the TP-Link 8817 is the one to go for, however I have tried this modem in various installs and have still has intermittent slowness and just plain weird packet loss / latency.
Check MTU on pppoe client? Sometimes MTU discovery can be broken by bad bridges on ISP access network causing unexpected fragmentation of pppoe packets. Try reducing MTU on your pppoe session like so:
/ip firewall mangle add protocol=tcp tcp-flags=syn action=change-mss new-mss=<new-size> chain=forward out-interface=<interface-name>
Change '<interface-name>' for the actual interface, e.g. 'pppoe-out1' Change '<new-size>' for a smaller value, start with something VERY small, like 1300 and then work your way up again until it breaks.
Cheers!
Mike.
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi Paul, thanks - I’ll give that a try at the sites where I’m still having issues. Ben On 28 Oct 2014, at 8:35 am, Paul Julian <paul@oxygennetworks.com.au> wrote:
Hi Ben, at 1452 this could still be too high, this is assuming that your ISP is running a true 1500 byte MTU on their network, I usually go with an MTU of 1480 to play it safe and an MSS of 1440, it seems to be a reliable combination.
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben Jackson Sent: Monday, 27 October 2014 8:39 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] ADSL: The Sequel
Hi Mike,
I always set the only allowed subnet via winbox to be the internal LAN, and we would only ever connect from the internal LAN. I've tested this setting thouroughly and I know my rule is OK, so I don't believe this is the problem. This has also happened on routers that I haven't personally set up, and that don't have that rule in the firewall config.
Regarding MTU, I have done exactly as you guys have mentioned with the mangle rule, testing the maximum packet size using ping with the do not fragment bit set, normally this comes out to be 1452, however I am still having problems with some of my clients.
I'm starting to think perhaps I have just had a run of bad luck with crappy ADSL lines on residential customer sites.
Ben
On 27 Oct 2014, at 2:18 pm, Mike Everest <mike@duxtel.com> wrote:
Hi!
1) Any idea why a routerboard which has not had an admin password assigned to it would suddenly not accept the blank password and give a "incorrect password" error through winbox? Firewall rules were in place to only allow ip addressed from the internal LAN to connect so I'm pretty sure they weren't hacked and the password changed.
Allowed addresses? If you set allowed address attribute for user, then when attempt to access from some other address will fail as if bad credentials. Watch out for '0.0.0.0' instead of '0.0.0.0/0'! ;-)
2) ADSL and MikroTik - the ongoing saga. I was following with much interest the recent thread started by Mike about which ADSL modem to use. Seems the TP-Link 8817 is the one to go for, however I have tried this modem in various installs and have still has intermittent slowness and just plain weird packet loss / latency.
Check MTU on pppoe client? Sometimes MTU discovery can be broken by bad bridges on ISP access network causing unexpected fragmentation of pppoe packets. Try reducing MTU on your pppoe session like so:
/ip firewall mangle add protocol=tcp tcp-flags=syn action=change-mss new-mss=<new-size> chain=forward out-interface=<interface-name>
Change '<interface-name>' for the actual interface, e.g. 'pppoe-out1' Change '<new-size>' for a smaller value, start with something VERY small, like 1300 and then work your way up again until it breaks.
Cheers!
Mike.
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Part 2 sounds like a MTU problem to me - check that you have your TCP MSS mangle settings set up properly. In general, RouterOS will configure this automatically, but sometimes it needs some additional hand-holding. Something like this should do the job: /ip firewall mangle add action=change-mss chain=forward disabled=yes new-mss=1452 out-interface=pppoe-client protocol=tcp tcp-flags=syn -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben Jackson Sent: Monday, 27 October 2014 12:59 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] ADSL: The Sequel Hi all, Two questions: 1) Any idea why a routerboard which has not had an admin password assigned to it would suddenly not accept the blank password and give a "incorrect password" error through winbox? Firewall rules were in place to only allow ip addressed from the internal LAN to connect so I'm pretty sure they weren't hacked and the password changed. 2) ADSL and MikroTik - the ongoing saga. I was following with much interest the recent thread started by Mike about which ADSL modem to use. Seems the TP-Link 8817 is the one to go for, however I have tried this modem in various installs and have still has intermittent slowness and just plain weird packet loss / latency. When I use MikroTik's as a simple DHCP client in conjunction with a cable modem everything seems fine, which means there is something amiss with the PPPoE dialler? I have tried messing with MTU settings in various places, but I really can't see MTU misconfiguration accounting for a loss of 8-10Mbps at times? I have had so many problems with residential ADSL performance with MikroTik routers I am unfortunately now looking for alternatives to MikroTik. Configurations I have tried: - Bridging various brands of modem, setting up PPPoE client on gateway interface of MikroTik. Performance using this method (in my experience) is terribly inconsistent and sometimes just downright awful. Modem sync speed is normally fine, download speeds are inconsistent and often very poor. ISP reckons they can see "authentication dropouts" from the PPPoE client. - Using the modem as a router and routing between the two (192.168.x.x) subnets using the MikroTik. This leads to double NAT issues, although strangely performance seems more consistent than option 1. - Using the MikroTik as a simple layer 2 bridge / switch which is assigned a static IP in the DHCP range assigned to the gateway (have also tried DHCP). This seems to give the best performance but it seems to obviate buying a MikroTik when it is not even being used as a router. Also means that I have to rely on the (often inferior) feature set of the modem to manage the network. It seems to me (and I don't really have any hard evidence to back this up, just experience) that the PPPoE client on the MikroTik is rather unstable compared to those running on the various modems I have tried, and any noise / glitches on the line will cause it to misbehave. So, anyone have any suggestions on alternate configurations (static routes?) Thoughts? Ben _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (6)
-
Ben Jackson
-
Denis Hancock
-
Matt Chipman
-
Mike Everest
-
Paul Julian
-
Thomas Jackson