Showing posts with label mikrotik. Show all posts
Showing posts with label mikrotik. Show all posts

Wednesday, 27 May 2015

Mikrotik DHCP Option 43 Tutorial

12:57 Posted by Jurgens Krause , , , , , , , 5 comments

Step by step instructions to get DHCP Option 43 working on Mikrotik RouterOS 6.x

Many consumer devices allow you to pass configuration parameters like auto provisioning servers and such via dhcp. DHCP option 43 is used by Yealink, Ubiquiti and Ruckus as well as many others.

My need was to use it to send the address of the provisioning server to a number of Yealink T23G IP phones to make deployment easier.


Wednesday, 13 May 2015

Top Mikrotik Tips

15:55 Posted by Jurgens Krause , , , , , , , , , , , , , , 11 comments

Running Mikrotiks in the field? Here are my top tips for making the most of your Mikrotik Experience:

1. Secure
1.1 - Users and Passwords
1.2 - Access Ports
1.3 - Protect against brute force hacks
1.4 - Anonymize your connection
2. Manual Backups (and why a backup is not a backup)
3. Blocking Sites
5. Remote wake your computer
6. Remote access to your network

Tuesday, 31 March 2015

Mikrotik Synchronize Address List

15:11 Posted by Jurgens Krause , , , 2 comments
This is a simple script solution to synchronize small address lists between Mikrotik routers. It is limited by the fact that there is a 4096 byte limit for variables in Mikrotik Scripts. I have maximized the number if entries you can sync by putting only the list name and address in the file

Tuesday, 24 February 2015

Wednesday, 21 January 2015

Mikrotik Netflix selective Routing

16:45 Posted by Jurgens Krause , , , 13 comments

If you live in a country without Netflix, you are forced to use a VPN to get Netflix access. Unfortunately there is no easy way to route Netflix traffic exclusively. The scripts below will help to build an address list of IP's to route through the tunnel. It should work with any VPN provider

Wednesday, 5 November 2014

Thursday, 26 June 2014

Static Netflix Routes

12:18 Posted by Jurgens Krause , , , 5 comments


A lot of people have multiple internet connections and use static routing to determine which connection a certain application uses. This is also true if you use a VPN connection to get access to services like Netflix/Hulu or other geo-locked services.

I have created this route list which works well with UnoTelly, but should work equally well for any other provider.

Thursday, 27 March 2014

Mikrotik Hotspot Data Limit Trial

16:26 Posted by Jurgens Krause 34 comments
Mikrotik's hotspot service is quite amazing considering what it costs. It does have some limitations though. One of these is the fact that you cannot set a data limit to the trial account, only a time limit.

Luckily there are a few workarounds for this, the original concept for this comes from www.mikrotik-routeros.com but I have corrected a couple of bugs and added some functionality.

Mikrotik The Dude on Ubuntu 12.04 LTS Server (Step-By-Step)

11:12 Posted by Jurgens Krause , , , , 11 comments

On my network I have a single, low power server, running on my single highsite. This server runs Ubuntu 12.04.2 LTS, and it does not have the oomph to virtualize windows for the sake of dude. To this end I have deployed The Dude running under Wine.

Dude is a network monitoring application by Mikrotik that is excellent for monitoring Mikrotik and other SNMP enabled devices.

We will not be compiling anything, opting rather for the easier apt-get installs where possible.

This tutorial is based off the instructions from the Mikrotik Wiki, but adapted for Ubuntu 12.04 and The Dude Version 4.0 Beta 3

Monday, 24 March 2014

Mikrotik Hotspot - How to install Login Page Templates (Step-By-Step)

15:34 Posted by Jurgens Krause , 20 comments
I hope to post new templates as 'n adapt them for my own use, so keep an eye on the templates page.
Please note that some of these I did not create myself, I found them online for free, and adapted them to work with Mikrotik.


To install the template on your hotspot:

1. Connect to your Mikrotik router using winbox
2. Open the "files" window
3. Drag the "hotspot" folder from the zip file onto the root of your router's file system


Remember to check out my login templates here.

Tuesday, 18 March 2014

Supercharge your mRemoteNG

09:19 Posted by Jurgens Krause , , , , , 2 comments

If you are anything like me you have at least 50 different computers that you need to manage remotely. If you use Putty for ssh, WinSCP for file copies, VNC for desktop access and Microsoft RDP for managing Windows machines, you will know how hard it can be to keep all your logins organized.

mRemoteNG is a fully featured, tabbed, remote access manager. It seamlessly integrates with RDP, Putty, VNC and even has an integrated web browser built in.

What makes mRemoteNG even more useful is it's ability to integrate external tools. Now, for you these may be differ from the ones I find useful, but I will list my favourites as examples.

Wednesday, 26 February 2014

Setting up a Mikrotik Hotspot with UserManager (Step-By-Step)

15:14 Posted by Jurgens Krause , , , 133 comments
Mikrotik RouterOS provides a very powerful Hotspot Feature. This can be used with the Mikrotik built in Radius server (Userman) or with a remote Radius/Freeradius Server.

You will need:

Mikrotik RouterBOARD:

  • Level 4 or better licence (Lower licences will allow only a single Hotspot client)
  • RouterOS 6.x (5.x will also work, but this tutorial is based on v6.7)
The network will be configured as below. You may need to adjust the IP Addresses to suit your needs

Mikrotik Hotspot Network




Notes:
The RouterBOARD CPU and RAM will directly affect the performance of your Hotspot, so consider beforehand how many clients you wish to connect.
A RouterBOARD 750 can comfortably run about 25-50 users.
In my example I will use a RouterBOARD 532 with one 2.4ghz WLAN card


Thursday, 19 December 2013

Raspberry PI based FreeRadius Server with GUI

09:49 Posted by Jurgens Krause , , 41 comments
I run a small wireless network for a non-profit organization in my home town, it consists of a single high site with internet connectivity, with nine client sites connecting via wireless. The network is built with Ubiquiti hardware, with a Mikrotik 750 handling the routing. I also use this network for experimentation and learning. One of the things that I have been keen on doing is managing it as though it is a commercial network in terms of the network architecture. To this end I have decided to deploy a Raspberrry Pi based Radius server for PPPoE Authentication. The Mikrotik will serve as the PPPoE server, and the Raspberry Pi Radius server will be managed with DaloRADIUS. The instructions below should be easy to use on any Debian based distro.

Tuesday, 17 December 2013

Routing Steam Traffic with Mikrotik

09:56 Posted by Jurgens Krause , , 2 comments
For people living in third world economies, where uncapped high speed broadband internet is only a myth, we are forced to come up with creative means of managing our bandwidth.

The scenario is this:
You have two internet connections, one, a high speed capped internet connection, the other a low speed uncapped option. You would want all game and Steam client traffic to run over the high speed connection, but all Steam downloads have to be routed through the slow uncapped connection. We assume that the default route is through the uncapped connection, and only specific traffic gets routed over the high speed link.

From the Steam website you can find the following port information:


Steam Client:
  • UDP 27000 to 27015 inclusive (Game client traffic)
  • UDP 27015 to 27030 inclusive (Typically Matchmaking and HLTV)
  • TCP 27014 to 27050 inclusive (Steam downloads)
  • UDP 4380

Dedicated or Listen Servers

  • TCP 27015 (SRCDS Rcon port)
Steamworks P2P Networking and Steam Voice Chat
  • UDP 3478 (Outbound)
  • UDP 4379 (Outbound)
  • UDP 4380 (Outbound)
Additional Ports for Call of Duty: Modern Warfare 2 Multiplayer
  • UDP 1500 (outbound)
  • UDP 3005 (outbound)
  • UDP 3101 (outbound)
  • UDP 28960
Now, based on this we want to route all steam traffic apart from Steam Downloads (TCP 27015-27050) via the high speed link, so we start by marking the packets that we want to route to our high speed link:

Having marked the packets appropriately, we want to tell the Mikrotik firewall to route it through a specific gateway:
That's it, you will now be able to use Steam voice chat and the Steam Client through your high speed link with downloads running over you uncapped connection.