Adventures with GRE and IPSec on Mikrotik routers

I recently picked up a RB850GX2 from my favorite Mikrotik retailer, r0c-n0c. It’s a dual-core PowerPC board with five ethernet ports and some decent performance for the price. I still have the RB493G in a colocation and I usually connect my home and the colo via OpenVPN or IPSec. Networking is not one of my best skills and I’m always looking to learn more about it when I can. I decided to try out a GRE tunnel on top of IPSec this time around....

2015-05-27 · 8 min · Major Hayden

HOWTO: Mikrotik OpenVPN server

Mikrotik firewalls have been good to me over the years and they work well for multiple purposes. Creating an OpenVPN server on the device can allow you to connect into your local network when you’re on the road or protect your traffic when you’re using untrusted networks. Although Miktrotik’s implementation isn’t terribly robust (TCP only, client cert auth is wonky), it works quite well for most users. I’ll walk you through the process from importing certificates through testing it out with a client. ...

2015-05-01 · 6 min · Major Hayden

HOWTO: Time Warner Cable and IPv6

Time Warner has gradually rolled out IPv6 connectivity to their Road Runner customers over the past couple of years and it started appearing on my home network earlier this year. I had some issues getting the leases to renew properly after they expired (TWC’s default lease length appears to be seven days) and there were some routing problems that cropped up occasionally. However, over the past month, things seem to have settled down on TWC’s San Antonio network....

2014-09-11 · 6 min · Major Hayden

Native IPv6 connectivity in Mikrotik’s RouterOS

It’s no secret that I’m a big fan of the Routerboard devices and the RouterOS software from Mikrotik that runs on them. The hardware is solid, the software is stable and feature-rich, and I found a great vendor that ships quickly. I recently added a RB493G (~ $230 USD) to sit in front of a pair of colocated servers. The majority of the setup routine was the same as with my previous devices except for the IPv6 configuration....

2012-01-11 · 3 min · Major Hayden

Measure traffic flows with Mikrotik’s RouterOS and ntop on Fedora 15

It’s no secret that I’m a big fan of the RouterBoard network devices paired with Mikrotik’s RouterOS. I discovered today that these devices offer Cisco NetFlow-compatible statistics gathering which can be directed to a Linux box running ntop. Mikrotik calls it “traffic flow” and it’s much more efficient than setting up a mirrored or spanned port and then using ntop to dump traffic on that interface. These instructions are for Fedora 15, but they should be pretty similar on most other Linux distributions....

2011-06-05 · 2 min · Major Hayden