In my recent article regarding the implementation of a MIP solution with Mikrotik RouterOS clients, I described some of the issues surrounding the a MIP solution as well as some of the solutions. This article generated quite a bit of response and I wanted to take the time to now offer some business ideas for how this can be useful to WISPs.
It seems to be “all the rage”. Mobile IP. In reality, mobile IP, describes the ability for a user to move across a network without having to renumber his devices. This definition holds true even if a user moves from one network to another. In other words, a user is able to keep his IP address without regard to where his device exists on the internet. That’s not exactly what I’m gonna describe here, but it is a very close approximation.
The solution you are about to read is real and tested….names (and IPs) may be changed to protect the innocent…
In this article, I want to describe how to tunnel EoIP over a PPtP connection. EoIP is a Mikrotik specific method of bridging ethernet traffic over a routed network. The problem with using EoIP as a “VPN”, is that it is not encrypted. The network we will build in this article will tunnel the EoIP traffic over an encrypted PPtP tunnel. There are other methods available in later versions of Mikrotik RouterOS to accomplish this functionality (OpenVPN, for one example) and I will be adding articles on some of these at a later time. the method described in this article will work in any version of Mikrotik RouterOS. It has been tested under 2.8.28, 2.9.51 and 3.13.
In “normal” routing, you have a set of routes that tell the router about how to reach certain networks. Policy routing is a way to do the same thing, but have different “paths” or routes for various types of traffic. In this article, we will explore the requirements for setting up policy routing and explain some of the concepts involved.
This article is just a script that you can cut and paste (with small changes) to your router. It will set up the necessary stuff to automate backups. The script is commented well and the parts that you need to customize are highlighted, so that you know what has to be adjusted. This is based on a script posted on Mikrotik’s website, updated to work in 2.9.x and 3.x.
(more…)
As many of you know, it was recently discovered that the DNS protocol has a serious flaw. I don’t have a lot to add to the conversations of some serious experts, but I wanted to post a link to some of the tools that I have found that will help you know if you are at risk.
Dan Kaminsky, a security researcher, recently discovered the flaw. While I am never one to preach “doom and gloom”, this is a really serious bug that WILL gain traction among the hackers. There is already proof of concept code available that shows how to attack this flaw, so don’t hesitate to fix it. DoxPara Research is where you will find the best information about the flaw. Also at Dan’s website (DoxPara), is a tool that will test your DNS server to see if it is vulnerable. YOU SHOULD TEST THIS NOW! Don’t hesitate and do it later. NOW! (Please)
Also, ICANN has released a tool that will test the DNS server that is providing DNS services for your domain. More information on the exploit and it’s implications can be found on ICANN’s website. Their tool is here. Again, this is very important to the security of not only YOUR website, but, also, to the security of anyone who visits your website. DON’T DELAY! DO IT NOW!
Over the course of the past several days, I have seen a significant number of folks who misunderstand the proper use for the new interface based routing option in MikroTik’s RouterOS.
First, what is interface routing anyway? In order to understand the answer to this question, we first have to understand how network communications works. More specifically, we will discuss how IP communications happens.
This is my first post about the Mikrotik Product. I will be putting up several examples in the coming weeks and months, so if you don’t see what you are looking for, be sure to contact me directly. Leaving a comment is fine, but not likely to be “answered” unless it is a clarification for the specific article.
This article is intended to be a short guide to help you configure a Mikrotik router to behave in a way that is similar to a soho router with a wireless connection upstream. This configuration is perfect for a WISP that is using devices like the RouterBoard 411 (priced at about $59), along with a CM9 or similar radio (about $40), associated power supply, outdoor enclosure/antenna, etc. The total cost of a flexible device like this is about $150-160, including everything needed to install at a customer’s house or business. (more…)
This blog will contain several tutorials and thoughts about various networking devices and technologies. Part of the intent here is to share some how-tos using various products. Since I am most familiar with the ImageStream and Mikrotik products, you will find many of my tutorials revolve around these products. Also, I will be posting various general networking tutorials. If you can think of a specific tutorial you’d like to see written up, by all means, please let me know by email or by phone. My main consulting website is here.