News: MikroTik and Ubiquiti fix WPA2 Client Vulnerability

For those unfamiliar with this latest WPA2 Security Vulnerability, please bear in mind the problem is on the client device, not the AP. Therefore rushing to patch your APs is not going to solve all the problems in your network from this vulnerability!

Of course, if you’re using WPA-TKIP (or using ‘both’ TKIP and AES), you DO have more problems than this attack. Therefore please ensure that any support for TKIP is disabled!  If you’re using WEP, this vulnerability will not affect you, but then again, you have even bigger problems anyway!
Continue reading “News: MikroTik and Ubiquiti fix WPA2 Client Vulnerability” »

News: MikroTik PowerBox Pro Gigabit Outdoor PoE

We now have stock of the MikroTik PowerBox Pro

The MikroTik PowerBox Pro is an outdoor five Gigabit Ethernet port router with PoE output on four ports. The PowerBox Pro features a sleek outdoor enclosure, making it suitable for various types of installations such as radio towers.

The PowerBox also supports passive or standard 802.3at/af PoE input/output. Ethernet ports 2-5 can power PoE capable devices with the same voltage as the unit is supplied with, making for a cleaner install. It can power 802.3at and af mode B compatible devices, if 48-57V input is used. The MikroTik PowerBox Pro has an SFP port for a fiber connectivity, it is small, affordable and easy to use. But at the same time comes with a powerful 800MHz CPU, capable of all the advanced configurations that RouterOS supports.

News: MikroTik release RouterOS 6.38.7 (bugfix tree)

MikroTik have a new release in the bugfix tree.
https://mikrotik.com/download

What’s new in 6.38.7 (2017-Jun-20 10:55):

!) bridge – fixed BPDU rx/tx when “protocol-mode=none”;
!) bridge – reverted bridge BPDU processing back to pre-v6.38 behaviour (v6.40 will have another separate VLAN-aware bridge implementation);
*) 6to4 – fixed wrong IPv6 “link-local” address generation;
Continue reading “News: MikroTik release RouterOS 6.38.7 (bugfix tree)” »

MikroTik release RouterOS 6.36

MikroTik have released 6.36 in the current release channel. Here is their changelog:

What’s new in 6.36 (2016-Jul-20 14:09):

*) arm – added Dude server support;
*) dude – (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=110428);
*) dude – server package is now made smaller. client side content upgrade is now removed from it and is downloaded straight from our cloud. So workstations on which client is used will require access to wan. Alternatively upgrade must be done by reinstalling the client on each new release;
Continue reading “MikroTik release RouterOS 6.36” »

HowTo: MikroTik Secure VPN Part 1.5 MikroTik to MikroTik with IPSec

This is a short HowTo which will cover the set-up of Mikrotik to Mikrotik VPN but secured with IPsec. The use of IPsec can be very CPU intensive and it is recommended that the VPN server be set up on a Mikrotik which supports hardware based AES/IPsec encryption such as the Mikrotik RB850Gx2RB3011 or any CCR series router.

I will be using a RB850Gx2 as my VPN server and a Mikrotik mAP as my VPN clients, all the heavy IPsec processing will be done on the RB850Gx2 which has AES hardware for offloading IPsec calculations. ROS 6.33.3 or higher on the client side is required in order to make use of the ‘easy IPsec connect’ feature.
Continue reading “HowTo: MikroTik Secure VPN Part 1.5 MikroTik to MikroTik with IPSec” »

HowTo: Optimising MikroTik Firewall rules

When creating complex firewall rules on MikroTik routers, especially those with high levels of packet throughput, it is important that any rules are processed in an efficient manner. Firewall rules are processed top down. Every new packet is tested against each rule until a match is found. For high packet count traffic, this could mean that all those packets are having to be processed many times before it is matched. This can require a higher processing power than necessary and if the CPU reaches 100%, packet loss will occur.
Continue reading “HowTo: Optimising MikroTik Firewall rules” »

News: Netonix range of intelligent PoE switches now in stock

We’ve recently received a delivery of Netonix switches. We thought we would blog about how amazing these things are, except one of our customers, Wessex Internet beat us to it!

If like those guys, you’re running your own WISP and need to power Ubiquiti or MikroTik radios, we have always advocated using batteries instead of a UPS as the site will stay up for longer when there is a mains failure. These switches make life much easier as they include within their range of products, PoE switches that can deliver 24v and 48V to radios from as little as a 9V DC supply!  We suggest your setup should consist of at least two leisure batteries wired in series, providing 24V or four batteries providing 48V.
Continue reading “News: Netonix range of intelligent PoE switches now in stock” »

News: CVE-2015-0235 RouterOS NOT affected by GHOST glibc security risk

mikrotik_router

 

MikroTik have confirmed that no version of RouterOS suffers from the security vulnerability CVE-2015-0235. See Mikrotik Forum for confirmation.

 

 

 

LinITX Up and Coming 2015

linitxlogo_whitebg

 

2015 is going to a big year for WiFi and Routing with the launch of Xclaim and 802.11 ac coming into its own and not to mention all the new products from Ubiquiti and MikroTik. Here’s what we are going to see early this year.

Xclaim

Xclaim is an up and coming wireless range of small easy to use and reliable wireless access points using Ruckus technology to ensure quality WiFi performance at low prices for all. Xclaim is due to launch here at LinITX within the next few weeks with all 4 models being stocked. There will be 3 indoor models each with different specifications including dual radio and the new ac technology, 1 outdoor model will also be stocked which includes the latest in wireless ac technology. Click here to see the range.
Continue reading “LinITX Up and Coming 2015” »

HowTo: Improved CAPsMAN Wireless Client Roaming

CAPsMAN is a very useful method of setting up a large number of APs (CAPs) in a building, but how can you help a client to roam better?  The problem is that clients can get “sticky”. They refuse to disconnect themselves from an AP, even though they have actually moved their location and are now much closer to another AP.  The client software seems to hang in there for dear life, despite having a very poor and low speed of connection, but it seems to decide, “some connection, no matter how bad, is better than none at all, but I will not check to see if there are any other APs that are stronger”. So they remain “stuck” to that distant AP, even though there is a better one nearby.  So what’s the solution?
Continue reading “HowTo: Improved CAPsMAN Wireless Client Roaming” »