It is much easier to run IPS/IDS on pfSense than Mikrotik, that's why! On pfSense, I have Suricata on WAN as well as Snort on LAN.Why do you need the pfsense box? Mikrotik can do it all.
I am using Mac so cannot copy from Mikrotik terminal so I hope a pic will help. I didn't see any list called deconfig...Post your lastest config for assistance.
Okay, let me try first and see what happens.Well I think mkx was basically stating, devices (besides MT) have their own sets of behaviours in the software on them, example PCs have sometimes 1 or more software firewalls running
Interesting ... I have the default firewall as below image ... wouldn't that get covered under ICMP?Also make sure firewalls on LAN devices allow connections from different IP subnet, default windows firewall settings don't allow that.
Cool ... that's what I thought ... thank you!Yes, the router will route between them at L3, unless you have a blocking fw rule.
Oh, now wonder...thank you for sharing!You need to fix the mask, because it explains your problem, quite a few of Google's networks are in 172.0.0.0/8.
What am I doing wrong...see image below!Posting part of settings is not all that helpful.
/export config hide-sensitive file=yourconfigaug22
Thanks Pe1ch1...wasn't expecting such a long time...I now take that to mean the time the source list shall exist. So, does dynamic therefore means that the list would roll over to the next two weeks period?2w = two weeks
Not sure I am following...is not the client side I believe...I want to say a bug! I have wireshark installed...will try having a look.Best will be to sniff the network and analyse the packets with something like wireshark to see what is happening, problem might be caused by client side
Except for the IP address, this picture seems to be what you described!Hi,
thanks, but i don't see how this is a solution to my situation.
Follow the site to site instructions here: http://wiki.mikrotik.com/wiki/Manual:IP/IPsec
+1...here's a link with how to instruction: http://resources.intenseschool.com/rasp ... og-server/A linux system.
If it should be low energy and low cost, a raspberry pi can do the job.
Ape
Good idea...if I have no default configuration, there is no firewall on ether1. I will try that in the morning...thanks for sharing.it may be better to connect to the WAN port, that way you are not modifying the ports that you are working with.
Okay, thanks!AFAIK this is not possible, address lists are made from separate entries for each address. This form is more manageable as one entry with multiple values.
+1Is there a way to change either the font or text size used by winbox?
Thanks.
Colin
Sorry that was a false alarm...problem still has not resolved.I would never have guess that having special characters in password would jam up my VPN...wow...thanks Mikrotik support and a special thank you to MrZ.
[Ticket#2015061066000766] VPN Analysis and RecommendationWhat ticket number?
Not sure what you want to do however I think this video might help you...good luck!Hallo.
I have Mikrotik RB751. I have to configuration router, every ether port in mikrotik has to than master port: none. How do I configuration address and route table ?
No, the client is using either iOS devices or Android devices over WIFI.Can you please confirm that this is using mobile networks eg 3G/4G as i know in NZ we have to change our APN settings on mobile devices to allow VPN traffic through.
Is it support at mikrotik dot com?Better to write such requests directly to mikrotik support by email.
Yes, I did however, I might have had a typo and for my protection wouldn't accept the correct one later. My login is the same as here...Nollitik. Thank you!you must have received a confirmation email. if not, tell me the login you used.
Thank you for responding...That did it.you can NOT upload ZIP package. Upgrade this - http://download2.mikrotik.com/routeros/ ... .0rc13.npk
and then reboot
What say Log?
I uncheck the "use peer DNS but nothing happen! Shot shows the check after I unchecked and nothing happen!Yes, you can use any DNS servers you want.
You're not looking at the right tab. Look at the actual DHCP client configuration (not the status) and uncheck "Use peer DNS".