thanks for the fast reply... sound all dificult... i have an ip address list from netflix an amazon server ip's... a little bit old - dont know if they work actually... but that are over 300 ip-addresse. This list is called "no-vpn" so if i could route the traffic to this destination addr...

thanks for the fast reply... sound all dificult... i have an ip address list from netflix an amazon server ip's... a little bit old - dont know if they work actually... but that are over 300 ip-addresse. This list is called "no-vpn" so if i could route the traffic to this destination addr...

i got it! its working this way but i still have the problem that i need the passtrough (not via vpn) of the amazon video urls.... i was searching for lots af addresses... i put them in an addresslist "no-vpn" so now i need a rule i think to exclude that traffic from the vpn... i will try ...

the vpn is ipsec. If so, your /ip ipsec identity row used to establish the VPN refers to an /ip ipsec mode-config row with r esponder=no , and thus your router gets and IP address assignment from the remote peer, and an IPsec policy is dynamically created with that address as src-address and 0.0.0....

Look for policy routing (not IPsec policy), there are tens of topics here. In short, the principle is that you classify the traffic originated by devices on your LAN by its properties known already before the routing has been attempted (like source IP, source port, destination IP, destination port,...

Leaving aside that not all devices in your setup may support STP, there is no reason why you should interconnect the devices in a loop topology - a physical tree topology is sufficient. The current "WAN" of the Mikrotik may remain the only interface actually connected to the network, you ...

Hi Sindy, thanks for the answer. I was thinking about this also for not having to change the ip addresses of the devices. At the moment i changed the ip addresses of the tv's to the subnet 192.168.1.0/24 to have them via vpn, but in this way i dont have control anymore of this devices via openhab an...

hi, i am not so familiar with the scripting and marking.... can you post you mangle rule? i have generated an amazon addresslist manually - i looked which servers appears when starting prime video and added this domains to the list...- dont know if its workling... i have a rb connected via ether1 to...

Hi, i hafve a similar problem... i try to pass all amazon traffic directly and not via the vpn.. i tried to create an address list by checking the dns cache when starting amazon... i dont know if i found all urls.... some a very "cryptically" but how is finally the mangle roul exactly ? i ...

i am nog so familiar with scripting of that kind... has anyone an idea how to do ?

Security is not an issue. > you can use connection marking by default to split traffic to go into the tunnel and traffic that that not has to be in the tunnel. How is this feature called? I what like to read more about this Also I have a problem that netflix and amazon is not working through that t...

Hello, setting a local dns name with the static ip of the manually found ip adress of the surfshark.vpn-server is working... but i didnt find any information how to setup the scheduled script to renew this static dns by RB start and when dropping the line f.ex.... any idea ? shogunx can you maybe co...

Hello, setting a local dns name with the static ip of the manually found ip adress of the surfshark.vpn-server is working... but i didnt find any information how to setup the scheduled script to renew this static dns by RB start and when dropping the line f.ex.... any idea ? shogunx can you maybe co...

The dns problem i soluted.. was something wrong in the basic setup.. but now i have since 2 days the dropping vpn every 15 seconds.. it was working a few days.. but than dropping now every 15 seconds... i have no idea.... i remember an article about this, but didnt find it again... any idea ?? i hav...

Hi, i am planing my new setup and would like to know if it would work like this: normally the rb is behind a wan-modem (ADSL, fiber or whatever) and has an ip within the range of the wan-modem and on the bridge ports for the clients another ip range. my idea ist to put also the client range in that ...

Hello, i already read some other articles about mtu problems in ipsec vpn connections etc.. yesterday i installed my RB3011 from the scratch with the doc on the surfshark website... maybe i was missing some basic installation commands for the router.. ether1 - wan uplink to a fritzbox (ip 192.168.0....

Hi boen, thanks for the hint with chap - i will test it. Regarding API: the problem is that the portal had to have 100% control over the routeraction - so i would apreachate to make it over an api which in can be triggered over the portal cronjobs f.ex. To check continuosly if mabe the idle timeout ...

Hi, the chap problem with md5.. - I copied that javascript to my server where the login.php is. the loal login.html redirects to the portal using https. I have a well working certificate - also working for mobile devices. The target is to substitute the api which is already in my portal code to anot...

Thanks for the reply. I thought of sending username and password from the portal to the local routerboard to start there the radius session. But I didn't find something in the API. If possible I would avoid to use cookies and for sure I never would sent http-requests! But at the moment I also have a...

Hello, I am looking in google and also here in the forum for some help regarding hotspot feature (with external radius server) and api usage over an external captive portal. I make a redirect with local html-files (login.html, status.html etc..) to an external portal. There the client should registe...

a lot of visits, but nobody has an idea?
no rb profis here ?

Hi planetjim, I am trying the same you already realized but I get stocked before... One local RB750 (10.0.0.1 f.ex. should be the NAS-Client - hotspot with radius server activ) should connect over pptp to another rb450g. This rb450G is connected to the radius server. Only all radius traffic should p...

(This post was in a wrong section - here are the routing professionals I hope...) Hello, I would like to use RB750/450G to act as local session control gateway - hotspot function - with authentification over an external radius-server and with an external captive portal. All the radius traffic and al...

Hi jeansieb,

I am interested in the backend you are using for freeradius.
I have tried daloradius, but it is not so nice..
What are you using?
Please sent me a PM if possible to contact you.

kind regards,

Paul

(I moved/copied this post to section [Forwarding Protocols] ) I would like to use RB750/450G to act as local session control gateway - hotspot function - with authentification over an external radius-server and with an external captive portal. All the radius traffic and also the traffic to and from ...

Hello, i am also interested in a similar solution. Most radius server also "don't like" dynamic ip and i would like to to route only the radius traffic over an l2tp or pptp tunnel. This tunnel I also want to use as a management tunnel for all the wifi devices. How to specify port based rou...

Hi, i am testing lokal rb750g as hotspot with radius server and external portal. in the datacenter i have a 750g which act as router end point for some other action and which i also want to use as tunnel end point for a l2tp management tunnel between this and the hotspot router. i had to configure i...

Hi Michael, thanks for the respond. I am trying a propriatery multippp bonding solution but it is not working with more than one dsl line good enough and for sure it will also not work with mikrotik. The only stuf who can handle this might be viprinet or peplink and they are much more expensive. The...

Hi biggunsm, hi feklar, i am looking exactly for the sam solution, lets say up to 4 wan connections by dsl modems (ether 1-4) and ether 5 ist the hotspot port on a rb450g. i found a lot of samples with wan's - i will try to modify them for 4 wan uplinks but if you guys already have some tips for me ...

hi, i have the same problems - no internet acces with wireless clients connected over a ubnt unifi to the mikrotik routerboard in hotpost service. Ip adresse will be delivered by dhcp the clients get the ip, but there might be some problem/misconfiguration with the routing.... It doesn't work with f...