Community discussions

MikroTik App

Search found 207 matches

by patrickmkt
Wed Mar 13, 2024 7:36 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 462
Views: 93422

Re: v7.14.1 [stable] is released!

I am still having trouble with the /tool/SMS/Allowed-Number that disappears every time you do a /tool/sms/set receive-enable=yes
by patrickmkt
Sat Feb 24, 2024 8:45 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257610

Re: v7.13.5 [stable] is released!

I also have noticed the tool/sms/status that is now always off instead of running.

Also, more problematic, if you send a /tool/sms set receive-enabled=yes when receive-enabled was already yes, the allowed-number is erased!!!!
by patrickmkt
Sat Sep 16, 2023 5:34 pm
Forum: General
Topic: OpenVPN not working after upgrade to RouterOS 7.1.3
Replies: 2
Views: 1310

Re: OpenVPN not working after upgrade to RouterOS 7.1.3

You maybe want to update to after 7.11 version where the issue with certificates with SHA512 was solved.

*) certificate - restored RSA with SHA512 support;
by patrickmkt
Tue Sep 05, 2023 1:50 pm
Forum: RouterBOARD hardware
Topic: Ethernet - link down
Replies: 26
Views: 8706

Re: Ethernet - link down

I also had my ether 1 port going up and down recently on a CCR1036.
I too changed cables without success.

I have not found the solution yet, but for the time being, I migrated to another eth port that was available to get my system running.
by patrickmkt
Thu Aug 31, 2023 5:41 pm
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 162023

Re: v7.11 and 7.11.1 [stable] are released!

I've lost my license key!!! The upgrade to 7.11.1 on my CCR1036-12G-4S went well. However after rebooting for the firmware update, I got a warning that I had no license key and that my router will stop working after 24 hours. I tried to click on update license key but it did not work. After a third ...
by patrickmkt
Wed Aug 02, 2023 7:14 pm
Forum: Scripting
Topic: Built in function library
Replies: 132
Views: 134775

Re: Built in function library

I would like to get an AES encryption function. Or an access to openssl functions.
by patrickmkt
Wed Jun 28, 2023 5:15 pm
Forum: General
Topic: ROS 7 - Auto Upgrade not working
Replies: 8
Views: 1077

Re: ROS 7 - Auto Upgrade not working

Write a script: /system package update check-for-updates once :delay 1s; :if ( [get status] = "New version is available") do={ install } create a scheduler to run the script The auto upgrade will only automatically update the firmware on the next reboot. So after reboot you may need anothe...
by patrickmkt
Tue Jun 20, 2023 4:55 pm
Forum: General
Topic: Certificate CRL issue | Got CRL with a bad signature
Replies: 12
Views: 2157

Re: Certificate CRL issue | Got CRL with a bad signature

I tried to reissue some of my crl with sha256 instead, but I got the same crl error, while the crl are properly decoded by openssl without error.
by patrickmkt
Sun Jun 18, 2023 5:26 pm
Forum: General
Topic: Cloud ???
Replies: 8
Views: 1399

Re: Cloud ???

I also have a constant connection error to cloud backup but only from one of my router. All the other have no problem except the usual temporary service failure that we all noticed on cloud backup once in a while. From the problematic router I can ping cloud2.mikrotik.com, the mikrotik ddns service ...
by patrickmkt
Sat Jun 17, 2023 3:21 pm
Forum: Announcements
Topic: v7.10, 7.10.1 and more [stable] are released!
Replies: 369
Views: 129406

Re: v7.10 [stable] is released!

Still no fix on certificate crl using sha512
viewtopic.php?p=1008226#p1008226
by patrickmkt
Sat Jun 17, 2023 3:16 pm
Forum: General
Topic: Certificate CRL issue | Got CRL with a bad signature
Replies: 12
Views: 2157

Re: Certificate CRL issue | Got CRL with a bad signature

Still not fix on ROS 7.10
by patrickmkt
Sun Jun 04, 2023 12:31 am
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 26031

Re: v7.9.2 [stable] is released!

@Mikrotik, What do we need to do? For you to fix the OVPN issues. These OVPN issues have been around for four months now. Its a subtle move to entice uers to move to proper ipsec or wireguard............. The sooner the better. I have an IPSEC ikev2, a Wireguard and an OpenVPN setting. The problem ...
by patrickmkt
Sun Jun 04, 2023 12:26 am
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 26031

Re: v7.9.2 [stable] is released!

I still have the sha512 crl issues and openvpn issues.
viewtopic.php?p=1004156#p1004156
viewtopic.php?t=189545&e=1&view=unread#unread
by patrickmkt
Thu May 25, 2023 5:12 am
Forum: General
Topic: ROS7 destroying ovpn server - TLS failed?
Replies: 6
Views: 2869

Re: ROS7 destroying ovpn server - TLS failed?

I have the same OVPN <TLS error: ssl: unsupported certificate algo (6)>

I also still have the crl verification problem described viewtopic.php?t=189545&e=1&view=unread#unread
by patrickmkt
Wed May 24, 2023 3:34 pm
Forum: General
Topic: Certificate CRL issue | Got CRL with a bad signature
Replies: 12
Views: 2157

Re: Certificate CRL issue | Got CRL with a bad signature

All my certificates are also using sha512... I hope now that the root cause is found, a fix will be released soon.

Thanks
by patrickmkt
Mon Apr 24, 2023 5:15 am
Forum: Beginner Basics
Topic: Mark/route traffic from socks/proxy?
Replies: 2
Views: 379

Re: Mark/route traffic from socks/proxy?

maybe output chain
How in the mangle output chain can you detect which packet are coming from the socks proxy?
by patrickmkt
Sun Apr 23, 2023 10:57 pm
Forum: Beginner Basics
Topic: Mark/route traffic from socks/proxy?
Replies: 2
Views: 379

Mark/route traffic from socks/proxy?

I would like to have some clients connecting to a router to have an alternate route available to chose (not as automatic failover, but on purpose) I was considering the client could either communicate directly through the router as normal; or when they want to use the alternate route to communicate ...
by patrickmkt
Sat Apr 08, 2023 10:40 pm
Forum: RouterBOARD hardware
Topic: RouterBoard USB port not active?
Replies: 48
Views: 31908

Re: RouterBoard USB port not active?

Same issue here with ROS 7.8,
unable to connect a APC Smart UPS-X to a CCR1036-12G-4S on the USB port.

The USB cable works for communicating with a PC, but not with the router. The UPS is not displayed on the resources/USB and I have only the serial0 and serial1 option on the ups/add port=
by patrickmkt
Sat Apr 08, 2023 10:28 pm
Forum: General
Topic: How do I get "usbhid1" to be a valid option for my APC UPS on my CCR1036?
Replies: 1
Views: 532

Re: How do I get "usbhid1" to be a valid option for my APC UPS on my CCR1036?

I have the same problem when plugging an APC Smart X UPS to my CCR1036-12G-4S.
The UPS does not show up on the router. The same USB cable plugged to a computer is recognized as a UPS.
by patrickmkt
Sun Oct 30, 2022 6:39 pm
Forum: General
Topic: Certificate CRL issue | Got CRL with a bad signature
Replies: 12
Views: 2157

Re: Certificate CRL issue | Got CRL with a bad signature

This issue was fixed with the v7.6 release.
Good for you, for me it started with v7.6... :-(
by patrickmkt
Sun Oct 30, 2022 5:19 pm
Forum: General
Topic: Certificate CRL issue | Got CRL with a bad signature
Replies: 12
Views: 2157

Re: Certificate CRL issue | Got CRL with a bad signature

By any chance are you using DOH for your DNS?
by patrickmkt
Thu Oct 20, 2022 1:33 am
Forum: General
Topic: R11eL firmware upgrade
Replies: 3
Views: 1209

Re: R11eL firmware upgrade

It's a LtAP mini, so the card is integrated.
interface/lte/firmware-upgrade lte1
  installed: R11eL_v02.14.173531
     latest: R11eL_v05.04.193841
by patrickmkt
Wed Oct 19, 2022 11:14 pm
Forum: General
Topic: R11eL firmware upgrade
Replies: 3
Views: 1209

R11eL firmware upgrade

I have an old firmware version v02.14 on the R11e-LTE-US in my LtAP mini. Per the wiki, this board can only be updated trough FOTA. I have my lte interface running, I can ping through it on the internet. When I check for firmware upgrade, it's telling me v05.04 is available. However, as soon as I la...
by patrickmkt
Sat Jul 30, 2022 4:18 pm
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD-IN not working
Replies: 2
Views: 644

Re: RB2011UAS-2HnD-IN not working

Unfortunately even through the POE port it does not work.
by patrickmkt
Sun Jul 24, 2022 6:26 pm
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD-IN not working
Replies: 2
Views: 644

RB2011UAS-2HnD-IN not working

I have this router died on me. The outside power supply is fine but the board does not light up at all and obviously does not boot either. Is the schematic available and what is the usual culprit I need to look for on this board? Is there a CMS fuse somewhere that may have blown? Or one of the first...
by patrickmkt
Wed Aug 04, 2021 9:46 am
Forum: General
Topic: Winbox: Error router does not support secure connection
Replies: 4
Views: 2094

Re: Winbox: Error router does not support secure connection

Winbox 3.28
ROS 6.48.3 on both routers.

What does the Winbox secure mode connection use that legacy mode does not?
What could make that I can connect with webfig on both IP addresses, but on winbox only one address accept secure mode?
by patrickmkt
Mon Aug 02, 2021 12:03 pm
Forum: General
Topic: Winbox: Error router does not support secure connection
Replies: 4
Views: 2094

Winbox: Error router does not support secure connection

I am confused. I have two routers connected by a trunk with 2 vlans on this trunk with an address assigned for each router on each vlan. When I am connected to router 1, I can connect via winbox on router 2 with one of the ip address of router 2. But when I am trying to connect via winbox on the oth...
by patrickmkt
Tue Jun 22, 2021 3:41 pm
Forum: RouterBOARD hardware
Topic: RB1100AH Power supply?
Replies: 2
Views: 2677

Re: RB1100AH Power supply?

Thanks,
I had seen the 24V through the POE and the 110-220V, but I haven't seen before the 12-24V to the board.
by patrickmkt
Mon Jun 21, 2021 4:25 pm
Forum: RouterBOARD hardware
Topic: RB1100AH Power supply?
Replies: 2
Views: 2677

RB1100AH Power supply?

That is the second time my power supply in a RB1100AH died. I couldn't find the specifications required for this board. I believe that the original PSU was 12V DC with less than 2A. But what is really needed for the board? What is the voltage tolerance and power requirement? What is the best voltage...
by patrickmkt
Wed Apr 14, 2021 4:00 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 141
Views: 61771

Re: v6.48.2 [stable] is released!

After successful update I attempted to do a backup and I now get:
"error creating backup file: could not read all configuration files"
by patrickmkt
Sun Dec 13, 2020 10:45 pm
Forum: General
Topic: Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]
Replies: 40
Views: 41279

Re: Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]

My client and server certs have the SAN DNS field same as common name. Does that fqdn in Subject Alt Name of the certificate of the Mikrotik resolve in public DNS to the IP address of the Mikrotik to which the MacOS connects? And do you also get "peer identity not found" at Mikrotik side ...
by patrickmkt
Sun Dec 13, 2020 7:03 am
Forum: General
Topic: Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]
Replies: 40
Views: 41279

Re: Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]

I did generate client certificate without it, Mikrotik complained about "peer identity not found" even though it identified the peer with IP or FQDN supplied by macOS client, however the CERT payload was missing and authentication always failed. I am also struggling with peer identity not...
by patrickmkt
Sat Nov 21, 2020 4:37 pm
Forum: General
Topic: IP address and SIP algo
Replies: 1
Views: 533

IP address and SIP algo

I had an issue with one of my SIP trunk yesterday and had to do some packet sniffing on the wan side. My setup was as follow: Cable modem <->Mikrotik<->PaBx The cable modem is setup as bridge and provide to the Mikrotik via DHCP a routable wan IP address (lets say 5.5.5.5). However, the cable modem ...
by patrickmkt
Wed Nov 18, 2020 9:36 pm
Forum: General
Topic: DNS over HTTPS
Replies: 258
Views: 120447

Re: DNS over HTTPS

Has someone figure out how to get proper CRL download while using DoH?

I am still having the "DoH sever connection error: SSL: handshake failed: unable to get certificate CRL"
by patrickmkt
Sun Aug 30, 2020 6:27 pm
Forum: General
Topic: doh server connect error network is unreachable
Replies: 9
Views: 7697

Re: doh server connect error network is unreachable

It would be nice to have the following backup when "DoH server connection error" is encountered: - secondary DoH server entry - revert to regular DNS server The major internet outage this morning had my connection failed on cloudflare DoH. When I manually changed it to google DoH I got con...
by patrickmkt
Tue Jul 14, 2020 2:23 am
Forum: Announcements
Topic: v6.47.1 [stable] is released!
Replies: 146
Views: 95137

Re: v6.47.1 [stable] is released!

I still have the same problem with CRL not being updated with DOH. (I am using Cloudflare) DoH server connection error: SSL: handshake failed: unable to get certificate CRL. I do have the DigiCert Global Root CA as trusted. I even went to the extend to download the root CA of the websites where the ...
by patrickmkt
Wed Jul 08, 2020 8:43 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 348
Views: 172000

Re: v6.47 [stable] is released!

Does anyone has problem with CRL with this release? It seems that my router does not get the latest crl as the last date of update is older and now the crl appears as invalid in the crl tab. The only error I got is the DoH server connection error. SSL handshake failed: unable to get certificate CRL....
by patrickmkt
Fri Jun 05, 2020 12:01 am
Forum: General
Topic: [OpenVPN] Doubt about certificates
Replies: 3
Views: 2119

Re: [OpenVPN] Doubt about certificates

My issue has been solved with the 6.47 update.
by patrickmkt
Fri Jun 05, 2020 12:00 am
Forum: Beginner Basics
Topic: OpenVPN W10 sslv3 alert certificate expired [SOLVED]
Replies: 5
Views: 10116

Re: OpenVPN W10 sslv3 alert certificate expired [SOLVED]

The update to 6.47 fixed my problem. I can again connect remotely via OVPN with certificates.
by patrickmkt
Thu Jun 04, 2020 11:59 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 348
Views: 172000

Re: v6.47 [stable] is released!

Yes OVPN with certificates works again.... I can at last reconnect with my remote routers...
by patrickmkt
Wed May 27, 2020 2:38 pm
Forum: Announcements
Topic: v6.47rc [testing] is released!
Replies: 63
Views: 34532

Re: v6.47rc [testing] is released!

I am wondering if the certificate check issue with openvpn was fixed.
by patrickmkt
Thu May 14, 2020 5:23 pm
Forum: RouterBOARD hardware
Topic: Audible Alarm on disconnect
Replies: 4
Views: 2269

Re: Audible Alarm on disconnect

Go to tools -> Netwatch. Add the IP you want to monitor. Write the script you want for both conditions...

https://wiki.mikrotik.com/wiki/Manual:Tools/Netwatch
by patrickmkt
Mon May 11, 2020 11:27 pm
Forum: General
Topic: [OpenVPN] Doubt about certificates
Replies: 3
Views: 2119

Re: [OpenVPN] Doubt about certificates

I had a functional ovpn setup, but for a few months I got the same error with TLS fail.
I don't know why or if there was a change in the certificate verification side on routeros, but all my remote servers are not accessible anymore.

I have made a post about it there.
by patrickmkt
Mon May 11, 2020 11:18 pm
Forum: General
Topic: OpenVPN stuck occasionally
Replies: 10
Views: 6767

Re: OpenVPN stuck occasionally

I am having problem also with ovpn for a month now as reported in my other post. From Win 10 to Mikrotik: OpenSSL: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired TLS_ERROR: BIO read tls_read_plaintext error TLS Error: TLS object -> incoming plaintext read error TLS Error...
by patrickmkt
Mon Apr 27, 2020 3:38 am
Forum: Beginner Basics
Topic: OpenVPN W10 sslv3 alert certificate expired [SOLVED]
Replies: 5
Views: 10116

Re: OpenVPN W10 sslv3 alert certificate expired [SOLVED]

Nobody to give a hand to help me find the problem?
I don't know what else to look for.
Am I the only one with this problem? Is is a new bug in the latest stable ROS versions?
by patrickmkt
Sun Apr 26, 2020 5:31 pm
Forum: Announcements
Topic: Winbox v3.23 released!
Replies: 60
Views: 49600

Re: Winbox v3.23 released!

Problem that was also present in 3.22 with the display of the window when clicking on a certificate crl. The window is not resizable and exceed the size of the winbox window.
by patrickmkt
Sat Apr 18, 2020 7:20 pm
Forum: Beginner Basics
Topic: OpenVPN W10 sslv3 alert certificate expired [SOLVED]
Replies: 5
Views: 10116

Re: OpenVPN W10 sslv3 alert certificate expired [SOLVED]

When the Mikrotik ovpn server "require client certificate" is unchecked, I can remotely connect. When it is checked, then I got on my client the certificate expired notification. Why the Mikrotik implementation of ovpn is finding the certificate as expired is still a mystery. The certs are...
by patrickmkt
Thu Apr 09, 2020 8:42 pm
Forum: Beginner Basics
Topic: OpenVPN W10 sslv3 alert certificate expired [SOLVED]
Replies: 5
Views: 10116

Re: OpenVPN W10 sslv3 alert certificate expired [SOLVED]

just as a side note, the certificates for the ikev2 login are the same than the ones I am using for ovpn !!!
by patrickmkt
Sat Apr 04, 2020 3:13 am
Forum: Beginner Basics
Topic: OpenVPN W10 sslv3 alert certificate expired [SOLVED]
Replies: 5
Views: 10116

OpenVPN W10 sslv3 alert certificate expired [SOLVED]

Recently I could not connect anymore to any of my routers from my Win 10 OpenVPN. I got on the Windows10 OpenVPN log: OpenSSL: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired On the router I got a an error: duplicate packet, dropping. All my routers are configured with a ...
by patrickmkt
Mon Aug 26, 2019 10:43 am
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 54
Views: 48931

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

I now have another problem with Windows. When attempting to use a second VPN connection to another Mikrotik with a different intermediate CA, I have the known problem of WIndows presenting the wrong certificate (the one of the first vpn connection) and refusing the authentication. To avoid this issu...
by patrickmkt
Sat Aug 24, 2019 6:32 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 54
Views: 48931

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

Yes I am aware of the split include limitation on Windows.

My issue was from my firewall rules. I had the VPN issue an IP from a dhcp pool that was managed by bridge rules, but obviously the ipsec connection is not an interface and not attached to a bridge. I had to add a new rule for the IP subnet.
by patrickmkt
Sat Aug 24, 2019 5:49 pm
Forum: General
Topic: IKE2 RSA signature - identity not found for peer: DER DN: [SOLVED]
Replies: 5
Views: 14176

Re: IKE2 RSA signature - identity not found for peer: DER DN: [SOLVED]

Same here, disabling doesn't help. The strange thing is, it works on iOS fine, but the windows client doesn't. Current RouterOS from today on CCR I had also problems of different behavior between Windows and IOS. You can see what worked eventually for me here: https://forum.mikrotik.com/viewtopic.p...
by patrickmkt
Sat Aug 24, 2019 5:00 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 54
Views: 48931

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

You're right. With the own ID to auto it does connect...
Thanks

Now I need to figure out why this difference behavior between iOS and Windows.
Also, I still need to fix the routing issue as windows does not get any gateway set up.
by patrickmkt
Sat Aug 24, 2019 12:05 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 54
Views: 48931

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

I have set up as follow:
remote id type= auto
match by=certificate


I also tried with match by id with all the different remote id type
by patrickmkt
Fri Aug 23, 2019 11:17 am
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 54
Views: 48931

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

With the same series of certificate: When I successfully connect from an Iphone: aug/22 16:05:54 ipsec ike auth: respond aug/22 16:05:54 ipsec processing payload: ID_I aug/22 16:05:54 ipsec ID_I (FQDN): My_Client_Cert aug/22 16:05:54 ipsec processing payload: ID_R aug/22 16:05:54 ipsec ID_R (FQDN): ...
by patrickmkt
Wed Aug 21, 2019 10:03 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 54
Views: 48931

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

I believe that I tried with machine certificate before without success also and eventually reading that both could be used as long as the certificates and chain were in the proper stores (user or machine). But to make sure I tried again. I even put all the certificates in both chain. Still the same ...
by patrickmkt
Wed Aug 21, 2019 9:19 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 54
Views: 48931

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

I had selected the option to have windows asking me which client certificate to use each time. And indeed I have a dropdown box letting me chose at the connection time.
by patrickmkt
Wed Aug 21, 2019 7:34 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 54
Views: 48931

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

Thanks, I had all the chain of trust of the CA in both the client and server. The client certificate had its key too. I am really surprised not to find any information how to get a better error log on the windows vpn client... That would point me into the right direction instead of playing half blin...
by patrickmkt
Mon Aug 19, 2019 9:24 pm
Forum: RouterBOARD hardware
Topic: PowerBox Pro not powering with POE in
Replies: 4
Views: 3006

Re: PowerBox Pro not powering with POE in

Then you would need to revise the brochure as it is clearly stated:
"It also supports passive or standard 802.3at/af PoE input/output."

That was for me the main interest of the Powerbox Pro compared to the standard one (in addition to the sfp).
by patrickmkt
Mon Aug 19, 2019 12:47 pm
Forum: RouterBOARD hardware
Topic: PowerBox Pro not powering with POE in
Replies: 4
Views: 3006

PowerBox Pro not powering with POE in

I just received a new PowerBox Pro this morning. I can power it through the power jack without problem, however, when I plug eth1 into a POE switch (even with a short cable), the Powerbox Pro does not power on. Is there a hidden setting somewhere that I need to change to accept 802.3af for POE in? O...
by patrickmkt
Sun Aug 18, 2019 1:35 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 54
Views: 48931

Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

I am loosing my mind trying to do a certificate authentication between a Mkt server and a windows 10 client using ikev2. I can log in to the Mkt server from an iPhone, however, I got the dreaded error from Windows saying: "IKE authentication credentials are unacceptable". I am also lost ho...
by patrickmkt
Sat Aug 03, 2019 4:21 pm
Forum: General
Topic: Winbox 3.19 login problem
Replies: 1
Views: 1984

Winbox 3.19 login problem

I have a few routers that refuse to let me log in via Winbox anymore. I can however log in through webfig in local to confirm that the login and password are correct. The logs don't show any other error logs than the failed winbox attempt that displayed as "login failure attempt for user xxx fr...
by patrickmkt
Thu Apr 26, 2018 9:41 pm
Forum: General
Topic: Windows Port Knock Application
Replies: 24
Views: 14562

Re: Windows Port Knock Application

Bitdefender fund a trojan in the file :-(
by patrickmkt
Sun Jul 23, 2017 1:01 pm
Forum: Scripting
Topic: DNS resolve and address list
Replies: 7
Views: 9921

Re: DNS resolve and address list

Why so difficult? Just put the hostname in the address field and the router resolves it automatically and at the correct frequency (TTL of the DNS record). No need for a script. First of all, the automatic resolving of hostname is quite recent in the functionnalities of ROS. Second, some of the hos...
by patrickmkt
Sun Jul 23, 2017 8:27 am
Forum: Scripting
Topic: DNS resolve and address list
Replies: 7
Views: 9921

DNS resolve and address list

I have multiple firewall rules based on address-list filters. My address lists are updated regularly by the standard script that resolve the hostname to an ip: :local comment :local newip :local oldip # Loop through each entry in the address list. :foreach i in=[/ip firewall address-list find] do={ ...
by patrickmkt
Sat Oct 22, 2016 8:12 pm
Forum: General
Topic: [Solved] OpenVPN Routing Problem
Replies: 4
Views: 10395

Re: OpenVPN Routing Problem

did you create an OVPN server binding in PPP interface and add forward rule for that interface in your firewall to allow the traffic from the VPN to your LAN?
by patrickmkt
Wed Oct 12, 2016 4:13 pm
Forum: Beginner Basics
Topic: NEED OF VERY STRONG WIFI INDOOR ROUTER
Replies: 13
Views: 3638

Re: NEED OF VERY STRONG WIFI INDOOR ROUTER

what did the log show? If you don't know how to configure the log look here http://wiki.mikrotik.com/wiki/Manual:System/Log.
by patrickmkt
Tue Oct 11, 2016 6:57 pm
Forum: Beginner Basics
Topic: NEED OF VERY STRONG WIFI INDOOR ROUTER
Replies: 13
Views: 3638

Re: NEED OF VERY STRONG WIFI INDOOR ROUTER

did you perform an upgrade of the AP recently? If so could you check that the wireless package is current and active. Also check the config as some wireless setup may have been changed from the upgrade.
by patrickmkt
Sat Oct 01, 2016 5:33 pm
Forum: Announcements
Topic: v6.37 [current] is released!
Replies: 197
Views: 67396

Re: v6.37 [current] is released!

I just had a really strange problem with the upgrade from 6.36 to 6.37 When I did the upgrade (using the Mikrotik check-for-upgrade via winbox), the Mikrotik (RB435G) did the upgrade to 6.37 however in Winbox, there was no Wireless section In packages there were two wireless packages, one was 6.37 ...
by patrickmkt
Sun Jul 17, 2016 11:03 pm
Forum: Beginner Basics
Topic: Small Home/Office setup
Replies: 3
Views: 3258

Re: Small Home/Office setup

Your setup is pretty simple, your office, voip and home are all using different devices. You probably don't need any vlan at all. Just your three network with different IP subnets as described on your diagram. Then two bridges to get the wlan_home and lan_home together, and the wlan_business and lan...
by patrickmkt
Wed Jul 06, 2016 4:13 pm
Forum: Beginner Basics
Topic: Complicated VLAN setup
Replies: 21
Views: 6959

Re: Complicated VLAN setup

I have a new question however concerning the VLANing APs. Packets from the wifi are getting tagged however I don't think it can tag management packets. Can I do the following: [admin@Mikrotik] /interface bridge port> add interface=ether3-master bridge=bridge-management [admin@Mikrotik] /interface b...
by patrickmkt
Wed Jul 06, 2016 4:06 pm
Forum: Beginner Basics
Topic: Complicated VLAN setup
Replies: 21
Views: 6959

Re: Complicated VLAN setup

Hi, I tried what patrickmkt suggested because it seemed really straightforward. I created the bridges and assigned ports to it (not every port so far) . However I cannot create srcnat between a bridge and the ehter1 interface: [admin@Mikrotik] /ip firewall nat> add chain=srcnat in-interface=bridge-...
by patrickmkt
Tue Jul 05, 2016 3:11 am
Forum: Beginner Basics
Topic: Complicated VLAN setup
Replies: 21
Views: 6959

Re: Complicated VLAN setup

do you need to have eth2 and eth4 tagged? is your POS and front desk PC playing well with VLAN? My initial thoughts on your setup would be to setup two bridges: one for management and one for public. You will be using a bit more cpu compare to the switch chip but will have much more control of your ...
by patrickmkt
Sun Nov 08, 2015 7:47 pm
Forum: General
Topic: Feature request: OpenVPN compression LZO and UDP
Replies: 200
Views: 125490

Re: Feature request: OpenVPN compression LZO and UDP

Already voted on that years ago. And I'm still asking for it :?
by patrickmkt
Sun Sep 06, 2015 7:56 am
Forum: Scripting
Topic: DynDNS update script periodically doesn't update
Replies: 3
Views: 1648

Re: DynDNS update script periodically doesn't update

How often does your script run? Is there a limitation on your ddns server /checkip target that would refuse too many request within a short timeframe? Same thing with the dns update, you've set the force to true. Your ddns will probably blacklist you when too many request to change an IP that hasn't...
by patrickmkt
Tue Jun 30, 2015 9:54 pm
Forum: General
Topic: Crooks Use Hacked Routers to Aid Cyberheists
Replies: 5
Views: 5212

Crooks Use Hacked Routers to Aid Cyberheists

"Recently, researchers at the Fujitsu Security Operations Center in Warrington, UK began tracking Upatre being served from hundreds of compromised home routers — particularly routers powered by MikroTik and Ubiquiti’s AirOS." “The consistency in which the botnet is communicating with compr...
by patrickmkt
Thu Jun 25, 2015 9:22 pm
Forum: SwOS
Topic: MikroTik Firmware Version
Replies: 1
Views: 2584

Re: MikroTik Firmware Version

http://www.mikrotik.com/download

1.14 is the latest version.
by patrickmkt
Wed Apr 22, 2015 6:14 pm
Forum: Beginner Basics
Topic: OVPN client certificate based authentication
Replies: 1
Views: 845

Re: OVPN client certificate based authentication

If your server requires LZO and/or UDP, Mikrotik OVPN will not be compatible with it. Only TCP and no compression.
by patrickmkt
Mon Apr 20, 2015 4:23 am
Forum: General
Topic: SSTP VPN - certificate cannot be verified
Replies: 1
Views: 6761

Re: SSTP VPN - certificate cannot be verified

On Windows 7 Client go to Control Panel > Intenet Options > Content > Certificates > Trusted Root Certificate Autorities > Import - Select C:\OpenSSL-Win32\bin\client.crt You maybe want to import in the "Trusted Root Certificate Autorities" the ca.crt. Then you import the client.crt + cli...
by patrickmkt
Sun Mar 01, 2015 7:26 pm
Forum: General
Topic: Windows Port Knock Application
Replies: 24
Views: 14562

Re: Windows Port Knock Application

Any update on the compiled version that incorporate the DNS and delay?
by patrickmkt
Sat Feb 21, 2015 3:46 am
Forum: SwOS
Topic: Feature Request - DHCP
Replies: 7
Views: 4217

Re: Feature Request - DHCP

I agree, that may help in some deployment
by patrickmkt
Thu Jan 22, 2015 4:39 pm
Forum: Beginner Basics
Topic: OpenVPN Connection problems
Replies: 3
Views: 2518

Re: OpenVPN Connection problems

what do you get on the routerboard log (with ovpn debug option in the logging options)?
by patrickmkt
Wed Nov 05, 2014 5:32 pm
Forum: General
Topic: OVPN and certificates.
Replies: 1
Views: 6932

Re: OVPN and certificates.

ROS 6.21.1 certificate and CRL handling corrections seem to have fixed my problem with the TLS error. :)
by patrickmkt
Wed Nov 05, 2014 5:31 pm
Forum: General
Topic: OpenVPN Server error: TLS failed [SOLVED]
Replies: 48
Views: 134856

Re: OpenVPN Server error: TLS failed [SOLVED]

ROS 6.21.1 certificate and CRL handling corrections seem to have fixed my problem with the TLS error. :)
by patrickmkt
Wed Nov 05, 2014 6:50 am
Forum: General
Topic: v6.21.1 released
Replies: 112
Views: 38811

Re: v6.21.1 released

What's new in 6.21.1 (2014-Nov-03 15:20):

*) certificate - fix CRL handling in trust chain;
Great my ovpn remote access is working again. I don't know if it was related to it or not, but it solved my TLS error during connection.
by patrickmkt
Mon Oct 27, 2014 10:00 am
Forum: General
Topic: Cert and CRL bug?
Replies: 0
Views: 1029

Cert and CRL bug?

The same way that the bug with the Certs with CRL for OVPN is still not fixed, I stumbled into another issue with CRL on an SSTP link. I have an SSTP link between two ROS routers using certificates and CA. The CA is linked to an http URI for the CRL. The link was working fine until last week when I ...
by patrickmkt
Mon Oct 13, 2014 9:10 pm
Forum: Beginner Basics
Topic: Firewall Mangle rule shows no traffic
Replies: 10
Views: 4217

Re: Firewall Mangle rule shows no traffic

Did you activate the connection tracking ?
by patrickmkt
Sat Oct 04, 2014 6:46 pm
Forum: General
Topic: action=del-src-from-address-list
Replies: 3
Views: 1884

Re: action=del-src-from-address-list

I am already using the time out option, however I was considering using some port knocking scenario to shut down access in addition to open them.
by patrickmkt
Sat Oct 04, 2014 7:34 am
Forum: General
Topic: action=del-src-from-address-list
Replies: 3
Views: 1884

action=del-src-from-address-list

There are action=add-src-to-address-list and action=add-dest-to-address-list in NAT, Mangle and Filter.

How can I remove an address from a list as an action too?

Wouldn't it be nice to have also action=del-src-from-address-list and action=del-dest-from-address-list?
by patrickmkt
Fri Aug 22, 2014 11:55 pm
Forum: General
Topic: OpenVPN Server error: TLS failed [SOLVED]
Replies: 48
Views: 134856

Re: OpenVPN Server error: TLS failed [SOLVED]

Yes I have the same problem since v6.9+.

see http://forum.mikrotik.com/viewtopic.php?f=2&t=86739
http://forum.mikrotik.com/viewtopic.php?f=2&t=87297

but so far no answer to this problem
by patrickmkt
Thu Jul 24, 2014 6:24 pm
Forum: General
Topic: ROS OpenVPN Client with Linux OpenVPN server
Replies: 5
Views: 7713

Re: ROS OpenVPN Client with Linux OpenVPN server

Or we should have Mikrotik fix what is not working first before implementing new stuff. :?
by patrickmkt
Tue Jul 22, 2014 11:47 pm
Forum: General
Topic: openvpn iOS tls failed
Replies: 7
Views: 13153

Re: openvpn iOS tls failed

It's not only ios. I can't connect anymore from windows GUI with a config that was operational before.
See http://forum.mikrotik.com/viewtopic.php?f=2&t=87297
by patrickmkt
Tue Jul 22, 2014 8:56 pm
Forum: General
Topic: OVPN and certificates.
Replies: 1
Views: 6932

OVPN and certificates.

Since around ROS 6.5 or 6.6 I can't connect anymore to ROS OVPN server with certificates. It does work if I uncheck the Require Client Certificate on the OVPN server tab, but I got a TLS failure log entry if it's checked. It was working before with the certificates. There were a lot of certificates ...
by patrickmkt
Fri Jun 13, 2014 11:22 pm
Forum: General
Topic: v6.15 released
Replies: 302
Views: 133360

Re: v6.15 released

Hi Normis SSTP does not work at all on 6.15. (It also didn't work on 6.14?) Do both devices have to be on 6.15 to work? If i downgrade to 5.26, it works fine. Upgrade to 6.15 it breaks, its also enabled under PPP. Dont understand... SSTP client does work for me from 6.15 to server 6.15, 6.14 or 6.1...
by patrickmkt
Thu May 22, 2014 12:07 am
Forum: General
Topic: v6.13 released!
Replies: 176
Views: 65824

Re: v6.13 released!

In this case I can see two options: 1) Wait for 6.14 release, there are also some SSTP bug fixes 2) Generate support file and send it to MK support The third possible option can be selecting a different interface in firewall rule, apply configuration, then select back the sstp-server interface and ...
by patrickmkt
Wed May 21, 2014 7:45 pm
Forum: General
Topic: v6.13 released!
Replies: 176
Views: 65824

Re: v6.13 released!

Something I just noticed after updating two routers to 6.13: When I connect via SSTP from one ROS client to one ROS Server, the firewall rule associated with this SSTP connection stays red on the server after connection. It was working before on previous versions. Is there a new parameter that I di...
by patrickmkt
Wed May 21, 2014 7:53 am
Forum: General
Topic: v6.13 released!
Replies: 176
Views: 65824

Re: v6.13 released!

Something I just noticed after updating two routers to 6.13: When I connect via SSTP from one ROS client to one ROS Server, the firewall rule associated with this SSTP connection stays red on the server after connection. It was working before on previous versions. Is there a new parameter that I did...
by patrickmkt
Tue May 20, 2014 9:03 pm
Forum: General
Topic: Access to the Routerboard via OpenVPN
Replies: 1
Views: 1131

Re: Access to the Routerboard via OpenVPN

Hi, since a year now. i have a routerboard installation successfully rolled out with openvpn. today i tried to upgrade from 6.5 to 6.13. Well, there is one RB2011-RM configured as the server and 2 RB750 configured as clients. Also from time to time i am using the vpn link to administrate the boards...
by patrickmkt
Tue May 13, 2014 6:09 pm
Forum: Beginner Basics
Topic: Problems getting NTP to work
Replies: 3
Views: 1627

Re: Problems getting NTP to work

Last time I checked you can only enter an IP address in the NTP field, no FQDN. You can write a script to change the address regularly if you want to ease the load on the ntp server. /system ntp client set primary-ntp=[:resolve 0.us.pool.ntp.org] /system ntp client set secondary-ntp=[:resolve 1.us.p...
by patrickmkt
Tue Apr 01, 2014 7:28 am
Forum: General
Topic: v7.0 Released! (april fools joke)
Replies: 11
Views: 4715

Re: v7.0 Released!


Installed on all of our routers. Not a single problem.

That's the part that woke me up.
by patrickmkt
Tue Mar 25, 2014 3:34 pm
Forum: General
Topic: v6.11 released
Replies: 260
Views: 112368

Re: v6.11 released

Unfortunately 90% of issues posted here, are never reported to support, even if we ask for more info. Many issues are config problems and some issues are very specific to the config user has made in their device. Normis, how can you do a supout of a router but omitting private information like pass...
by patrickmkt
Mon Mar 24, 2014 8:46 pm
Forum: General
Topic: OVPN:require client certificate not working anymore [SOLVED]
Replies: 11
Views: 5071

Re: OVPN: require client certificate not working anymore

Same problem for me.
I have CA and intermediate CA with LT status in ROS.
by patrickmkt
Mon Mar 24, 2014 3:15 pm
Forum: General
Topic: sstp not working after Router OS upgrade from 6.7 to 6.9
Replies: 20
Views: 10875

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

did you check that the sstp profile does not have the Use encryption set to required. It seems to be a setting not concerning sstp but creating conflict since 6.9+. Change it to default or no.
by patrickmkt
Mon Mar 24, 2014 3:11 am
Forum: General
Topic: v6.11 released
Replies: 260
Views: 112368

Re: v6.11 released

I upgraded a rb2011uas-2HnD from 6.9 to 6.11 and now I can't connect my windows OVPN client to the ROS OVPN server anymore. The log show: disconnected <TLS failed> I've checked that the CA and intermediate CA have both a LT status, while the rb2011 cert has a KT status. If I uncheck the 'require cli...
by patrickmkt
Tue Mar 18, 2014 3:55 am
Forum: RouterBOARD hardware
Topic: POE out not working on OmniTIK UPA 5HnD
Replies: 14
Views: 14784

Re: POE out not working on OmniTIK UPA 5HnD

With longer cable you probably want to increase the voltage of the power supply. Also check the amp rating of your psu. Do you have enough margin of power to supply both unit together including the increased loss in the cable?
by patrickmkt
Sat Mar 08, 2014 6:55 am
Forum: General
Topic: v6.10 released
Replies: 248
Views: 108968

Re: v6.10 released

"Encryption negotiation rejected” This is a SSTP configuration error, not a bug. Please check your config. I see several people with this config mistake. For the PPP profile that you use in SSTP, turn off encryption, this setting is only used for PPTP. If you have enabled encryption in the PPP...
by patrickmkt
Fri Feb 28, 2014 9:54 pm
Forum: RouterBOARD hardware
Topic: WARNING! CCR and two power supplies
Replies: 10
Views: 4234

Re: WARNING! CCR and two power supplies

Did you put a diode to protect the second power supply from being back fed by the primary? If so, even a short on the second shouldn't impact anything.
by patrickmkt
Fri Feb 14, 2014 8:14 pm
Forum: General
Topic: v6.10 released
Replies: 248
Views: 108968

Re: v6.10 released

SSTP still broken as described in v6.9

Can not connect from a RB1100AH v6.10 client to a RB2011 v6.7 server. "Encryption negotiation rejected"

It was working perfectly from a v6.7 to v6.7
by patrickmkt
Fri Feb 14, 2014 3:11 am
Forum: Beginner Basics
Topic: Odd IP blocking
Replies: 4
Views: 1624

Re: Odd IP blocking

If you want to block the access to the network behind the router change chain=input to chain=forward. You also need to make sure that this rule is above the other rules that would let it pass.
by patrickmkt
Thu Feb 06, 2014 8:56 pm
Forum: Beginner Basics
Topic: SSTP VPN for multiple client
Replies: 5
Views: 4452

Re: SSTP VPN for multiple client

SSTP is not working as I expected. I have created certificate Manually as per this link: http://wiki.mikrotik.com/wiki/Manual:Create_Certificates#Import_certificates Certificate Installed in SSTP server: server.crt + ca.crt Certificate Installed in SSTP client: client.crt + ca.crt Certificated sele...
by patrickmkt
Tue Feb 04, 2014 5:45 pm
Forum: General
Topic: 6.9 released!
Replies: 222
Views: 103746

Re: 6.9 released!

For those of you having issues with 6.9: after updating and also updating the firmware to 3.10, then you'll need to do a system reset-configuration and then manually apply your custom settings. You mean that for every upgrade we have to completely reset the router, reprogram manually all the config...
by patrickmkt
Tue Feb 04, 2014 4:54 pm
Forum: Beginner Basics
Topic: SSTP VPN for multiple client
Replies: 5
Views: 4452

Re: SSTP VPN for multiple client

You should be able to use a different client certificates in each client as long as it is signed by the same ca. Serveur: CA.crt + Server.crt (signed by CA) + Server.key Client1: CA.crt + Client1.crt (signed by CA) + Client1.key Client2: CA.crt + Client2.crt (signed by CA) + Client2.key I have been ...
by patrickmkt
Sat Feb 01, 2014 4:11 pm
Forum: General
Topic: 6.9 released!
Replies: 222
Views: 103746

Re: 6.9 released!

updated from 6.7 to 6.9 on a rb1100ah and now I have on one of my sstp link to another routerboard still on 6.7:
Encryption negociation rejected.
by patrickmkt
Wed Jan 22, 2014 3:19 pm
Forum: Beginner Basics
Topic: src-nat problem
Replies: 4
Views: 3566

Re: src-nat problem

can you show us your firewall rules in order?
by patrickmkt
Thu Jan 16, 2014 3:15 pm
Forum: Beginner Basics
Topic: NAT & SIP
Replies: 7
Views: 13879

Re: NAT & SIP

The lines will come in handy at a different time that's for sure. I hate to sound like a complete newbie, but what would I be best in to using, I got a elastix box setup but it's confusing. Should I just go for a simple Linux Distro and Asterix setup? Or can FreeSwitch/Elastix/ etc.. do the same fe...
by patrickmkt
Wed Jan 15, 2014 11:08 pm
Forum: Beginner Basics
Topic: NAT & SIP
Replies: 7
Views: 13879

Re: NAT & SIP

Then that may make more sense and worth to setup. So my provider allows me to make four accounts within my account panel and assign four users with four different DID numbers. I can plug those four accounts straight in to Asterik? And then I can assign each line on the phone an account from Asteris...
by patrickmkt
Wed Jan 15, 2014 6:49 pm
Forum: Beginner Basics
Topic: NAT & SIP
Replies: 7
Views: 13879

Re: NAT & SIP

I'm currently not using a PBX/Trunking and just a commercial SIP Line in. I would like to avoid PBX but can you use PBX (asterisk / freeswitch) without a trunking account? Your 'commercial SIP line' is the PBX. You can always add your own PBX if you need too, a PBX is not acting differently than a ...
by patrickmkt
Wed Jan 15, 2014 5:33 pm
Forum: Beginner Basics
Topic: NAT & SIP
Replies: 7
Views: 13879

Re: NAT & SIP

I would assume that you are using your 7960 with the SIP firmware? Don't forget that for SIP in addition to the signalization channel (usually 5060) you also need to open the RTP range (the voice part of the communication). That's what you probably did for your other phone (src-port=16384-32766). Ch...
by patrickmkt
Sun Jan 05, 2014 5:26 am
Forum: General
Topic: DONE OpenVPN with require-client-certificate = yes
Replies: 3
Views: 2950

Re: OpenVPN with require-client-certificate = yes

What is your config?

Did you select the correct certificate with your openvpn config?
What kind of algo/key size/hash are you using for your certs?
by patrickmkt
Thu Dec 19, 2013 4:38 pm
Forum: General
Topic: The SIP does not work from behind the ROS NAT
Replies: 1
Views: 1261

Re: The SIP does not work from behind the ROS NAT

Don't forget that for SIP not only you have the signaling usually on port 5060, but the voice RTP is on other ports (depending on your phone and pbx config may be in the 10000 to 20000). You may have to open these ports too.
by patrickmkt
Thu Dec 12, 2013 4:50 pm
Forum: General
Topic: v6.7 released
Replies: 225
Views: 133192

Re: v6.7 released

I got a new issue with 6.7 on a RB1100ah. Never had that problem before. When connecting with winbox, some of my firewalls rules are red with unknown interface, some ppp connection disappeared from the list, etc... That's the second time I see it happened over a two weeks period. When I reboot the r...
by patrickmkt
Sun Dec 08, 2013 6:53 pm
Forum: Beginner Basics
Topic: Powering TP Link TL-WA5210G using Mikrotik RB750UP
Replies: 9
Views: 7838

Re: Powering TP Link TL-WA5210G using Mikrotik RB750UP

Seems that your TPLink does not appreciate 24V input. I couldn't find on the datasheet the voltage specifications for it, but it could be the culprit. You may try to use a 12V power supply for your RB750 that can deliver more than 1A as all your other devices together will need much more than that @...
by patrickmkt
Sun Dec 08, 2013 4:00 pm
Forum: General
Topic: Outgoing IAX2 connections don't work on Mikrotik
Replies: 3
Views: 1902

Re: Outgoing IAX2 connections don't work on Mikrotik

I have two different asterisk PABX using IAX trunks and IAX peers, and multiple IAX clients all behind Mikrotik routers and I never had a problem.
by patrickmkt
Tue Dec 03, 2013 4:17 pm
Forum: Scripting
Topic: DynDNS
Replies: 4
Views: 1970

Re: DynDNS

what is not working?

I had on mine to add some policy rights for the scripts and also on the /tool fetch command I had to change the address= with an IP (resolved in the beginning of the script) instead of FQDN and add host=FQDN in the line.
by patrickmkt
Mon Dec 02, 2013 9:05 pm
Forum: General
Topic: v6.7 released
Replies: 225
Views: 133192

Re: v6.7 released

patrickmkt
I have same issue. Created the ticket: Ticket#2013120266000693
But you can do this via terminal:

ros code

certificate set numbers=0 name=TestName
yes same problem as reported in v6.6
by patrickmkt
Mon Dec 02, 2013 4:55 pm
Forum: General
Topic: v6.7 released
Replies: 225
Views: 133192

Re: v6.7 released

Still unable to change a certificate name in winbox (error certificate subject is read only), while it is possible in terminal mode.
by patrickmkt
Mon Dec 02, 2013 2:54 am
Forum: RouterBOARD hardware
Topic: RB2011 port disconnecting
Replies: 6
Views: 3340

Re: RB2011 port disconnecting

change the cable on that port.
by patrickmkt
Fri Nov 29, 2013 11:24 pm
Forum: General
Topic: Winbox for android, when?
Replies: 52
Views: 56682

Re: Winbox for android, when?

I understand that it may be a PITA to have to enter a secured password for webfig while working on a mast. To avoid lowering the security of the login, why not having a certificate authentication available for webfig? You would just need to load the proper cert in your browser cert store and then yo...
by patrickmkt
Thu Nov 21, 2013 10:44 pm
Forum: Forwarding Protocols
Topic: How to limit OVPN user access to one server?
Replies: 3
Views: 2469

Re: How to limit OVPN user access to one server?

When a user log in it will create a temporary interface, you can not use this one with filter rules as this interface is temporary (unless you do it dynamically). That's why you want to 'reserve' an interface name for your client connection by creating a binding ones. In winbox: ppp/interface add ne...
by patrickmkt
Thu Nov 21, 2013 7:50 pm
Forum: Forwarding Protocols
Topic: How to limit OVPN user access to one server?
Replies: 3
Views: 2469

Re: How to limit OVPN user access to one server?

you need to create a binding ovpn server in your ppp interface (with the proper user info for that user).
You can then use that interface for your routing rules.
by patrickmkt
Thu Nov 21, 2013 7:48 pm
Forum: General
Topic: OpenVPN Server on RouterOS, mode=ip (tun) and Windows client
Replies: 7
Views: 11853

Re: OpenVPN Server on RouterOS, mode=ip (tun) and Windows cl

just put in your client .ovpn config file something like

route 192.168.100.0 255.255.255.0
by patrickmkt
Mon Nov 18, 2013 8:20 pm
Forum: General
Topic: Need to open firewall for NAT?
Replies: 3
Views: 1359

Re: Need to open firewall for NAT?

I just looked again at the ROS 6.x workflow chart and it seems that the NAT test is now after the filter rules. It would then explain it. What I don't understand is why on other routers not using ppoe I haven't seen this issue yet. Also, it does not seem to happens all the time. That's what is frust...
by patrickmkt
Mon Nov 18, 2013 4:12 pm
Forum: General
Topic: Need to open firewall for NAT?
Replies: 3
Views: 1359

Need to open firewall for NAT?

Hi, I'm lost. I have installed many routers before and this one is giving me a headache. It's an RB2011UAS-2HnD with ROS 6.6. As all my other install, I have a few servers that needs some ports to be natted. I have a basic netmat dstnat NAT rule with a dst port and src address list condition that is...
by patrickmkt
Fri Nov 15, 2013 11:31 pm
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 88064

Re: RouterOS v6.6 released

Also, cannot rename the certificate, it says "certificate subject is read only!" - it has nothing to do with the cert subject, I just want to change its internal name in ROS. I already signaled this one earlier. However if you really need to change it, you can still do it in the terminal ...
by patrickmkt
Fri Nov 08, 2013 6:58 pm
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 88064

Re: RouterOS v6.6 released

What's new in 6.6 (2013-Nov-07 13:04):

*) certificates - fixed certificate import;

Good I can import fine now, however, I can't change the internal name of the certificate anymore:
'couldn't change certificate xxx - certificate subject is read only'
by patrickmkt
Thu Oct 31, 2013 10:58 pm
Forum: General
Topic: V7 soon ?
Replies: 20
Views: 10749

Re: V7 soon ?

Before talking about a V7, let's focus on having a functional V6. Right now the only stable version is V5, V6 is still buggy, every new release corrects new bugs but creates new ones too that are a stopper.
by patrickmkt
Mon Oct 21, 2013 4:44 pm
Forum: General
Topic: after upgrade to 6.3 cannot generate certificate-request
Replies: 33
Views: 34263

Re: after upgrade to 6.3 cannot generate certificate-request

I have problem to import certificate on 6.5 too.
by patrickmkt
Mon Sep 23, 2013 9:56 pm
Forum: General
Topic: Locating a rogue client?
Replies: 7
Views: 3221

Re: Locating a rogue client?

I would just use a Mikrotik device with a directional antenna and run the wireless snooper, look for the mac. Go foxhunting! Thats really the only option you got: Time, hard work, and a really good antenna. Get a good compass and GPS, go to several locations more than a few degrees apart (relative ...
by patrickmkt
Fri Sep 20, 2013 3:05 am
Forum: General
Topic: Locating a rogue client?
Replies: 7
Views: 3221

Re: Locating a rogue client?

Again the issue is not to deny, block or improve the network security. I'm looking for a way to locate a rogue client device. I have directional antennas, but I don't know what would be the best receiver that can sniff & lock on a specific MAC and give me a constant RSSI output for me to do the ...
by patrickmkt
Thu Sep 19, 2013 11:22 pm
Forum: General
Topic: Locating a rogue client?
Replies: 7
Views: 3221

Re: Locating a rogue client?

Define rogue client.

Do you mean rogue dhcp server?

Do you mean unauthorized client that hacked into the network?

Do you mean rogue AP that is mirroring yours?
I mean an unauthorized client that hacked into the network.
And I'm looking for a cheaper solution than buying a Fluke Aircheck ;-)
by patrickmkt
Thu Sep 19, 2013 9:45 pm
Forum: General
Topic: Locating a rogue client?
Replies: 7
Views: 3221

Locating a rogue client?

I'm trying to locate a rogue client on one of my AP. Without disrupting the AP, what could I use to locate this client. My guess is to use another radio module with a directive antenna and doing some radio direction finding based on the RSSI. However I don't know how to setup a device that will give...
by patrickmkt
Sat Aug 10, 2013 3:28 am
Forum: Beginner Basics
Topic: Simple queue and V6 help
Replies: 1
Views: 1100

Re: Simple queue and V6 help

nobody?
by patrickmkt
Sun Aug 04, 2013 5:08 pm
Forum: Beginner Basics
Topic: Simple queue and V6 help
Replies: 1
Views: 1100

Simple queue and V6 help

I'm playing around with the v6.2 and I'm confused about how to migrate some of my previous config to use the simple queue to do some bandwidth management per user. Let's say I have on eth1 my WAN and multiple LAN on the other eth. My goal is to create a rule to limit the bandwidth going to/from the ...
by patrickmkt
Mon Feb 25, 2013 4:55 pm
Forum: Beginner Basics
Topic: Connecting iPhone to mikrotik vpn error!
Replies: 20
Views: 16920

Re: Connecting iPhone to mikrotik vpn error!

Here is m Blog on how I setup Windows 7 and Iphone 4 to use L2TP. Im no expert but it works

http://www.nasa-security.net/2013/02/20 ... ith-ipsec/

Travis
Nice tuto. +1 karma

However, does anyone achieved to use certificates with the IPSEC policy on the iphone and ROS?
by patrickmkt
Thu Feb 21, 2013 9:45 pm
Forum: General
Topic: OpenVPN - UDP, LZ0?
Replies: 16
Views: 10086

Re: OpenVPN - UDP, LZ0?

It's one of the most requested features for years, but still no plan to do it...

You better ask for a pink with green dot router, you'll have better chance to see it done.
by patrickmkt
Fri Feb 15, 2013 11:35 pm
Forum: General
Topic: RouterOS v6rc10 pre-released
Replies: 79
Views: 22955

Re: RouterOS v6rc10 pre-released

*) sstp, ipsec - respect CRLs;
*) certificates - for certificates marked as trusted=yes,
CRL will be automaticly updated once in hour from http sources;
Great, checking CRL was a must that many of us were waiting for.
by patrickmkt
Thu Feb 14, 2013 9:49 pm
Forum: Beginner Basics
Topic: Share printer in other subnet
Replies: 2
Views: 2201

Re: Share printer in other subnet

Can't you nat from one network to the other if your printer doesnt allow another network. If the printer is not the issue, it's just a matter of checking that your firewall rules allow you to connect to the printer from your second network and configuring your computer to point to the proper printer...
by patrickmkt
Tue Jan 29, 2013 3:51 am
Forum: Beginner Basics
Topic: Simple Dual WAN Dual LAN question
Replies: 3
Views: 2009

Re: Simple Dual WAN Dual LAN question

In mangle, add a routing mark WAN2 for all the traffic !local coming from interface LAN2
add routing mark WAN1 for all the traffic !local coming from interface LAN1
In route, add a route for all the routing mark WAN2 to go through WAN2, and same for WAN1.

There are plenty of examples on the wiki
by patrickmkt
Sun Jan 20, 2013 7:00 pm
Forum: General
Topic: Route Socks Server Over VPN
Replies: 1
Views: 1086

Re: Route Socks Server Over VPN

I have the same question
by patrickmkt
Sun Jan 20, 2013 5:58 pm
Forum: General
Topic: How to force an application to a specific gateway? SOCKS?
Replies: 0
Views: 670

How to force an application to a specific gateway? SOCKS?

All my normal routing goes through my main gateway (lets say on eth1) However I have another gateway I want to use for specific use (lets say eth2). I want to be able from the computer side to have some applications going through gateway 2 while the others still use gateway 1. These apps may use dif...
by patrickmkt
Mon Jan 14, 2013 4:16 pm
Forum: General
Topic: OVPN on new versoins ROS 6.0 and 5.1...
Replies: 61
Views: 25787

Re: OVPN on new versoins ROS 6.0 and 5.1...

I am too voting for a full OVPN support in ROS.
by patrickmkt
Sun Dec 16, 2012 5:34 pm
Forum: General
Topic: 5.22 released!
Replies: 104
Views: 58926

Re: 5.22 released!

When removing an UPS, or changing the serial port of an UPS, the previous serial port is still assigned to the UPS and unable to be reused by any other process. Am I the only one with this problem? what do you mean by "changing the port"? how many serial ports does your device have, and w...
by patrickmkt
Sat Dec 15, 2012 3:02 am
Forum: RouterBOARD hardware
Topic: 2011 power cord retainer
Replies: 34
Views: 9276

Re: 2011 power cord retainer

Thank you all for suggestions. In future, we will have something along these lines:
Screen Shot 2012-12-07 at 10.00.14 AM.png
Looks great. Then also please update the power supply with a 90 degree angle plug to avoid a sharp bend on the cable to go back to the grooves and also saving space.
by patrickmkt
Fri Dec 07, 2012 3:34 am
Forum: General
Topic: 5.22 released!
Replies: 104
Views: 58926

Re: 5.22 released!

When removing an UPS, or changing the serial port of an UPS, the previous serial port is still assigned to the UPS and unable to be reused by any other process. Am I the only one with this problem? what do you mean by "changing the port"? how many serial ports does your device have, and w...
by patrickmkt
Wed Dec 05, 2012 2:24 pm
Forum: General
Topic: 5.22 released!
Replies: 104
Views: 58926

Re: 5.22 released!

When removing an UPS, or changing the serial port of an UPS, the previous serial port is still assigned to the UPS and unable to be reused by any other process.
Am I the only one with this problem?
by patrickmkt
Tue Nov 27, 2012 3:56 pm
Forum: General
Topic: 5.22 released!
Replies: 104
Views: 58926

Re: 5.22 released!

When removing an UPS, or changing the serial port of an UPS, the previous serial port is still assigned to the UPS and unable to be reused by any other process.
by patrickmkt
Sun Nov 25, 2012 3:18 pm
Forum: Beginner Basics
Topic: 4 cameras ip and rb 750gl
Replies: 1
Views: 812

Re: 4 cameras ip and rb 750gl

post here your config and more info on your network if you want us to try to help you.

You would probably have to setup port forwarding from a different port to each camera port.
by patrickmkt
Sat Nov 24, 2012 4:18 pm
Forum: The User Manager
Topic: PayPal - bad http response
Replies: 12
Views: 6241

Re: PayPal - bad http response

What's new in 5.22 (2012-Nov-23 09:28):

*) userman - fix PayPal "bad HTTP response";
by patrickmkt
Wed Nov 21, 2012 6:41 pm
Forum: General
Topic: problem with Graphic in router
Replies: 6
Views: 4163

Re: problem with Graphic in router

check that the 'store on disk' option is enabled in the graphing setup.
by patrickmkt
Mon Nov 19, 2012 2:48 am
Forum: General
Topic: Avoiding Multiple NAT
Replies: 6
Views: 2720

Re: Avoiding Multiple NAT

Can someone explain to me why double nat or even triple nat wouldn't work?
It's not elegant nor efficient but why wouldn't it work?

If on the ADSL you do a port forwarding to the ip of the mikrotik router then from there a port forwarding to your client there shouldn't be a problem?
by patrickmkt
Sun Nov 18, 2012 6:28 pm
Forum: Wireless Networking
Topic: Suggestion for 30 miles link
Replies: 11
Views: 2868

Re: Suggestion for 30 miles link

I have a repeater in between but that site is unmanaged. Hence I want to have the link from my managed site. I don't think Horizontal antennas can help with signal strength. Increasing the height at other end seems to be a probable and possible solution. No but horizontal polarization can improve y...
by patrickmkt
Sat Nov 17, 2012 3:12 pm
Forum: General
Topic: DNS Packets going Missing
Replies: 3
Views: 2451

Re: DNS Packets going Missing

Interesting. I have some DNS timeout in my setup with the RB as DNS server/cache when some of the queues are loaded, despite a low cpu usage.

I'll be following your thread to see if it gives me some pointers to solve my issue.
by patrickmkt
Fri Nov 16, 2012 12:58 am
Forum: Wireless Networking
Topic: Hiding SSID but someone is using wlan
Replies: 3
Views: 1383

Re: Hiding SSID but someone is using wlan

Hidden doesn't mean it can't be found...
Look at traffic and the connection and you'll see who is on it.
by patrickmkt
Fri Nov 09, 2012 2:50 pm
Forum: Beginner Basics
Topic: RouterBoard 1100AH
Replies: 3
Views: 2172

Re: RouterBoard 1100AH

Try to change the eth port you connect your router to.
With winbox, do a discovery (the ... box next to the connect to line).
by patrickmkt
Thu Nov 08, 2012 6:42 pm
Forum: General
Topic: QOS Help!!! DNS timeout
Replies: 1
Views: 1049

Re: QOS Help!!! DNS timeout

nobody?

Why the priority is not working and a fully loaded queue child would block other children even with higher priority or before reaching their limit at?
by patrickmkt
Thu Nov 01, 2012 3:31 pm
Forum: General
Topic: QOS Help!!! DNS timeout
Replies: 1
Views: 1049

QOS Help!!! DNS timeout

When I though I understood how to manage QOS, I'm questioning myself again.. I have an RB1100AH, ROS 5.21 I put the following queue tree. All queues are pcq. When I put the max limit of my RS812 queue to 350k all the computers on the network can't resolve DNS anymore from the RB1100AH (timeout). Why...
by patrickmkt
Tue Oct 23, 2012 2:03 am
Forum: Beginner Basics
Topic: Destination NAT
Replies: 4
Views: 1197

Re: Destination NAT

really have only one chance to get it right, as this is production router and I cant afford to play around and learn by mistake :) Not so Fearless after all :lol: /ip firewall nat add action=dst-nat chain=dstnat dst-address=Y.Y.Y.Y dst-port=8090 protocol=\ tcp to-addresses=X.X.X.X Shouldn't it be a...
by patrickmkt
Thu Oct 18, 2012 3:54 pm
Forum: General
Topic: Static IP issued from Bellsouth\ATT DSL configuration
Replies: 16
Views: 14551

Re: Static IP issued from Bellsouth\ATT DSL configuration

To reach the modem page when in bridge mode, you just need to set a static IP in the same subnet to the eth port that is connected to it. If your modem was 192.168.1.254 before you put it in bridge mode, just assign IP 192.168.1.10 to your interface, and you should be able to connect to 192.168.1.25...
by patrickmkt
Thu Oct 18, 2012 3:48 pm
Forum: General
Topic: Status of OpenVPN in RouterOS?
Replies: 22
Views: 14422

Re: Status of OpenVPN in RouterOS?

When you see even consumer routers/modems offering openVPN with all functionalities (like lzo and udp), you wonder why a supposedly better grade router can't do it... We are also considering alternate options than ROS to continue to provide openVPN services for our users. Will be sad to change again...
by patrickmkt
Tue Oct 16, 2012 3:59 pm
Forum: General
Topic: tftp-server-name option in DHCP-SERVER
Replies: 17
Views: 34793

Re: tftp-server-name option in DHCP-SERVER

Also the option is defined for all dhcp server on all interfaces. Is there a way to define an option for one interface/dhcp server only.
I need option 150 with different value on different interfaces...
by patrickmkt
Mon Oct 15, 2012 4:52 pm
Forum: General
Topic: HUge POrt Flap!
Replies: 14
Views: 3396

Re: HUge POrt Flap!

bad cable? bad connector?
by patrickmkt
Sun Oct 14, 2012 5:57 pm
Forum: General
Topic: 5.21 released
Replies: 78
Views: 27107

Re: 5.21 released

Can anyone explain, why system routerboard on 2.38 like my pict?
Per http://routerboard.com/RB1200 the latest firmware for the RB1200 is 2.38
by patrickmkt
Sat Oct 13, 2012 11:27 pm
Forum: General
Topic: Can't connect APC serial UPS
Replies: 4
Views: 2326

Re: Can't connect APC serial UPS

doesn't work with 5.21 either. Now the UPS shows as invalid.
by patrickmkt
Sat Oct 13, 2012 11:24 pm
Forum: General
Topic: 5.21 released
Replies: 78
Views: 27107

Re: 5.21 released

I don't have the 'can't add ups' error anymore, but the ups shows as invalid :(
by patrickmkt
Sat Oct 13, 2012 7:06 pm
Forum: General
Topic: Supported UPS`s
Replies: 51
Views: 45259

Re: Supported UPS`s

Also, why not supporting APC UPS that have an ethernet network card? For a router, connecting an UPS via IP seems better than using the only single serial port of the router.
by patrickmkt
Sat Oct 13, 2012 5:15 pm
Forum: RouterBOARD hardware
Topic: serial1 on RB1100
Replies: 4
Views: 1637

Re: serial1 on RB1100

I understyand that the RB1100 has one physiccal port witch is serial0, but is it possible to use serial1? Is there a pin out on the board to add an extra DB9? Did you read the manual for the RB1100??? It tells you how to do this. There is a serial header already soldered to the motherboard for conn...
by patrickmkt
Sat Oct 13, 2012 4:58 pm
Forum: General
Topic: Can't connect APC serial UPS
Replies: 4
Views: 2326

Can't connect APC serial UPS

I have an APC smart UPS 3000 RM connected with a genuine APC smart ups cable. I can dialog with the UPS properly trough the '/system serial-terminal serial0' ROS command. However, when I am trying to add this UPS to ROS I have 'Couldn't add New UPS error - opening serial port failed: 2 9 (6)' This U...
by patrickmkt
Fri Oct 12, 2012 3:53 pm
Forum: General
Topic: Problem with ssh client, user option not working
Replies: 6
Views: 4813

Re: Problem with ssh client, user option not working

Thanks, that make sense.

I'll give it a try.
by patrickmkt
Fri Oct 12, 2012 3:33 pm
Forum: General
Topic: Problem with ssh client, user option not working
Replies: 6
Views: 4813

Re: Problem with ssh client, user option not working

You're maybe right, but then how to make a script send an ssh command with authentication?
Would the script have the right to use the remoteuser certificate?
Or are you stuck to use the same cert for ssh as admin to the mikrotik and then to install the same cert in all the server you want to ssh to?
by patrickmkt
Thu Oct 11, 2012 5:00 pm
Forum: General
Topic: Problem with ssh client, user option not working
Replies: 6
Views: 4813

Problem with ssh client, user option not working

Hi, on ROS 5.20 I have an issue when using '/system ssh 1.1.1.1 user=myremoteuser' I am trying to ssh to a remote server 1.1.1.1 using certificate authentication. I have created on this server a user myremoteuser with proper keys. I have created the same myremoteuser on the routerboard and imported ...
by patrickmkt
Wed Oct 10, 2012 2:55 pm
Forum: General
Topic: [Feature request] /ip firewall protocol-port-list
Replies: 9
Views: 4906

Re: [Feature request] /ip firewall protocol-port-list

Yes that's one feature I would like too. We can do without, but it would made the configuration much more easier to read.
Another feature for me would be to be able to be able to associate an alias to a mac address instead of trying to remember who is who during debug.
by patrickmkt
Sat Oct 06, 2012 2:35 am
Forum: General
Topic: EoIP slow high latency
Replies: 14
Views: 10605

Re: EoIP slow high latency

weird, I'm using Airmax on my link and I'm not seeing this problem...
by patrickmkt
Thu Oct 04, 2012 6:42 pm
Forum: Beginner Basics
Topic: Queue Tree Limit At error?
Replies: 2
Views: 1477

Re: Queue Tree Limit At error?

That mean that you need to put manually the same 'max limit' to every child of a tree and that the parent one is useless. I would consider that as a bug in the entry test routine that is just trying to check that 'max limit'>'limit at' and does not consider that 'max limit'=0 is an exception to refe...
by patrickmkt
Thu Oct 04, 2012 12:15 am
Forum: General
Topic: EoIP slow high latency
Replies: 14
Views: 10605

Re: EoIP slow high latency

I have two RB2011 linked by a pair of ubnt Nanobridge. I have two EOIP tunnel on this link. I get a good steady 4~6ms response from both side of the tunnel from end devices.
by patrickmkt
Sat Sep 29, 2012 3:45 am
Forum: Beginner Basics
Topic: Queue Tree Limit At error?
Replies: 2
Views: 1477

Queue Tree Limit At error?

Hi, I have a queue tree where I have put a 'Max Limit' to a parent and would like to define some 'limit at' for some of the children. However, when I try to set a 'limit at' for the children, I have an error saying that the 'limit at' can't be below the 'Max limit'. I don't want to set a 'max limit'...
by patrickmkt
Tue Sep 25, 2012 7:44 pm
Forum: General
Topic: NAS offline or online checking script/program
Replies: 1
Views: 765

Re: NAS offline or online checking script/program

/Tools/netwatch

When the ip of your NAS wont answer the script linked in Down will activate. When it's coming back up, the script in Up will be triggered.

In you up and down script you can choose to do whatever action you want (send email, reroute to another nas, etc...)
by patrickmkt
Sun Sep 23, 2012 2:39 pm
Forum: RouterBOARD hardware
Topic: RB433AH voltage monitor
Replies: 15
Views: 4835

Re: RB433AH voltage monitor

I know next to nothing about electronics. Is there a device that can sit between the batteries and the routerboard which will cut in at, say, 26V and stop the voltage to the boards going any higher? Yes you can find plenty of devices. From the simple zener diode that will drop the voltage (but not ...
by patrickmkt
Fri Sep 21, 2012 4:21 pm
Forum: General
Topic: Is there any chance to set up this OVPN conf in RouterOS?
Replies: 5
Views: 2871

Re: Is there any chance to set up this OVPN conf in RouterOS

did you import your certificate in the mikrotik?
Did you create an OVPN client with the proper address, login and password?
You are lucky that your university is using tcp as ROS only support tcp for ovpn. I don't see anything else that could block you to make it work.
by patrickmkt
Wed Sep 19, 2012 2:44 pm
Forum: Forwarding Protocols
Topic: Remote connection
Replies: 11
Views: 3014

Re: Remote connection

Check that ip/services allow www from anywere
Check that you opened your :80 port from outside (/ip firewall filter add action=accept chain=input comment="RouterOS www Management" disabled=no dst-port=80 protocol=tcp)
by patrickmkt
Wed Sep 19, 2012 2:34 pm
Forum: Beginner Basics
Topic: RB 750 GL - No DNS
Replies: 11
Views: 5709

Re: RB 750 GL - No DNS

Would it be a conflict with the config on the two ppoe setup to use the remote dns that would override it? If you disable temporarily the unused ppoe does it work? I have also noticed that when you have the ppoe dns enabled, you can't add with winbox additional static DNS. Only the dynamic ones crea...
by patrickmkt
Mon Sep 17, 2012 10:16 pm
Forum: Forwarding Protocols
Topic: Remote connection
Replies: 11
Views: 3014

Re: Remote connection

What do you want to do? To access the setup of your router from anywhere (ie winbox or ssh to the router)? To let someone from anywhere to access to your network (ie all the computers in your local network, not the router)? To let everyone from anywhere to access one service on one local server? For...
by patrickmkt
Mon Sep 03, 2012 5:22 pm
Forum: Beginner Basics
Topic: Unable to bridge PPPoE client?
Replies: 1
Views: 2769

Unable to bridge PPPoE client?

When using routerOS as PPPoE client, another virtual interface is created for PPPoE. However how can I add this virtual interface to a bridge? It does not appears in the bridge port list. My goal is to be able to switch easily from one internet access to another by script. All my filters rules where...
by patrickmkt
Sat Sep 01, 2012 3:56 am
Forum: Beginner Basics
Topic: RB1200 access & Restriction
Replies: 3
Views: 1357

Re: RB1200 access & Restriction

In winbox go to IP / Services and edit the 'available from' field to the only IP you want to give access to winbox or other services.
by patrickmkt
Thu Aug 30, 2012 9:26 pm
Forum: Scripting
Topic: email smtp server address check
Replies: 1
Views: 2105

email smtp server address check

My first script for a pretty simple stuff. My smtp server is using a FQDN name and not an ip address. Even if I'm sure they are not changing their IP daily, it may happen. Then here's just a small script to check and update the ip address in case it has changed. :local ipsmtp :set ipsmtp [:resolve s...
by patrickmkt
Wed Aug 29, 2012 2:21 pm
Forum: Beginner Basics
Topic: Is bridging 1 port bad?
Replies: 0
Views: 689

Is bridging 1 port bad?

Hi, I've noticed that often I have to add a free port to a LAN for a few hours for testing. I then need to create a bridge, add all the ports to the bridge and change all my firewall rules from the original eth port to the new bridge. Now, I have taken the habit of creating a bridge for all ports, e...
by patrickmkt
Wed Aug 29, 2012 2:16 pm
Forum: Beginner Basics
Topic: Firewall rules between two LAN help
Replies: 13
Views: 10312

Re: Firewall rules between two LAN help

Thanks. makes things a little bit more clear in my head ;-)
by patrickmkt
Sun Aug 26, 2012 11:43 pm
Forum: Beginner Basics
Topic: Firewall rules between two LAN help
Replies: 13
Views: 10312

Re: Firewall rules between two LAN help

Is conntrack enabled? Yes I just checked. I'm probably doing something blatantly stupid here but I can't point my finger on it. Could it be on the established rule? Should the dest and source address been from the inbound point of view or the return path? Maybe I've put it the wrong way? I haven't ...
by patrickmkt
Sun Aug 26, 2012 4:00 pm
Forum: Beginner Basics
Topic: Firewall rules between two LAN help
Replies: 13
Views: 10312

Re: Firewall rules between two LAN help

nobody?
by patrickmkt
Fri Aug 17, 2012 6:14 pm
Forum: Beginner Basics
Topic: Is Vlans the answer or is there an easier way?
Replies: 18
Views: 4541

Re: Is Vlans the answer or is there an easier way?

Can you do a VLAN for two different subnets? I'm a beginner too, but the way I would have solve this situation: RB2011: port 1-WAN port 2 link to RB751-LAN C (with another address assigned 172.20.0.1 for instance) other ports either LANA or LANB as described RB751: port 1: link to RB2011 - LAN C (17...
by patrickmkt
Fri Aug 17, 2012 5:27 pm
Forum: Beginner Basics
Topic: Firewall rules between two LAN help
Replies: 13
Views: 10312

Re: Firewall rules between two LAN help

Ok I was maybe not clear enough in my prose, here's the order of my rules: ;;; from A to B chain=forward action=accept dst-address-list=listB in-interface=ether2-LANA out-interface=ether3-LANB chain=forward action=accept connection-state=established src-address-list=listA in-interface=ether2-LANA ou...
by patrickmkt
Fri Aug 17, 2012 8:13 am
Forum: Beginner Basics
Topic: Firewall rules between two LAN help
Replies: 13
Views: 10312

Firewall rules between two LAN help

Hi, I have the following setup: ether1-gateway : WAN 192.168.1.1/24 ether2-LANA: LAN A 192.168.20.1/24 ether3-LANB: LAN B 192.168.30.1/24 With the default setup, there is no access from the WAN to any LAN, but each LAN can connect to the other LAN or WAN. Now I want to isolate both LAN: chain=forwar...
by patrickmkt
Sat Jul 28, 2012 5:43 pm
Forum: Beginner Basics
Topic: first bridge project on a RB2011L
Replies: 0
Views: 701

first bridge project on a RB2011L

Hi, I have a small project that I would like create with two RB2011L. That's my first encounter with RouterOS so I'm a little bit confused. I had some experience with some Cisco ASA. I have two separate buildings (A & B), each of them have their own ADSL access. I also have a UBNT wireless bridg...