Community discussions

MikroTik App

Search found 149 matches

by dazzaling69
Tue Jun 04, 2024 12:28 pm
Forum: General
Topic: Wireguard DNS Not Working as Expected
Replies: 9
Views: 757

Re: Wireguard DNS Not Working as Expected

In such a situation I tend to activate logging on my firewall (rules) to find out which is hit. Have you already checked the log? I get this in the log, which doesn't look suspicious to me, but nothing about DNS traffic - perhaps I need to enable something in the logging to trace this? masq srcnat:...
by dazzaling69
Tue Jun 04, 2024 12:14 pm
Forum: General
Topic: Wireguard DNS Not Working as Expected
Replies: 9
Views: 757

Re: Wireguard DNS Not Working as Expected

The back to home "feature" (I say that because *ahem Mikrotik* back to home doesn't work, at least for me) I tried but it is redundant. It uses Wireguard, which is why there is an additional entry for it, but it doesn't work, so I don't use it. Perhaps it doesn't work because of that publi...
by dazzaling69
Tue Jun 04, 2024 12:54 am
Forum: General
Topic: Wireguard DNS Not Working as Expected
Replies: 9
Views: 757

Re: Wireguard DNS Not Working as Expected

It's not a third party server - it's the ROS one. Config below. # 2024-06-03 21:53:25 by RouterOS 7.15 # software id = 4SAD-K293 # # model = RB5009UG+S+ # serial number = HE408Z9RT61 /interface bridge add name="Local Bridge" port-cost-mode=short add name=dockers port-cost-mode=short /inter...
by dazzaling69
Mon Jun 03, 2024 5:16 pm
Forum: General
Topic: Wireguard DNS Not Working as Expected
Replies: 9
Views: 757

Re: Wireguard DNS Not Working as Expected

Could be that. The firewall rules allow the wireguard IP address range to interact with my LAN range, and the DNS address is on the LAN range. Wireguard is configured to use the LAN's DNS server address (the router address), which is redirected via NAT to the pihole. Works for everything else on the...
by dazzaling69
Mon Jun 03, 2024 1:21 pm
Forum: General
Topic: Wireguard DNS Not Working as Expected
Replies: 9
Views: 757

Wireguard DNS Not Working as Expected

I have a working wireguard instance and a pihole that drops a lot of advertising traffic running on the same router. All of the traffic is forced through the pihole via NAT rules. If I connect to my network with no VPN and run an adblock test (d3ward.github.io) about 64% of ads are blocked. If I con...
by dazzaling69
Thu May 23, 2024 11:19 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

Thanks for those debug tests. It all seems to work, except, if I specify the default gateway from ipconfig, which is fe80::4aa9:8aff:fe57:4601%3, it doesn't work.

I think that's a detail though. Thank you.
by dazzaling69
Thu May 16, 2024 11:01 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

I thought I had this, but it seems not. The DNS lookups work if I specify the pihole's true IPv6 address - fd6c:b6e2:f488::2 - but not if I use the advertised address, the local bridge address fe80::4aa9:8aff:fe57:4601. I think this means the NAT rules are not working. This is maddeningly close to d...
by dazzaling69
Tue May 14, 2024 11:02 am
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

Thanks. I applied the masquerade rules and changed the advertised DNS server in ND. I think it's working - certainly, an NSlookup still provides a result, but I'm not sure that's a sign of anything in particular with IPv6 DNS... The UDP masq rule has seen some traffic since I added it and if I do ns...
by dazzaling69
Mon May 13, 2024 11:53 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

I have one last question, if it's not too much of an imposition. I'm trying with the NAT rules to force all DNS traffic to go through the pihole. I think that should work with my current IPv6 rules - certainly it has registered a bit of UDP traffic on that NAT rule. However, I don't want to advertis...
by dazzaling69
Mon May 13, 2024 9:13 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

Err. Whoops. Apologies for the rabbit hole, but I had forgotten I was running a VPN on one of my browsers. The other one worked fine. Sorry for that and thanks for the helpful suggestions.
by dazzaling69
Mon May 13, 2024 8:49 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

All of the tests passed successfully. The DNS setting made no difference. There is a chance it could be the ISP. It's odd though...
by dazzaling69
Mon May 13, 2024 11:15 am
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

The ping works fine. It could be my ISP - Vodafone...? I can see pihole is receiving requests from both IPv4 and IPv6 addresses. It all seems to be working (barring the NAT redirects), but the public-facing tools suggest otherwise. I have previously checked these and they used to work. # 2024-05-13 ...
by dazzaling69
Sun May 12, 2024 9:08 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

Is there a way I can find out what's happening with my IPv6 WAN connectivity? I can ping Google's DNS server on 2001:4860:4860::8888. How can the public tests fail, saying I don't have any IPv6 access?
by dazzaling69
Sat May 11, 2024 7:45 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

Rather bizarrely, I now seem to have no IPv6 public address! The DHCP v6 client says it's bound and has acquired and IPv6 address, but any public tests (https://test-ipv6.com/, https://ipv6-test.com/, https://ipv6test.google.com/, etc.) claims I don't have an IPv6 address. The whole IPv6 stack is pe...
by dazzaling69
Sat May 11, 2024 6:50 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

OK. Thanks so much for helping me sort this out. If I do nslookup example.com fd6c:b6e2:f488::2 it returns an IP address, so I guess that proves that the pihole DNS works. However, this doesn't work if I try any other IPv6 address as the DNS resolver - this is not the behaviour I was expecting given...
by dazzaling69
Sat May 11, 2024 4:19 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

Actually, I didn't try that, but it works! Both ping and traceroute behave as expected now. Thank you for sorting that out. Is there anything else I could/should check? Why did I get request timed out as the second hop to the Google DNS server? I'm now wondering whether the IPv6 DNS traffic really i...
by dazzaling69
Sat May 11, 2024 1:34 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

Rebooted PC and router. The address entries you suggested to remove are no longer listed, so I didn't attempt the forced delete from the table. Still not working though... tracert 2001:4860:4860::8888 Tracing route to dns.google [2001:4860:4860::8888] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 2...
by dazzaling69
Sat May 11, 2024 12:15 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

A bit weird. Hop 2 timed out after a few seconds, which seems significant. Output below. tracert 2001:4860:4860::8888 Tracing route to dns.google [2001:4860:4860::8888] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 2a0a:ef40:47e:aa00:: 2 * * * Request timed out. 3 9 ms 9 ms 8 ms 2a0a:ef40:ffff:f00:...
by dazzaling69
Fri May 10, 2024 3:59 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

Fails immediately. Tried a few other addresses. The last one is weird because the system obviously knows that it is a pi hole container from the IPv6 address but it won't reach it. Tracing route to fd6c:b6e2:f488::1 over a maximum of 30 hops 1 Destination host unreachable. Trace complete. Couple of ...
by dazzaling69
Fri May 10, 2024 1:10 am
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

Thanks for your answer.

I added dockers to listBridge, but it didn't alter the behaviour - host still unreachable.
by dazzaling69
Thu May 09, 2024 11:15 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

Pinging that address doesn't work in Terminal. However, pinging the address fd6c:b6e2:f488:0:24ba:81ff:fe62:3179, discovered in a later step, works - it seems I can actually ping the container. DAc route is correctly there The container has the address is fd6c:b6e2:f488:0:24ba:81ff:fe62:3179 (not th...
by dazzaling69
Thu May 09, 2024 1:53 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

I think I'm getting there. I followed your instructions but I still have no ping returned from my Windows box to the ULA that I set up. I'm sure it's something simple but I can't figure it out. Can you see where I've gone wrong? # 2024-05-09 11:50:37 by RouterOS 7.14.2 # software id = 4SAD-K293 # # ...
by dazzaling69
Wed May 08, 2024 11:56 pm
Forum: General
Topic: Struggling with IPv6 and Container
Replies: 2
Views: 493

Re: Struggling with IPv6 and Container

Just read it and replied to it now with a question. Thank you for your help so far - there's a bit I don't get though.
by dazzaling69
Wed May 08, 2024 11:49 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

* Add an IPv6 address entry to the "dockers" bridge interface, using that ULA pool (similar to how you added the address entry to "Local Bridge" using the "IPv6_Pool). This will add the necessary IPv6 routes. I can't see anywhere I can add an address entry to the dockers bri...
by dazzaling69
Wed May 08, 2024 7:59 pm
Forum: General
Topic: Struggling with IPv6 and Container
Replies: 2
Views: 493

Struggling with IPv6 and Container

I can't figure out how to set up IPv6 to communicate with a container. IPv4 works perfectly but no ping for IPv6. Config attached. Any idea what I'm doing wrong? # 2024-05-03 17:01:07 by RouterOS 7.14.2 # software id = 4SAD-K293 # # model = RB5009UG+S+ # serial number = HE408Z9RT61 /interface bridge...
by dazzaling69
Tue May 07, 2024 11:12 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Re: Pihole and IPv6 - getting it to work

Any help for this one?
by dazzaling69
Fri May 03, 2024 7:14 pm
Forum: General
Topic: Pihole and IPv6 - getting it to work
Replies: 36
Views: 3431

Pihole and IPv6 - getting it to work

I have a working pihole container that is flawless on IPv4 traffic. I'm trying to set it up to work with IPv6 DNS traffic as well. I have copied the IPv4 rules and settings (VETH, filter, NAT) to the IPv6 equivalents but it doesn't work. I suspect my newbie understanding of IPv6 is probably to blame...
by dazzaling69
Thu May 02, 2024 4:49 pm
Forum: General
Topic: Wireguard IPv6 and Subnets
Replies: 5
Views: 802

Re: Wireguard IPv6 and Subnets

Are there any helpful suggestions for this? I think if I knew how to arrange subnets/fix IP addresses, etc., I could figure out the rest myself.
by dazzaling69
Mon Apr 22, 2024 1:21 am
Forum: General
Topic: Back to Home Not Working on iPhone
Replies: 6
Views: 782

Re: Back to Home Not Working on iPhone

I can confirm that I followed the instructions. For whatever reason, it's not routing any traffic anywhere.

I added another Windows box to Wireguard and that worked fine.

It could be conflicting with another setting. How can I troubleshoot the tunnel?
by dazzaling69
Sat Apr 20, 2024 2:58 pm
Forum: General
Topic: Back to Home Not Working on iPhone
Replies: 6
Views: 782

Back to Home Not Working on iPhone

I am trying Back to Home but failing. I already have WireGuard working on my iPhone back to my router - works for LAN and WAN connectivity, so I know that works, but I thought I'd try BTH for my family members. Back to home configures from the app, and I can see it dynamically added in the Wireguard...
by dazzaling69
Fri Apr 19, 2024 1:21 am
Forum: General
Topic: Wireguard IPv6 and Subnets
Replies: 5
Views: 802

Re: Wireguard IPv6 and Subnets

Hi Eric, This is exactly what I assumed I would need to do. I don't, however, know how to do these steps. Fix one suitable IPv6 subnet range for your Wireguard setup - how? Once you've taken a subnet, start allocating each IPv6 addresses within that subnet for your Wireguard peers - how? Start Updat...
by dazzaling69
Wed Apr 17, 2024 12:56 pm
Forum: General
Topic: Wireguard IPv6 and Subnets
Replies: 5
Views: 802

Wireguard IPv6 and Subnets

I want to extend my Wireguard access to IPv6 (it's working with IPv4). The first instruction in guides is usually to set aside an IPv6 subnet for Wireguard to use. Being new to IPv6 (it's a bit of a mind-shift from IPv4 in some ways) I'm not sure how to do that. Can anyone help? Is there a simple gu...
by dazzaling69
Thu Apr 11, 2024 10:25 pm
Forum: General
Topic: Trouble Setting up ipv6
Replies: 21
Views: 1535

Re: Trouble Setting up ipv6

Thanks. It seemed to take a few seconds to sort itself out but that seems to work like a charm with 1500 MTU.
by dazzaling69
Thu Apr 11, 2024 7:27 pm
Forum: General
Topic: Trouble Setting up ipv6
Replies: 21
Views: 1535

Re: Trouble Setting up ipv6

TBH, I was sceptical about the MTU suggestion but that seemed to do the trick. I also removed the DNS server entry. Thank you very much for your help. This is not remotely straightforward to configure! Is there anything else you recommend doing/testing? There are some advanced firewall and raw rules...
by dazzaling69
Thu Apr 11, 2024 4:25 pm
Forum: General
Topic: Trouble Setting up ipv6
Replies: 21
Views: 1535

Re: Trouble Setting up ipv6

Update - for some reason, this test site shows a fail, but ipv6test.google.com shows a pass. Quite a lot of other ipv6 test sites fail to load, e.g., https://whatismyv6.com/, https://ipv6-test.com/, ipchecktool.com. So I'm unclear whether my ipv6 connectivity is sort of working or completely working...
by dazzaling69
Thu Apr 11, 2024 3:44 pm
Forum: General
Topic: Trouble Setting up ipv6
Replies: 21
Views: 1535

Re: Trouble Setting up ipv6

Aha. Partial successs! I can now ping an ipv6 DNS server from my windows box! However, running test-ipv6 I get the below: Your Internet Service Provider (ISP) appears to be Vodafone No IPv6 address detected [more info] Our tests show that you will have a broken or misconfigured IPv6 setup, and this ...
by dazzaling69
Thu Apr 11, 2024 2:07 pm
Forum: General
Topic: Trouble Setting up ipv6
Replies: 21
Views: 1535

Re: Trouble Setting up ipv6

Thanks again for your reply. I did what you originally suggested and nuked all the Filter, NAT, RAW and Address List entries and added the default ipv6 rules. I still don't have any PING from my Windows box, nor ipv6 web access. My complete ipv6 rules are attached. If it isn't this then I guess the ...
by dazzaling69
Wed Apr 10, 2024 9:00 pm
Forum: General
Topic: Trouble Setting up ipv6
Replies: 21
Views: 1535

Re: Trouble Setting up ipv6

Thanks. I will try that. It feels like the firewall rules are fairly basic though. I'm puzzled why fairly vanilla input and forwarding rules (processed in order from top to bottom) wouldn't allow me to at least ping an IPv6 address from my Windows box. Is there some troubleshooting I can do to see w...
by dazzaling69
Wed Apr 10, 2024 6:48 pm
Forum: General
Topic: Trouble Setting up ipv6
Replies: 21
Views: 1535

Re: Trouble Setting up ipv6

One more thing. On my PPPoE settings the ipv4 remote address is publicly routable but ipv6 is fe80::2621:24ff:fe88:2a3f. Isn't this a link-local address or does IPv6 do this differently as well? The IPv6 prefix is received and the DHCPv6Client is bound, but perhaps this is all negotiated over IPv4 a...
by dazzaling69
Wed Apr 10, 2024 5:27 pm
Forum: General
Topic: Trouble Setting up ipv6
Replies: 21
Views: 1535

Re: Trouble Setting up ipv6

I realised that my ipv6 firewall filter rules were all forwards with no inputs (face-palm). I fixed that (below) but still no joy - is there anything obviously wrong? Not being able to ping from my Windows PC (but works from ROS) makes me think it's either a firewall or some other routing issue. It ...
by dazzaling69
Tue Apr 09, 2024 9:32 pm
Forum: General
Topic: Trouble Setting up ipv6
Replies: 21
Views: 1535

Re: Trouble Setting up ipv6

Thanks again for the suggestions. No joy. Specific answers: There is a route created for ::/0, which has the gateway with an fe80 address with a %Vodafone at the end. I assume this is working. I can ping the address from a Winbox terminal but NOT from windows - it just times out The IPv6 Gateway on ...
by dazzaling69
Tue Apr 09, 2024 5:56 pm
Forum: General
Topic: Trouble Setting up ipv6
Replies: 21
Views: 1535

Re: Trouble Setting up ipv6

Thank you for helping. I made the changes you suggested, which has improved things a bit. I now get an ipv6 address on my computer but I can't connect to sites on the internet. If I do a connectivity test at https://test-ipv6.com/ it tells me that no ipv6 address is detected. If I try to connect to ...
by dazzaling69
Tue Apr 09, 2024 2:41 am
Forum: General
Topic: Trouble Setting up ipv6
Replies: 21
Views: 1535

Re: Trouble Setting up ipv6

Thanks. I think I am too lost to be able to use your suggestions. Is there an example setup I can work from?

Can you see anything else in the config that might be getting in the way?
by dazzaling69
Sun Apr 07, 2024 4:15 pm
Forum: General
Topic: Trouble Setting up ipv6
Replies: 21
Views: 1535

Re: Trouble Setting up ipv6

I confirmed that if I turn off the pihole it still doesn't work.
confg.rsc
by dazzaling69
Sat Apr 06, 2024 7:33 pm
Forum: General
Topic: Trouble Setting up ipv6
Replies: 21
Views: 1535

Trouble Setting up ipv6

I finally got an IPv6 prefix from Vodafone. While trying to set up the rest of the router I somehow messed it up and it no longer receives one. ipv6 is quite different and I'm struggling with it. Can anyone help me find out why it no longer receives the prefix and also how I should set up the rest o...
by dazzaling69
Fri Feb 09, 2024 11:39 am
Forum: General
Topic: Upgrade Pihole Container Without Breaking It [SOLVED]
Replies: 9
Views: 1457

Re: Upgrade Pihole Container Without Breaking It [SOLVED]

Many thanks for this. It is, and you have been, very helpful.
by dazzaling69
Tue Feb 06, 2024 11:25 am
Forum: General
Topic: Upgrade Pihole Container Without Breaking It [SOLVED]
Replies: 9
Views: 1457

Re: Upgrade Pihole Container Without Breaking It [SOLVED]

Thanks Optio. That is all very useful and helpful info. The script is a nice solution.

In terms of the process, does your process keep all of the setting for the pihole (adlists, DNS settings, etc.) or do you need to run the teleporter pre and post update?
by dazzaling69
Mon Feb 05, 2024 8:23 pm
Forum: General
Topic: Upgrade Pihole Container Without Breaking It [SOLVED]
Replies: 9
Views: 1457

Re: Upgrade Pihole Container Without Breaking It [SOLVED]

I tried the method of setting up a new container, pointing everything to the existing folders and variables, then turning off the old one and starting the new one. I applied the container setup but didn't start it. It failed to set up. I did not start the new container. The old container now no long...
by dazzaling69
Fri Feb 02, 2024 6:18 pm
Forum: General
Topic: Upgrade Pihole Container Without Breaking It [SOLVED]
Replies: 9
Views: 1457

Upgrade Pihole Container Without Breaking It [SOLVED]

Is there a guide or explanation anywhere about upgrading a pihole container instance running on a MT router? I have a fully working setup so don't want to mess it up.

Is there a way to back it up, in case it doesn't work?
by dazzaling69
Wed Nov 22, 2023 12:49 am
Forum: Wireless Networking
Topic: Using non-MT Access Points in a mesh config - does it work?
Replies: 7
Views: 1857

Re: Using non-MT Access Points in a mesh config - does it work?

Thank you for the explanation. It's a shame about the controller requirement. Hopefully MT will release some good value WiFi 6+ APs soon.
by dazzaling69
Sun Nov 19, 2023 7:42 pm
Forum: Wireless Networking
Topic: Using non-MT Access Points in a mesh config - does it work?
Replies: 7
Views: 1857

Re: Using non-MT Access Points in a mesh config - does it work?

Thanks for your answer. This might be highly naive but I assume mesh means something more than just a bunch of wired APs where the client decides which one to connect to. I guess what I mean by mesh is that the APs are not "dumb": will switch seamlessly between APs as you move around the h...
by dazzaling69
Sun Nov 19, 2023 2:20 pm
Forum: Wireless Networking
Topic: Using non-MT Access Points in a mesh config - does it work?
Replies: 7
Views: 1857

Using non-MT Access Points in a mesh config - does it work?

I'd like to use some non-MT APs to work in a mesh config. Can RouterOS turn a collection of any discrete APs into a mesh system?

The APs I'd like to use are netgear wireless APs (WAX220) that don't have mesh software built in so they operate as independent APs.

D.
by dazzaling69
Sat Nov 18, 2023 3:21 pm
Forum: Wireless Networking
Topic: Making APs work as a mesh - E.g., Netgear WAX220
Replies: 3
Views: 1478

Making APs work as a mesh - E.g., Netgear WAX220

I have never used my MT router for wireless operation, but I want to try. Can I use the MT router itself to make non-mesh APs work together in a mesh? My starting point is a great deal on some Netgear PoE Wireless Access Points (WAX220). They don't come with mesh software, but they do have great per...
by dazzaling69
Fri Nov 10, 2023 2:32 pm
Forum: General
Topic: VETH doesn't survive shutdown - breaks pihole container
Replies: 3
Views: 838

Re: VETH doesn't survive shutdown - breaks pihole container

Survived both reboots and a shutdown.
by dazzaling69
Thu Nov 09, 2023 6:28 pm
Forum: General
Topic: VETH doesn't survive shutdown - breaks pihole container
Replies: 3
Views: 838

Re: VETH doesn't survive shutdown - breaks pihole container

This seems to be a common problem. I updated to the latest release (7.12) today and reset the interfaces. It's working, but I'm now afraid to reboot it :D

Does anyone know if this update fixed the problem?
by dazzaling69
Wed Nov 08, 2023 5:55 pm
Forum: General
Topic: VETH doesn't survive shutdown - breaks pihole container
Replies: 3
Views: 838

VETH doesn't survive shutdown - breaks pihole container

I have a pihole container on my router, but the VETH it works off is causing me problems. I had it configured, as per the Mikrotik video tutorial on pihole containers, on VETH1. I shut down the router, but when it rebooted the VETH1 interface was no longer there, which caused the container to not ru...
by dazzaling69
Fri Nov 03, 2023 4:55 pm
Forum: General
Topic: WAN-side DNS lookups not being blocked - pihole container [SOLVED]
Replies: 18
Views: 1804

Re: WAN-side DNS lookups not being blocked - pihole container [SOLVED]

Many thanks. The NAT rules are there as I use the router as the upstream DNS server to the pihole but advertise the router's address as the DNS in DHCP. The NAT rules basically ignore the DNS lookup address (whatever address anyone on the LAN uses) and sends everything to the pihole. That way I can ...
by dazzaling69
Fri Nov 03, 2023 4:40 pm
Forum: General
Topic: WAN-side DNS lookups not being blocked - pihole container [SOLVED]
Replies: 18
Views: 1804

Re: WAN-side DNS lookups not being blocked - pihole container [SOLVED]

Aha! If I change the in interface to the local bridge (which is not quite what you suggested "in interface list", but I hope is equivalent) then the forwarding stops and a drop rule at the top of the filter rules starts to register the offending traffic. I assume I don't explicitly need th...
by dazzaling69
Fri Nov 03, 2023 3:55 pm
Forum: General
Topic: WAN-side DNS lookups not being blocked - pihole container [SOLVED]
Replies: 18
Views: 1804

Re: WAN-side DNS lookups not being blocked - pihole container [SOLVED]

Hi,

I can confirm that I am getting lookups from WAN. Bizarrely, a Drop Rule on the input chain for the IP range that worries me does detect any traffic, but an equivalent drop rule on the forward chain does.

This seems very odd to me. Can anyone help?

Da.
by dazzaling69
Tue Oct 31, 2023 3:34 pm
Forum: General
Topic: Pihole container run out of disk space [SOLVED]
Replies: 10
Views: 1403

Re: Pihole container run out of disk space [SOLVED]

I tried just moving mounts, but that broke stuff. I think I probably need to recreate the entire pihole again as certain things, like the VETH, seem linked to the folder I started off with.

Have I got that right?
by dazzaling69
Tue Oct 31, 2023 3:13 pm
Forum: General
Topic: Pihole container run out of disk space [SOLVED]
Replies: 10
Views: 1403

Re: Pihole container run out of disk space [SOLVED]

That helps. The disk is mounted but I've pointed the container to the internal storage. Is it possible to copy the folders from the internal storage to the USB drive before I change the mount points, so I can have a smooth continuation of service? There's not an obvious file management structure, an...
by dazzaling69
Tue Oct 31, 2023 2:19 pm
Forum: General
Topic: Pihole container run out of disk space [SOLVED]
Replies: 10
Views: 1403

Re: Pihole container run out of disk space [SOLVED]

Sure. /container mounts add dst=/etc/dnsmasq.d name=dnsmasq_pihole src=/disk1/etc-dnsmasq.d add dst=/etc/pihole name=etc_pihole src=/disk1/etc /disk set usb1 type=hardware add parent=usb1 partition-number=1 partition-offset=512 partition-size=\ "128 035 675 648" type=partition /container a...
by dazzaling69
Tue Oct 31, 2023 1:34 pm
Forum: General
Topic: Pihole container run out of disk space [SOLVED]
Replies: 10
Views: 1403

Re: Pihole container run out of disk space [SOLVED]

I have the external disk labelled "disk1" in Slot usb1-part1. The container mounts are set to Src /disk1/etc and /disk1/etc-dnsmasq.d I assume it's using the external disk from this. I find the terminology a bit confusing. Also, if I look under Files, there seems to be no disk-level segreg...
by dazzaling69
Tue Oct 31, 2023 1:29 pm
Forum: General
Topic: WAN-side DNS lookups not being blocked - pihole container [SOLVED]
Replies: 18
Views: 1804

Re: WAN-side DNS lookups not being blocked - pihole container [SOLVED]

Actually, still getting the odd foreign DNS client request. I don't understand how that could happen... Either WAN-side DNS requests are possible, or they aren't. Or there is some weird pihole pass-through bypass situation going on. I'm fairly certain that the NAT rules are not quite right. Do you h...
by dazzaling69
Tue Oct 31, 2023 12:35 pm
Forum: General
Topic: Pihole container run out of disk space [SOLVED]
Replies: 10
Views: 1403

Pihole container run out of disk space [SOLVED]

I've got a 128GB disk connected to my RB5009 for my pihole container to use. Although it is mostly empty the container claims to be 99% full and is reporting a disk shortage error (the db and log files are maxed out). How can I increase the space available to the pihole container? It seems to be usi...
by dazzaling69
Tue Oct 31, 2023 12:30 pm
Forum: General
Topic: WAN-side DNS lookups not being blocked - pihole container [SOLVED]
Replies: 18
Views: 1804

Re: WAN-side DNS lookups not being blocked - pihole container [SOLVED]

Thanks. I haven't seen any non-local IPs in the logs, so maybe I have the config right, but a look from an expert like yourself.
by dazzaling69
Mon Oct 30, 2023 10:21 pm
Forum: General
Topic: WAN-side DNS lookups not being blocked - pihole container [SOLVED]
Replies: 18
Views: 1804

Re: WAN-side DNS lookups not being blocked - pihole container [SOLVED]

Thanks Anav, The setup for the container was taken from the Mikrotik YouTube instructional video here https://www.youtube.com/watch?v=8u1PVouAGnk. You'll notice that I basically copied it verbatim, with some tweaks to get it working from one of my previous threads https://forum.mikrotik.com/viewtopi...
by dazzaling69
Mon Oct 30, 2023 8:36 pm
Forum: General
Topic: WAN-side DNS lookups not being blocked - pihole container [SOLVED]
Replies: 18
Views: 1804

WAN-side DNS lookups not being blocked - pihole container [SOLVED]

I have started running pihole as a container on my MT box - all works well re. DNS serving and ad blocking. However, I noticed that the pihole has been receiving a lot of DNS requests from outside my LAN network - at one point quite a deluge. I put some drop rules in the firewall and attempted a few...
by dazzaling69
Wed Oct 18, 2023 3:48 pm
Forum: Containers
Topic: PiHole Not Blocking Ads, but otherwise working
Replies: 19
Views: 4683

Re: PiHole Not Blocking Ads, but otherwise working

Hello again,

Although my pihole is working like a charm, something in these changes has blocked my Wireguard VPN and my Plex NAT access from working. It's not obvious to me why these should be affected at all by the pihole.

Any thoughts on why these might now be broken?
by dazzaling69
Tue Oct 10, 2023 6:46 pm
Forum: Containers
Topic: PiHole Not Blocking Ads, but otherwise working
Replies: 19
Views: 4683

Re: PiHole Not Blocking Ads, but otherwise working

That did it.

I'd already configured the upstream DNS server on the container as ROS but the filter rules did the trick.

Many thanks to you and the others who helped me fix this.

D.
by dazzaling69
Tue Oct 10, 2023 5:47 pm
Forum: Containers
Topic: PiHole Not Blocking Ads, but otherwise working
Replies: 19
Views: 4683

Re: PiHole Not Blocking Ads, but otherwise working

I have two piholes currently. One of them is an actual RPi that I set up when the container didn't work. This works flawlessly. It's on my LAN DHCP range and it's served by the DHCP server as the DNS server. This then uses my router as the upstream DNS. This works as expected, so I know this part is...
by dazzaling69
Mon Oct 09, 2023 11:24 pm
Forum: Containers
Topic: PiHole Not Blocking Ads, but otherwise working
Replies: 19
Views: 4683

Re: PiHole Not Blocking Ads, but otherwise working

Thanks. I added the rule where Local Bridge is the in interface. I can now ping the DNS server and get a response. I can see that, for the first time, the pihole is receiving DNS requests and blocking some of them. However, web pages don't load with DNS errors. I wonder if the DNS responses are not ...
by dazzaling69
Mon Oct 09, 2023 3:51 pm
Forum: Containers
Topic: PiHole Not Blocking Ads, but otherwise working
Replies: 19
Views: 4683

Re: PiHole Not Blocking Ads, but otherwise working

OK. Something weird is going on. I checked the settings as per the video tutorial. This command add address=172.17.0.2/24 gateway=172.17.0.1 gateway6="" name=veth1 doesn't work - it adds the address 0.0.0.0/0, not 172.17.0.2/24. Without that being corrected the Container won't even start u...
by dazzaling69
Mon Oct 09, 2023 2:42 pm
Forum: Containers
Topic: PiHole Not Blocking Ads, but otherwise working
Replies: 19
Views: 4683

Re: PiHole Not Blocking Ads, but otherwise working

PS. If I make 172.17.0.1 the DNS server I can get a DNS response and ping but if I set 172.17.0.2 (where I believe the DNS lookups should be pointed to) I get no DNS or ping response. I suspect that 172.17.0.1 actually uses the router's DNS lookup. The pihole dashboard confirms that there have been ...
by dazzaling69
Mon Oct 09, 2023 12:00 pm
Forum: Containers
Topic: PiHole Not Blocking Ads, but otherwise working
Replies: 19
Views: 4683

Re: PiHole Not Blocking Ads, but otherwise working

I think this is almost there. Although the Container can connect to the internet now, if I set the DNS server to 172.17.0.2 in the DHCP settings config I get no internet connectivity and the pihole does not seem to do anything either. 172.17.0.2 should be the DNS server address, as per the setup gui...
by dazzaling69
Sun Oct 08, 2023 10:19 pm
Forum: Containers
Topic: PiHole Not Blocking Ads, but otherwise working
Replies: 19
Views: 4683

Re: PiHole Not Blocking Ads, but otherwise working

Thanks - that fixed the connectivity issue.

Next step is to get the pihole working, but it can see the internet, update lists, run Gravity, etc.

Thanks for your help.
by dazzaling69
Sun Oct 08, 2023 2:30 pm
Forum: Containers
Topic: PiHole Not Blocking Ads, but otherwise working
Replies: 19
Views: 4683

Re: PiHole Not Blocking Ads, but otherwise working

To test out the source of the problem I set up a pihole server on a Raspberry Pi. Having verified the RPi was set up correctly and connected to the internet I simply changed the DNS server address in the DHCP settings, as per Normis's suggestion to point pihole at the DoH DNS server on the Mikrotik ...
by dazzaling69
Fri Oct 06, 2023 5:29 pm
Forum: Containers
Topic: PiHole Not Blocking Ads, but otherwise working
Replies: 19
Views: 4683

Re: PiHole Not Blocking Ads, but otherwise working

Thank you both for your replies. I think I understand what you are suggesting. However, trying this did not work. I followed the video guide and it's not clear to me why that wouldn't just work. Setting the DNS server in DHCP sounded like a sensible suggestion (putting aside DoH for the moment until...
by dazzaling69
Fri Oct 06, 2023 4:06 pm
Forum: Containers
Topic: PiHole Not Blocking Ads, but otherwise working
Replies: 19
Views: 4683

Re: PiHole Not Blocking Ads, but otherwise working

Thanks. I believe I needed the DNS address for my previous config to make DoH work (?). I can change that. I also need to have Allow Remote Requests on to get any DNS at all (with or without the pihole). I used 172.17.0.2, as per this video https://www.youtube.com/watch?v=UMcJs4oyHDk , which I follo...
by dazzaling69
Fri Oct 06, 2023 2:33 pm
Forum: Containers
Topic: PiHole Not Blocking Ads, but otherwise working
Replies: 19
Views: 4683

Re: PiHole Not Blocking Ads, but otherwise working

Is anyone able to help? I've posted my config, if that helps. I toggled my first masquerade rule on and off, to see if that was the issue, but no luck. The container doesn't seem to be able to connect to the WAN but the Container was pulled off the internet from the router, so it should be able to r...
by dazzaling69
Tue Sep 19, 2023 1:37 am
Forum: Containers
Topic: PiHole Not Blocking Ads, but otherwise working
Replies: 19
Views: 4683

PiHole Not Blocking Ads, but otherwise working

I followed this excellent guide to installing pihole on routerOS https://www.youtube.com/watch?v=UMcJs4oyHDk&t=8s The DNS service resolves (although, unlike the tutorial, I had to enable Allow Remote Requests for anything to be resolved) and I can access the pihole admin pages, but it doesn't bl...
by dazzaling69
Thu Mar 30, 2023 11:25 pm
Forum: General
Topic: Link Aggregation Only Speeds up in One Direction
Replies: 16
Views: 2409

Re: Link Aggregation Only Speeds up in One Direction

Thanks for helping me with this complicated topic.
by dazzaling69
Thu Mar 30, 2023 12:32 pm
Forum: General
Topic: Link Aggregation Only Speeds up in One Direction
Replies: 16
Views: 2409

Re: Link Aggregation Only Speeds up in One Direction

mkx was good enough to ask for more information, which I've provided. I am asking is because others have achieved SMB multichannel transfers that are twice as fast using the exact same NAS, LAG and PC network card as I have. As I understand it, and from Microsoft's documentation on it https://learn....
by dazzaling69
Wed Mar 29, 2023 11:13 pm
Forum: General
Topic: Link Aggregation Only Speeds up in One Direction
Replies: 16
Views: 2409

Re: Link Aggregation Only Speeds up in One Direction

Here is the relevant info, as far as I can find. There are only a few things that can be configured in the Synology NAS. I've attached the MT config file.
Network.png
by dazzaling69
Mon Mar 27, 2023 8:16 pm
Forum: General
Topic: Link Aggregation Only Speeds up in One Direction
Replies: 16
Views: 2409

Re: Link Aggregation Only Speeds up in One Direction

I have looked around at the expectation from LAG in these cases and it isn't clear to me (and I'm not an expert), so you may be right I'm expecting the wrong outcome. Clearly I can get something like N times the performance in some circumstances - speedtest download is one example - but it doesn't m...
by dazzaling69
Mon Mar 27, 2023 1:15 am
Forum: General
Topic: Link Aggregation Only Speeds up in One Direction
Replies: 16
Views: 2409

Re: Link Aggregation Only Speeds up in One Direction

I don’t know what might be relevant in troubleshooting the speed issues. What information might help?
by dazzaling69
Sun Mar 26, 2023 8:38 pm
Forum: General
Topic: Link Aggregation Only Speeds up in One Direction
Replies: 16
Views: 2409

Re: Link Aggregation Only Speeds up in One Direction

Thanks for the replies. The Synology NAS offers Balance-TCP (IEEE 802.3ad LACP) as its config mode. I match that on the ROS. I tried the different hash policies and none had any effect. The two connection methods I am trying to assess speed are different, #1 Use LibreSpeed Docker on the NAS. I get 2...
by dazzaling69
Fri Mar 24, 2023 7:40 pm
Forum: General
Topic: Link Aggregation Only Speeds up in One Direction
Replies: 16
Views: 2409

Link Aggregation Only Speeds up in One Direction

I have a bonding interface set up between my Synology NAS (which has 2 NICs) and my Mikrotik RB5009 router, which then connects to my PC via 2.5Gbe. Using a speed test tool on the router I get 2Gbps download to the PC but only 1Gbps upload (confirmed also by monitoring the Interface in Winbox. The r...
by dazzaling69
Thu Mar 16, 2023 7:01 pm
Forum: General
Topic: Fasttrack not working on RB5009
Replies: 13
Views: 2289

Re: Fasttrack not working on RB5009

Apologies. I hadn't checked that you were an expert (and I'm definitely not, though, for a second, I thought I might actually know more than someone else on here :-)), so answered the wrong question. The additional FastTrack options in the config was something bogus - I'm not even sure how it got en...
by dazzaling69
Wed Mar 15, 2023 11:50 pm
Forum: General
Topic: Fasttrack not working on RB5009
Replies: 13
Views: 2289

Re: Fasttrack not working on RB5009

what do you mean? Why is it so much faster? Because it's matching on connection, not processing individual packets. That way the packets get processed in the switch hardware, avoiding the CPU - which might limit the packet processing speed. If I connect a remote server to a LAN PC and initiate a dow...
by dazzaling69
Wed Mar 15, 2023 6:04 pm
Forum: General
Topic: Fasttrack not working on RB5009
Replies: 13
Views: 2289

Re: Fasttrack not working on RB5009

Fastrack bypasses software processing for established and related connections, once they're initially established. If you don't use it then you'll see the CPU usage go up. Not a deal-breaker for an RB5009 (30% CPU with 930Mb/s traffic, reducing to 4% with Fasttrack on) but a lowlier box, like my pre...
by dazzaling69
Wed Mar 15, 2023 4:12 pm
Forum: General
Topic: Fasttrack not working on RB5009
Replies: 13
Views: 2289

Re: Fasttrack not working on RB5009

Thanks. As usual, you have sorted out my problem. I don't know how that fasttrack rule got modified the way it was, but just replacing the Fasttrack rule sorted it out. When you set these rules up using WinBox there isn't a hw offload switch, so maybe not doing it by the command line was the problem...
by dazzaling69
Wed Mar 15, 2023 2:48 pm
Forum: General
Topic: Fasttrack not working on RB5009
Replies: 13
Views: 2289

Fasttrack not working on RB5009

Hi. Fasttrack doesn't appear to be working (counter at zero on the firewall, dummy rule on zero bytes) on my RB5009 router. AFAIK, the Fasttrack Firewall rule is in the right place and is formed correctly, but no fasttrack. Can anyone help? I'm sure it's a trivial mistake. Config attached (with a fe...
by dazzaling69
Sun Feb 19, 2023 12:19 am
Forum: Beginner Basics
Topic: Bridging specific ports
Replies: 6
Views: 1023

Re: Bridging specific ports

Many thanks to both for the replies. I tried a few things close to this but hadn’t got it quite right
by dazzaling69
Sat Feb 18, 2023 11:09 pm
Forum: Beginner Basics
Topic: Bridging specific ports
Replies: 6
Views: 1023

Re: Bridging specific ports

Config attached. I want all ports except WAN, including the SFP+ port, to act like a regular dumb switch and all talk to each other. Only port 8 should be treated differently as the WAN port. After I've got this working I'll convert 2 of the ports to a bonded LAG port, but I've done that before. Tha...
by dazzaling69
Sat Feb 18, 2023 6:02 pm
Forum: Beginner Basics
Topic: Bridging specific ports
Replies: 6
Views: 1023

Bridging specific ports

I have 8 ports and I would like most of them to talk to each other and be part of the LAN. Port 8 is WAN Port 2 connects to the LAN and works Anything I plug into ports 1 and 3-7 do not connect into the LAN. I thought a local bridge would work but I can't figure out how to do this. It seems like Int...
by dazzaling69
Sat Jan 07, 2023 4:14 pm
Forum: General
Topic: Port Forwarding Problem
Replies: 2
Views: 488

Re: Port Forwarding Problem

Is there anyone who can offer some help?
by dazzaling69
Mon Jan 02, 2023 10:52 pm
Forum: General
Topic: Port Forwarding Problem
Replies: 2
Views: 488

Port Forwarding Problem

I have a mail server on my LAN behind my ROS router. It has been working for a while but I've obviously done something to break it and I can't figure out what. If I access it from the LAN side (static route to direct it to the server) all works well. If I try to access the server from the WAN side m...
by dazzaling69
Tue Dec 20, 2022 1:03 am
Forum: General
Topic: Route over IPSEC tunnel by port or dst fqdn
Replies: 10
Views: 2135

Re: Route over IPSEC tunnel by port or dst fqdn

It looks like there is, yes = 10.6.0.1 and 10.6.0.6. There are also two dynamic NAT entries that use those addresses. As far as I can tell the bit that isn't working is mangling the packets matching a destination address. It doesn't seem to send anything over the tunnel. Not sure how to troubleshoot...
by dazzaling69
Fri Dec 16, 2022 11:02 am
Forum: General
Topic: Route over IPSEC tunnel by port or dst fqdn
Replies: 10
Views: 2135

Re: Route over IPSEC tunnel by port or dst fqdn

I think it's the dynamic NAT entry that is the problem. Of the two tunnels created it seems that traffic gets sent over the first one that creates a NAT entry.

Any suggestions? I would guess multiple VPN tunnels must be a common scenario.

D
by dazzaling69
Mon Dec 12, 2022 2:05 pm
Forum: General
Topic: Route over IPSEC tunnel by port or dst fqdn
Replies: 10
Views: 2135

Re: Route over IPSEC tunnel by port or dst fqdn

Hi, The end of tunnel address is different (different country). The tunnels are established, but the setup doesn't work as I want it to. The difference in the config seems to be that only one VPN route (is that the right term?) has a dynamic NAT entry created, but the other does not. Otherwise, all ...
by dazzaling69
Sat Dec 10, 2022 8:52 pm
Forum: General
Topic: Route over IPSEC tunnel by port or dst fqdn
Replies: 10
Views: 2135

Re: Route over IPSEC tunnel by port or dst fqdn

Yep, that did it. Many many thanks for helping me get it going. On a related note. I pushed my knowledge even further and tried to set two different VPNs - both from the same VPN provider, but to 2 different countries. This broke them both. Is it possible, using this method, to have multiple VPNs an...
by dazzaling69
Sun Dec 04, 2022 2:33 pm
Forum: General
Topic: Route over IPSEC tunnel by port or dst fqdn
Replies: 10
Views: 2135

Re: Route over IPSEC tunnel by port or dst fqdn

Thank you for this. I take from this that I need only some of those three rules, depending on what I wanted to achieved. If I wanted port-based filtering of traffic from one LAN IP address how would I set that up? Should I mark the connections with the matching port number and then let Mode-Config m...
by dazzaling69
Sat Dec 03, 2022 1:22 pm
Forum: General
Topic: Route over IPSEC tunnel by port or dst fqdn
Replies: 10
Views: 2135

Route over IPSEC tunnel by port or dst fqdn

Hi, I have a VPN tunnel setup from the router to a commercial VPN provider. It's easy for me to forward all the packets from a LAN address, e.g., 192.168.0.44 through the tunnel using a src address list in mode-config. I can't figure out a way to send only some of the traffic over the VPN. I have on...
by dazzaling69
Mon Nov 07, 2022 11:59 pm
Forum: General
Topic: LAN Access Problem from External VPN Connection
Replies: 10
Views: 1357

Re: LAN Access Problem from External VPN Connection

Thank you all for your replies. I guess I did just expect it to work, as in, if I VPN from client to server, using the same DNS and into the same network, I thought all would work as expected. I'm still surprised it doesn't work like that (but then I'm not a black belt in networking, probably orange...
by dazzaling69
Tue Nov 01, 2022 6:56 pm
Forum: General
Topic: LAN Access Problem from External VPN Connection
Replies: 10
Views: 1357

Re: LAN Access Problem from External VPN Connection

Can anyone help with this?
by dazzaling69
Wed Oct 26, 2022 4:18 pm
Forum: General
Topic: LAN Access Problem from External VPN Connection
Replies: 10
Views: 1357

LAN Access Problem from External VPN Connection

I have a Wireguard VPN setup on my router. This works fine for WAN access, apart from the problem below. Also, I have tried other VPN methods and had similar problems. I have a server on the LAN called "Examplename". When I'm in the LAN I can access SMB via \\Examplename and web services v...
by dazzaling69
Sat Jul 09, 2022 5:40 pm
Forum: General
Topic: RoMoN Enabled but Can't See or Connect
Replies: 4
Views: 2004

Re: RoMoN Enabled but Can't See or Connect

I understand now. Thanks. I thought it was a way to connect to a MT router if you had somehow messed up the ip addressing
by dazzaling69
Sat Jul 09, 2022 1:33 pm
Forum: General
Topic: RoMoN Enabled but Can't See or Connect
Replies: 4
Views: 2004

RoMoN Enabled but Can't See or Connect

My MT router works fine and I can connect via WinBox over IP but RoMoN doesn't seem to work. I enabled Romon on the router interface but it isn't found by WinBox, nor can I force it manually. WinBox connects fine by IP address to the same box. I haven't added IDs, ports, secrets or anything - just c...
by dazzaling69
Fri Jul 08, 2022 11:30 pm
Forum: General
Topic: DoH Still Requires PPPOE DNS Servers to be Active [SOLVED]
Replies: 6
Views: 1084

Re: DoH Still Requires PPPOE DNS Servers to be Active [SOLVED]

One more question. I didn't add static DNS routes but it works anyway. Why do I need to set the cloudflare DNS routes?
by dazzaling69
Fri Jul 08, 2022 11:27 pm
Forum: General
Topic: DoH Still Requires PPPOE DNS Servers to be Active [SOLVED]
Replies: 6
Views: 1084

Re: DoH Still Requires PPPOE DNS Servers to be Active [SOLVED]

Thanks. I didn't realise you still had to specify a DNS server IP address(es) if you used the URL. That seems to be a superfluous step(?), but it worked.

Thank you.
by dazzaling69
Fri Jul 08, 2022 1:15 pm
Forum: General
Topic: DoH Still Requires PPPOE DNS Servers to be Active [SOLVED]
Replies: 6
Views: 1084

DoH Still Requires PPPOE DNS Servers to be Active [SOLVED]

I enabled CloudFlare DoH and verified it works via https://1.1.1.1/help. It works whether I verify the certificates or not. If I now go to the PPPOE settings for my ISP connection and disable Use Peer DNS in Dial Out settings any new DNS lookups fail. I do not understand how the DoH route for DNS ca...
by dazzaling69
Tue Jun 28, 2022 2:33 pm
Forum: General
Topic: Wireguard VPN access to the routerbox [SOLVED]
Replies: 23
Views: 5292

Re: Wireguard VPN access to the routerbox [SOLVED]

Thanks again for your help. I made the changes you proposed and they seemed to work fine. I didn't notice any real-world impact either way - perhaps because I don't really stress the system.

Can you explain why that change in order might have an impact? I'm interested for my own education.
by dazzaling69
Mon Jun 20, 2022 11:00 am
Forum: General
Topic: Wireguard VPN access to the routerbox [SOLVED]
Replies: 23
Views: 5292

Re: Wireguard VPN access to the routerbox [SOLVED]

Thanks for stepping in there. That simple change was all it needed. Obvious when you look at it.

Are there any other security or performance improvements you'd suggest?

Thanks to you and also to Anav for the previous help.

Darren.
by dazzaling69
Sat Jun 18, 2022 1:11 pm
Forum: General
Topic: Wireguard VPN access to the routerbox [SOLVED]
Replies: 23
Views: 5292

Re: Wireguard VPN access to the routerbox [SOLVED]

Hi Anav,

Have you had a chance to look at the config? Any help will be very much appreciated.

Darren.
by dazzaling69
Mon Jun 13, 2022 7:49 pm
Forum: General
Topic: Wireguard VPN access to the routerbox [SOLVED]
Replies: 23
Views: 5292

Re: Wireguard VPN access to the routerbox [SOLVED]

PS. I updated to the latest stable release and no change to the behaviour. The router stubbornly refuses to be addressable.
by dazzaling69
Fri Jun 10, 2022 10:37 am
Forum: General
Topic: Wireguard VPN access to the routerbox [SOLVED]
Replies: 23
Views: 5292

Re: Wireguard VPN access to the routerbox [SOLVED]

OK. Thank you. File attached.
by dazzaling69
Thu Jun 09, 2022 10:29 am
Forum: General
Topic: Wireguard VPN access to the routerbox [SOLVED]
Replies: 23
Views: 5292

Re: Wireguard VPN access to the routerbox [SOLVED]

Because I can't access the router using the remote iPhone app doesn't work either.

Do you think I should report this as a fault with the current software?
by dazzaling69
Wed Jun 08, 2022 6:17 pm
Forum: General
Topic: Wireguard VPN access to the routerbox [SOLVED]
Replies: 23
Views: 5292

Re: Wireguard VPN access to the routerbox [SOLVED]

I got it to work using the method you suggested. I am now back to the situation of being able to access my subnet remotely but STILL no 10.160.100.1 access. This doesn't make any sense to me :-( Everything works except this one thing. Perhaps I should be asking a different question, which is how sho...
by dazzaling69
Wed Jun 08, 2022 1:17 pm
Forum: General
Topic: Wireguard VPN access to the routerbox [SOLVED]
Replies: 23
Views: 5292

Re: Wireguard VPN access to the routerbox [SOLVED]

I tried that and I can't make LAN access to Wireguard work, although WAN traffic filters fine. Is it an ordering of the firewall rules issue? You said the config needs a lot of work. I thought I had done a lot of that work - I basically manually changed the config to look very similar to your modifi...
by dazzaling69
Tue Jun 07, 2022 9:58 pm
Forum: General
Topic: Wireguard VPN access to the routerbox [SOLVED]
Replies: 23
Views: 5292

Re: Wireguard VPN access to the routerbox [SOLVED]

Actually, one of the last firewall filters changes I made broke the WireGuard WAN access…
by dazzaling69
Tue Jun 07, 2022 9:49 pm
Forum: General
Topic: Wireguard VPN access to the routerbox [SOLVED]
Replies: 23
Views: 5292

Re: Wireguard VPN access to the routerbox [SOLVED]

Hi. Thanks for the detailed notes. I used this as a masterclass - thanks! Rather than just uploading your config I used it as a means to understand more what I am doing. I think I followed your guide well but I still can't connect to the MT router at 10.160.100.1. Everything else works perfectly. Wo...
by dazzaling69
Sat Jun 04, 2022 8:13 pm
Forum: General
Topic: Wireguard VPN access to the routerbox [SOLVED]
Replies: 23
Views: 5292

Re: Wireguard VPN access to the routerbox [SOLVED]

Hi, Thanks for taking a look at the configuration. There’s nothing as sophisticated as site to site cross -LAN setups going on. I have one home LAN with an MT router and a few personal devices. I want the personal devices to connect to my home LAN when I’m out of the house. So, specifically, I want ...
by dazzaling69
Thu Jun 02, 2022 11:11 am
Forum: General
Topic: Wireguard VPN access to the routerbox [SOLVED]
Replies: 23
Views: 5292

Re: Wireguard VPN access to the routerbox [SOLVED]

Thanks for the reply. Attachment from /export hide-sensitive. I can access my LAN from my iPhone but not 10.160.100.1. Other 10.160.100.x addresses can be accessed.
WireguardTroubleshoot.rsc
by dazzaling69
Wed Jun 01, 2022 5:46 pm
Forum: General
Topic: Wireguard VPN access to the routerbox [SOLVED]
Replies: 23
Views: 5292

Re: Wireguard VPN access to the routerbox [SOLVED]

Public IP Public IP LAN ----------------------------------------------------------- MT Routerbox ---------------- Internet ---------------------- Client 1, e.g., iPhone 10.160.1.0/24 10.160.100.1 WG 192.168.10.1/24 192.168.10.2/32 DNS server 10.160.1.1 DNS 1.1.1.1 Allowed IPs 0.0.0.0/0 I have a fire...
by dazzaling69
Tue May 31, 2022 11:08 pm
Forum: General
Topic: Wireguard VPN access to the routerbox [SOLVED]
Replies: 23
Views: 5292

Wireguard VPN access to the routerbox [SOLVED]

I have an RB750GR3 and have set up some Wireguard VPN access points for remote devices like iPhones and Windows boxes. All works fine, but I can't connect to the routerbox - how can I do this? I have an address range 192.168.10.1/24 that I have allowed in /ip address. The local LAN served by the rou...
by dazzaling69
Wed Oct 28, 2020 11:50 pm
Forum: Beginner Basics
Topic: Home User RouterOS Consultancy - Uber for MikroTik
Replies: 12
Views: 2095

Re: Home User RouterOS Consultancy - Uber for MikroTik

Thank you for your suggestion. I'm more advanced than this (with both config and understanding of what's going on), but I'm sure there are tips and tricks I could pick up with even the basics, given the power of RouterOS. The next step for me is a working VPN that all my devices can connect to. I fi...
by dazzaling69
Sat Oct 24, 2020 1:56 pm
Forum: Beginner Basics
Topic: Home User RouterOS Consultancy - Uber for MikroTik
Replies: 12
Views: 2095

Re: Home User RouterOS Consultancy - Uber for MikroTik

Hi. Does anyone have any suggestions about help setting up my router?
by dazzaling69
Mon Oct 19, 2020 7:40 pm
Forum: Beginner Basics
Topic: Home User RouterOS Consultancy - Uber for MikroTik
Replies: 12
Views: 2095

Re: Home User RouterOS Consultancy - Uber for MikroTik

I get the security issue. I understand enough to know how things basically work, but I'd like some live tuition while helping me fix things. By giving access via, .e.g., zoom, I'd be able to make the changes myself whilst someone is watching. This is therefore safe - no direct access needed - and wo...
by dazzaling69
Fri Oct 16, 2020 1:22 pm
Forum: Beginner Basics
Topic: Home User RouterOS Consultancy - Uber for MikroTik
Replies: 12
Views: 2095

Re: Home User RouterOS Consultancy - Uber for MikroTik

Thank you for the replies to my question. The problem I find with written advice is that, no matter how clear, it always seems to fall down in a way that I can't troubleshoot or fix. VPN access frustrates the hell out of me! I was wondering whether I could allow someone access to my network (through...
by dazzaling69
Tue Oct 13, 2020 12:41 pm
Forum: Beginner Basics
Topic: Home User RouterOS Consultancy - Uber for MikroTik
Replies: 12
Views: 2095

Home User RouterOS Consultancy - Uber for MikroTik

Hi, I wonder if anyone on the forum offers consultancy/help for home users trying to get to grips with their RouterOS device? Kind of like a ride-share scheme - quick help to get where you want to go without a big fee. I love routeros but I don't have the time or patience to learn everything about i...
by dazzaling69
Sat Jun 15, 2019 9:21 pm
Forum: General
Topic: One device in my network will not work
Replies: 4
Views: 942

One device in my network will not work

I have a single device in my network that will connect to the wifi (a separate box) but not pull any data off the network and I believe it's my Mikrotik 750GR3. This started to happen only recently after having worked for a couple of years with no issue. I thought it was the wifi, so I swapped it ou...
by dazzaling69
Sat Feb 17, 2018 12:19 pm
Forum: General
Topic: Upgrade to 6.41.2 downgraded performance
Replies: 1
Views: 1101

Upgrade to 6.41.2 downgraded performance

I upgraded from 6.41 to 6.41.2 recently. Before I was getting a ping of about 20ms and saturating my BT Infinity 2 both ways. Afterwards I get a ping of high 30s ms (like 38), the speed is noticeably slowly, particularly uploading and when the network is busy web page loading takes a few seconds to ...
by dazzaling69
Thu Feb 15, 2018 2:29 am
Forum: General
Topic: ipv6 Setup for Dummies/BT Infinity
Replies: 1
Views: 943

ipv6 Setup for Dummies/BT Infinity

I want to enable ipv6 and use it with BT Infinity. Can someone help with an easy guide to getting it running?
by dazzaling69
Thu Mar 23, 2017 7:32 pm
Forum: Beginner Basics
Topic: Allocating DNS Server based in Rules
Replies: 1
Views: 677

Allocating DNS Server based in Rules

I'm trying to set my childrens' devices to be able to access only the safe internet (or as safe as possible). One option I have for doing this is to send traffic from their devices to a different DNS server (say the BT child-safest one) than other devices. Firstly, is this the best way of doing this...
by dazzaling69
Thu Mar 16, 2017 1:30 pm
Forum: Beginner Basics
Topic: Quickset VPN - no LAN Access
Replies: 22
Views: 10425

Re: Quickset VPN - no LAN Access

Hi,

Yes, that basically works as advertised. Why the other VPN DHCP range wouldn't talk to my main DHCP range I don't know, but putting then both on the same seems to work fine. Perhaps this is something I will figure out as I learn more.

Thanks again for your help.

Darren.
by dazzaling69
Tue Mar 14, 2017 6:49 pm
Forum: Beginner Basics
Topic: Quickset VPN - no LAN Access
Replies: 22
Views: 10425

Re: Quickset VPN - no LAN Access

I guess that means that the bridge isn't set up properly? Setting the VPN pool in the same subnet as the DHCP pool surely means that there's a problem connecting them up?
by dazzaling69
Tue Mar 14, 2017 3:53 pm
Forum: Beginner Basics
Topic: Quickset VPN - no LAN Access
Replies: 22
Views: 10425

Re: Quickset VPN - no LAN Access

That did it. The ppp profile was already 10.160.100.1 in the local IP, so I guess that was the problem. \\server doesn't resolve, but I can live with the IP address.

many thanks for all your help.
by dazzaling69
Mon Mar 13, 2017 2:13 pm
Forum: Beginner Basics
Topic: Quickset VPN - no LAN Access
Replies: 22
Views: 10425

Re: Quickset VPN - no LAN Access

Hmm that doesn't work either. I'm getting stuck on this. I tried your suggestions but no difference to behaviour. This is the current config: /interface bridge add arp=proxy-arp name=bridge1 /interface ethernet set [ find default-name=ether2 ] name=ether2-master set [ find default-name=ether3 ] mast...
by dazzaling69
Fri Mar 10, 2017 5:44 pm
Forum: Beginner Basics
Topic: Quickset VPN - no LAN Access
Replies: 22
Views: 10425

Re: Quickset VPN - no LAN Access

Thanks Janus. That really helps me to understand what's going on. Here are my results: If I put all the traffic through the router the static address addition of \\server.local works but \\server doesn't (I realise this probably shouldn't work) but that Windows address resolves on the network. The 1...
by dazzaling69
Mon Mar 06, 2017 6:18 pm
Forum: Beginner Basics
Topic: Quickset VPN - no LAN Access
Replies: 22
Views: 10425

Re: Quickset VPN - no LAN Access

Hi Janus, He explains the problem but I'm still not sure of the solution. With my config I have changed the DNS server for the VPN connection to my router's address but it still doesn't resolve the names if I don't route all traffic over the gateway or the IP addresses if I don't. Adding my server a...
by dazzaling69
Mon Mar 06, 2017 11:48 am
Forum: Beginner Basics
Topic: Quickset VPN - no LAN Access
Replies: 22
Views: 10425

Re: Quickset VPN - no LAN Access

Hi, I have two issues with this VPN setup that I wonder if I could get some advice on. If I route all traffic throught the VPN from either an iPhone or Windows all works well, except I can't resolve the windows names of servers behind my VPN - IP addresses work. How do I get resolution of windows na...
by dazzaling69
Sat Feb 25, 2017 4:04 pm
Forum: Beginner Basics
Topic: Quickset VPN - no LAN Access
Replies: 22
Views: 10425

Re: Quickset VPN - no LAN Access

Many thanks for your help. I think that has worked. It disabled the DHCP server and the Quickset home page won't let me set an IP address other than 192.168.89.1 but after re-enabling the DHCP server it appears to be working for now. I connected via an iPhone and was able to get to a server in my 10...
by dazzaling69
Fri Feb 24, 2017 2:05 am
Forum: Beginner Basics
Topic: Quickset VPN - no LAN Access
Replies: 22
Views: 10425

Re: Quickset VPN - no LAN Access

Only port 2 is occupied. Port 1 is wan


Sent from my iPhone using Tapatalk
by dazzaling69
Wed Feb 22, 2017 9:13 pm
Forum: Beginner Basics
Topic: Quickset VPN - no LAN Access
Replies: 22
Views: 10425

Re: Quickset VPN - no LAN Access

Here it is. Warning about memory frequency as well # feb/22/2017 19:18:35 by RouterOS 6.38.1 # software id = UCMM-DSKY # /interface bridge add name=bridge1 /interface ethernet set [ find default-name=ether2 ] name=ether2-master set [ find default-name=ether3 ] master-port=ether2-master set [ find de...
by dazzaling69
Wed Feb 22, 2017 6:29 pm
Forum: Beginner Basics
Topic: Quickset VPN - no LAN Access
Replies: 22
Views: 10425

Re: Quickset VPN - no LAN Access

There is no bridge set. If I create a Bridge using the default settings with ARP enabled, then I select that Bridge in the appropriate PPP Profile is that all I should need to do? I don't see how it knows what to bridge to where, or is it a yes/no kind of rule?
by dazzaling69
Wed Feb 22, 2017 5:57 pm
Forum: Beginner Basics
Topic: Quickset VPN - no LAN Access
Replies: 22
Views: 10425

Re: Quickset VPN - no LAN Access

OK. Are there any instructions how to do this using WebFig? This is a bit beyond my expertise.
by dazzaling69
Wed Feb 22, 2017 12:40 pm
Forum: Beginner Basics
Topic: Quickset VPN - no LAN Access
Replies: 22
Views: 10425

Quickset VPN - no LAN Access

I set up the VPN on the Quickset page of WebFig, which generally seems to perform well. I can connect to the router gateway/webfig and route packets from the WAN side through the router to the client but I can't access anything on the gateway's subnet. I am sure this needs a simple config setting ch...