MikroTik

essides

Hi there,

I'm looking for a Elastic IP service provider. I'm looking to configure it using my mikrotik, but i can't find an easy way to do that. I just tried with AWS but it's as simple as I would like it. Do any knows any provider ? Or some steps to do it ?

Thanks you.

essides

Thanks you for your answer.

But after apply those routing rules, behavior is the same.

essides

No one knows why clients/hosts behind an interface that has a marked routing can't be accessed by router ( both sides ) ?

Or anyone can explain mark routing flow diagram?

Thanks you

essides

Hi there, I'm doing some test with mark routing settings. My scenario: ADDRESS NETWORK INTERFACE 10.10.10.1/24 10.10.10.0 vlan10 Route Table DST-ADDRESS GATEWAY DISTANCE ROUTING TABLE 0.0.0.0/0 185.xxx.xxx.1%vrrp1 2 via-vrrp1 ip/firewall/nat/ chain=srcnat action=masquerade out-interface=vrrp1 log=no...

essides

Hi there, I'm trying to get information about what type of VPN do I have to implement but I'm completely messed. People use company computers and they login with their own windows domain controller users. Computers can be shared so use computer authentication isn't a option, it must to be by user. P...

essides

Does the certificate your /ip ipsec identity row refers to have something in the subject-alt-name field? If yes, does it match the address of the server you've set in the Windows client configuration, i.e. IP:xxx.xxx.xxx.xxx if you've set an IP address there and DNS:vpn.domain.com if you've set a d...

essides

Hi there, I'm using IKEv2 as VPN system, when I set up everything on my smartphone ( android ) it works with no problems. But when I do same at windows 10 and always gets "ike credentials are unacceptable " But even after get this error I can see there is an active connection . But Windows...

essides

Hi there, I followed the instrucctions for Ikev2 RSA for road warriors https://wiki.mikrotik.com/wiki/Manual:IP/IPsec Road Warrior setup using IKEv2 with RSA authentication It works , but I don't know how to revoke access for those road warriors that won't continue needing the VPN. I tried to revoke...

essides

Hi there, I was checking why some websites was no longer available after few time, and I discovered when I set EoIP tunnel over a bridge, those website doesnt work. I don't know why. Even if Eoip tunnel isn't ready. those website can be considered as a secure site, ( banks, gouverment website, etc.....

essides

it works!

Thanks you.

essides

Hi there, My internet provider requests a IP per MAC, so I had to use VRRP Hack to achive it. So I got my 6 public ip's in same range x.x.x.246 x.x.x.247 x.x.x.248 ... https://i.ibb.co/PtC6zmz/dhcp-client.png Provided gateway is : x.x.x.1 I create a firewall rule to masquerade those interfaces. http...

essides

it's just deprecated for new openvpn client version, I'm not saying that AES 256-CBC is weak
It is, but it still works ...

but does it has sense to implement something that is deprecated? and half-finished ( no compression/no udp/no new ciphers ) etc..

essides

AES 256-CBC cipher is not considered strong ?

it's just deprecated for new openvpn client version, I'm not saying that AES 256-CBC is weak

essides

Windows 10 Native L2TP/IPsec https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687761(v=ws.10) With L2tp/Ipsec I have problem when two people over same ip try to connect, one of them is kicked after few time. Windows 10 Native IKEv2 https://docs.mic...

essides

so what do you suggest to implement an strong and easy VPN system for windows clients?

essides

it's amazing, mikrotik has a extremily slow evolution, in few year it will be out of market.

any secure solution for VPN with windows clients?

essides

same problem here.

any solution?

essides

Hi there,

I'm looking for a SFP+ cable no longer than 1m to connect RB4011 and Ubiquiti Edgeswitch, both of them has SFP+ ports, but it's quite hard to find compatible for both.

Link connection could be 1G or 10G

I saw this option but I'm not sure about that.

XS+DA0001

Any suggestion?

Thanks you

essides

One of ptp devices has no WDS transparent mode active.

SOLVED

essides

Thanks you so much

You were so helpful!!

essides

Hi there, Im creating a tunnel with IPSEC( connection is established and it works ) , but I don't know how to work with it. My last VPN/tunnels were interface based, and it was quite simple create routes, addresses and firewall filters. How can create routes for this tunnel? How can decide who is al...

essides

Setup is the following: Mikrotik -> ptp -> switch ( both vlan tagged ) -> ap ( both vlan tagged ) # jul/31/2020 16:08:22 by RouterOS 6.47.1 # software id = B342-ESSU # # model = 2011iL # serial number = 75B4062D696F /interface bridge add fast-forward=no name=BRIDGE /interface ethernet set [ find def...

essides

Hello, I'm having a weird issue with RB2011 and VLANs , traffic in default vlan 1 works perfectly, but when I'm using another vlan, I get my ip by my local dhcp server, I can ping inside and outside network , but when I use browser it I can't access to websites, ( google works, but when i try to acc...

essides

Hi everyone,

I'm looking for a Routerboard to manage 1 FTTH of 1Gbps, (condition it must to be racked)
It won't have too much filter rules ( less than 25 ).

I know there are expensive models to do that but i'm looking the cheaper one to be sure it will work with no CPU congestion.

Thanks you.

essides

Thanks you. Sounds great.

but what about if pcs are part of a domain ?

essides

Hello,

I know there is a functionality called kid control to limit kid's internet usage.

I would like to know if there is any option/list/service to link my milrotik device and control client access.

Thanks you.

essides

Yes, both VPN services use same profile with bridge option selected. Selected bridge have arp-proxy selected. Does it work with this config? Final clients are using Windows OS, so I cant configure BCP protocol. Thanks you. Hi buddy, thanks for this thread, was facing similar issues as of now. Got i...

essides

Create on firewall-> filter rules a rule to drop or accept traffic depending of incoming or outgoing interface

essides

Yes, both VPN services use same profile with bridge option selected.

Selected bridge have arp-proxy selected.

Does it work with this config?

Final clients are using Windows OS, so I cant configure BCP protocol.

Thanks you.

essides

Hello,

I have some VPN clients ( PPTP , L2TP ) and I want they can find each other as in a LAN

How can I do it ?

Thanks you.

essides

I respond to myself : I forgot to select check box "USE RADIUS"

essides

Hello, I was configuring a new ppp authentication method with Radius. My Radius server is working well, I was testing with other tools and it responds with no problem. but when I configure it to mikrotik, it do not do anything ( no send request, no debug showing timeout or other problems ) 6.46.4 Ro...

essides

You're right, I check it up and no logic on this command.

rsa -in file.key -out file_decrypted.key

Thanks you

essides

cert_export_client1.crt has public key
cert_export_client1.key has private key

nothing else

essides

After create my own certificates with mikrotik , I'm trying to export it to ovpn but I get this error. *I tried changin charset *Different computer "C:\Program Files\OpenVPN\bin\openssl.exe" rsa -in cert_export_client1.crt -out cert_export_client1.key unable to load Private Key 5156:error:...

essides

It's works, thanks you.

You have to set it before masquerade rule.

essides

Hi to everyone,

I tried

/ip firewall nat add chain=srcnat action=src-nat src-address=10.10.30.0/24 dst-address=0.0.0.0/0 to-addresses=public-ip-address

(10.10.30.0/24 ) - vlan30 addresses

But it doesn't work.

any suggestions?
Thanks you.

essides

Hi There, Today my ISP provider gave to me a /29 ip range. So I have following scenario: ether1 : Public-IP-1, Public-IP-2 , etc.. I want to select the external IP that my diferent internal networks will use ( vlan10 , vlan 20, etc.. ) I tried to set different routes, with same IP ( gateway ) , but ...

essides

I think it has easy answer. Mikrotik has been hacked. Everyone thought it was an strong system. but now, at least for me. 5 of 21 machine have no access. ( Strong password, strong firewall rules ).

essides

After upgrade to 6.43 winbox can't login , always same error "Wrong Username or Password" So I reset to factory default, I setup my backup and everything was working OK. but after few days I got same issue. Can't login. I tried with many winbox versions but always same result. do you know ...

essides

Finally I solved it. Create new wan connection: vpi/vci = 8/32 service: IPoA nat: disabled ip address: 10.0.0.2 netmask: 255.255.255.252 ip remote address: 10.0.0.1 -------- Go to LAN Settings: Change Lan Router IP to Public GW : 80.xxx.xxx.1 Set right netmask ( Calculate it as pukkita said ) *You c...

essides

This is my actual config on Movistar Router
I set 80.xxx.xxx.2 as gateway and it doesn work.

essides

Yes netmask is /24, Even I called them to confirm it
I configured ADSL router with these parameters and it works. ( rfc1483 Routed )

I don't know why it doesn't work

essides

# mar/27/2017 12:11:46 by RouterOS 6.38.5 # software id = 3HUZ-NRFP # /interface bridge add name=bridge1 /interface bridge port add bridge=bridge1 interface=ether2 add bridge=bridge1 interface=ether5 add bridge=bridge1 interface=ether3 add bridge=bridge1 interface=ether4 /ip address add address=80....

essides

I set my ip and gw on addresses
I set gw on routes, gateway is reachable, but it doesn't has internet. why?

I create nat rule masquerading interface, but same result.

essides

Then Create Pppoe connection with Movistar credentials and stablish ip,gw,mask to Pppoe interface?

essides

Yes, it's telefonica Movistar,

It works to me with services with dynamic IP but no I'm the case ( Static IP ) . Always Pppoe status is "connecting".

Greetings

essides

There is not username/password for PppoE
DHCP client doesn't work , I even tried to set public IP, GW and Mask manually, but it doesn't work.

I don't know what to do

essides

Hello, I've an ADSL Router with Static IP. Internet provider gave information to configure it as RFC1483 Routed ( IP, Mask, GW ) , but I need to run it in mikrotik. I suppose I have to change configuration in ADSL route to RFC1483 Bridged , but I don't know witch kind of connection I have to create ...

essides

Reset RouterOS to factory default. and DO EXACTLY SAME AS I DID. then WORKING

essides

I did it two times, but always with same result.

It doesn't work and I don't know why. I tried to set an IP to each interface, bridge, vlan but no result.

essides

Hello, I have two access point ( Ubiquiti ) with two SSID's ( vlan10 and vlan20 ) , but when I configure dhcp server over these interfaces, it doesn't work. I don't know why, I even try to configurate dhcp server over vlan interface ( not bridge ) but it didn't work. I attach you an image to underst...

Search found 52 matches