Community discussions

MikroTik App

Search found 14 matches

by suszi
Wed Oct 16, 2024 10:03 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1395
Views: 308785

Re: 📣 WinBox 4 is here 📣

Hi Dont listen people saying "it is fine" but listen that complains, if they have something to say. First of all, great work trying to rewrite the app. I'm a software developer ;) As a company, we maitain over a hundred of Mikrotik Devices, which we love I used to the old UI, it is intuiti...
by suszi
Thu Apr 18, 2024 2:08 pm
Forum: General
Topic: Disable WIREGUARD clients from local LAN
Replies: 7
Views: 1073

Re: Disable WIREGUARD clients from local LAN

Thanks for quick reply. Yes, exactly, they dont turn off the tunnel. But, leaving this ON while in the office have a performnce issues - the network speed is 1Gbps, and WG performance is around 300Mbps (or is AX2 capable to do 1Gbps encryption? ) downloading anything from servers will be 3x longer, ...
by suszi
Thu Apr 18, 2024 1:23 pm
Forum: General
Topic: Disable WIREGUARD clients from local LAN
Replies: 7
Views: 1073

Disable WIREGUARD clients from local LAN

Hi I have Wireguard set up on AX2, works well. How to prevent LAN users to connect locally to the WG service on Gateway Router ? Users forgot to deactivate tunnel while beying in the office, it leads into problems filtering on firewall seems to not have an effect - some part of the config: /ip firew...
by suszi
Mon Oct 26, 2020 6:15 pm
Forum: General
Topic: IKEv2 to IPSEC tunnel routing with NAT problem
Replies: 3
Views: 1598

Re: IKEv2 to IPSEC tunnel routing with NAT problem

1. if you use mac-telnet or mac-winbox and try to ping 8.8.8.8 from the router itself while the LAN addresses on ether2 are disabled, do you get a response or not? ping is working fine, 2. fixed by moving VPN users to separate subnet and adding IPsec policy 3. local proxy arp -> changed to ENABLED i...
by suszi
Mon Oct 19, 2020 4:23 am
Forum: General
Topic: IKEv2 to IPSEC tunnel routing with NAT problem
Replies: 3
Views: 1598

IKEv2 to IPSEC tunnel routing with NAT problem

Hi, I need some guidance I have a HeadQuarters router, RB750Gr3 (hardware encryption for ipsec) config was prepared by few persons, I cant get things to work correctly We have 3 branch offices + partner "acme" company. branches uses SSTP to connect using routing (for some reason IPsec tunn...
by suszi
Mon Dec 30, 2019 10:54 pm
Forum: General
Topic: IKEv2 client cannot contact domain controller
Replies: 3
Views: 1097

Re: IKEv2 client cannot contact domain controller

I can ping other devices, I can connetc using RDP, I also can RDP to domain controller,

but cannot for example
nslookup srv04.mydomain.corp 192.168.11.2 - can do the same with success using sstp

seems like domain controller is not responding for vpn packets
by suszi
Mon Dec 30, 2019 9:54 pm
Forum: General
Topic: IKEv2 client cannot contact domain controller
Replies: 3
Views: 1097

IKEv2 client cannot contact domain controller

I have following configuration: mikotik router LAN IP 192.168.11.1, domain controller (windows server 2012r2) ip 192.168.11.2 (dc/dns) file servers in network 192.168.11.0/24 I have set up IKEv2 (following the roadwarrios howto), with RADIUS authentication, ike2-pool 192.168.77.0/24 I have added 192...
by suszi
Sat Nov 23, 2019 6:56 am
Forum: General
Topic: Wireless beacon interval and DTIM missing
Replies: 24
Views: 15098

Re: Wireless beacon interval and DTIM missing

+1 also
by suszi
Thu Jun 13, 2019 9:29 pm
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 188
Views: 65187

Re: Blacklist Filter (Development Topic)

I'm updating my second portscanners (TCP SYN) list manually - where can I send it, to be included ?
maybe there is a better way ?
by suszi
Thu Jun 13, 2019 9:28 pm
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 188
Views: 65187

Re: Blacklist Filter (Development Topic)

the problem is, with RB, that ip firewall raw action=drop doent work with src-address-list=intrusBL according to documentation: address-list (string; Default: ) Name of the address list to be used. Applicable if action is add-dst-to-address-list or add-src-to-address-list https://wiki.mikrotik.com/w...
by suszi
Fri Apr 14, 2017 12:10 pm
Forum: General
Topic: same config but different routing issue
Replies: 7
Views: 1808

Re: same config but different routing issue

It gets stuck on sstp interface on client side (192.168.11.217)
by suszi
Wed Apr 12, 2017 3:39 pm
Forum: General
Topic: same config but different routing issue
Replies: 7
Views: 1808

Re: same config but different routing issue

# DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADS 0.0.0.0/0 10.112.112.137 0 1 ADC 10.112.112.137/32 100.119.157.77 ppp-out1 0 2 ADC 192.168.2.254/32 192.168.11.218 sstp-out1 0 3 A S 192.168.10.0/24 192.168.2.254 1 4 A S 192.168.11.0/24 192.168.2.254 1 5 ADC 192.168.118.0/24 192.168.118.1 bridge1 0 # A...
by suszi
Tue Apr 11, 2017 2:52 pm
Forum: General
Topic: same config but different routing issue
Replies: 7
Views: 1808

Re: same config but different routing issue

I don't think so, the WAN port is not used in both cases...
I've changed the order and still same issue :-/
by suszi
Mon Apr 10, 2017 2:38 pm
Forum: General
Topic: same config but different routing issue
Replies: 7
Views: 1808

same config but different routing issue

Hi I have two client routers configured for site-to-site access (engineers at the office can connect to devices installed on client sites). On main site, there is SSTP server, both client routers are configured to connect over 4G LTE modem (PPP protocol) and SSTP type VPN. On site1, it is possible t...