Community discussions

Search found 26 matches

by Kamaz
Tue May 07, 2019 9:31 am
Forum: General
Topic: RADIUS - Framed-Pool
Replies: 1
Views: 318

Re: RADIUS - Framed-Pool

Did you create dhcp_wifi-guests pool in Mikrotik?
by Kamaz
Mon May 06, 2019 3:46 pm
Forum: The User Manager
Topic: Radius + pppoe + address-list - different machines
Replies: 10
Views: 5854

Re: Radius + pppoe + address-list - different machines

How to assign PPTP user in Freeradius with Mikrotik's adress-list ? I'm using Mysql+Freeradius. I've tried to add data to radreply INSERT INTO radius.radreply (username, attribute, op, value) VALUES ('user1', 'Mikrotik-Address-List', ':=', 'remote_managers'); but I can see in Log that Mikrotik get M...
by Kamaz
Thu May 02, 2019 5:03 pm
Forum: General
Topic: WiFi and L2TP authorization via freeradius [SOLVED]
Replies: 7
Views: 1109

Re: WiFi and L2TP authorization via freeradius [SOLVED]

Previous question was resolved by configuring Default gateway on client side, so everything fine. Next problem is how to assign PPTP user's IP or name (user1 = 10.11.1.145 in my case) with Mikrotik's firewall group ? Because Firewall groups helps to deal with rules. I've tried to add record to radre...
by Kamaz
Mon Apr 22, 2019 2:14 pm
Forum: General
Topic: DHCP accounting and RADIUS packets
Replies: 35
Views: 13352

Re: DHCP accounting and RADIUS packets

Yes, I believe there are many people interested in this topic. Any response would be pleased. "We plan to implement" or "We don't plan to implement" would be sufficient :).
+1
by Kamaz
Thu Apr 18, 2019 5:42 pm
Forum: General
Topic: WiFi and L2TP authorization via freeradius [SOLVED]
Replies: 7
Views: 1109

Re: WiFi and L2TP authorization via freeradius [SOLVED]

Thank you so much for help. But how to assign ip with mask, dns, gateway, and route to client correctly? I need a schema for remote connection to my network for using inner resources but default route shouldn't be modified. All traffic should flow through user's internet channel except 10.10.5.0/24 ...
by Kamaz
Wed Feb 20, 2019 9:21 pm
Forum: General
Topic: WiFi and L2TP authorization via freeradius [SOLVED]
Replies: 7
Views: 1109

Re: WiFi and L2TP authorization via freeradius [SOLVED]

Thank you for your response, my problem becomes more clear!
As far as I understood, the only thing I need is to add record to Radreply table. And that's all? 0_o
by Kamaz
Tue Feb 19, 2019 9:22 am
Forum: General
Topic: WiFi and L2TP authorization via freeradius [SOLVED]
Replies: 7
Views: 1109

Re: WiFi and L2TP authorization via freeradius [SOLVED]

Additional information: I've done my task, Freeradius woks as it should, and wifi and pptp auth works fine to. But now I'm faced with problem when I have to connect every username in Freeradius database with user's IP or pool. I've found such information: https://wiki.freeradius.org/guide/Ippool%20a...
by Kamaz
Mon Jan 14, 2019 11:30 am
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 157
Views: 45674

Re: Feature request - DNSCrypt support...

Google provides DNS-over-TLS https://developers.google.com/speed/pub ... s-over-tls from January 2019,
also it provides DNS-over-HTTPS https://developers.google.com/speed/pub ... over-https from September 2018.
by Kamaz
Thu Nov 08, 2018 3:33 pm
Forum: General
Topic: WiFi and L2TP authorization via freeradius [SOLVED]
Replies: 7
Views: 1109

WiFi and L2TP authorization via freeradius [SOLVED]

Hello everyone. I need some help with configuration of VPN(l2tp) and WiFi authorization via freeradius. My goal is to configure one point for authorizing all connections. There is no Windows server in my company, so I have to use Linux. Additional information: \ ROS version is 6.42.7 /radius add add...
by Kamaz
Tue Oct 09, 2018 8:39 pm
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 157
Views: 45674

Re: Feature request - DNSCrypt support...

+1 for DNSSec/DNSCrypt
by Kamaz
Sat Apr 07, 2018 8:24 am
Forum: General
Topic: Secure my DNS requests
Replies: 14
Views: 4651

Re: Secure my DNS requests

Any updates?
by Kamaz
Tue Apr 03, 2018 11:10 am
Forum: General
Topic: Secure my DNS requests
Replies: 14
Views: 4651

Re: Secure my DNS requests

I want to hide my activity to, so it would be great to make such functionality like DNS over HTTPs, DNS over TLS.
by Kamaz
Mon Mar 12, 2018 3:02 pm
Forum: Beginner Basics
Topic: L2TP IPSEC connection problem
Replies: 5
Views: 2478

Re: L2TP IPSEC connection problem

Any records in log while you trying to connect? Are counters working during your connection to l2tp? (On front of your allowing rules) Try to disable all portscan and port knocking protection + allow ping on wan interface and to try to connect to your vpn again. En example of rules for l2tp permissi...
by Kamaz
Mon Mar 12, 2018 2:46 pm
Forum: Beginner Basics
Topic: Need help configuring Android USB tether on hAP ac2
Replies: 5
Views: 1420

Re: Need help configuring Android USB tether on hAP ac2

Is it possible to ping some domain or address via ROS console?
by Kamaz
Sat Feb 17, 2018 8:59 pm
Forum: RouterBOARD hardware
Topic: bandwidth RX / TX on interface
Replies: 14
Views: 26904

Re: bandwidth RX / TX on interface

Thank you for answer, but I've done instructions below and they didn't helped me.
BUT now I can see traffic in queue preferences. Maybe it need some time or reboot router to start to work? 0_o
by Kamaz
Sat Feb 17, 2018 7:37 am
Forum: RouterBOARD hardware
Topic: bandwidth RX / TX on interface
Replies: 14
Views: 26904

Re: bandwidth RX / TX on interface

Maybe someone can help me with the same problem. I have Mikrotik hex (6.41.2) and I want to shape traffic speed on port #4. My first attempt was to set tx speed in interface configuration menu, but it told me that "couldn't change interface <> not supported on this interface". The second attempt was...
by Kamaz
Thu Jan 18, 2018 8:14 pm
Forum: General
Topic: TFTP boot configuration
Replies: 8
Views: 2736

Re: TFTP boot configuration

It's sad but I haven't enough time for that task. I'll resume my experiments in a week)
by Kamaz
Thu Dec 21, 2017 8:56 am
Forum: General
Topic: TFTP boot configuration
Replies: 8
Views: 2736

Re: TFTP boot configuration

There are is records in router's system journal about my problem: tftp, error Error code: 0 string: permission denied! Looks like problem with filesystem permissions. Any thoughts? I found those topics, but I can't realize where is my mistake. https://forum.mikrotik.com/viewtopic.php?t=36036 https:/...
by Kamaz
Wed Dec 20, 2017 1:06 pm
Forum: General
Topic: TFTP boot configuration
Replies: 8
Views: 2736

TFTP boot configuration

Hello everybody. I want to ask for help with my task. I can't configure network boot via TFTP on Mikrotik. I tried various instruction but result is the same, I can't boot PC via PXE on Mikrotik. Here is my configuration: Mikrotik RB3011, ROS 6.39.2, SeliconPower USB 2.0 drive 16Gb Bootloader - pxel...
by Kamaz
Mon Oct 09, 2017 9:34 pm
Forum: General
Topic: securing L2TP/IPsec server connection
Replies: 15
Views: 6319

Re: securing L2TP/IPsec server connection

I found an option how to protect my VPN https://github.com/Onoro/Mikrotik
looks like it work.
by Kamaz
Mon Aug 21, 2017 5:54 pm
Forum: General
Topic: securing L2TP/IPsec server connection
Replies: 15
Views: 6319

Re: securing L2TP/IPsec server connection

Thank you for the quick answer. No need to search links and software, I understood the main idea of your schema. The problem was I didn't know about port-knocking software for Android and IOS)
by Kamaz
Mon Aug 21, 2017 5:43 pm
Forum: Beginner Basics
Topic: Help securing an l2tp/ipsec Ac
Replies: 1
Views: 533

Re: Help securing an l2tp/ipsec Ac

Hi, settecplus. You configuration is quite right but I suggest you to do couple additional revisions: -to change standard ports 22, 80, 443 and 8291 to something unusual like 45967 end so on. -to use https instead of http -to modify "brutforce prevention" chain adding winbox port to it. -to change M...
by Kamaz
Sun Aug 20, 2017 9:13 pm
Forum: General
Topic: securing L2TP/IPsec server connection
Replies: 15
Views: 6319

Re: securing L2TP/IPsec server connection

I'm using l2tp + IPSec and there are is a lot of inscriptions on Log like:

aug/20/2017 04:12:00 216.218.206.70 failed to get valid proposal.
aug/20/2017 bla-bla-bla....... 216.218.206.66, wrong password.

How can I get thus IP's from Log to block them via firewwall?
Can I use ordinary regex?
by Kamaz
Sat Aug 19, 2017 11:58 am
Forum: General
Topic: securing L2TP/IPsec server connection
Replies: 15
Views: 6319

Re: securing L2TP/IPsec server connection

How are you using such schema on client side? And which type of clients do you have? I mean Windows, Mikrotik or something else.
by Kamaz
Mon Aug 14, 2017 10:50 pm
Forum: General
Topic: securing L2TP/IPsec server connection
Replies: 15
Views: 6319

Re: securing L2TP/IPsec server connection

Hi everyone, I'm a newbie in ROS but I hope that my message would be helpful for someone. To protect L2TP I'm using such rules: /ip firewall filter add action=drop chain=input comment="L2TP brutforce IP drop" connection-state=new \ dst-port=1701 protocol=udp src-address-list=l2tp-brutforce add actio...