Community discussions

MikroTik App

Search found 19 matches

by Neski
Wed Sep 12, 2018 1:14 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 37071

Re: v6.43 [current] is released!

After upgrade from 6.42.7 to 6.43, the L2TP/IPSec VPN between ROS and Draytek Vigor 2920 broken. It showed failed to get valid proposal and failed to pre-process ph1 packet(side:1, status 1) Downgrade to 6.42.7 and it worked as usual. Someone in other post write about default settings - just need t...
by Neski
Thu Feb 08, 2018 10:10 am
Forum: Beginner Basics
Topic: Allow connect user to only one internal ip but allow internet connection
Replies: 7
Views: 1063

Re: Allow connect user to only one internal ip but allow internet connection

Im a beginner, so sometimes I make mistakes :P I had hope use add action=masquerade chain=srcnat out-interface="L2TP Simple" i add internet to that interface- it was just for test. add action=src-nat chain=srcnat dst-address=0.0.0.0/0 out-interface="2 WMC" \ src-address=10.20.20.0/24 to-addresses=WA...
by Neski
Thu Feb 08, 2018 8:50 am
Forum: Beginner Basics
Topic: Allow connect user to only one internal ip but allow internet connection
Replies: 7
Views: 1063

Re: Allow connect user to only one internal ip but allow internet connection

Well, at least we're getting there :-) Do you give out DNS servers for your VPN clients in /ppp profile? Ideally, you post a compact export of your config, that would make it much easier to troubleshoot... -Chris # feb/08/2018 07:42:43 by RouterOS 6.40.1 # software id = K08Q-QN1P # # model = CCR103...
by Neski
Wed Feb 07, 2018 3:52 pm
Forum: Beginner Basics
Topic: Allow connect user to only one internal ip but allow internet connection
Replies: 7
Views: 1063

Re: Allow connect user to only one internal ip but allow internet connection

/ip firewall nat
#allow internet access for your VPN guests
add chain=srcnat action=src-nat src-address=<yourVPNrange> dst-address=0.0.0.0/0 to-address=<yourWAN-IP> out-interface=<yourWANinterface>
-Chris
Internet access is not working :( but allow connect to single ip in LAN is ok
by Neski
Wed Feb 07, 2018 3:10 pm
Forum: Beginner Basics
Topic: Allow connect user to only one internal ip but allow internet connection
Replies: 7
Views: 1063

Re: Allow connect user to only one internal ip but allow internet connection

Thx for fast anwser. I will test it asap and i give anwser. /ip firewall filter #only allow LAN access to a single address add chain=forward action=drop src-address=<yourVPNrange> dst-address=!<the.allowed.ip.address> out-interface=<yourLANfacingInterface> #probably another good idea to block router...
by Neski
Wed Feb 07, 2018 2:17 pm
Forum: Beginner Basics
Topic: Allow connect user to only one internal ip but allow internet connection
Replies: 7
Views: 1063

Allow connect user to only one internal ip but allow internet connection

Hi i have problem.
I have VPN on L2TP with IP/Sec it working. I need to limit the connection to one ip internal network without blocking access to the Internet. Any ideas? I know how to block all except one ip but how to allow internet?
by Neski
Wed Nov 08, 2017 12:41 pm
Forum: Beginner Basics
Topic: Problem with certificates OVPN after firmware update
Replies: 0
Views: 342

Problem with certificates OVPN after firmware update

Hi. After firmware update in my CCR1036 i have problem with not working certificate. Is there an option to recovery working cert except create it again? Or can i export certs before update and after update import them again? This will be a problem to create it again and distribute to user's after ev...
by Neski
Tue Oct 03, 2017 2:27 pm
Forum: Beginner Basics
Topic: Forwarding ports for only one ip [SOLVED]
Replies: 10
Views: 1355

Re: Forwarding ports for only one ip [SOLVED]

Yes, your settings are correct.
Thx :)
by Neski
Tue Oct 03, 2017 2:10 pm
Forum: Beginner Basics
Topic: Forwarding ports for only one ip [SOLVED]
Replies: 10
Views: 1355

Forwarding ports for only one ip [SOLVED]

Hi,
I'm trying to forward port's only for one IP.
As i understand i allow connect selected ip to port 5060 and connect to : 192.168.20.2 on port 5060
it's all ok with settings?
2017-10-03_13-01-14.png
by Neski
Wed Aug 23, 2017 8:31 am
Forum: Beginner Basics
Topic: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]
Replies: 14
Views: 1292

Re: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]

Yes. You don't want to disable them, isn't it? After doing it, you can test by disabling one of the interfaces, more specifically the one with 192.168.1.x/24 addressing, as I assume LAN PCs are in the 192.168.10.x range. As long as you set the default gateway on M$ as 192.168.10.254 M$ will reach I...
by Neski
Mon Aug 14, 2017 3:52 pm
Forum: Beginner Basics
Topic: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]
Replies: 14
Views: 1292

Re: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]

Yes. You don't want to disable them, isn't it?

After doing it, you can test by disabling one of the interfaces, more specifically the one with 192.168.1.x/24 addressing, as I assume LAN PCs are in the 192.168.10.x range.
Yes, LAN PC's are in 192.168.10.X range. We will test this solution soon
by Neski
Mon Aug 14, 2017 3:37 pm
Forum: Beginner Basics
Topic: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]
Replies: 14
Views: 1292

Re: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]

We afraid a little to remove routing from M$ cause we don't have spare domain controller and we don't know how to M$ behave after remove routing and second networkcard .. In that case: 1.- Connect M$ 192.168.10.1 ethernet card to a Mikrotik ether port, say etherX 2.- Create a bridge, and add: ether...
by Neski
Mon Aug 14, 2017 3:12 pm
Forum: Beginner Basics
Topic: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]
Replies: 14
Views: 1292

Re: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]

I don't know either, where is 192.168.20.2 supposed to be? I am afraid you need to do some cleanup. Cannot understand either why the need of the M$ routing at all, you'd better have one single router to act as default gateway for all the network, it will simplify management and avoid routing loops....
by Neski
Mon Aug 14, 2017 2:41 pm
Forum: Beginner Basics
Topic: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]
Replies: 14
Views: 1292

Re: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]

Then you need to assign one, eg 192.168.10.254/24 on ether interface facing SG500. Any host having just one connection in the 192.168.10.x/24 range will need 192.168.10.254 as default gateway, so you'll need to modify DHCP Server at 192.168.10.1 to hand out 192.168.10.254 as gateway. Without connec...
by Neski
Mon Aug 14, 2017 1:32 pm
Forum: Beginner Basics
Topic: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]
Replies: 14
Views: 1292

Re: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]

Then you need to assign one, eg 192.168.10.254/24 on ether interface facing SG500. Any host having just one connection in the 192.168.10.x/24 range will need 192.168.10.254 as default gateway, so you'll need to modify DHCP Server at 192.168.10.1 to hand out 192.168.10.254 as gateway. WinSvr2008R2 a...
by Neski
Mon Aug 14, 2017 1:11 pm
Forum: Beginner Basics
Topic: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]
Replies: 14
Views: 1292

Re: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]

post an export. Does the mikrotik router has an 192.168.10.x/24 ip address assigned? nope [admin@MikroTik] > /export hide-sensitive # aug/14/2017 11:58:13 by RouterOS 6.40.1 # software id = K08Q-QN1P # # model = CCR1036-8G-2S+ # serial number = XXXXXXXXX /interface bridge add arp=local-proxy-arp na...
by Neski
Mon Aug 14, 2017 12:45 pm
Forum: Beginner Basics
Topic: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]
Replies: 14
Views: 1292

Re: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]

I have problem to reach 192.168.10.X from 192.168.20.X without connected 192.168.10.246 Link But from 192.168.10.X i can reach 192.168.20.X ewen without 246 link This doesn't make sense, first sentence contradicts second... please review your post and try to be more specific... I'm trying to route ...
by Neski
Mon Aug 14, 2017 10:28 am
Forum: Beginner Basics
Topic: MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]
Replies: 14
Views: 1292

MT CCR + WinSrv2008R2 as router = problem with propely setting [SOLVED]

Hi, i have unusual problem with connection. In Attached picture You can see. I have problem to reach 192.168.10.X from 192.168.20.X without connected 192.168.10.246 Link But from 192.168.10.X i can reach 192.168.20.X without 246 link How to set M$2008R2 serv properly ? Anyone have similar problem? I...