Community discussions

MUM Europe 2020

Search found 28 matches

by az1984
Mon Oct 29, 2018 2:18 pm
Forum: General
Topic: wAP-LTE not reachable through IPsec
Replies: 0
Views: 339

wAP-LTE not reachable through IPsec

Hello, I have several wAP-LTE boards running on different locations. All are setup with an IPsec tunnel to the headquarter. Actually the tunnels are working good (depending on LTE signal strength), but I found something I would like to fix. So, I have a fully configured wAP-LTE which is connected to...
by az1984
Tue Oct 02, 2018 7:41 pm
Forum: Wireless Networking
Topic: WAP LTE connection issues
Replies: 3
Views: 1526

Re: WAP LTE connection issues

Do you have any updates on this? It seems I have quite similar problems. My unit also works fine after reboot for some minutes and then it just looses LTE-connection. Previously I had another LTE-router installed, which had other issues but LTE-Connection was stable. At the moment I use two other WA...
by az1984
Fri Apr 27, 2018 8:56 am
Forum: General
Topic: No API connection
Replies: 4
Views: 672

Re: No API connection

Got it working now. It was more a C# related problem than a router one.
by az1984
Thu Apr 26, 2018 10:16 am
Forum: Scripting
Topic: C# API - tik4net on GitHub
Replies: 160
Views: 39531

Re: C# API - tik4net on GitHub

First of all: Great work! I just started to play around with tik4net and C#, but I got a little trouble. If I use your examples and create a WindowsConsoleApplication everything works as it should. Problems are starting when I try to do the same within a WindowsFormApplication. I use exactly the sam...
by az1984
Thu Apr 26, 2018 8:21 am
Forum: General
Topic: No API connection
Replies: 4
Views: 672

Re: No API connection

I was pretty unsure about this, but I found the following link where somebody says it would work: https://forum.splynx.com/t/mikrotik-api-error/449 Whatever....when I use the Raw connection in Putty I see API packets in torch but my "real" API connection does'nt work. I'am trying to use it with the ...
by az1984
Wed Apr 25, 2018 11:44 pm
Forum: General
Topic: No API connection
Replies: 4
Views: 672

No API connection

Hi, I just got some problems using the API Interface of my RB2011UiAS. I'am not able to connect via the API-port. The IP service is enabled and there are no firewall rules which would deny it. For testing I made a log-filter-rule which shows me, if there are any API-related packets. When I use Telne...
by az1984
Thu Mar 22, 2018 8:49 am
Forum: Beginner Basics
Topic: Block web site with Firewall
Replies: 10
Views: 16729

Re: Block web site with Firewall

I would agree with WirtelPL: Try using the TLS-Host option. It was introduced in RouterOS v. 6.41. It will also handle HTTPS. Just an excerpt from the mikrotik newsletter Feb2018: Since most of the internet now uses https, it has become much harder to filter specific web content. For this reason, Ro...
by az1984
Tue Mar 20, 2018 11:03 am
Forum: Beginner Basics
Topic: Cant get vlans to work [SOLVED]
Replies: 7
Views: 5673

Re: Cant get vlans to work

If you set PVID 20 on ether4 this will mean, you set VLAN 20 as untagged to that port - and I don't think that's what you want. You want to set VLAN1 as untagged and VLAN20 as tagged on ether4 (or any other ports). So you gonna leave the PVID on ether4 at "1" (again, thats the untagged VLAN). To add...
by az1984
Mon Mar 19, 2018 9:14 am
Forum: Beginner Basics
Topic: Cant get vlans to work [SOLVED]
Replies: 7
Views: 5673

Re: Cant get vlans to work

I found few things which you have to check: 1.) Have you enabled "VLAN filtering" on the VLAN-tab in the bridge settings? 2.) You have to add the IP-address to the VLAN20-interface, not to the bridge. Maybe I will work the way you did if you have only one VLAN on your bridge, but I would assign the ...
by az1984
Mon Mar 19, 2018 9:00 am
Forum: General
Topic: Comfortable way to block inter-vlan traffic?
Replies: 10
Views: 2794

Re: Comfortable way to block inter-vlan traffic?

What the heck is all-vlan? Is this a special function or pull down menu selection that already exists? Where is it found and what is its purpose? (I had assumed all-VLAN was simply a name given to an address list of all the vlan). I think this option will handle all existing vlan-interfaces in a wa...
by az1984
Fri Mar 16, 2018 12:55 pm
Forum: General
Topic: Comfortable way to block inter-vlan traffic?
Replies: 10
Views: 2794

Re: Comfortable way to block inter-vlan traffic?

So I just did a quick lab-test with this scenario: One CRR1009 with VLANs 10,20,30 an 100, DHCP-server on every VLAN interface. With an old HP switch I distributed this VLANs to connect some devices in severals VLANs. First I tried the method described by anav and che: I created an interface-list wi...
by az1984
Fri Mar 16, 2018 8:09 am
Forum: General
Topic: Comfortable way to block inter-vlan traffic?
Replies: 10
Views: 2794

Re: Comfortable way to block inter-vlan traffic?

This looks like a elegant way of realizing blocking inter-VLAN traffic too. I will also try this, but I'am also interested if this "all-VLANs" option will do the same. I think I don't have to take care of CPU utilization that much, because the 1009s CPU will sleep most of it's life in my scenario ;-)
by az1984
Thu Mar 15, 2018 4:34 pm
Forum: General
Topic: Comfortable way to block inter-vlan traffic?
Replies: 10
Views: 2794

Re: Comfortable way to block inter-vlan traffic?

I didn't test it, but rule with both in-interface=all-vlan and out-interface=all-vlan looks promising.
I will try this in lab and see what will happen.
by az1984
Wed Mar 14, 2018 4:41 pm
Forum: General
Topic: Comfortable way to block inter-vlan traffic?
Replies: 10
Views: 2794

Comfortable way to block inter-vlan traffic?

Hello, I'am searching for a comfortable way to block traffic between VLANs on an Mikrotik router. For example I have a CCR1009 with the SFP+ port as VLAN-trunk with VLAN IDs 10, 20 and 100. The only way I found in the forums was to make individual firewall rules for each VLAN and each direction. So ...
by az1984
Thu Sep 28, 2017 3:27 pm
Forum: General
Topic: Problems with SIP and mangle rules
Replies: 0
Views: 378

Problems with SIP and mangle rules

I have a problem with an RB3011 and SIP / VoIP. The RB3011 have two WAN connections and one of them (WAN2) should only be used for VoIP. The PBX is cloud based, so SIP-clients will connect through the internet. I tried to work with mangle rules. As the phones (DECT base and softclients) are not in a...
by az1984
Tue Sep 26, 2017 10:57 am
Forum: General
Topic: Problem with Site-to-Site OpenVPN
Replies: 2
Views: 1533

Re: Problem with Site-to-Site OpenVPN

Thanks for answer.

You are a right, but it is a little tricky. My client certificate did'nt hat the "K" in status. I tried to import the .key file (which was'nt written in the tutorial I used) but got an error. The trick is to rename the .key file to .pem and everything is working well.
by az1984
Tue Sep 26, 2017 8:24 am
Forum: General
Topic: NBN dual wan setup
Replies: 5
Views: 1063

Re: NBN dual wan setup

If you are trying to aggregate/bond your connections so that you can get 200/80, this will not work on standard residential connections. This is because outbound traffic expects to return back to the same network, on the same IP it went out on. It can be done on business/enterprise-grade connection...
by az1984
Thu Sep 21, 2017 4:50 pm
Forum: General
Topic: Problem with Site-to-Site OpenVPN
Replies: 2
Views: 1533

Problem with Site-to-Site OpenVPN

Hi, I have a little problem with an OpenVPN setup. In our central we have running a RB3011 as OpenVPN-Server. Clients can connect fine via PC or smartphone - works good so far. Now I want to connect mikrotik routers on customer site via OpenVPN. I just followed the tutorial I found on the web and ge...
by az1984
Wed Sep 20, 2017 8:03 am
Forum: General
Topic: vpn basics-ipsec
Replies: 2
Views: 549

Re: vpn basics-ipsec

Maybe this will help you out with your VPN-setup, if you want to use IPsec: https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_with_Mode_Conf 1.) Yes you can do that. 2.) If you want connection from everywhere you just leave this fields empty. Depending on the setup you have, I would ...
by az1984
Tue Sep 19, 2017 4:09 pm
Forum: Scripting
Topic: How to get dynamic WAN IP?
Replies: 7
Views: 2615

Re: How to get dynamic WAN IP?

Just found here...

viewtopic.php?t=73287
by az1984
Tue Sep 19, 2017 3:58 pm
Forum: Scripting
Topic: How to get dynamic WAN IP?
Replies: 7
Views: 2615

Re: How to get dynamic WAN IP?

Ok, that makes things a bit clearer, but I don't know yet, why you want to work with your WAN-IP.
If you have VPN-Clients which want to connect to the Mikrotik you can use it's DNS-name I think.
by az1984
Tue Sep 19, 2017 2:39 pm
Forum: Scripting
Topic: How to get dynamic WAN IP?
Replies: 7
Views: 2615

Re: How to get dynamic WAN IP?

Hi,

for what you want to use the WAN-IP information?

In IP -> Cloud you can find the Mikrotik-DNS Name and your WAN-IP - maybe this will help you out.
by az1984
Tue Sep 19, 2017 12:53 pm
Forum: General
Topic: IPsec with dynamic WAN-IP
Replies: 1
Views: 504

Re: IPsec with dynamic WAN-IP

Seems I got it working now.

I hat to change the peer to aggressive-mode (also on the LTE-router site) and disable the "passive" option.
by az1984
Tue Sep 19, 2017 11:35 am
Forum: General
Topic: IPsec with dynamic WAN-IP
Replies: 1
Views: 504

IPsec with dynamic WAN-IP

Hi, I'am struggeling a bit with configuring an IPsec-tunnel with dynamic IP on one site. So my setup is: Mikrotik (192.168.79.0/24 / static WAN-IP) <-> LTE-Router (192.168.83.0/24, dynamic WAN-IP) So I tried to setup the mikrotik with a template policy as followed: /ip ipsec peer add address=0.0.0.0...
by az1984
Tue Sep 19, 2017 8:40 am
Forum: General
Topic: NBN dual wan setup
Replies: 5
Views: 1063

Re: NBN dual wan setup

Hi, maybe you should try this guide: https://blog.linitx.com/load-balancing-multiple-internet-connections/ It also uses PPC like the video you had, but maybe there are some differences? (did'nt watch the whole video). I'am pretty new to mikrotik devices but got a nice load-balancing working with the...
by az1984
Mon Sep 18, 2017 8:02 am
Forum: General
Topic: OpenVPN Profile [SOLVED]
Replies: 3
Views: 807

Re: OpenVPN Profile [SOLVED]

Hi,

just comment out or delete this line in your config:
redirect-gateway def1
It tells your client to send all the traffic via the VPN-Gateway. Depending on the IP-subnets your network an your clients are working, you have to add a route to your network into your ovpn-config.
by az1984
Fri Sep 15, 2017 2:20 pm
Forum: General
Topic: IPsec and firewall issues
Replies: 2
Views: 512

Re: IPsec and firewall issues

You are right and it seems I figured out what was wrong. First I had a global forward accept rule, which I don't really need at all. I also don't know why I created this rule, maybe a relict from former tests. The accept-rule for related and established connections I already had. So the point was, t...
by az1984
Fri Sep 15, 2017 12:11 pm
Forum: General
Topic: IPsec and firewall issues
Replies: 2
Views: 512

IPsec and firewall issues

Hello, at the moment I'am struggeling with firewall-rules on ipsec traffic. I already read that there are some issues with filtering IPsec traffic, but I hope there is a way to solve my problem. I have a RB3011 with has several IPsec tunnels to our customer routers (non mikrotik). Via IPsec policy t...