Community discussions

Search found 85 matches

  • 1
  • 2
by jphconstantin
Fri Aug 16, 2019 4:26 pm
Forum: General
Topic: VPN/ipsec with strongSwan
Replies: 1
Views: 183

Re: VPN/ipsec with strongSwan

Just before the error, the log display this:

Image
by jphconstantin
Thu Aug 15, 2019 6:06 pm
Forum: General
Topic: VPN/ipsec with strongSwan
Replies: 1
Views: 183

VPN/ipsec with strongSwan

Hello, I tried to establish a VPN/Ipsec between my Mikrotik router and my Android tablet. Side Android, I installed strongSwan. Side Mikrotik: /ip ipsec mode-config add address-pool=ike2-pool address-prefix-length=32 name=ike2-conf \ split-include=0.0.0.0/0 /ip ipsec policy group add name=ike2-polic...
by jphconstantin
Wed Aug 14, 2019 2:41 pm
Forum: Beginner Basics
Topic: Questions about certificates
Replies: 0
Views: 206

Questions about certificates

Hello,

1) In order to create a new CA, I remove it and ... all certificates have been deleted ! normal or not ?

2) I created a CA, signed it and now I want to modifiy it: how to proceed correctly ?
by jphconstantin
Mon Aug 12, 2019 4:24 pm
Forum: General
Topic: site to site ipsec Mikrotik/Teltonika
Replies: 24
Views: 1990

Re: site to site ipsec Mikrotik/Teltonika

Hello Jorge, Filezilla: I am using SFTP, not FTP. FTP is in passive mode. /ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related add action=accept chain=input disabled=yes in-interface=ovpn-vers-eison add action=accept chain=forward disabled=yes in-int...
by jphconstantin
Sun Aug 11, 2019 6:56 pm
Forum: General
Topic: site to site ipsec Mikrotik/Teltonika
Replies: 24
Views: 1990

Re: site to site ipsec Mikrotik/Teltonika

Hello, I installed ssh on 192.168.2.34, created an incoming rule for port 22 RUT955: lan to vpn accept masquerading=yes / vpn to lan accept masquerading=yes Everything is ok: ping, traceroute, ssh, winscp from 192.168.2.34 and from any server-side machines - filezilla gives still an error - openvpn ...
by jphconstantin
Fri Aug 09, 2019 5:47 pm
Forum: General
Topic: site to site ipsec Mikrotik/Teltonika
Replies: 24
Views: 1990

Re: site to site ipsec Mikrotik/Teltonika

Hello, traceroute 192.168.2.34 from a serve-side pc stops after 172.22.22.2 ok if I disable the 192.168.2.34 firewall ssh -vv jpc@192.168.2.34 connection refused if firewall disable stays blocking in connecting ... if firewall enable From the server: currently only the ping messages go thru the tunn...
by jphconstantin
Fri Aug 09, 2019 5:13 pm
Forum: General
Topic: site to site ipsec Mikrotik/Teltonika
Replies: 24
Views: 1990

Re: site to site ipsec Mikrotik/Teltonika

@jorgito Thank you for your compassion ! Yes, I have the 00.06.04 version tcpdump -nn -i tun_c_rut955_ovpn_client returns: no such device exists ip link show display for tun...client: ... mtu 1500 qdisc fq_code1 state UNKNOWN mode DEFAULT group default qlen 100 ip a display: same line + link/none + ...
by jphconstantin
Fri Aug 09, 2019 5:09 pm
Forum: General
Topic: site to site ipsec Mikrotik/Teltonika
Replies: 24
Views: 1990

Re: site to site ipsec Mikrotik/Teltonika

@csalcedo
Yes, with a great interest !
If you could send me (by MP) the both configs ...
Thanks by advance
best regards,

jean-philippe
by jphconstantin
Fri Aug 09, 2019 3:06 pm
Forum: Beginner Basics
Topic: ovpn packets
Replies: 1
Views: 216

ovpn packets

Crazy question ...

How to display the content of the ovpn packets ?

/system logging add topics=ovpn,packet,debug doesn't display packets content

Thanks by advance
by jphconstantin
Fri Aug 09, 2019 2:24 pm
Forum: General
Topic: site to site ipsec Mikrotik/Teltonika
Replies: 24
Views: 1990

Re: site to site ipsec Mikrotik/Teltonika

As your suggestion I set the following rules for Teltonika: vpn to lan accept forward traffic lan to vpn accept forward traffic I try to connect a computer from the server lan (with putty or winscp) to the computer 192.168.2.34 with its firewall disable : no success (but ping ok). I also tried filez...
by jphconstantin
Thu Aug 08, 2019 8:26 pm
Forum: General
Topic: site to site ipsec Mikrotik/Teltonika
Replies: 24
Views: 1990

Re: site to site ipsec Mikrotik/Teltonika

My knowledge is limited indeed. I note in the Teltonika > Traffic rules: 1) allow-ping from any host in wan, to any router IP on this device, input chain 2) allow-vpn-traffic from any host in wan, to any router IP on this device, input chain I turn off the firewall on the 192.168.2.34 and I can ping...
by jphconstantin
Thu Aug 08, 2019 7:42 pm
Forum: General
Topic: site to site ipsec Mikrotik/Teltonika
Replies: 24
Views: 1990

Re: site to site ipsec Mikrotik/Teltonika

1) Ok I can ping 172.22.22.2 and the router 192.168.2.1 but not the client PCs 2) the client log display every x seconds the following message: daemon.err .... write to TUN/TAP : Invalid argument (code=22) that is why I ask the question about the compression 3) according to Jorge suggestion, I added...
by jphconstantin
Thu Aug 08, 2019 6:47 pm
Forum: General
Topic: site to site ipsec Mikrotik/Teltonika
Replies: 24
Views: 1990

Re: site to site ipsec Mikrotik/Teltonika

Hello Jorge, For the "server2" certificate I didn't select tls server in key usage For the client certificate I didn't select tls client in key usage Shall I regenerate them ? In /ppp profile I have the option use-compression=default Shall I set use-compression=no because Mikrotik doesn't support LZ...
by jphconstantin
Thu Aug 08, 2019 6:01 pm
Forum: General
Topic: site to site ipsec Mikrotik/Teltonika
Replies: 24
Views: 1990

Re: site to site ipsec Mikrotik/Teltonika

hello again,
I note that I didn't fill the country, state, ... fields for the ca certificate but I did it for the server.
I also note that the days valid field of the ca is different of the server
Is it a potential source of errors ?

Jean-Philippe
by jphconstantin
Thu Aug 08, 2019 5:02 pm
Forum: General
Topic: site to site ipsec Mikrotik/Teltonika
Replies: 24
Views: 1990

Re: site to site ipsec Mikrotik/Teltonika

Hello Jorge, Nice to read you again ! This is my network configuration: https://i.imgur.com/y52hH4F.jpg I read carefully (I thought ...) Mikrotik wiki but Here is my Mikrotik server side config: /ppp secret add name=user1 profile=ovpn service=ovpn /ppp profile add name=ovpn local-address=172.22.22.1...
by jphconstantin
Sun Aug 04, 2019 4:13 pm
Forum: Beginner Basics
Topic: Several VPN, several certificates
Replies: 1
Views: 263

Several VPN, several certificates

Hello, I configured a VPN/IPSec according to the wiki https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_using_IKEv2_with_RSA_authentication between my router and an Android tablett: everything is fine. Now I want to add a new VPN (site to site) by using OVPN. 1) Is it possible to hav...
by jphconstantin
Sat Aug 03, 2019 6:38 pm
Forum: Beginner Basics
Topic: Where is openvpn ?
Replies: 4
Views: 456

Re: Where is openvpn ?

@sob: thank you. Therefore nothing to install
@ros44: it is in my signature
by jphconstantin
Sat Aug 03, 2019 4:38 pm
Forum: Beginner Basics
Topic: Where is openvpn ?
Replies: 4
Views: 456

Where is openvpn ?

Hello,
I didn't find in the packages OpenVpn: where is it and how to install it ?
Thank you
by jphconstantin
Fri Aug 02, 2019 8:08 pm
Forum: General
Topic: site to site ipsec Mikrotik/Teltonika
Replies: 24
Views: 1990

Re: site to site ipsec Mikrotik/Teltonika

Thank you Jorge but a fully description of both sides should be appreciable ... Some questions (for the time being ...): 1) The RUT955 has a private IP address because it is a 4G router and my provider doesn't distribute public address. What is/are the consequence(s) in the configuration of the Mikr...
by jphconstantin
Sun Jul 28, 2019 4:41 pm
Forum: General
Topic: site to site ipsec Mikrotik/Teltonika
Replies: 24
Views: 1990

site to site ipsec Mikrotik/Teltonika

Hello,
In the wiki, IPSec section, chapter 17.1, there is an example of "Site to site IPSec tunnel"
In my case the site 2 have openvpn, this is not a Mikrotik router (Teltonika RUT955)

Could you give me a roadmap how to config the site 2 or a reference to a tutorial ?

Thank you by advance,
by jphconstantin
Wed Jul 10, 2019 6:10 pm
Forum: Beginner Basics
Topic: road warrior clients + ikev2 + ipsec
Replies: 1
Views: 220

road warrior clients + ikev2 + ipsec

Hello,
In the chapter 17.2 of the wiki, there is a good example how to use ipsec without l2tp
Each client shall have a certificate but can the client certificate be the same for all clients ?
Thank you,
by jphconstantin
Fri Jun 21, 2019 7:25 pm
Forum: General
Topic: IKEv2 ROS 6.44.3 (Stable) + android + strongswan
Replies: 3
Views: 309

Re: IKEv2 ROS 6.44.3 (Stable) + android + strongswan

you are lucky ...
by jphconstantin
Tue Jun 18, 2019 1:53 pm
Forum: Beginner Basics
Topic: l2tp/ipsec with Android smartphone
Replies: 2
Views: 338

Re: l2tp/ipsec with Android smartphone

Thank you for your reply. I set remote-address to 192.168.1.36 as you advice me ! But always the same error: StopCCN code=6 I use an Android smartphone, not Windows Note 1: I followed the "Basic L2TP/IpSec setup" described in https://wiki.mikrotik.com/wiki/Manual:Interface/L2TP Note 2: resume of the...
by jphconstantin
Mon Jun 17, 2019 3:40 pm
Forum: Beginner Basics
Topic: l2tp/ipsec with Android smartphone
Replies: 2
Views: 338

l2tp/ipsec with Android smartphone

Hello, I try to config my router in L2TP/IPsec in order to interface my Android smartphone. In /ppp secret local-address = gateway address = local router address(192.168.1.1) remote-address = ? the smartphone has an IP address (192.168.1.36) but the phone provider change it (83.x.y.z): what info sha...
by jphconstantin
Mon Jun 17, 2019 3:10 pm
Forum: Beginner Basics
Topic: Config VPN and DDNS + smartphone
Replies: 5
Views: 447

Re: Config VPN and DDNS + smartphone

Have you tried to connect with pc/laptop?
No
L2TP/IPSec
I will follow your advice

But how to clean (reset, delete, ...) what I have defined ?
by jphconstantin
Sun Jun 16, 2019 4:40 pm
Forum: Beginner Basics
Topic: Config VPN and DDNS + smartphone
Replies: 5
Views: 447

Re: Config VPN and DDNS + smartphone

I guess the Mikrotik Tutorial 19 is not anymore up to date and that I must read the wiki or if you can give me references ...
Note that I have installed the 6.44.3 OS version.
by jphconstantin
Fri Jun 14, 2019 4:57 pm
Forum: Beginner Basics
Topic: Config VPN and DDNS + smartphone
Replies: 5
Views: 447

Re: Config VPN and DDNS + smartphone

Yes, the public address is unique. I don't undertand your question ... beginner basics forum -> give me the command please I changed in my smartphone the vpn config: I setup <number>.sn.mynetname.net instead of the public address as the address server: nothing changed Note 1: PPP > interface: empty ...
by jphconstantin
Thu Jun 13, 2019 6:59 pm
Forum: Beginner Basics
Topic: Config VPN and DDNS + smartphone
Replies: 5
Views: 447

Config VPN and DDNS + smartphone

Hello, I followed CAREFULLY the Mikrotik Tutorial 19 for the configuration of my router. I want to establish a connection from my Samsung smartphone. I defined a VPN on it: name: Office Server address: the internet address of my Mikrotik router Password: the password defined in the quick set for the...
by jphconstantin
Fri May 17, 2019 3:32 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: sfp parameters missing
Replies: 1
Views: 356

sfp parameters missing

Hi,
How to configure the router in order to have the missing parameters ?
by jphconstantin
Wed May 01, 2019 5:06 pm
Forum: General
Topic: fcs error?????
Replies: 13
Views: 44305

Re: fcs error?????

I also have this message in my log during 6 days
The connected machine is a Raspberry 3b+, I disconnected during 6 days and the message was logged. Now I am back, reconnected the RPI and no message.
The cable is long: 10 meters !
Antenna effect ?
by jphconstantin
Sun Apr 14, 2019 4:18 pm
Forum: Beginner Basics
Topic: check and protect smb from outside
Replies: 2
Views: 309

check and protect smb from outside

Hello, I would like to check if my Mikrotik router is well protected against ports attacks from outside, mainly all concerning smb protocol. What is the best procedure to do that ? Has Mikrotik a tool for checking ? I can define a firewall rule in the input chain but I want to also allow the smb pro...
by jphconstantin
Sun Jan 20, 2019 7:08 pm
Forum: Beginner Basics
Topic: Upgrade after a long time
Replies: 3
Views: 224

Re: Upgrade after a long time

[admin@MikroTik] > /interface export # jan/20/2019 18:07:12 by RouterOS 6.40.5 # software id = CCV8-MISI # # model = CCR1009-7G-1C # serial number = 7AF40788DE3D /interface bridge add name=bridge1 /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /interface...
by jphconstantin
Sun Jan 20, 2019 6:31 pm
Forum: Beginner Basics
Topic: Upgrade after a long time
Replies: 3
Views: 224

Upgrade after a long time

Hello, I didn't upgrade my ccr1009-7g-1c-pc since a very long time ... The RouterOs version is 6.40.5 The latest is 6.43.8 As I read in the wiki that some parts have been rewritten then I don't dare upgrade. First of all I shall backup the configuration and, in case of problems, I could reinstall it...
by jphconstantin
Fri Feb 02, 2018 10:37 am
Forum: Beginner Basics
Topic: How to limit the encrypted bittorrent bandwidth
Replies: 0
Views: 325

How to limit the encrypted bittorrent bandwidth

Hello, According to the wiki, the p2p chain properties doesn't work on encrypted bittorrent. Which is the best approach for implementing a bandwidth management in that case ? - define a input port for the download traffic - define a output port for the upload traffic - define mangle rules (connectio...
by jphconstantin
Tue Jan 02, 2018 8:09 pm
Forum: Beginner Basics
Topic: call a function localized in a script
Replies: 1
Views: 177

call a function localized in a script

Hello,
I wrote a lot of functions grouped into a script:
#scriptA
:global fctA do={...}
:global fctB do={...}
etc

How can I call one of these functions in another script ?
#scriptB
.../system script run scriptA ...fctB ...
by jphconstantin
Tue Jan 02, 2018 8:03 pm
Forum: Beginner Basics
Topic: How to debug a script ?
Replies: 6
Views: 1995

Re: How to debug a script ?

Can I display variables ?
by jphconstantin
Fri Dec 29, 2017 6:00 pm
Forum: Beginner Basics
Topic: How to debug a script ?
Replies: 6
Views: 1995

How to debug a script ?

I added script in /system logging but I see nothing in the log window when I execute a script.
What is missing ?
by jphconstantin
Thu Dec 28, 2017 7:38 pm
Forum: Beginner Basics
Topic: change the clock format
Replies: 0
Views: 196

change the clock format

The /system clock get date return a string with this format: mmm/dd/yyyy
How to change the format (i.e dd/mmm/yyyy ) ?

Excepted with the pick function, I don't see any solution.
by jphconstantin
Wed Dec 27, 2017 7:40 pm
Forum: Beginner Basics
Topic: Netinstall process
Replies: 2
Views: 293

Re: Netinstall process

Could you developp ?
by jphconstantin
Thu Dec 21, 2017 7:43 pm
Forum: Beginner Basics
Topic: Netinstall process
Replies: 2
Views: 293

Netinstall process

Question of curiosity ...
How does Netinstall detect a router when winbox isn't able to do it !?
by jphconstantin
Mon Dec 18, 2017 5:23 pm
Forum: Beginner Basics
Topic: My router probably broken ?
Replies: 11
Views: 656

Re: My router probably broken ?

After several attempts (?) , winbox has discovered the router
Thank you very much. You save my life before Xmas !

Next time, I will do a backup OUTSIDE of the router before to upgrade it.
I don't understand this failure during the upgrade.
by jphconstantin
Mon Dec 18, 2017 4:15 pm
Forum: Beginner Basics
Topic: My router probably broken ?
Replies: 11
Views: 656

Re: My router probably broken ?

I downloaded netinstall and installed it I connect my cable on ether7 port (because ccr) I turn the power off With Net booting, I set an IP (192.168.1.199) I pressed the reset button and turn on the power ... Now I see the mac address with the status of ready !!!!! Yes it was really the time for net...
by jphconstantin
Mon Dec 18, 2017 3:50 pm
Forum: Beginner Basics
Topic: My router probably broken ?
Replies: 11
Views: 656

Re: My router probably broken ?

no antivirus !
no wifi
just the router connected on a switch to a computer

Note: I downloaded and installed mactelnet on linux debian
I typed the mac address of the router: connection failed
I tried both mac addresses
by jphconstantin
Mon Dec 18, 2017 3:26 pm
Forum: Beginner Basics
Topic: My router probably broken ?
Replies: 11
Views: 656

Re: My router probably broken ?

Thank you @BartoszP
I clicked Neighbours: no discovered device
I tried refresh: idem
Note:cable on ether1, bip every 10 seconds after power off/on
by jphconstantin
Mon Dec 18, 2017 2:46 pm
Forum: Beginner Basics
Topic: My router probably broken ?
Replies: 11
Views: 656

Re: My router probably broken ?

Sorry but I don't understand: be explicit please
by jphconstantin
Mon Dec 18, 2017 1:55 pm
Forum: Beginner Basics
Topic: My router probably broken ?
Replies: 11
Views: 656

My router probably broken ?

Hello, Yesterday I tried to upgrade to the last stable version. When I pressed "Download and Install" button, then nothing happens. After a few seconds I hear a bip. - The sfp led was off. - The PWR blue led on - bip every 10 secondes I asked my neighbour: his fiber connection was ok. I decided to d...
by jphconstantin
Mon Dec 11, 2017 6:42 pm
Forum: Beginner Basics
Topic: denied winbox/dude message
Replies: 7
Views: 8075

Re: denied winbox/dude message

I believed that the fasttrack rules should be the first ones ?
by jphconstantin
Mon Dec 11, 2017 4:01 pm
Forum: Beginner Basics
Topic: denied winbox/dude message
Replies: 7
Views: 8075

Re: denied winbox/dude message

No I don't want any access to winbox from the WAN.
I suppose I will find how to fix that in the wiki.
Thank you.
by jphconstantin
Sun Dec 10, 2017 7:50 pm
Forum: Beginner Basics
Topic: icmp messages in log
Replies: 1
Views: 284

icmp messages in log

Found in my log several messages such as:
input: in: combo1 out:(none) src-mac: f8:66:f2:28:9a:ff proto ICMP (type 8, code 0) 46.234.125.89 > my_ip_address
Shall I consider as an attack ?
by jphconstantin
Sun Dec 10, 2017 7:39 pm
Forum: Beginner Basics
Topic: denied winbox/dude message
Replies: 7
Views: 8075

denied winbox/dude message

Hello,
Found in my log:
denied winbox/dude connect from 5.39.218.37
Shall I consider that as an attempt of attack ?
Shall I protect better my router ?

Thank you,
  • 1
  • 2