Community discussions

MikroTik App

Search found 26 matches

by icko81
Mon Jan 06, 2020 8:13 pm
Forum: Announcements
Topic: v6.44.6 [long-term] is released!
Replies: 54
Views: 41776

Re: v6.44.6 [long-term] is released!

Can you fix Meta Router for install openwrt asterix version it does not allow install via image in latest version there is some bug .




thanks
Icko
by icko81
Sun Dec 29, 2019 1:53 pm
Forum: General
Topic: CISCO ANY CONNECT to IPSEC MIKROTIK TFS problem
Replies: 0
Views: 455

CISCO ANY CONNECT to IPSEC MIKROTIK TFS problem

Hi I have question? I have successfully managed to test every tunnel connection from OVPN LT2P IPSEC PURE IPSEC and IKEV2 SSTP, ShrewCLIENT works okey IPSEC to MIKROTIK WINDOWS Does CIsco Any Connect can make connection to MIKROTIK via IPSEC tunnel or is different product only works in CISCO product...
by icko81
Sun Dec 29, 2019 12:12 am
Forum: General
Topic: Invalid syntax in WIN10 only IKEv2 FIXED thanks
Replies: 9
Views: 1307

Re: Invalid syntax in WIN10 only IKEv2

Nothing tried everything cert work okey and windows still wont authenticate there is some bug which prevent ipsec and windows machine not work,at least talk each other, stable release package 6.46 Tried with every router on Win10 client and lte stick nothing still get invalid syntax maybe some othe...
by icko81
Sat Dec 21, 2019 1:22 am
Forum: General
Topic: VRRP interface on bridge
Replies: 14
Views: 5195

Re: VRRP interface on bridge

Hi , The concept of the Vrrp protocol is that both router knows which are roles and import config from one to another if something goes wrong, Only Inexperienced user think that secondary router will get address with number 2 instead of 1 in the subnet if the first router goes bad,the key is gateway...
by icko81
Wed Dec 18, 2019 3:29 pm
Forum: General
Topic: GREENBOW and IKEV2 MIKROTIK RSA and PSK setup WIN10
Replies: 2
Views: 494

Re: GREENBOW and IKEV2 MIKROTIK RSA and PSK setup WIN10 FIXED

1. Why do you open multiple topics for the same issue? 2. Is it RSA or PSK ?! 3. Did you fix your config as I've said at the end of this post here? https://forum.mikrotik.com/viewtopic.php?f=2&t=154789#p765247 Hi Znevna i corect everything but its not the certificate it something in the protocol In...
by icko81
Tue Dec 17, 2019 4:22 pm
Forum: General
Topic: GREENBOW and IKEV2 MIKROTIK RSA and PSK setup WIN10
Replies: 2
Views: 494

GREENBOW and IKEV2 MIKROTIK RSA and PSK setup WIN10

HI since I have been struggling to make ikev2 native certificate import and connection WINDOWS 10 . I installed this software and is very good alternative Mi question is does some user have this experience and tried make connection https://www.thegreenbow.com/vpn_client.html I got TFS padding not su...
by icko81
Mon Dec 16, 2019 12:55 am
Forum: General
Topic: Invalid syntax in WIN10 only IKEv2 FIXED thanks
Replies: 9
Views: 1307

Re: Invalid syntax in WIN10 only IKEv2

Nothing tried everything cert work okey and windows still wont authenticate there is some bug which prevent ipsec and windows machine not work,at least talk each other, stable release package 6.46 Tried with every router on Win10 client and lte stick nothing still get invalid syntax maybe some other...
by icko81
Sun Dec 15, 2019 9:12 pm
Forum: General
Topic: Invalid syntax in WIN10 only IKEv2 FIXED thanks
Replies: 9
Views: 1307

Re: Invalid syntax in WIN10 only IKEv2

/certificate add common-name="MY.VPN Root CA" name=MyCA key-size=2048 days-valid=3650 trusted=yes key-usage=key-cert-sign,crl-sign Nothing fancy. Also, try leaving in Identities My ID and Remote ID type to "auto". the certs are just fine exact what you mention so this is something to do with the tr...
by icko81
Sun Dec 15, 2019 8:59 pm
Forum: General
Topic: Invalid syntax in WIN10 only IKEv2 FIXED thanks
Replies: 9
Views: 1307

Re: Invalid syntax in WIN10 only IKEv2

I've tested with Windows 10 1809 and 1909, no issue here. Except the unrelated one I've posted in that topic. It also works with Windows 7 but it's a little tricky to import certificates in Local Machine store (there are guides on the web, or use certlm.msc from a win8+ machine). Windows 7's, atlea...
by icko81
Sun Dec 15, 2019 7:39 pm
Forum: General
Topic: Invalid syntax in WIN10 only IKEv2 FIXED thanks
Replies: 9
Views: 1307

Re: Invalid syntax in WIN10 only IKEv2

Under Windows you have to import the certificates in "Local Machine" store location. The one generated for client under "Personal". The CA for some reason doesn't get imported, donno why yet, you have to export it as "pem" from RouterOS and import it also in Local Machine under Trusted Root CA. You...
by icko81
Sun Dec 15, 2019 3:14 pm
Forum: General
Topic: Invalid syntax in WIN10 only IKEv2 FIXED thanks
Replies: 9
Views: 1307

Invalid syntax in WIN10 only IKEv2 FIXED thanks

Hello Guys I have been setup and working okey configuration of IKEv2 with certificate and shared key as well ipsec with correct policy, ROAD WARRIOR PURE IPSEC,SSTP,l2TP,OVPN and IKEv2 working okey on IOS,MAC,ANDROID 100% ok,have not tried win7 maybe it should work also, Also i did import certificat...
by icko81
Mon Nov 26, 2018 4:05 pm
Forum: General
Topic: OVPN require client certificate bug CRL DYNAMIC 1970 year
Replies: 0
Views: 374

OVPN require client certificate bug CRL DYNAMIC 1970 year

HI we noticed problem in following router model HEX s and 951ui HAP AC that when using require client certificate CRL on OVPN Server checked with properly configured certificate we have problem authentification which fails with TLS SSL error hash also we cannot delete dynamic crl signed certificate ...
by icko81
Wed Nov 14, 2018 3:25 am
Forum: General
Topic: IMPROVEMENTS IN MIKROTIK ROUTERS MUST HAVE 2018/19
Replies: 7
Views: 1820

Re: IMPROVEMENTS IN MIKROTIK ROUTERS MUST HAVE 2018/19

I agree with your proposed list and let me add my points: (1) Support Switch physical stacking for access layers larger than 48 physical ports. (2) Fix HW offload limited to one Bridge interface (i.e. CRS 3xx series) including LACP interfaces that are configured different than Active / Active with ...
by icko81
Wed Nov 14, 2018 2:53 am
Forum: General
Topic: IMPROVEMENTS IN MIKROTIK ROUTERS MUST HAVE 2018/19
Replies: 7
Views: 1820

IMPROVEMENTS IN MIKROTIK ROUTERS MUST HAVE 2018/19

Hi guys here are mine oppinion about Mikrotik future release and products for OS and what should they improve in their RB line immediately 1)First and foremost concerning addons packages a) OPEN VPN PACKAGES community edition improvements versus UBUQUiTY ROUTERS which has all features -lzo compressi...
by icko81
Fri Feb 23, 2018 3:52 am
Forum: General
Topic: Problem FAILOVER LINK SXT and 2 vpn routers with ROS
Replies: 1
Views: 288

Re: Problem FAILOVER LINK SXT and 2 vpn routers with ROS

I managed to solved it by making masquerade from both side of the links and 2 separate mynethostname.net for each router VPNS links l2tp and if one fails it automaticly connect to other to get to mine internal network, You must have 2 VPN profile for each ROS and correct routing tables and then you ...
by icko81
Fri Feb 23, 2018 1:28 am
Forum: General
Topic: Problem FAILOVER LINK SXT and 2 vpn routers with ROS
Replies: 1
Views: 288

Problem FAILOVER LINK SXT and 2 vpn routers with ROS

Hi I have succesfully managed to make failover and local net and internet connection between 2 routers and 2 sxt units in bridge mode, When 1 ros router Internet faildown it routes to secondary using SXT bridge connection and Vice Versa but there is another issue in the network, CLOUD service my.net...
by icko81
Fri Jan 26, 2018 1:40 am
Forum: Beginner Basics
Topic: main Mikrotik Router and Crs model bridge behind
Replies: 1
Views: 300

main Mikrotik Router and Crs model bridge behind

Hi I have made connection of Router with firewall rules and have question for Mikrotik Crs model in bridge mode which is connected to main router in bridge only mode does that mean that Mikrotik Switch can work only with Ip firewall bridge ruled and Ip firewall ip and nat are excluded they will only...
by icko81
Thu Jan 25, 2018 1:30 pm
Forum: Beginner Basics
Topic: Control communication between same local ip address
Replies: 3
Views: 440

Re: Conrol communication between same local ip address

Hi The solution would depend on your hardware. If these two are connected using unmanaged switch, then you can't limit the communication as-is. You would need to isolate server in a separate subnet and filter based on ip. If these two are connected using managed switch (or switched in MT itself), y...
by icko81
Wed Jan 24, 2018 11:41 pm
Forum: Beginner Basics
Topic: Control communication between same local ip address
Replies: 3
Views: 440

Control communication between same local ip address

hi guys I was always interested how i can stop or prevent some local ip address in same subnet to talk each other i know about BRIDGE level IP FIREWALL but i dont have knowledge how to setup Example i want user with local IP 192.168.178.103 address not talk to server with address 192.168.178.99 some...
by icko81
Tue Jan 23, 2018 2:10 am
Forum: General
Topic: Best way to test MIKROTIK IPsec Modes with ShrewClient
Replies: 0
Views: 409

Best way to test MIKROTIK IPsec Modes with ShrewClient

Hi Mikrotik owners , The best way to test your MIKROTIK IPSEC connection in router using debug IPSEC is the ShrewClient on Windows machine it has all modes beside IKEV2 to test out and see what fits in your scenarios,you will know exactly what to expect and how IPSEC packets 2 phase works, I hope No...
by icko81
Sat Jan 20, 2018 11:49 am
Forum: General
Topic: IkeV2 two connections or sessions STRONGSWAN PROBLEM
Replies: 6
Views: 1969

Re: IkeV2 two connections or sessions

Ok thanks Sindy to finish and sum it up, So let clarify all of Mikrotik IPSEC saga since mine setup was meant for ROAD WARRIOR so all of the Mikrotik Geek will know exactly how to setup their units accordingly to limitations please underline something from mine stated scenarios So , all scenarios we...
by icko81
Fri Jan 19, 2018 11:02 pm
Forum: General
Topic: IkeV2 two connections or sessions STRONGSWAN PROBLEM
Replies: 6
Views: 1969

Re: IkeV2 two connections or sessions

I don't know how you've selected the data for copy-pasting but there are missing substrings. Also, it is better to enclose configuration export between [ code ] and [ / code ] for better reading (remove all spaces inside each [ ... ]) Now I can see that you have an IKEv1 peer with pre-shared key an...
by icko81
Fri Jan 19, 2018 9:22 pm
Forum: General
Topic: IkeV2 two connections or sessions STRONGSWAN PROBLEM
Replies: 6
Views: 1969

Re: IkeV2 two connections or sessions

Hi Sindy Here is the export setup please help me Concerning communication road warrior connects with different public ip and make loop or fight for connection also same with the nated device behind rb2011 also connects but fight in endless loop connect disconnect where 2 or more device connect ,also...
by icko81
Fri Jan 19, 2018 4:46 pm
Forum: General
Topic: IkeV2 two connections or sessions STRONGSWAN PROBLEM
Replies: 6
Views: 1969

IkeV2 two connections or sessions STRONGSWAN PROBLEM

Hi I have problem when connect to Ikev2 with rsa signature everything works key, nat is forward to in and out address 192.168.111.0 but have problem when i want use two or more connections the server connects and disconects in loop the client road warrior any help about that issue i know ikev2 is st...
by icko81
Tue Jan 16, 2018 8:34 pm
Forum: General
Topic: Pure IPSEC and l2tp +IKE in parallel problem policy
Replies: 0
Views: 253

Pure IPSEC and l2tp +IKE in parallel problem policy

HI , I was able to succesfully connect main l2tp peer and PURE iPSEC CISCO with preshared key :D ,but problem is when i want to use both peers i get unknown phase negotiation problem L2tp/IP overrides the IPSEC policy ,also policy how to get setup with IPSEC so the question is is they can work with ...
by icko81
Sat Jan 13, 2018 8:54 pm
Forum: General
Topic: l2TP ,IP SEC,IKEv1 and IkeV2 in more Details and information
Replies: 12
Views: 2586

l2TP ,IP SEC,IKEv1 and IkeV2 in more Details and information

HI Guys, We love mikrotik products they give us perfect managment of network and we can apply many rules versus expensive units like Cyberoam UTM router or Fortinet etc, Very stable kernel and BSD UNix quality of production ,many years on market, We succesfully managed to make all the following VPN ...