Community discussions

MikroTik App

Search found 21462 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 72
by anav
Sat Nov 02, 2024 1:45 am
Forum: General
Topic: Controversal - MikroTik state of technology
Replies: 11
Views: 462

Re: Controversal - MikroTik state of technology

Well its equally arrogant to think Europe is the centre of the Universe...... Of course its Canada but thats another discussion.
Suffice to say, it was an emotional short sighted statement that was a waste of carbon 1s and 0s.
by anav
Sat Nov 02, 2024 1:43 am
Forum: Beginner Basics
Topic: Stuck on device to vlan assignment principles
Replies: 10
Views: 308

Re: Stuck on device to vlan assignment principles

Or sit at your computer on the couch and order it online. Lots of sources for the CSS106-5G-1S I mentioned earlier.
Geez, I thought every one from Cali, had a fitbitch watch and was counting steps LOL
by anav
Sat Nov 02, 2024 1:29 am
Forum: Beginner Basics
Topic: 2 WAN loadbalancing configuration
Replies: 1
Views: 81

Re: 2 WAN loadbalancing configuration

Lets get some clarity. You are going to keep the two ISP modems and ISP routers in place. They will each provide their own private LAN like 192.168.1.0/24 and 192.168.2.0/24 You will assign a fixed private IP on each ISP router and will use that as the WANIP for the hex, WAN1 and WAN2 ++++++++++++++...
by anav
Sat Nov 02, 2024 1:21 am
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 11
Views: 554

Re: How to block camera from being accessed from WAN? [SOLVED]

Please explain, "cannot access cameras from local net" ???
Do you mean you cannot view cameras in t he 10.1.3.0/24 subnet from your PC in the 10.1.1.0/24 subnet ??

Please post latest complete config!!
by anav
Sat Nov 02, 2024 1:14 am
Forum: Beginner Basics
Topic: Stuck on device to vlan assignment principles
Replies: 10
Views: 308

Re: Stuck on device to vlan assignment principles

In other words,s a 15 minute trip to staples or best buy, and 15 min back, and your done for the most part. TDW's route will lead to graying or loss of hair.
by anav
Fri Nov 01, 2024 11:46 pm
Forum: General
Topic: Controversal - MikroTik state of technology
Replies: 11
Views: 462

Re: Controversal - MikroTik state of technology

Yes, do pray tell, one must should have opinion on facts, vice rectal plucks.
by anav
Fri Nov 01, 2024 11:45 pm
Forum: General
Topic: Hairpin NAT not working
Replies: 10
Views: 406

Re: Hairpin NAT not working

Follow the bouncing ball..................... https://gregsowell.com/?p=4242 In a nutshell, when the router attempts to send the response from the local LAN member, without the sourcenat rule in place, the router will try to shortcut the response directly from the server to the LAN user ( as if the ...
by anav
Fri Nov 01, 2024 10:36 pm
Forum: Beginner Basics
Topic: Stuck on device to vlan assignment principles
Replies: 10
Views: 308

Re: Stuck on device to vlan assignment principles

I'm with K6................... simple managed switch or hex type device acting as a switch, send vlans from router to switch ( will need one for wall, leaving four different vlans could be served up)
by anav
Fri Nov 01, 2024 10:01 pm
Forum: General
Topic: Port forwarding not working in lan
Replies: 1
Views: 88

Re: Port forwarding not working in lan

1. Ensure port forwarding rule is more flexible, than the default rule.. Remove the current default forward chain rule that covers incoming from WAN and dstnat with a block rule, and Replace with add chain=forward action=accept comment="internet traffic" in-interface-list=LAN out-interface...
by anav
Fri Nov 01, 2024 9:54 pm
Forum: General
Topic: Wireguard interface in wan and lan list
Replies: 1
Views: 75

Re: Wireguard interface in wan and lan list

Nope, you need to better understand how wireguard works and what the interfaces on MT RoS are used for. So firstly are you connecting to a third party VPN server? If so, then generally speaking you will need to SOURCENAT all your LAN traffic heading in the directiion of the server to have ONE source...
by anav
Fri Nov 01, 2024 9:47 pm
Forum: General
Topic: Hairpin NAT not working
Replies: 10
Views: 406

Re: Hairpin NAT not working

Of course its not going to work, what did you forward to the LAN server (answer --> NOTHING ) no ports/protocol is delineated!! Then: 0 chain=srcnat action=masquerade out-interface=ether5[internet] log=no log-prefix="" 1 chain=srcnat action=masquerade src-address=10.10.42.0/24 dst-address=...
by anav
Fri Nov 01, 2024 5:45 pm
Forum: Beginner Basics
Topic: Is my firewall safe?
Replies: 8
Views: 425

Re: Is my firewall safe?

The firewall address list entries with LAN subnet IPs, should be set statically via DHCP leases.
by anav
Fri Nov 01, 2024 5:43 pm
Forum: General
Topic: Controversal - MikroTik state of technology
Replies: 11
Views: 462

Re: Controversal - MikroTik state of technology

So you have no issue that needs assistance in resolving............ moving on.
by anav
Fri Nov 01, 2024 2:42 pm
Forum: Beginner Basics
Topic: Is my firewall safe?
Replies: 8
Views: 425

Re: Is my firewall safe?

/ip firewall address-list add address=adminIP1-trustedsubnet/32 list= AUTHORIZED comment="admin device wired" add address=adminIP2-trustedsubnet/32 list=AUTHORIZED comment="admin device wifi" add address=wg0-IP1/32 list=AUTHORIZED comment="admin remote device1" add add...
by anav
Fri Nov 01, 2024 2:24 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 754

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Assuming this is the HOME ROUTER? /ip firewall address-list { set static DHCP leases where applicable } add address=192.168.88. A /32 list= AUTHORIZED comment="admin device wired" add address=192.168.88. B /32 list=AUTHORIZED comment="admin device wifi" add address=192.168.40.0/2...
by anav
Fri Nov 01, 2024 4:19 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 26
Views: 1243

Re: How to Pass all traffic into WireGuard Cloudflare ?

Also, what do you mean you cannot ping the subnets..........
Ping from where???

So the major changes are dstnat rules IP address is the remote address 172.16.0.1
and the IP DNS settings are simply
add server=1.1.1.1,1.0.0.1

Once we get everything working THEN we will do the failover changes!!!
by anav
Fri Nov 01, 2024 4:13 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 26
Views: 1243

Re: How to Pass all traffic into WireGuard Cloudflare ?

1. Confirm when you are surfing the net, the source is the home router IP??? aka through wireguard!! 1.Confirm cannot connect via winbox a. using wifi connection b. using ethernet4 if you changed the winbox port from default then you need to put in IPaddress:port# I always use mac address. 2. Change...
by anav
Fri Nov 01, 2024 1:27 am
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 13
Views: 447

Re: Connecting Two Remote Locations Without Public IP

Can you confirm that both sites dont have an ISP router with a public IP, where you can forward ports to your router?? Currently your best option is to pay for a cloud server ( $6 US a month ) and buy a CHR license from MT and put it on the server. This will connect all your router easily via wiregu...
by anav
Fri Nov 01, 2024 1:25 am
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 10
Views: 1208

Re: Issue with Wireguard - Connected but no traffic

As requested please post the latest configs of both devices.
by anav
Fri Nov 01, 2024 1:22 am
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 754

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

1. Yes the only folks that should have access in the input chain is the admin. The source address list is easy to maintain and allows the admin to identify all the LAN subnet IPs he has on any connected network as well as any wireguard IPs assigned to his/her devices. There are many places to contro...
by anav
Fri Nov 01, 2024 1:15 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 26
Views: 1243

Re: How to Pass all traffic into WireGuard Cloudflare ?

Post your latest config and please explain a bit more clearly what is NOT working yet .
by anav
Thu Oct 31, 2024 10:22 pm
Forum: Beginner Basics
Topic: Is my firewall safe?
Replies: 8
Views: 425

Re: Is my firewall safe?

Clearly you didnt ---> I followed this guide for VLANs: viewtopic.php?t=143620
Just check out your /interface bridge port settings LOL
by anav
Thu Oct 31, 2024 9:50 pm
Forum: Beginner Basics
Topic: Automatically divide customers into 4 internet lines equally
Replies: 17
Views: 1267

Re: Automatically divide customers into 4 internet lines equally

What I would do is /mangle connection marks for pcc WAN1 for user4 connection marks for pcc WAN2 for user4 connection marks for pcc WAN3 for user4 routing marks for pcc WAN1 for user4 routing marks for pcc WAN2 for user4 routing marks for pcc WAN3 for user4 /routing rules direct user1 to routing mar...
by anav
Thu Oct 31, 2024 8:43 pm
Forum: General
Topic: DUAL WAN into one connection use
Replies: 10
Views: 338

Re: DUAL WAN into one connection use

With two 200mb connection there should be no issues to both tsream and download, you may with to separate the two functions between the two WANs, such that you dont impact any attempts at streaming while you are downloading.
by anav
Thu Oct 31, 2024 8:27 pm
Forum: Beginner Basics
Topic: Sites connected with Wireguard but not able to access other hosts
Replies: 8
Views: 297

Re: Sites connected with Wireguard but not able to access other hosts

ROUTER A 1. Allowed IPs needs work ( the small change ensures that the remote admin can access this router from any location ) /interface wireguard peers add allowed-address=10.2.200 .0/24, 192.168.201.1/32 endpoint-address=\ <code> endpoint-port=59123 interface=wg-fs name=\ fs persistent-keepalive...
by anav
Thu Oct 31, 2024 7:40 pm
Forum: Beginner Basics
Topic: Double NAT with 2 WAN and wireguard
Replies: 11
Views: 447

Re: Double NAT with 2 WAN and wireguard

Sorry I cannot proceed because you continue to HIDE FACTS. a. why are there two wireguard interfaces on ATL and home, you only discussed one wireguard previously. b. its impossible to know which wireguard interface you are referring to in the configs because you CRAZILY hide the names, for some unkn...
by anav
Thu Oct 31, 2024 5:08 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 754

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Remember I need both latest snapshot of both devices to ensure they integrate. extra NAT should not be needed because we covers incoming traffic via allowed IPs and firewall rules. Due to the fact that your rules still need work is why......Once fixed the NAT rule will not be required. ( it also def...
by anav
Thu Oct 31, 2024 4:59 pm
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 10
Views: 390

Re: Trying to wrap my head around VLANs

KAL EYE 4RN EYE EH
I try to keep up with code/acronyms/etc., but huh???

BTW, K6, I'm a KC2
Its not code just a pronounciation schema.
Californicators are a tad odd. ;-)
by anav
Thu Oct 31, 2024 4:55 pm
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 10
Views: 1208

Re: Issue with Wireguard - Connected but no traffic

Please post the latest versions of each device.

1. Warning if you have not made suggested changes, I wont respond further
2. If you dont answer the questions asked, I wont respond further
by anav
Thu Oct 31, 2024 4:50 pm
Forum: General
Topic: I have problem with two internets and two intervlan.
Replies: 1
Views: 68

Re: I have problem with two internets and two intervlan.

You have started the conversation, that is important. A diagram helps to explain as the requirements need to be COMPLETE and CLEAR, before starting a config. It would appear you have two or more subnets/vlans in the mix. Any other subnets on the router, if so just make sure its a vlan too. Decide wh...
by anav
Thu Oct 31, 2024 4:37 pm
Forum: General
Topic: I have problem with two internets and two intervlan.
Replies: 1
Views: 70

Re: I have problem with two internets and two intervlan.

Please do not create duplicate posts, following this thread here ---> viewtopic.php?t=212172
by anav
Thu Oct 31, 2024 4:32 pm
Forum: General
Topic: Routing through two VPNs
Replies: 2
Views: 113

Re: Routing through two VPNs

Not sure, but i would use wireguard for all your VPN and drop the other two methods. Why do you need CHR if you have a public IP on the home router? If you do not, then the CHR makes sense and one can control all users accessing the home router via the VPN connection to the CHR. Additionally one cou...
by anav
Thu Oct 31, 2024 4:27 pm
Forum: General
Topic: RouterOS - Simple WireGuard Client Setup
Replies: 6
Views: 8332

Re: RouterOS - Simple WireGuard Client Setup

Sure. Think about it. The 3rd party VPN provider gives you ONE, a single IP address for wireguard. Therefore all traffic, coming from the MT, with source address that is NOT that single address will be dropped, when it shows up at the 3rd party peer Server. Similar to NAT, how all private LAN traffi...
by anav
Thu Oct 31, 2024 3:49 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 754

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Now will handle firewall rules separately. On the travel router......... we can basically (holding my nose) keep the existing defaults.. Dont make any firewall changes yet, as you need to decide which approach wrt to wireguard you will take. The below is notional, just to show you the direction head...
by anav
Thu Oct 31, 2024 3:29 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 754

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

The great thing about Wireguard is that you have many options. 1. Simplest approach because its easier only to change the single peer, since you have several others already tied to the .40 subnet. TRAVEL ROUTER add address=192.168.40.12/24 interface=wireguard network=192.168.40.0 { assuming .12 is w...
by anav
Thu Oct 31, 2024 1:30 pm
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 10
Views: 390

Re: Trying to wrap my head around VLANs

Yeah, k6 but your from KAL EYE 4RN EYE EH ................... freakish ;-))

There is logic and rules, it works, the reference is accurate.
by anav
Thu Oct 31, 2024 1:28 pm
Forum: Beginner Basics
Topic: Sites connected with Wireguard but not able to access other hosts
Replies: 8
Views: 297

Re: Sites connected with Wireguard but not able to access other hosts

Yes, please provide config for BOTH routers!! /export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc. ) Not a problem that one router is behind another router. First, which router is the peer SERVER for handshake?? ( the one with public IP address, or has an ...
by anav
Thu Oct 31, 2024 1:24 pm
Forum: Beginner Basics
Topic: Separate internet while using 3 modems
Replies: 5
Views: 175

Re: Separate internet while using 3 modems

AESMITH, you are being like a premature ej.......... Are all three modems from same provider, was wondering what backup functionality was needed if modem A stops working for example. If from same provider could assume no neeed for backup as if one goes down it probably means all three go down. Any p...
by anav
Thu Oct 31, 2024 1:16 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 754

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Well the two devices will never connect.............. two different subnets.......

HOME
add address=192.168.40.1/24 interface=wireguard network=192.168.40.0


TRAVEL
add address=172.16.16.1/24 interface=wireguard network=172.16.16.0
by anav
Thu Oct 31, 2024 1:10 pm
Forum: General
Topic: Cannot ping default gateway on one of WAN interfaces [SOLVED]
Replies: 10
Views: 324

Re: Cannot ping default gateway on one of WAN interfaces [SOLVED]

It almost sounds like you stole this router from someone else, seeing as you dont remember half the config on the thing ;-ppp Just kidding.
by anav
Thu Oct 31, 2024 2:50 am
Forum: Beginner Basics
Topic: Automatically divide customers into 4 internet lines equally
Replies: 17
Views: 1267

Re: Automatically divide customers into 4 internet lines equally

I will think about the best way to approach this. Either 6 mangles rules ( connection mark and routing mark ) sub1 to wan1 sub2 to wan2 sub3 to wan3 and then 6 PCC rules Sub4 connectiion mark and routing marks for wans 1,2,3 OR 6 PCC rules and 3 Routing Rules. With required ip routes and firewall ru...
by anav
Thu Oct 31, 2024 2:14 am
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 10
Views: 390

Re: Trying to wrap my head around VLANs

Best resource is here --> https://forum.mikrotik.com/viewtopic.php?t=143620 First mistake is mixing apples and oranges, once you have vlans, remove subnet from bridge so it does no dhcp, much less confusing. Bridge ports are wrong Not sure why you are even touching ethernet switch settings of any IL...
by anav
Thu Oct 31, 2024 2:05 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 26
Views: 1243

Re: How to Pass all traffic into WireGuard Cloudflare ?

Yes for the nth time get rid of this rule.
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new disabled=yes in-interface-list=WAN


Other than that not sure why its not working.
by anav
Thu Oct 31, 2024 1:39 am
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 11
Views: 554

Re: How to block camera from being accessed from WAN? [SOLVED]

Well when you hide requirements expect an incomplete or incorrect answer............... Then we take a different approach ensuring IOT vlan is part of LAN interface list. /interface list member add interface=ether1_WAN list=WAN add interface=Home10 list=LAN add interface=Guest20 list=LAN add interfa...
by anav
Thu Oct 31, 2024 1:37 am
Forum: Beginner Basics
Topic: Looking for a good tutorial to learn about Network configuration
Replies: 2
Views: 133

Re: Looking for a good tutorial to learn about Network configuration

Check out The Network berg on Youtube Free Training --> https://www.youtube.com/watch?v=EX6QqHmbBpY&list=PLJ7SGFemsLl0ld4OrcnVBHg4kPk0Y2_Z9&pp=iAQB Check out MAICT (Maher Haddad) has paid courses ---> https://www.youtube.com/watch?v=Aok7lM3NuOw&list=PLnskIrDs6jFcO0wUpP_0Pe9CEq7KbX2Oe&...
by anav
Thu Oct 31, 2024 1:29 am
Forum: General
Topic: Cannot ping default gateway on one of WAN interfaces [SOLVED]
Replies: 10
Views: 324

Re: Cannot ping default gateway on one of WAN interfaces [SOLVED]

Well I suspect you have a plethora of issues. Not the least is the fact that you have no VLANs, but have tried to add an unneeded /interface bridge vlan entry ( which does show error) /interface bridge vlan add bridge= *46 tagged=ether5 untagged=ether1,ether2,ether3,ether4 vlan-ids="" Gene...
by anav
Thu Oct 31, 2024 1:13 am
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 754

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Okay understood, so you will alway wire the AP from etherport to your laptop etc. ( via ether2) Also need the export of the home router!! Not quite right /routing rule add action=lookup-only-in-table comment="enable local traffic" disabled=no \ table=main add action=lookup-only-in-table di...
by anav
Wed Oct 30, 2024 9:24 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 754

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Just for my edification, Can you please describe where the device is getting WAN from. I understand it could be either WAN1 for a wired connection from hotel to the travel router either WLAN 2ghz for a wifi connection from hotel to travel router ( or to android phone acting as WAN ) either WLAN 5ghz...
by anav
Wed Oct 30, 2024 9:20 pm
Forum: General
Topic: DUAL WAN into one connection use
Replies: 10
Views: 338

Re: DUAL WAN into one connection use

Nice purchase!!
You will be happy with it..........
It will load balance your two WANS quite well, unless you supply all the fans at wembly stadium with service at the same time, you should be content with performance.
by anav
Wed Oct 30, 2024 7:28 pm
Forum: Beginner Basics
Topic: Not enough permissions? [SOLVED]
Replies: 7
Views: 303

Re: Not enough permissions? [SOLVED]

Have a copy of your config prior to being locked out??
/export file=anynameyouwish ( minus router serial number, any public WANIP info, keys)
by anav
Wed Oct 30, 2024 7:25 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 754

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

HI there,should be very doable. The idea is that the travel router connects to a local internet connection and the private subnet traffic behind the router goes out wireguard instead of the local internet. The confusing bit is your WAN side, It would appear that you are a. using 2ghz chain to get in...
by anav
Wed Oct 30, 2024 7:03 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 26
Views: 1243

Re: How to Pass all traffic into WireGuard Cloudflare ?

1. Why are all your bridge ports disabled??? only ether4 should be disabled ( for now ) in any case cleaned up all....... Why is ether2 on the bridge at all, its one of the WAN ports right? Ether3 is a trunk port going to the TPLINK switch, it has no PVID. Lets fix it...... /interface bridge port ad...
by anav
Wed Oct 30, 2024 6:10 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 26
Views: 1243

Re: How to Pass all traffic into WireGuard Cloudflare ?

The good news is that you still can access the router ( hopefully via ether4 ) as you can provide a config. :-) Yes Sorry it should be four rules. add action=dst-nat chain=dstnat in-interface=home-vlan10 dst-port=53 protocol=udp to-address=172.16.0.1 add action=dst-nat chain=dstnat in-interface=home...
by anav
Wed Oct 30, 2024 4:59 pm
Forum: General
Topic: RouterOS 7 VLAN access problem on PPC architecture
Replies: 15
Views: 3953

Re: RouterOS 7 VLAN access problem on PPC architecture

Have supout bug reports been sent to MT, on these issues??
by anav
Wed Oct 30, 2024 4:57 pm
Forum: General
Topic: DUAL WAN into one connection use
Replies: 10
Views: 338

Re: DUAL WAN into one connection use

The quick answer is no, you need to have the same provider doing this through something called ISP bonding. If you want 400Mbps throughput pay for it and then a single session could access that speed. However, what you do have is a. redundancy, in that if ISPA, fails, you still maintain connectivity...
by anav
Wed Oct 30, 2024 4:49 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 1
Views: 145

Re: Port Forwarding

With a complex config like that you didnt have the decency to state which DSTNAT rules work and which didnt???? Why not!!!!
by anav
Wed Oct 30, 2024 4:42 pm
Forum: Beginner Basics
Topic: VPN traffic marking
Replies: 1
Views: 94

Re: VPN traffic marking

What is better is not to twist yourself into a pretzel about the config..... What you should do is communicate clearly your requirements a. identify users b. identify traffic they need ( for example LAN1 and LAN2 might need PCC, but LAn3 only WAN1, or a group of users or devices has specificity ) c....
by anav
Wed Oct 30, 2024 3:55 pm
Forum: Beginner Basics
Topic: Issues with hEX RB750Gr3 - VPN and Reconnect
Replies: 9
Views: 522

Re: Issues with hEX RB750Gr3 - VPN and Reconnect

Read this thread for example....
viewtopic.php?t=212140
by anav
Wed Oct 30, 2024 3:44 pm
Forum: Beginner Basics
Topic: What's wrong with my firewall rules? [SOLVED]
Replies: 9
Views: 458

Re: What's wrong with my firewall rules? [SOLVED]

If not actually using IPV6, what I recommend, is disabling it and removing all the associated firewall address lists and rules save add chain=input action=drop add chain=forward action=drop Yes, the firewall default filter rules are safe out of the box. They are basically designed to block the worst...
by anav
Wed Oct 30, 2024 3:41 pm
Forum: Beginner Basics
Topic: Hairpin NAT in v7.10
Replies: 4
Views: 216

Re: Hairpin NAT in v7.10

What does that have to to with the price of tea in China>>>>
by anav
Wed Oct 30, 2024 3:38 pm
Forum: Beginner Basics
Topic: Issues with hEX RB750Gr3 - VPN and Reconnect
Replies: 9
Views: 522

Re: Issues with hEX RB750Gr3 - VPN and Reconnect

The router is basically SAFE with the default rules the router comes with. That is the best starting place to learn from. Before making any changes, go through the config line by line and try to make sense of the purpose of each line. That is the start of the education process. In your case, its ver...
by anav
Wed Oct 30, 2024 3:45 am
Forum: Beginner Basics
Topic: What's wrong with my firewall rules? [SOLVED]
Replies: 9
Views: 458

Re: What's wrong with my firewall rules? [SOLVED]

It is always dropping traffic as there is much noise on the net, not to be concerned.
by anav
Wed Oct 30, 2024 3:41 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 26
Views: 1243

Re: How to Pass all traffic into WireGuard Cloudflare ?

Changes only BY the way your bridge ports were not adjusted, if you dont apply recommended changes we cannot progress, and note that taking ether4 off the bridge means NOT having it as bridge port! Also removed ref to powerline, your router doesnt have an extra powerline connection that I am aware o...
by anav
Tue Oct 29, 2024 10:30 pm
Forum: General
Topic: Help with WireGuard Client-to-Site VPN Setup
Replies: 1
Views: 119

Re: Help with WireGuard Client-to-Site VPN Setup

Remove your verbose config and replace with normal export

/export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc.)
by anav
Tue Oct 29, 2024 10:24 pm
Forum: Beginner Basics
Topic: What's wrong with my DNS settings? [SOLVED]
Replies: 4
Views: 240

Re: What's wrong with my DNS settings? [SOLVED]

In addition to the point above by elbob, either use that approach or the approach by infabo below. 1. Fix your IP address, mistakenly set to ether2 ( the default ). /ip address add address=192.168.1.1/24 interface =ether2 network=192.168.1.0 Should be: /ip address add address=192.168.1.1/24 interfac...
by anav
Tue Oct 29, 2024 9:18 pm
Forum: General
Topic: Wireguard Keeps trying to reconnect
Replies: 13
Views: 1898

Re: Wireguard Keeps trying to reconnect

Well your allowed IPs, on the SErver peer Router is not correct. /interface wireguard peers add allowed-address=192.168.55. 0/24 interface=wireguard_TB name=TB public-key=\ "xxxxxxXxxxXxXXXXXXxxxxXxXXxXXxXxXXXXXXXxxxX(client Public key)=" Each peer client should be detailed in a separate l...
by anav
Tue Oct 29, 2024 8:23 pm
Forum: Beginner Basics
Topic: Routing between VLANs on RB4011 [SOLVED]
Replies: 6
Views: 273

Re: Routing between VLANs on RB4011 [SOLVED]

Sorry my bad, I missed that for some reason.......old age :-)
by anav
Tue Oct 29, 2024 8:22 pm
Forum: Beginner Basics
Topic: Double NAT with 2 WAN and wireguard
Replies: 11
Views: 447

Re: Double NAT with 2 WAN and wireguard

This is like pulling teeth, How hard is it to use /export file=anynameyouwish in the Command Line tab>> Then use notepadd ++ to open it, remove router serial number, put in fake numbers for any public waninfo like 1.2.3.4, change keys to "======" Copy and paste here, and oh, dont forget to...
by anav
Tue Oct 29, 2024 7:20 pm
Forum: Beginner Basics
Topic: Mikrotik no longer handing IPs in reverse order?
Replies: 12
Views: 562

Re: Mikrotik no longer handing IPs in reverse order?

/export file=anynameyouwish ( minus router serial number, any public WANIP info, keys etc. )
by anav
Tue Oct 29, 2024 1:08 pm
Forum: Beginner Basics
Topic: Issues with hEX RB750Gr3 - VPN and Reconnect
Replies: 9
Views: 522

Re: Issues with hEX RB750Gr3 - VPN and Reconnect

You would be better off using wireguard which is native on the router ( assuming you have a public IP or the ISP router does and can forward ports to the hex ). 1. Why do you have two IP pools, and why do they overlap ??? 2. Recommend set this to NONE /interface detect-internet set detect-interface-...
by anav
Tue Oct 29, 2024 12:59 pm
Forum: Beginner Basics
Topic: Routing between VLANs on RB4011 [SOLVED]
Replies: 6
Views: 273

Re: Routing between VLANs on RB4011 [SOLVED]

What mkx is really stating that its rude not to provide the entire config so we actually have the facts to help.........
/export fiile=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
by anav
Tue Oct 29, 2024 12:54 pm
Forum: Beginner Basics
Topic: Double NAT with 2 WAN and wireguard
Replies: 11
Views: 447

Re: Double NAT with 2 WAN and wireguard

Please confirm EACH LINE 1. MAIN ROUTER is wireguard server peer for handshake Y/N 2. External www users should reach the server indirectly by contacting the main router which forwards that to the server via the wireguard tunnel Y/N 3. The pC hosting the server should, for all its other traffic need...
by anav
Tue Oct 29, 2024 12:50 pm
Forum: Beginner Basics
Topic: Hairpin NAT in v7.10
Replies: 4
Views: 216

Re: Hairpin NAT [can't figure it out]

Put hairpin nat in search (top right of page)
by anav
Tue Oct 29, 2024 4:39 am
Forum: General
Topic: Hairpin NAT not working
Replies: 10
Views: 406

Re: Hairpin NAT not working

To be clear, thats a nonsensical statement.
The chain is srcnat the action is masquerade for the 'normal' hairpin nat rule

add chain=srcnat action=masquerade dst-address=subnetofServer src-address=subnetofServer
by anav
Tue Oct 29, 2024 2:36 am
Forum: General
Topic: Hairpin NAT not working
Replies: 10
Views: 406

Re: Hairpin NAT not working

Dont be too lazy,
Select the search in the upper right, type in hairpin nat.
by anav
Tue Oct 29, 2024 2:28 am
Forum: General
Topic: 2 x Mikrotik CRS326-24G-2S+RM, one as router, other as a switch
Replies: 8
Views: 305

Re: 2 x Mikrotik CRS326-24G-2S+RM, one as router, other as a switch

Will the ports require POE? Total draw???
I would look at the 5009 and for switch, something cheap you can get off ebay.
Brocade, Aruba, Dell, HP, and more probably in the $150ish range.
by anav
Tue Oct 29, 2024 12:13 am
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 11
Views: 554

Re: How to block camera from being accessed from WAN? [SOLVED]

To make this clear, These cameras can be accessed by you the admin from the LAN. They are designed to be accessible while away from home via the cloud. You want to stop them talking to the cloud. +++++++++++++++++++++++++++++++++++++++++++++ You didnt make it clear what is connected on each port, bu...
by anav
Mon Oct 28, 2024 10:59 pm
Forum: General
Topic: VLans over Hotspot server and PtP and PtMP Link
Replies: 2
Views: 119

Re: VLans over Hotspot server and PtP and PtMP Link

Best guide for vlans is: viewtopic.php?t=143620
by anav
Mon Oct 28, 2024 9:40 pm
Forum: Beginner Basics
Topic: Mikrotik hAP ax3 - slow download speed through wired connection
Replies: 6
Views: 1359

Re: Mikrotik hAP ax3 - slow download speed through wired connection

Your config looks pretty basic, so these are try it just in case, or normal things to do. 1. Change this to NONE /interface detect-internet set detect-interface-list= NONE 2. I noted that this config line is in red? Lets modify it. From: add action=masquerade chain=srcnat comment=https://help.mikrot...
by anav
Mon Oct 28, 2024 9:13 pm
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 11
Views: 554

Re: How to block camera from being accessed from WAN? [SOLVED]

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
I know brits prefer pictures but us colonials need the detail.
by anav
Mon Oct 28, 2024 9:09 pm
Forum: Beginner Basics
Topic: Double NAT with 2 WAN and wireguard
Replies: 11
Views: 447

Re: Double NAT with 2 WAN and wireguard

Ahh thanks, so basically they are not physically connected. You want to use the Main router, which has a public IP for two reasons. a. wireguard server peer for handshake b. initial starting point for users on the WWW, to reach a server behind the LTE device ( aka server entry point ). Is it just on...
by anav
Mon Oct 28, 2024 8:09 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 26
Views: 1243

Re: How to Pass all traffic into WireGuard Cloudflare ?

This is correct until you add back in etherport 4, but lets get the rest of the config up and working first, all vlans, and wireguard working, then worry about bringing ether4 and lag/bond back up!!! /interface bridge ports add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged i...
by anav
Mon Oct 28, 2024 8:04 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 26
Views: 1243

Re: How to Pass all traffic into WireGuard Cloudflare ?

Your bridge diagram doesnt seem quite correct yet... However the config it came from would have been better to view. /export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc..) The IOT devices should not be a problem. The VPN should move to WAN2 in case of fail...
by anav
Mon Oct 28, 2024 7:55 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 26
Views: 1243

Re: How to Pass all traffic into WireGuard Cloudflare ?

Okay, I think I understand. All LAN traffic will go through VPN. VPN will use WAN1. If WAN1 goes down, you want only HOME users to be able to access WAN2 during this time. Please confirm that WAN2 traffic should also go out VPN for internet and not directly WAN2 to www. On the TPLINK Switch 1. VLANI...
by anav
Mon Oct 28, 2024 7:53 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 50
Views: 4743

Re: Newsletter #121 | October 2024

MKX you make some really good points.......... ensuring hardware choices dont bite in the ass, and not paying front end chip prices..........
by anav
Mon Oct 28, 2024 7:45 pm
Forum: Beginner Basics
Topic: VLAN Problem
Replies: 1
Views: 109

Re: VLAN Problem

Draw a network diagram.
State/identify the users on the network and the traffic they need, since its not clear why you need a vlan.
by anav
Mon Oct 28, 2024 7:44 pm
Forum: Beginner Basics
Topic: Double NAT with 2 WAN and wireguard
Replies: 11
Views: 447

Re: Double NAT with 2 WAN and wireguard

Just so I get this straight...

My question is why not simply make
ISP one into hex on port 1 as WAN1
ISP two into hex on port 2 (RT ATL) as WAN2

Hex ports 3 and 4 are LAN ports for all users/devices..
Hex hosts wireguard for externals users......
by anav
Mon Oct 28, 2024 5:40 pm
Forum: Beginner Basics
Topic: Issues with hEX RB750Gr3 - VPN and Reconnect
Replies: 9
Views: 522

Re: Issues with hEX RB750Gr3 - VPN and Reconnect

The fact that the PC rebooting resets their connection tells me that the issue is not with the routers connection to the internet as that is separate. However, what is clear is that your best bet is to buy UPS, if nothing else for your ISP modem and router to protect them from damage. The same goes ...
by anav
Mon Oct 28, 2024 5:36 pm
Forum: Beginner Basics
Topic: Automatically divide customers into 4 internet lines equally
Replies: 17
Views: 1267

Re: Automatically divide customers into 4 internet lines equally

Cannot until you decide which requirements are valid, a. per the diagram and the list I provided which was very clear 1u to w1, 2u to w2, 3u to w3, and hotspot users LB between WAN 1,2,3 OR b. the ambiguous --> best way to distribute the load among 3 Internet providers, aka you dont care ( 1,2,3 and...
by anav
Mon Oct 28, 2024 5:27 pm
Forum: General
Topic: Port Forwarding FROM CHR [SOLVED]
Replies: 9
Views: 397

Re: Port Forwarding FROM CHR [SOLVED]

Okay, sounds like you have it well in hand.
As to keep alive, ONLY the peer client for handshake ( the initiator of the conversation) requires persistent keep alive, the peer server for handshake does not.
by anav
Mon Oct 28, 2024 5:21 pm
Forum: General
Topic: Wireguard Keeps trying to reconnect
Replies: 13
Views: 1898

Re: Wireguard Keeps trying to reconnect

Without seeing your config at least the wirguard settings, impossible to comment one way or the other. Are you using BTH settings or just normal wireguard settings. If the former would need to see snapshot of BTH settings and config part of wireguard etc......... of relevant MT devices. (and wiregua...
by anav
Mon Oct 28, 2024 5:19 pm
Forum: General
Topic: Mikrotik router should connect to Opnsense via WG.
Replies: 8
Views: 300

Re: Mikrotik router should connect to Opnsense via WG.

Full config of MT
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )

For opensense, the wireguard settings and any applicable firewall rules and routing rules ( with the same caveats as above. )
by anav
Mon Oct 28, 2024 5:15 pm
Forum: General
Topic: 2 x Mikrotik CRS326-24G-2S+RM, one as router, other as a switch
Replies: 8
Views: 305

Re: 2 x Mikrotik CRS326-24G-2S+RM, one as router, other as a switch

I want to use one as the main router and the other as a regular switch, creating an uplink between the two via the SFP port. Is this possible? Sure you want to have a switch act as a router? What WAN-LAN throughput do you require? Expect about 250-350 Mbps throughput on the WAN side, using filter r...
by anav
Mon Oct 28, 2024 2:36 am
Forum: General
Topic: Wireguard Tunnel
Replies: 3
Views: 190

Re: Wireguard Tunnel

When you have made some progress and need some assistance, post both configs /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. ) Finally, I really recommend, as a first step, take one port OFF the bridge and give it its own IP address such as 192.168.5...
by anav
Mon Oct 28, 2024 1:23 am
Forum: General
Topic: Port Forwarding FROM CHR [SOLVED]
Replies: 9
Views: 397

Re: Port Forwarding FROM CHR [SOLVED]

" But the price to pay for this simplicity is the loss of information about the actual source IP address of the incoming requests - in some cases this doesn't matter, in some cases it is a show stopper . Why not simply log the users hitting the port forwarding rule on the CHR to fulful the admi...
by anav
Mon Oct 28, 2024 1:09 am
Forum: General
Topic: EMULATING peplink BONDING with RoS
Replies: 3
Views: 398

Re: EMULATING peplink BONDING with RoS

I am in your camp, this is nothing more than automating some tunnels (I would use eoip and wireguard myself) over and using OSPF BDF functionality to ensure smoothest transition between WANS links to a common CHR cloud access to the internet. The additional bit is that there concern is not transpare...
by anav
Mon Oct 28, 2024 1:01 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 26
Views: 1243

Re: How to Pass all traffic into WireGuard Cloudflare ?

As for the TP link switch is configured incorrectly but you left out some of the other TP link config screens to confirm either way??? The single or bonded ports on the router /interface bridge ports add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=ether3 ( or bon...
by anav
Mon Oct 28, 2024 12:04 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 26
Views: 1243

Re: How to Pass all traffic into WireGuard Cloudflare ?

On accessing the router by IP address....... do you mean using winbox, I always use macaddress for the very simple reason its easier and available and just need to click on it. If I use IP address I have to actually physically type in the IP address and remember also the winbox port ( one of the fir...
by anav
Sun Oct 27, 2024 6:36 pm
Forum: General
Topic: Wireguard Tunnel
Replies: 3
Views: 190

Re: Wireguard Tunnel

You are golden! Two MT routers can be used to provide a single wireguard VPN tunnel providing as much subnet connectivity you desire. Through the use of allowed IP settings at both ends, one delineates what can enter and exit tunnels at the local device, add to that more granularity via firewall rul...
by anav
Sun Oct 27, 2024 5:42 pm
Forum: Beginner Basics
Topic: Wireless AP and Router on different subnets - imperfect communication
Replies: 3
Views: 185

Re: Wireless AP and Router on different subnets - imperfect communication

Second MKx's comment. The router can handle all DHCP and routing traffic for all clients.
The Ap should simply act as an AP switch......... what are we missing out of your scenario???
by anav
Sun Oct 27, 2024 5:37 pm
Forum: Beginner Basics
Topic: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]
Replies: 60
Views: 3028

Re: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]

The onus of the ISP provider is to ensure the difference of their device in bridged mode or Router mode is crystal clear. Using doublenat, should have no significant slow down in traffic so there is no downside other than a slightly more complicated setup on the MT and possibly the need to forward p...
by anav
Sun Oct 27, 2024 5:26 pm
Forum: General
Topic: Port Forwarding FROM CHR [SOLVED]
Replies: 9
Views: 397

Re: Port Forwarding FROM CHR [SOLVED]

Technicalities aside............. Why would someone need to mangle SERVER traffic responses back out wireguard from a CHR connection. One simply sourcenats the original inquiries coming into the tunnel at the CHR and the responses flow back from the server no problem, no fuss. One reason I can come ...
by anav
Sun Oct 27, 2024 5:11 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 26
Views: 1243

Re: How to Pass all traffic into WireGuard Cloudflare ?

The config was not intended for you to blindly copy and get into trouble, it was there to generate questions and discussions. Until you understand what I touched upon and answered the ambiguities and questions, there is no point in changing any of the config. In terms of making changes to the config...
by anav
Sun Oct 27, 2024 5:05 pm
Forum: General
Topic: Business case Mikrotik...
Replies: 6
Views: 547

Re: Business case Mikrotik...

Completely not affiliated or experienced with anything related to wisp, but to add: Starlink is just one medium, it may be feasible as a primary or backup link, like wisp or LTE connections. How to provide a redundant network to a home or community or a network within a home, a more complete solutio...
by anav
Sun Oct 27, 2024 5:03 pm
Forum: General
Topic: Port Forwarding FROM CHR [SOLVED]
Replies: 9
Views: 397

Re: Port Forwarding FROM CHR [SOLVED]

Firstly we are not in your head............ Which MT device is the peer Server for handshake and which MT entity is the peer Client for handshake??? You have to clarify the point in Green to me below.............it makes no sense. a. public IP on main HOME Router ( or have an IPS router that can for...
by anav
Sun Oct 27, 2024 3:04 am
Forum: Beginner Basics
Topic: 2 Mikrotiks, one switch, vlans
Replies: 2
Views: 246

Re: 2 Mikrotiks, one switch, vlans

Concur dont use vlan1. Decide on a managment or trusted vlan. All your smart devices should get their IP address from this vlan. on the hex the only vlan you identify (and tag) to the bridge is this trusted vlan. The rest just flow in the trunk port and go out the other ports ( as per /interface bri...
by anav
Sun Oct 27, 2024 3:02 am
Forum: Beginner Basics
Topic: so I can use cAP ax as my router?!?! [SOLVED]
Replies: 9
Views: 522

Re: so I can use cAP ax as my router?!?! [SOLVED]

Good point jaclaz, didnt notice before the routing speed at 25 filter rules just over 1gig. thanks!!!
by anav
Sun Oct 27, 2024 2:58 am
Forum: Beginner Basics
Topic: Best practice chaining routers
Replies: 4
Views: 251

Re: Best practice chaining routers

Why do you need two routers??
by anav
Sun Oct 27, 2024 2:56 am
Forum: Beginner Basics
Topic: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]
Replies: 60
Views: 3028

Re: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]

Yeah jaclaz that was way simpler than just using two vlans. ;-PP
by anav
Sun Oct 27, 2024 2:51 am
Forum: General
Topic: AmneziaWG in RouterOS?
Replies: 37
Views: 17213

Re: AmneziaWG in RouterOS?

yet another properitary shortlived VPN solution - no thanks.
sounds like a shortsighted opinion............. the concept has validity whether or not we will ever see a viable rendition is anyones guess.
by anav
Sun Oct 27, 2024 2:50 am
Forum: General
Topic: Multiple Vlan for ISP router
Replies: 5
Views: 271

Re: Multiple Vlan for ISP router

I would not make any promises on the MT product because its not the limiting factor. Sticking an unmanaged switch in-between is your issue, replace it with managed switch and then the MT is golden.
by anav
Sun Oct 27, 2024 2:47 am
Forum: General
Topic: RouterOS 7 WAN failover -- ARP?
Replies: 11
Views: 425

Re: RouterOS 7 WAN failover -- ARP?

Recursive has been the same for every sub version of version7, to my knowledge anyway.
by anav
Sat Oct 26, 2024 4:06 am
Forum: General
Topic: No fasttrack on HAP AX2 ?
Replies: 10
Views: 403

Re: No fasttrack on HAP AX2 ?

So its not needed for normal traffic then.........its a testing tracing tool support .........
by anav
Sat Oct 26, 2024 4:05 am
Forum: General
Topic: How to block YouTube effectively
Replies: 43
Views: 14918

Re: How to block YouTube effectively

Not with MT equipment, as stated you need to procure high end routers with IDS/IDP, and then pay for subscription services to use their de-encryption engines to look at https traffic etc...... Now reading above maybe that is not enough. I know on the enterprise stuff I use, its not accessible, so wi...
by anav
Sat Oct 26, 2024 3:57 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 26
Views: 1243

Re: How to Pass all traffic into WireGuard Cloudflare ?

# model = RB941-2nD # serial number = # /interface bridge add admin-mac=# auto-mac=no comment=defconf \ ingress-filtering=no name=bridge port-cost-mode=short vlan-filtering=yes /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \ country=indonesia distance...
by anav
Sat Oct 26, 2024 1:05 am
Forum: General
Topic: Hung up problem in pppoe
Replies: 2
Views: 176

Re: Hung up problem in pppoe

Not enough information. a. what did you upgrade too? b. if version7 likely not all the config was able to be updated cleanly. suggest in this case copy your config from vers6, then netinstall a clean version 0f 7 onto the router and then manually add back in the config. Depending upon complexity, ak...
by anav
Sat Oct 26, 2024 12:32 am
Forum: General
Topic: No fasttrack on HAP AX2 ?
Replies: 10
Views: 403

Re: No fasttrack on HAP AX2 ?

Kleshki, one needs to actually read the OPs post, he stated that in the end he disabled the rule, so it should be no surprize to find it 'disabled'. I would tend to find other things'out of the ordinary' 1 - Being a DNS idiot, but this looks funny to me...... /ip dns set allow-remote-requests=yes us...
by anav
Fri Oct 25, 2024 11:03 pm
Forum: General
Topic: No fasttrack on HAP AX2 ?
Replies: 10
Views: 403

Re: No fasttrack on HAP AX2 ?

Sounds like a mis configuration perhaps....... however no facts, no comment.
by anav
Fri Oct 25, 2024 10:29 pm
Forum: Wireless Networking
Topic: WiFi Disconnect Issues with hAP ax² - Seeking Advice on Stable Version and Future Updates
Replies: 8
Views: 1046

Re: WiFi Disconnect Issues with hAP ax² - Seeking Advice on Stable Version and Future Updates

Did you disable wpa3 ???
By the way tis why I rely on TPLINK wifi, while practicing with ax wifi.
by anav
Fri Oct 25, 2024 10:27 pm
Forum: Beginner Basics
Topic: cAP X and 2 DHCP on one network
Replies: 12
Views: 434

Re: cAP X and 2 DHCP on one network

So your saying that the router provides two subnets for you to use. A. 192.168.1.1/24 and 192.168.2.1/24 OR gives you B. 192.168.1.2 for your device, and 192.168.1.3-192.168.1.254 for other users?? If A, how does the router pass you two subnets on one port?? Im assuming vlans or perhaps over two por...
by anav
Fri Oct 25, 2024 10:24 pm
Forum: Beginner Basics
Topic: DHCP Client on VLAN
Replies: 4
Views: 337

Re: DHCP Client on VLAN

1. Remove serial number from your posted config. 2. Dont get fancy with naming of bridge, spelled wrong anyway and ONLY ONE bridge is needed. 3. It is not clear. Is this device supposed to be a switch ( aka get vlans from upstream router and then distribute to users on ports )?? Is this device suppo...
by anav
Fri Oct 25, 2024 10:15 pm
Forum: General
Topic: VXLAN inside Wireguard MTU [SOLVED]
Replies: 3
Views: 256

Re: VXLAN inside Wireguard MTU [SOLVED]

From someone way smarter than me......... at least on MT stuff, and networking, and ..........

the answer is yes, the UDP + vxlan header + ethernet header occupy 50 bytes in total, so indeed if the MTU of the carrier interface (Wireguard) is 1420, the MTU of the VxLAN interface will be 1370
by anav
Fri Oct 25, 2024 10:10 pm
Forum: General
Topic: RouterOS 7 WAN failover -- ARP?
Replies: 11
Views: 425

Re: RouterOS 7 WAN failover -- ARP?

Your post is rambling nonsense, Wan and failover works just fine in RoS7.
by anav
Fri Oct 25, 2024 5:05 pm
Forum: General
Topic: Assistance with L3 HW offloading on CCR2216
Replies: 1
Views: 125

Re: Assistance with L3 HW offloading on CCR2216

This may provide you with a useful guide for setting up your vlans.
viewtopic.php?t=143620
by anav
Fri Oct 25, 2024 3:56 pm
Forum: Beginner Basics
Topic: so I can use cAP ax as my router?!?! [SOLVED]
Replies: 9
Views: 522

Re: so I can use cAP ax as my router?!?! [SOLVED]

Well you implied you may need more ports????? capac is supposed to be a ceiling/wall mount and although it has a second port it may be difficult to setup. The new wapAX may be more conducive to a non wall..ceiling install....a but still only two ports and thus you could feed a switch........ if you ...
by anav
Fri Oct 25, 2024 3:50 pm
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 10
Views: 1208

Re: Issue with Wireguard - Connected but no traffic

1. Until you make up your mind on wireguard, no progress can be made. Which is router peer SERVER for handshake? Which is router peer CLIENT for handshake? 2. You limit wireguard to one effective user (/30) WHY???........... it limits your ability as admin for both routers, to access both router whi...
by anav
Fri Oct 25, 2024 3:20 pm
Forum: Beginner Basics
Topic: cAP X and 2 DHCP on one network
Replies: 12
Views: 434

Re: cAP X and 2 DHCP on one network

dont understand your initial request. ON the main router, makes as many vlans as you need, feed to the cap and other devices a. the management vlan ( it gets its IP address on this vlan and the only vlan tagged on the bridge ). b. all other required vlans which need to be tied into WLANs and by ipso...
by anav
Fri Oct 25, 2024 3:13 pm
Forum: General
Topic: Issue with Wireguard connection
Replies: 1
Views: 135

Re: Issue with Wireguard connection

Firstly, no advice can be given without the full config of the MT and at least the wireguard settings on the fritzbox /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc.. ) Secondly, your statement is problematic. The wireguard service on Mikrotik is set...
by anav
Thu Oct 24, 2024 11:02 pm
Forum: Beginner Basics
Topic: Mangle Rules blocked my DNS IP
Replies: 9
Views: 596

Re: Mangle Rules blocked my DNS IP

Yup waste of time. Education is the winner.
by anav
Thu Oct 24, 2024 10:59 pm
Forum: Beginner Basics
Topic: cAP X and 2 DHCP on one network
Replies: 12
Views: 434

Re: cAP X and 2 DHCP on one network

Is there a router before the capax ????
by anav
Thu Oct 24, 2024 10:58 pm
Forum: Beginner Basics
Topic: so I can use cAP ax as my router?!?! [SOLVED]
Replies: 9
Views: 522

Re: so I can use cAP ax as my router?!?! [SOLVED]

If you will never need 1Gbps internet speeds the new hex coming out is a great device, to handle your ISP connection and then connect to the capax. I would also look at the new wapAX just released as an alternative. This gives you additional ports on the hex for other needs, and the possibility of u...
by anav
Thu Oct 24, 2024 10:53 pm
Forum: Beginner Basics
Topic: Can't figure out port forwarding
Replies: 12
Views: 506

Re: Can't figure out port forwarding

Not sure if the router added this in (netmask), but if you put it in manually please remove. /ip dhcp-server network add address=192.168.0.0/24 comment=defconf dns-server=192.168.0.1 gateway=\ 192.168.0.1 netmask=24 Dont recommend or use UPNP but wondering if this new construct is interferening with...
by anav
Thu Oct 24, 2024 10:49 pm
Forum: General
Topic: Wireguard setup
Replies: 2
Views: 178

Re: Wireguard setup

Sorry your explanation is not helpful as we are not in your head and thus cannot make all the same assumptions........ Draw a diagram. It would appear you have a. a Mikrotik device ( acting as a server peer ( for handshake ) b. one or more client peer devices such as laptops, smartphones, etc to con...
by anav
Thu Oct 24, 2024 10:40 pm
Forum: General
Topic: Wireguard Client - Handshake for peer did not complete
Replies: 22
Views: 21424

Re: Wireguard Client - Handshake for peer did not complete

On the client peer device (for handshake) there is no persistent keep alive set??
by anav
Thu Oct 24, 2024 10:39 pm
Forum: General
Topic: How to change WG handshake timeout
Replies: 8
Views: 998

Re: How to change WG handshake timeout

No config, no truth......
/export file=anynameyouwish (minus router serial number, router-mac address, any public WANIP information, keys etc. )
by anav
Thu Oct 24, 2024 10:36 pm
Forum: General
Topic: RoS 7 problem connecting remotely with 3 pppoe wans
Replies: 2
Views: 208

Re: RoS 7 problem connecting remotely with 3 pppoe wans

(1) Why are you trying to access winbox remotely?? It should only be done after connecting through VPN such as wireguard etc........... L2TP is terrible in comparison to wireguard. (2) Secondly, once you have vlan filtering and a number of vlans, I see zero point to mixing apples and oranges, if eve...
by anav
Wed Oct 23, 2024 10:57 pm
Forum: General
Topic: Datasheet for new improved hEX?
Replies: 39
Views: 3593

Re: Datasheet for new improved hEX?

Concur, lets put MKXs brain in an AI machine so we can siphon off knowledge of specific posts, when we need it 24/7 and 100 years into the future.
by anav
Wed Oct 23, 2024 5:20 pm
Forum: Beginner Basics
Topic: Access VPN Tunnel via VLAN
Replies: 5
Views: 276

Re: Access VPN Tunnel via VLAN

No worries, I am able to travel, please send airplane tickets to Athens and then obviously the boat to get to the island. I would definitely plan for loss of connectivity and need to be on site and the good news is that the location is not being used at the moment and the update can be done when pos...
by anav
Wed Oct 23, 2024 4:29 pm
Forum: General
Topic: EMULATING peplink BONDING with RoS
Replies: 3
Views: 398

EMULATING peplink BONDING with RoS

https://www.youtube.com/watch?v=g7-44SOtEXw It would appear that a vendor is selling the ability to 'BOND" to ISP connections such as starlink such that both are being utilized. I am not sure how this is any better than or different from load balancing. I think trying to understand it, its more...
by anav
Wed Oct 23, 2024 2:19 pm
Forum: General
Topic: AmneziaWG in RouterOS?
Replies: 37
Views: 17213

Re: AmneziaWG in RouterOS?

You know people who join just to PLUS1 this thread are either bots, trolls, or the original poster LOL.............. no one is fooled by this stupidity.

EDIT: the stupidity continues see below.
by anav
Wed Oct 23, 2024 2:17 pm
Forum: General
Topic: Whats the point of this default FW rule?
Replies: 21
Views: 1291

Re: Whats the point of this default FW rule?

Oh I assume they have already tried but couldnt get past my drop all else rule. :-)
I have no false illusions,,,,,,if i had something valuable enough, it would have already been taken.
by anav
Wed Oct 23, 2024 1:42 am
Forum: Wireless Networking
Topic: wAP ax?
Replies: 146
Views: 19923

Re: wAP ax?

getic don't have any with a UK plug, my distributer will have them in stock in 1-2 weeks so they say :(
https://encrypted-tbn2.gstatic.com/shop ... bwOSAmiw5g
by anav
Wed Oct 23, 2024 1:37 am
Forum: Wireless Networking
Topic: Network problem WiFi
Replies: 5
Views: 319

Re: Network problem WiFi

Lucky, yeah right, its a built-in MT stress tester. The best case scenario is one totally loses it, destroys their MT product, then feels stupid and goes and buys an MT replacement unit. The worst case scenario is that two things happen. a. they come here and read this thread and realize that no oth...
by anav
Wed Oct 23, 2024 1:31 am
Forum: General
Topic: l2tp subnet routing router to router
Replies: 11
Views: 393

Re: l2tp subnet routing router to router

The only times I have seen gateways IPs not used ( aka interface name ) vice gateway LANIP, is wireguard and PPPoE wan connections ( talking routes here ).
In mangles and other config locations, interface name should work.
by anav
Wed Oct 23, 2024 1:29 am
Forum: General
Topic: wireless atheros missing
Replies: 1
Views: 144

Re: wireless atheros missing

MT software automatically dumps non MT equipment from all settings. Its a feature not a bug. ;-)
by anav
Wed Oct 23, 2024 1:28 am
Forum: General
Topic: Mikrotik support please have a look!
Replies: 4
Views: 314

Re: Mikrotik support please have a look!

My chatGPT uses brainwaves, talking is so yesterday.
by anav
Wed Oct 23, 2024 1:26 am
Forum: Beginner Basics
Topic: Static routes
Replies: 8
Views: 414

Re: Static routes

Fair enough, now what is on the other end of the L2TP connection,,,,,,,, a. you have a cloud server with public IP (which OS?) b. a friends router with a public IP c. ???? Problem is am unfamiliar with how L2TP works........ Wireguard I understand more fully. In any case for your scenario.... If you...
by anav
Tue Oct 22, 2024 11:25 pm
Forum: Beginner Basics
Topic: Static routes
Replies: 8
Views: 414

Re: Static routes

Okay so the CCTV ip address is 192.168.1.9 and is the only IP address on the router that requires access to the LT2P tunnel............ But this is not true, you have port forwarding so IS IT THE CASE THAT you want to access the CCTV remotely?? Confused, I though you wanted to co nfigure the router ...
by anav
Tue Oct 22, 2024 8:39 pm
Forum: General
Topic: Whats the point of this default FW rule?
Replies: 21
Views: 1291

Re: Whats the point of this default FW rule?

Okay if you want to split c-hairs!! Hey, curly hairs, friggin readers with minds in the gutter!! Lets make the distinction more plain instead of your amusing but confusing obfuscations.... MKX --> And what I'm saying is that when a packet with dst-address=<some valid LAN IP> enters router via WAN in...
by anav
Tue Oct 22, 2024 8:26 pm
Forum: General
Topic: Datasheet for new improved hEX?
Replies: 39
Views: 3593

Re: Datasheet for new improved hEX?

Added as 4. to my post.
by anav
Tue Oct 22, 2024 5:56 pm
Forum: Scripting
Topic: Scripting skills
Replies: 15
Views: 647

Re: Scripting skills

My skills are actually limited but my ability to pester those far more knowledgeable are second to none!
by anav
Tue Oct 22, 2024 5:55 pm
Forum: General
Topic: Static Route
Replies: 6
Views: 270

Re: Static Route

Concur, and unless any ones so called version of IDS/IDP does not look at encrypted traffic, its bogus.
by anav
Tue Oct 22, 2024 5:52 pm
Forum: Beginner Basics
Topic: Static routes
Replies: 8
Views: 414

Re: Static routes

Okay understand you have a. ONE WAN via starlink. b. over this one WAN you have an L2TP connection and assuming its in a client capacity and is connecting to an L2TP server somewhere. This remote site has access to a public IP that is reachable for remote access via the LT2p tunnel and further, has ...
by anav
Tue Oct 22, 2024 5:42 pm
Forum: Beginner Basics
Topic: Static routes
Replies: 8
Views: 414

Re: Static routes

Why do you have two dstnat rules for the same port??? The first one has no WAN interface identified, but the second does. Thus just want to know the purpose/reason for both rules! /ip firewall nat add action=dst-nat chain=dstnat comment="CCTV STREAM" dst-port=2220 protocol=\ tcp to-address...
by anav
Tue Oct 22, 2024 5:37 pm
Forum: Beginner Basics
Topic: Automatically divide customers into 4 internet lines equally
Replies: 17
Views: 1267

Re: Automatically divide customers into 4 internet lines equally

USER is now stating the switch is in reality a hOTSPOT and has moved ADSN wan links to Starlink links, problem is the same The request is basically the same, the only thing that is different is that its clear you either dont know what you have for ISP, or were not being truthful on the first post, b...
by anav
Tue Oct 22, 2024 5:36 pm
Forum: Beginner Basics
Topic: Load balancing
Replies: 3
Views: 243

Re: Load balancing

The request is basically the same, see the original thread for responses
p.s. I included the diagram for you !!
by anav
Tue Oct 22, 2024 5:24 pm
Forum: Beginner Basics
Topic: Using RB5009 in bridge mode [SOLVED]
Replies: 18
Views: 7827

Re: Using RB5009 in bridge mode [SOLVED]

What makes sense to me is the following RB5009 terminates the PPPOE connection RB5009 creates private subnet to send to UDM ( and thus we have WAN2 for UDM ) RB5009 via vlan100 marks the fiber traffic and simply passes it to the USG for termination aka WAN1 for the UDM What is unknown to me, is - wh...
by anav
Tue Oct 22, 2024 5:13 pm
Forum: Beginner Basics
Topic: DHCP Client on VLAN
Replies: 4
Views: 337

Re: DHCP Client on VLAN

/export file=anynameyouwish (minus router serial number, router mac address, any public WANIP info, keys etc.)
by anav
Tue Oct 22, 2024 5:10 pm
Forum: Wireless Networking
Topic: Poor Wi-Fi range on cAP AX
Replies: 15
Views: 776

Re: Poor Wi-Fi range on cAP AX

Not sure why you expect any two chain wifi device to compete with a four chain device?? You are comparing american processed cheese (ax) to Swiss gruyere (AC88U)................ which is harder and more durable, the swiss cheese, which has flavour and aroma, the swiss cheese, which can you use to co...
by anav
Tue Oct 22, 2024 5:00 pm
Forum: Scripting
Topic: Scripting skills
Replies: 15
Views: 647

Re: Scripting skills

Congrats on your scripting journey, seriously! I will say you are braver than I. I have only dabbled in scripting and am mostly content to use functionality as already available, and thus admire anyone that makes the effort. Where I think people are just plain nuts is there love for capsman. I am hi...
by anav
Tue Oct 22, 2024 4:57 pm
Forum: General
Topic: Whats the point of this default FW rule?
Replies: 21
Views: 1291

Re: Whats the point of this default FW rule?

This statement is not true with regard of hitting forward chain (as I described above). Alas @OP was questioning the drop rule which takes care of cases where IP addressing used on ingress packets is not what normally should be ... a nd I was arguing that we need rules which deal with unexpected pa...
by anav
Tue Oct 22, 2024 4:43 pm
Forum: General
Topic: 1 Packet over Multiple Routs?
Replies: 4
Views: 231

Re: 1 Packet over Multiple Routs?

This is a mikrotik forum bud.......... not applications for fancy routing.
by anav
Tue Oct 22, 2024 4:42 pm
Forum: General
Topic: Change in the test results of the HEX RB750GR3.
Replies: 5
Views: 400

Re: Change in the test results of the HEX RB750GR3.

No worries MKX, send me your CCR2016 and I will send you two hexes to play with. :-)
by anav
Tue Oct 22, 2024 4:40 pm
Forum: Scripting
Topic: Scripting skills
Replies: 15
Views: 647

Re: Scripting skills

Why are you posting in the General Forum instead of the Scripting Forum???????

Want a ---->
cookie.jpg
??
by anav
Tue Oct 22, 2024 4:32 pm
Forum: General
Topic: Static Route
Replies: 6
Views: 270

Re: Static Route

This is what bums me out, users who dont know what the heck they are talking about. The ability to filter traffic effectively at that level requires very expensive brand name routers with $$$$ subscriptions to access such things as IPS IDS. Even then with the latest protocols in use now and in the f...
by anav
Tue Oct 22, 2024 4:17 pm
Forum: General
Topic: Datasheet for new improved hEX?
Replies: 39
Views: 3593

Re: Datasheet for new improved hEX?

If not, is there a chart of which adapters work for which devices? Are you that lazy?? Checking the plain old hex........ pwr1.JPG ... pwr2.JPG ................. Rules of thumb: 1. voltage (dc output of adapter) must be an exact match for device input voltage ( or within the stated range if one is ...
by anav
Tue Oct 22, 2024 2:10 pm
Forum: Beginner Basics
Topic: Load balancing
Replies: 3
Views: 243

Re: Load balancing

Please stop repeating threads -------> for others the original thread is here: viewtopic.php?p=1103253&hilit=load+balancing#p1103253
by anav
Tue Oct 22, 2024 2:06 pm
Forum: General
Topic: Routing Mark problem after moving from RouterOS 6.49.17 to 7.15.3 [SOLVED]
Replies: 10
Views: 1494

Re: Routing Mark problem after moving from RouterOS 6.49.17 to 7.15.3 [SOLVED]

Way before wireguard you have to fix the errors in your config....... Firstly, you state ether2 is a WAN port and yet you have ether2 on the bridge........ It should be removed. It also states that you ahve ether3, and ether4 on the bridge but earlier you have them bonded and you also have the bond ...
by anav
Tue Oct 22, 2024 12:45 am
Forum: General
Topic: l2tp subnet routing router to router
Replies: 11
Views: 393

Re: l2tp subnet routing router to router

I went from openvpn (no udp support in Tik) to ipsec (hardware encryption) to wireguard. Wireguard blows ipsec with hardware encryption out of the water in terms of performance. @NetWorker - WireGuard uses pure software encryption (ChaCha20), so it’ll never beat IPsec when it’s using hardware accel...
by anav
Tue Oct 22, 2024 12:44 am
Forum: General
Topic: Routing Mark problem after moving from RouterOS 6.49.17 to 7.15.3 [SOLVED]
Replies: 10
Views: 1494

Re: Routing Mark problem after moving from RouterOS 6.49.17 to 7.15.3 [SOLVED]

Post your config for assessment, I have already discovered something missing on h is config

/export file=anynameyouwish ( minus router serial number, mac address, any publicWANIP information, keys etc. )
by anav
Mon Oct 21, 2024 11:35 pm
Forum: General
Topic: l2tp subnet routing router to router
Replies: 11
Views: 393

Re: l2tp subnet routing router to router

I would do it via wireguard........... ( or possibly zerotier, just to make Larsa happy )
by anav
Mon Oct 21, 2024 11:33 pm
Forum: Beginner Basics
Topic: Static routes
Replies: 8
Views: 414

Re: Static routes

I dont play guessing games............
/export file=anynameyouwish (minus router serial number, mac address, public WANIP information, keys etc. )
by anav
Mon Oct 21, 2024 11:30 pm
Forum: Beginner Basics
Topic: Firewall rules
Replies: 3
Views: 314

Re: Firewall rules

What is missing, is the Router............. where is the server for wireguard (handshake) in this picture. What are its settings/config and if not MT then what are its wireguard settings and firewall rules etc............ Can fix it if we dont know......... As for approach, yes tres simple to get pc...
by anav
Mon Oct 21, 2024 11:26 pm
Forum: Beginner Basics
Topic: Issues with multi-SSID VLAN configuration on cAP ax
Replies: 8
Views: 473

Re: Issues with multi-SSID VLAN configuration on cAP ax

You have two example now. Hints for router. - All the vlanIDs require bridge tagging (usually). - Use ALL VLANS, dont ask the bridge to do any dhcp. if you have and use a bridge subnet just change that to a vlan any number (not 1), very minor and quick changes to do this;. - use off bridge approach ...
by anav
Mon Oct 21, 2024 11:18 pm
Forum: Beginner Basics
Topic: Issues with multi-SSID VLAN configuration on cAP ax
Replies: 8
Views: 473

Re: Issues with multi-SSID VLAN configuration on cAP ax

Remove the interface bridge filtering entry, thats for advanced use only........ Do the config from port 8!!! put 192.168.88.2 in ipv4 settings on laptop. # 2024-10-21 18:45:32 by RouterOS 7.16.1 # # model = CRS310-8G+2S+ # /interface bridge add name=bridge port-cost-mode=short vlan-filtering=no { c...
by anav
Mon Oct 21, 2024 11:05 pm
Forum: Beginner Basics
Topic: Issues with multi-SSID VLAN configuration on cAP ax
Replies: 8
Views: 473

Re: Issues with multi-SSID VLAN configuration on cAP ax

To the point, safely do your CONFIGURING OFF THE BRIDGE as I explained it aka on the MT switch, router and ap.
by anav
Mon Oct 21, 2024 11:02 pm
Forum: General
Topic: Change in the test results of the HEX RB750GR3.
Replies: 5
Views: 400

Re: Change in the test results of the HEX RB750GR3.

All I know is that when they moved to RoS7, the throughput of 25 filters decreased across most devices. They realized the change and played catchup to ensure reality was represented on the data sheets. Too bad they dont update the marketing stick.......... Newest most powerful hexS but SLOWER than t...
by anav
Mon Oct 21, 2024 10:51 pm
Forum: General
Topic: Whats the point of this default FW rule?
Replies: 21
Views: 1291

Re: Whats the point of this default FW rule?

Hi MKX ( edit, sorry Sob I should have known you wouldn't make such a basic error!!) , good idea to confuse with a non WAN entering dstnat rule example, had to scratch my head on that one..... Still not sure what the point was................. However do disagree with this statement: "However, ...
by anav
Mon Oct 21, 2024 10:41 pm
Forum: General
Topic: Whats the point of this default FW rule?
Replies: 21
Views: 1291

Re: Whats the point of this default FW rule?

I see it differently, Lets make the scenario that both the Router on port 443 is listening on a router service and the OP also has a SERVER on the LAN waiting for incoming 443 traffic. ONLY A DST NAT RULE: Traffic comes to the router, first in PREROUTING CHAIN and the last function in prerouting cha...
by anav
Mon Oct 21, 2024 7:26 pm
Forum: Beginner Basics
Topic: Wireguard client don't have internet
Replies: 16
Views: 1063

Re: Wireguard client don't have internet

Please post your latest config after recommended changes and answer the following questions. Are you hosting a wireguard server on your mikrotik ( server for handshake ). Do you have remote client users that are connecting to your mikrotik for internet access? OR is your mikrotik router acting as a ...
by anav
Mon Oct 21, 2024 4:55 pm
Forum: Beginner Basics
Topic: Issues with multi-SSID VLAN configuration on cAP ax
Replies: 8
Views: 473

Re: Issues with multi-SSID VLAN configuration on cAP ax

To get you started on cap......... Note the first thing I do is use the second etherport as an emergency access port and a CONFIG port when initially setting up the router. Trust me, it will save you much grief as working with bridges and vlans can be frustrating trying to do it from a port on the b...
by anav
Mon Oct 21, 2024 4:14 pm
Forum: Beginner Basics
Topic: Issues with multi-SSID VLAN configuration on cAP ax
Replies: 8
Views: 473

Re: Issues with multi-SSID VLAN configuration on cAP ax

I can help without capsman............... which I loathe for the complexity it brings to the config and the gazillions lines of code required. Basically each device uses one bridge. The Ap and Switch get a trunk port from the router and distribute the vlans as necessary. In your case trunk from swit...
by anav
Mon Oct 21, 2024 4:07 pm
Forum: Beginner Basics
Topic: mikrotik advanced Firewall Rules
Replies: 9
Views: 614

Re: mikrotik advanced Firewall Rules

Isnt that what I just said..........."hogwash ;-P ( nice explanation though)
by anav
Mon Oct 21, 2024 4:05 pm
Forum: General
Topic: [Feature Request] Data Center Bridge support
Replies: 29
Views: 5726

Re: [Feature Request] Data Center Bridge support

As usual zing above my head. I have not even used vxlan yet and DarkNate wants me to go udp4 lite! As always, amazed at the amount of experience, knowledge and practical advice here. Also, just to point out DNate was clearly commenting on the functionality being crap nothing else. Trust me, if he wa...
by anav
Mon Oct 21, 2024 2:33 pm
Forum: Beginner Basics
Topic: mikrotik advanced Firewall Rules
Replies: 9
Views: 614

Re: mikrotik advanced Firewall Rules

I would say that your wasting your time overthinking it.
The place to drop traffic if its a valid concern, is in RAW and then there is no additional load on the router.
The other suggestions prior to the default rules is pure hogwash.
by anav
Mon Oct 21, 2024 3:25 am
Forum: Beginner Basics
Topic: hAP AC - Setup repeater with partial wireguard traffic
Replies: 4
Views: 504

Re: hAP AC - Setup repeater with partial wireguard traffic

Okay so I understand the diagram now. It does not matter if the WANIP is public or if you can forward ports from the ISP router if the Mikrotik is simply a client device here. Okay I see, your two LAN bridgse, no clue why you call it wireguard bridge, very confusing.............. is 192.168.89.0/24 ...
by anav
Sun Oct 20, 2024 9:34 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 146
Views: 19923

Re: wAP ax?

I actually dont mind the AX3 now, setup is not intuitive and confusing with multiple menus that overlap and interfere with each other but once you stumble across a working config, and dont use capsman, it works well enough.
by anav
Sun Oct 20, 2024 9:30 pm
Forum: Wireless Networking
Topic: hAP ax^3 - AP-Bridge support
Replies: 12
Views: 758

Re: hAP ax^3 - AP-Bridge support

Do you want capsman1,2 or 3 with that transition......................... yup, clear as dark molasses.
by anav
Sun Oct 20, 2024 8:12 pm
Forum: Beginner Basics
Topic: mikrotik advanced Firewall Rules
Replies: 9
Views: 614

Re: mikrotik advanced Firewall Rules

Its all logic........... Some like it in pretzel format, I dont. The easiest logic is at the end of both chains add action=drop chain=forward comment="drop all else" add action=drop chain=forward comment="drop all else" What needs to be allowed is above these rules (keeping some ...
by anav
Sun Oct 20, 2024 8:05 pm
Forum: General
Topic: NAT Hairpin Configuration Troubles
Replies: 16
Views: 1985

Re: NAT Hairpin Configuration Troubles

Octarine, its important to understand the limitation of your approach. /ip nat add chain=dstnat action=dst-nat to-addresses=<192.168.88.XX - server-lanip> protocol=tcp dst-address=!192.168.88.1 dst-address-type=local dst-port=80 add chain=srcnat action=masquerade src-address=192.168.88.0/24 dst-addr...
by anav
Sun Oct 20, 2024 7:40 pm
Forum: General
Topic: NAT Hairpin Configuration Troubles
Replies: 16
Views: 1985

Re: NAT Hairpin Configuration Troubles

Correct, for hairpin nat, which is normally the case of having users on the same subnet as the server but the users are attempting to reach the server by the DYNDNS url of the router ( aka by the routers WANIP same as external users are doing) instead of simply using the LANIP of the server. Best ca...
by anav
Sat Oct 19, 2024 11:49 pm
Forum: Beginner Basics
Topic: Wireguard client don't have internet
Replies: 16
Views: 1063

Re: Wireguard client don't have internet

Bratelo, its really not his fault, normis and co, do not wish to have a prepared educated cohort of first time posters............
They prefer first time posters to flounder and for sex adverts to popup all the time.......... no coherent plan ( like a wifi roadmap LOL )
by anav
Sat Oct 19, 2024 9:33 pm
Forum: Beginner Basics
Topic: Wireguard client don't have internet
Replies: 16
Views: 1063

Re: Wireguard client don't have internet

Not interested, you have no firewall rules and I dont give advice on an unsafe router. Assuming you have an upstream router that has a firewall and the MT is behind it?? Mangling is not required so not even sure why you have it....... Why did you remove most off the default settings?? Nat rule shoul...
by anav
Sat Oct 19, 2024 3:34 pm
Forum: Beginner Basics
Topic: Mikrotik Os v7 - 2 Wan internet and 4 VLAN config with or without VRF
Replies: 5
Views: 355

Re: Mikrotik Os v7 - 2 Wan internet and 4 VLAN config with or without VRF

A. How many clients are involved in port forwarding? Reason I ask is that if the number is manageable and known, it may be more secure for them to VPN into the server, vice openeing ports on the router. B. regardless of answer in A, wireguard is simple to setup and will allow you as an admin, to acc...
by anav
Sat Oct 19, 2024 3:26 pm
Forum: Beginner Basics
Topic: Need help and suggestions for new network
Replies: 14
Views: 661

Re: Need help and suggestions for new network

5009 is good up to a 2.5gig connection or two 1 gig connections, so good to go!
by anav
Sat Oct 19, 2024 3:24 pm
Forum: Beginner Basics
Topic: Mikrotik Os v7 - 2 Wan internet and 4 VLAN config with or without VRF
Replies: 5
Views: 355

Re: Mikrotik Os v7 - 2 Wan internet and 4 VLAN config with or without VRF

If people in the large and stable groupings have complete access to each other, what is the purpose then of different subnets? If there were only certain devices accessible across the subnets or a small group of folks within each that have access to each other, then yes they should be separate and c...
by anav
Sat Oct 19, 2024 3:21 pm
Forum: Beginner Basics
Topic: Need help and suggestions for new network
Replies: 14
Views: 661

Re: Need help and suggestions for new network

In terms of routing, what is the throughput of your ISP connection, now and five years down the road
by anav
Sat Oct 19, 2024 3:19 pm
Forum: General
Topic: Port forward from WAN to a host behind Wireguard
Replies: 20
Views: 3753

Re: Port forward from WAN to a host behind Wireguard

Would need to see
config of mt
/export file=anynameyouwish (minus router serial number, any public WANIP information, keys.)

config of wireguard on pc.

Config of Server device both wireguard and any firewall rules.
by anav
Sat Oct 19, 2024 12:19 am
Forum: General
Topic: [Solved] VLAN with own subnets, not access to internet (modem/router)
Replies: 7
Views: 328

Re: VLAN with own subnets, not access to internet (modem/router)

If your intent, as it should be to minimize access to the upstream router......... Then massage firewall rules........ add action=fasttrack-connection chain=forward connection-state=established,related add action=accept chain=forward connection-state=established,related,untracked add action=accept c...
by anav
Sat Oct 19, 2024 12:10 am
Forum: General
Topic: [Solved] VLAN with own subnets, not access to internet (modem/router)
Replies: 7
Views: 328

Re: VLAN with own subnets, not access to internet (modem/router)

Dont use same name for diff things, like vlan interface name and ip pool name......... clarity and dont confuse the router ;-) remove static dns for 192.168.88.1 /interface bridge add admin-mac=D4:01:C3:D4:C0:0E auto-mac=no comment=defconf name=BR1 vlan-filtering=yes /interface vlan add interface=BR...
by anav
Fri Oct 18, 2024 11:42 pm
Forum: General
Topic: [Solved] VLAN with own subnets, not access to internet (modem/router)
Replies: 7
Views: 328

Re: VLAN with own subnets, not access to internet (modem/router)

Well the question is what is the TRUSTED or management subnet?? Did you want to use vlan20 or create another one like vlan99??
All smart devices should get their IP address on this subnet save the MT switch which should get its IP address from the upstream routers private LAN.
by anav
Fri Oct 18, 2024 11:39 pm
Forum: Beginner Basics
Topic: Need help and suggestions for new network
Replies: 14
Views: 661

Re: Need help and suggestions for new network

Is that a serious question??? 1. to ensure the OPs work subnet, or spouses work subnet are not associated with the general LAN subnet 2. to ensure kids subnets are separate from each other 3. to ensure guest wifi subnet only has access to internet and is not connected to the home wifi etc.. 4. to en...
by anav
Fri Oct 18, 2024 10:19 pm
Forum: Forwarding Protocols
Topic: Routing Vlan traffic over Vpn
Replies: 5
Views: 635

Re: Routing Vlan traffic over Vpn

Draw a diagram of what you have now and also what they want to add.
by anav
Fri Oct 18, 2024 10:17 pm
Forum: Beginner Basics
Topic: Mikrotik Os v7 - 2 Wan internet and 4 VLAN config with or without VRF
Replies: 5
Views: 355

Re: Mikrotik Os v7 - 2 Wan internet and 4 VLAN config with or without VRF

This is a fairly straight forward dual wan setup and vlans for all the LAN subnets using one bridge. https://forum.mikrotik.com/viewtopic.php?t=143620 The most important thing is to detail your requirements accurately. a. identify all devices/users ( internal, external and admin ) b. identify all th...
by anav
Fri Oct 18, 2024 10:12 pm
Forum: Beginner Basics
Topic: FIREWALL Forward rule
Replies: 10
Views: 557

Re: FIREWALL Forward rule

As stated by MKX, the default rule ensures no shenanigans are allowed by corrupted traffic.
Further the rule blocks ALL other WAN traffic as well, not just only allow dst-nat traffic.
This is a good thing!!
by anav
Fri Oct 18, 2024 10:04 pm
Forum: General
Topic: Datasheet for new improved hEX?
Replies: 39
Views: 3593

Re: Datasheet for new improved hEX?

I'm pretty sure the difference in performance is more in line with what they claim then your estimations :lol: BTW You could run wireguard on Hex since the start of ROS7... even on SXT LTE which has MIPSBE platform. (I know since I used those 2 devices in 2021 for a VPN link using Wireguard to vaca...
by anav
Fri Oct 18, 2024 6:00 pm
Forum: Beginner Basics
Topic: Port Forwarding not working
Replies: 6
Views: 380

Re: Port Forwarding not working

One more time...... and keep chains together, much easier to read and fix. And remove all old rules!! Check to make sure firewall on servers or on windows OS, that the servers is on, is not blocking traffic....... /interface bridge add name=bridge1 /interface ethernet set [ find default-name=ether1 ...
by anav
Fri Oct 18, 2024 5:50 pm
Forum: General
Topic: VLAN WAN AND LAN swOS to RB4011 [SOLVED]
Replies: 8
Views: 359

Re: VLAN WAN AND LAN swOS to RB4011 [SOLVED]

Jeez patrik you sound like a broken record, wouldnt it be nice, before posters put their first post to the forum, that their sandbox training was populated with your very good teaching point.
Alas, no one other than me, seems to find value in education. Bring on the dead...........
by anav
Fri Oct 18, 2024 5:36 pm
Forum: General
Topic: Datasheet for new improved hEX?
Replies: 39
Views: 3593

Re: Datasheet for new improved hEX?

Maggio, you should know better that pdf is useless as it doesnt denote the 512 byte information which is closest to real world performance. Extrapolating from the 1518 numbers my guestimate with filter rules, the throughput should be in the order of 500Mbps, basically still not a 1 gig ISP contender...
by anav
Fri Oct 18, 2024 2:49 pm
Forum: Forwarding Protocols
Topic: Port forwarding Public IP over Wireguard VPN not working
Replies: 3
Views: 430

Re: Port forwarding Public IP over Wireguard VPN not working

What is needed are the configs of the routers at least the wireguard server and the HQ LTE router /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc...) Conceptually, the first thing I would say is that its rather BAD idea to have all the LAN subnets on ...
by anav
Fri Oct 18, 2024 2:36 pm
Forum: Beginner Basics
Topic: Port Forwarding not working
Replies: 6
Views: 380

Re: Port Forwarding not working

A. Post your latest config so I can see what you tried and failed. Also, confirm that you have a public IP address or an upstream router gets a public IP and you can forward ports from it to the mikrotik. Its very alarming to me, because it wasnt a matter of trying A or B, it was getting you to thin...
by anav
Fri Oct 18, 2024 2:26 pm
Forum: Beginner Basics
Topic: Need help and suggestions for new network
Replies: 14
Views: 661

Re: Need help and suggestions for new network

Yes, the tplink device 615 for example is vlan capable and thus it will be relatively simple to create different vlans/subnets and distribute them on wifi via wlans and ssids. I got one of those to try and was not impressed by their range. Very much a one room trick pony and did well in the room. (N...
by anav
Fri Oct 18, 2024 4:09 am
Forum: Beginner Basics
Topic: FIREWALL Forward rule
Replies: 10
Views: 557

Re: FIREWALL Forward rule

If there is no corresponding dstnat rule, the traffic will not get forwarded to the LAN side.
by anav
Thu Oct 17, 2024 8:03 pm
Forum: Wireless Networking
Topic: IS this what Vlan is used for?
Replies: 1
Views: 258

Re: IS this what Vlan is used for?

You control the naming AND WIFI settings of available ( device determined ) chains normally two a 2ghz type wlan and a 5 ghz type wlan You control the creation of VIRTUAL WLANS, based on the master wlans above.... You control the naming of all the associated SSIDs........... You control the creation...
by anav
Thu Oct 17, 2024 7:59 pm
Forum: Wireless Networking
Topic: VLAN fail since upgrade to 7.16 from 6.49
Replies: 4
Views: 340

Re: VLAN fail since upgrade to 7.16 from 6.49

The access point is not involved in giving out DHCP, so look to the upstream device................
by anav
Thu Oct 17, 2024 7:42 pm
Forum: Beginner Basics
Topic: Cannot connect to cAP ax
Replies: 1
Views: 243

Re: Cannot connect to cAP ax

Yes you may need to do a netinstall to get it back working. Information that may help: https://help.mikrotik.com/docs/spaces/UM/pages/183369729/cAP+ax#cAPax-Resetbutton https://help.mikrotik.com/docs/spaces/ROS/pages/24805498/Reset+Button If you cannot get it to reset then maybe need to netinstall h...
by anav
Thu Oct 17, 2024 7:38 pm
Forum: Beginner Basics
Topic: Unable to route via VLANs
Replies: 16
Views: 864

Re: Unable to route via VLANs

Another trick I always do when dealing with setups of vlans and single bridge is to take one port OFF the bridge and give it its own address add address=192.168.56.1/30 interface=OffBridgePortXX network=192.168.56.0 . Add this port to the Trusted interface list /interface list add name=TRUSTED /inte...
by anav
Thu Oct 17, 2024 7:31 pm
Forum: Beginner Basics
Topic: L009UiGS-2HaxD-IN fast enough for 1GBIT Internet?
Replies: 14
Views: 5553

Re: L009UiGS-2HaxD-IN fast enough for 1GBIT Internet?

The hapax2 with 25 filter rules has about 912Mbps The hapax3 with 25 filter rules has about 1.1Gbps so definitely a bit better but as CGGX stated the practical approach is to use the HAP as the router and the LG as an extension device. With 25 filter rules the LG sits around 300Mbps....................
by anav
Thu Oct 17, 2024 7:15 pm
Forum: Beginner Basics
Topic: Port Forwarding not working
Replies: 6
Views: 380

Re: Port Forwarding not working

Your config is in error. EITHER you want to host services ON THE ROUTER ( hence you open 80 and 443 on your router to the whole wide world ) OR You port forward to a server on your LAN handling port 80 and 443. Which is it? I suspect servers on the LAN and thus remove the input chain rules for 80, 4...
by anav
Thu Oct 17, 2024 7:10 pm
Forum: Beginner Basics
Topic: FIREWALL Forward rule
Replies: 10
Views: 557

Re: FIREWALL Forward rule

It means NOTHING, without context of all other rules and the config.
by anav
Thu Oct 17, 2024 7:04 pm
Forum: General
Topic: RB4011 VLAN configuration
Replies: 4
Views: 333

Re: RB4011 VLAN configuration

Documentation is not their forte.
Feel free to post your config if you want it reviewed......
/export file=anynameyouwish ( minus router serial #, any publicWANIP information, keys etc.
by anav
Wed Oct 16, 2024 4:44 pm
Forum: General
Topic: Remote Access to Local OLTs via VPN on MikroTik Without Public IP
Replies: 27
Views: 971

Re: Remote Access to Local OLTs via VPN on MikroTik Without Public IP

Wrong, its not the right way its a work around which looks like is already leading to other issues, since the config is not optimized yet for the requirements.
Slow learner, as one has not yet grasped what is required for assistance. ........................
by anav
Wed Oct 16, 2024 4:38 pm
Forum: Beginner Basics
Topic: HEX S Router
Replies: 8
Views: 401

Re: HEX S Router

If starting from scratch suggest watching beginner videos on youtube.......... just put beginner mikrotik and lots of good stuff comes up.
No point in telling you do stuff where you have zero understanding and just copy and paste.
by anav
Wed Oct 16, 2024 3:52 pm
Forum: Wireless Networking
Topic: VLAN fail since upgrade to 7.16 from 6.49
Replies: 4
Views: 340

Re: VLAN fail since upgrade to 7.16 from 6.49

mkx hit the major problem other minor tweaks shown. /interface bridge add name=VLAN-Bridge protocol-mode=none vlan-filtering=yes /interface wireless set [ find default-name=wlan1 ] antenna-gain=8 band=2ghz-g/n disabled=no frequency=2412 installation=indoor mode=ap-bridge name=WLAN2 radio-name=test_A...
by anav
Wed Oct 16, 2024 2:23 am
Forum: Beginner Basics
Topic: Forwarding traffic
Replies: 11
Views: 878

Re: Forwarding traffic

# software id = TFI5-YPER # # model = CCR2004-16G-2S+ # serial number = REDACTED /interface bridge add name=bridge1 vlan-filtering=yes /interface ethernet set [ find default-name=ether5 ] advertise=\ 10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full /interface wireguard add listen-port=...
by anav
Wed Oct 16, 2024 1:51 am
Forum: General
Topic: RB4011iGS+RM: Some clients don't get DHCP
Replies: 1
Views: 173

Re: RB4011iGS+RM: Some clients don't get DHCP

Yes, its problems with your config.
by anav
Tue Oct 15, 2024 11:58 pm
Forum: General
Topic: Is it possible to assign an individual port to a vlan that is bridged
Replies: 4
Views: 280

Re: Is it possible to assign an individual port to a vlan that is bridged

You assign vlans to the bridge not the port. On the port you can put one or more vlans as desired via the bridge setup. Vlans by themselves are blocked from other vlans at layer2. Using firewall rules you block them at layer3 on the router, the fact that they are on the same bridge is not an issue. ...
by anav
Tue Oct 15, 2024 11:49 pm
Forum: Beginner Basics
Topic: Forwarding traffic
Replies: 11
Views: 878

Re: Forwarding traffic

ROUTER A Unable to progress as your VLANS are not quite there, maybe........ incongruence between bridge ports and bridge vlans. You have ports indicating both trunk and access port attributes. Can you provide the following information for all your ports................. port X --> to single dumb d...
by anav
Tue Oct 15, 2024 10:40 pm
Forum: Beginner Basics
Topic: Forwarding traffic
Replies: 11
Views: 878

Re: Forwarding traffic

ROUTER B 1. Added ipv6 drop all firewall rules for whatever reason it got activated by mistake. 2. Remove unnecessary interface list members, bridge covers all ports. 3. With only one LAN subnet, two LAN interface lists is not logical??? 4. Adjusted,Updated firewall rules. Now only trusted can acce...
by anav
Tue Oct 15, 2024 9:49 pm
Forum: Beginner Basics
Topic: Forwarding traffic
Replies: 11
Views: 878

Re: Forwarding traffic

What is the difference between LAN and SLAN??
Is LAN like home users and SLAN like iot and media and guest wifi ??
by anav
Tue Oct 15, 2024 9:32 pm
Forum: Beginner Basics
Topic: Forwarding traffic
Replies: 11
Views: 878

Re: Forwarding traffic

Well it doesnt sound like you are sending users to safe servers. Most modern gaming servers like Steam do not require ports open etc........ in any case by dst address is actually very useful. First step is to simply and reduced to one Wireguard network. In case the main Wireguard network is down, w...
by anav
Tue Oct 15, 2024 9:20 pm
Forum: General
Topic: Remote Access to Local OLTs via VPN on MikroTik Without Public IP
Replies: 27
Views: 971

Re: Remote Access to Local OLTs via VPN on MikroTik Without Public IP

Your choice, will move on to help others..........

I was quite clear.......
Need full config of router.
/export file=anynameyouwish (minus router serial number, any public WANIP information, keys )

Also the wireguard configuration of the client ( minus any public WANIP information, keys etc. )
by anav
Tue Oct 15, 2024 8:56 pm
Forum: General
Topic: Remote Access to Local OLTs via VPN on MikroTik Without Public IP
Replies: 27
Views: 971

Re: Remote Access to Local OLTs via VPN on MikroTik Without Public IP

If this is a public IP facing router it should be unplugged ASAP as you have no firewall rules.
by anav
Tue Oct 15, 2024 8:36 pm
Forum: General
Topic: Remote Access to Local OLTs via VPN on MikroTik Without Public IP
Replies: 27
Views: 971

Re: Remote Access to Local OLTs via VPN on MikroTik Without Public IP

Unable at the moment.............
by anav
Tue Oct 15, 2024 8:30 pm
Forum: Beginner Basics
Topic: Forwarding traffic
Replies: 11
Views: 878

Re: Forwarding traffic

Attaching both configs. Ideally both routers could reach each others subnets. Not quite complete............... Which LANIPs need to access the internet on Router B? Are there specific and unique dst ports involved. Is the WANIP (destination address on the www, fixed/static for game server, or alwa...
by anav
Tue Oct 15, 2024 8:23 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1384
Views: 301113

Re: 📣 WinBox 4 is here 📣

Is there really no git repo/github...or modern known issues/feature request tracker for winbox4? A manually updated list at the top of a 1315 reply forum post seems like a bonkers implementation considering we're almost 1/4 of the way thru the 21st century. This is HOTEL Mikrotik, you can never lea...
by anav
Tue Oct 15, 2024 8:18 pm
Forum: General
Topic: Remote Access to Local OLTs via VPN on MikroTik Without Public IP
Replies: 27
Views: 971

Re: Remote Access to Local OLTs via VPN on MikroTik Without Public IP

Need full config of router.
/export file=anynameyouwish (minus router serial number, any public WANIP information, keys )

Also the wireguard configuration of the client ( minus any public WANIP information, keys etc. )
by anav
Tue Oct 15, 2024 8:16 pm
Forum: General
Topic: RB4011 VLAN configuration
Replies: 4
Views: 333

Re: RB4011 VLAN configuration

by anav
Tue Oct 15, 2024 6:06 pm
Forum: RouterBOARD hardware
Topic: New to MikroTik - Choosing between a RB4011 (WiFi), RB5009 + AP and a hAP AX3
Replies: 12
Views: 1540

Re: New to MikroTik - Choosing between a RB4011 (WiFi), RB5009 + AP and a hAP AX3

No question the only two units worthy of consideration are the ax3 and 5009. However the ax3 is limited in wan throughput to 1gig connections, while the 5009 is future proofed to 2.5 gig connections ( maxes out aroundd 3Gbps on routing ) With a price differential of only 10E, its a no brainer to get...
by anav
Tue Oct 15, 2024 5:57 pm
Forum: Wireless Networking
Topic: Connect to Hotel Wifi
Replies: 21
Views: 1852

Re: Connect to Hotel Wifi

...but ROS can be hard to master.
Where did you get that from ? :lol:
You crack me up!!

BPWL for president of MT, re-assign the well-intentioned but failing staff they have running the wifi show. Mean well and positive outcomes have proven to be mutually exclusive! :-(
by anav
Tue Oct 15, 2024 5:48 pm
Forum: General
Topic: Remote Access to Local OLTs via VPN on MikroTik Without Public IP
Replies: 27
Views: 971

Re: Remote Access to Local OLTs via VPN on MikroTik Without Public IP

Sure, turn on IP cloud and get the dyndns address......... This is the endpoint address you will need on any client peers to connect to your wireguard VPN on the router. Identify the subnet you wish to be able to access over wireguard. /interface wireguard add listen-port=53477 mtu=1420 name=wgOLT /...
by anav
Tue Oct 15, 2024 4:41 pm
Forum: Beginner Basics
Topic: Forwarding traffic
Replies: 11
Views: 878

Re: Forwarding traffic

I've already got WireGuard VPN connection between the devices. I use it to access the other device using WinBox. Further guidance is much appreciated. Show both configs /export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc.) Also identify which IP address(e...
by anav
Tue Oct 15, 2024 4:35 pm
Forum: General
Topic: Remote Access to Local OLTs via VPN on MikroTik Without Public IP
Replies: 27
Views: 971

Re: Remote Access to Local OLTs via VPN on MikroTik Without Public IP

Its getting clearer thanks!
Suggesting either a wireguard VPN connection or a zerotier connection (LARSA can help with), that will allow you to securely access your resources behind the mikrotik router while away.
I suppose which is readily available on the CHR would be a starting point.
by anav
Tue Oct 15, 2024 1:19 pm
Forum: General
Topic: Asking for help: Setting Up a Multi-Site in-house Wireguard network [SOLVED]
Replies: 10
Views: 513

Re: Asking for help: Setting Up a Multi-Site in-house Wireguard network [SOLVED]

No argument from me vis-a-vis using zerotier....
Basically all connect to cloudflare VPS in a way

would just like to add wireguard doesnt really use certificates, it does add pre-shared key if you want extra security.
by anav
Tue Oct 15, 2024 2:38 am
Forum: Beginner Basics
Topic: Automatically divide customers into 4 internet lines equally
Replies: 17
Views: 1267

Re: Automatically divide customers into 4 internet lines equally

PCC is but one part of the equation, all of the required user traffic needs to be identified before starting the config.
by anav
Tue Oct 15, 2024 2:36 am
Forum: General
Topic: Asking for help: Setting Up a Multi-Site in-house Wireguard network [SOLVED]
Replies: 10
Views: 513

Re: Asking for help: Setting Up a Multi-Site in-house Wireguard network [SOLVED]

Yes, but until I actually use zerotier, I will be unfamiliar with its application and nuances.
No worries, ehbowen, Anav1 Larsa 0 ;-)
by anav
Mon Oct 14, 2024 11:25 pm
Forum: General
Topic: Opening ports makes me lose connection
Replies: 5
Views: 255

Re: Opening ports makes me lose connection

It sounds like you almost dont need a router if opening all ports up.
Typically I advise that its a foolish thing to do......................... especially if your router is public IP facing.
by anav
Mon Oct 14, 2024 11:24 pm
Forum: General
Topic: Hardware suggestion please
Replies: 3
Views: 225

Re: Hardware suggestion please

https://forum.mikrotik.com/viewtopic.php?t=143620 A. 1.6Gbps link is best served by the RB5009 Router with room for growth....... ( up to 3gigs so sufficient for an ISP 2.5gig connection ) B. Budget choice is indeed the hapax3 with 1.1Gbps with 25 filter rules and higher with less rules so close eno...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 72