Community discussions

MikroTik App

Search found 21701 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 73
by anav
Thu Nov 14, 2024 7:34 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 226
Views: 24515

Re: wAP ax?


But...Skype? Really!?
You prefer ICQ ?

Remember I read export files for fun, it may be trivial to enter in wifi settings, but capsman NOT so much.
Try to look at a config SMEARED with capsman lines, its like someone BARFED capsman on a lean config.
by anav
Thu Nov 14, 2024 7:28 pm
Forum: Beginner Basics
Topic: How to configure PBR in CCR2116-12G-4S+ v7.8
Replies: 3
Views: 135

Re: How to configure PBR in CCR2116-12G-4S+ v7.8

Attempting to elicit a full set of requirements, in terms of any failover expected. any port forwarding to servers on LAn, anY VPNs incoming,
Type of WAN connections private IP or public IP, static or dynamic>>
by anav
Thu Nov 14, 2024 6:16 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 5
Views: 205

Re: Port Forwarding

99% Clear.

When you say external users access SOME APPLICATIONS, via the WAN, do you mean SERVERS?
Are they port based applications ??
by anav
Thu Nov 14, 2024 4:39 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 226
Views: 24515

Re: wAP ax?

I know right!! My first comment is that wifi = 1/8 of a config (if that) , as soon as one invokes capsman wifi=2/3 of a config.
Its not clean and effiicient to program or read its friggen BLOATWARE
by anav
Thu Nov 14, 2024 4:35 pm
Forum: Beginner Basics
Topic: HAP AX2 as a bridge (giving out IP-s from parent)
Replies: 4
Views: 199

Re: HAP AX2 as a bridge (giving out IP-s from parent)

I would stick to gigabytes plan to use the router as the proper router and the LTE devices strictly as an input WAN device. However in terms of what you want is basically the AX as an AP/Switch. highly recommend taking ether5 OFF the bridge for a separate and SAFE way to config the device!! PS. this...
by anav
Thu Nov 14, 2024 4:16 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 226
Views: 24515

Re: wAP ax?

Totally agree (except for the 2.4GHz preference, haven't seen that).
And you can run CAPsMAN (new style), @anav! The object oriented implementation 8)
Are you trying to corrupt seniors?? ;-)

We need to get on a skype/discord chat so we can discuss losing my capsman virginity.
by anav
Thu Nov 14, 2024 4:11 pm
Forum: Beginner Basics
Topic: How to configure PBR in CCR2116-12G-4S+ v7.8
Replies: 3
Views: 135

Re: How to configure PBR in CCR2116-12G-4S+ v7.8

What happens if WAN1 or WAN2 become unavailable for whatever reason ( assuming two different providers of course ).
by anav
Thu Nov 14, 2024 4:09 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 5
Views: 205

Re: Port Forwarding

I am getting a clearer picture, much thanks. Few more questions!! 1. If all three WAN IPs are static and private then can I assume a. the three ISP modem/routers in front of the MT have public IPs b. that you can port forward from each ISP modem/router to the MT Note: if a is not true, then you cann...
by anav
Thu Nov 14, 2024 1:19 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 5
Views: 205

Re: Port Forwarding

1. Regardiing external users and port forwarding --. the question I have is what is the plan? Are some users supposed to reach server A on WAN1, other users reach server A by WAN2, and even different users supposed to reach server A by WAN3. AND/OR Are some users supposed to reach server A on WAN1, ...
by anav
Thu Nov 14, 2024 1:17 pm
Forum: General
Topic: VLAN config: RB2011UiAS-2HnD to L009UiGS-2HaxD
Replies: 3
Views: 136

Re: VLAN config: RB2011UiAS-2HnD to L009UiGS-2HaxD

Recommend whatever you are doing with bridge and dhcp, simply move subnet to another vlan and thus the bridge just does bridging.
Not sure also why you have 3 vlans and 5 pools.........
by anav
Thu Nov 14, 2024 5:49 am
Forum: Beginner Basics
Topic: CCR2004-16G-2S multiple bridges or not?
Replies: 38
Views: 4451

Re: CCR2004-16G-2S multiple bridges or not?

Conclusion, never buying a CCR2004, I am going straight to the ccr2116. :-)
by anav
Thu Nov 14, 2024 5:39 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 44
Views: 2963

Re: How to Pass all traffic into WireGuard Cloudflare ?

Thanks for the updates........ still thinking.......
by anav
Thu Nov 14, 2024 12:37 am
Forum: Beginner Basics
Topic: PCC load balancing on OS7
Replies: 6
Views: 1370

Re: PCC load balancing on OS7

Post your latest config please.
by anav
Thu Nov 14, 2024 12:21 am
Forum: Beginner Basics
Topic: How to firewall when behind ISP modem
Replies: 13
Views: 412

Re: How to firewall when behind ISP modem

Keep chains together. /ip firewall filter { default rules to keep } add action=accept chain=input connection-state=established,related,untracked add action=drop chain=input comment="drop <invalid> packets" connection-state=invalid log=yes log-prefix=invalid add action=accept chain=input pr...
by anav
Wed Nov 13, 2024 10:45 pm
Forum: General
Topic: 3 wan 3 subnets
Replies: 5
Views: 247

Re: 3 wan 3 subnets

I dont spend time imagining, I work with facts and need answers to questions.
What also helps is a detailed network diagram
/export file=anynameyouwish (minus router serial #, any public WANIP information).
by anav
Wed Nov 13, 2024 10:05 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 43
Views: 1229

Re: Mikrotik as Wireguard client behind NAT, loosing connection

Even on the AX3 there is no need for BTH for clients if its has access to a public IP............. Yes its convenient to generate configs for android device Just saying we need to test a connection between Two Routers and One router with one device with no BTH information on the router ( in ip cloud...
by anav
Wed Nov 13, 2024 8:06 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 43
Views: 1229

Re: Mikrotik as Wireguard client behind NAT, loosing connection

Hold on............... BTH can only be applied on one router in a connection. BTH is meant for ONE ROUTER ( that does not have a public IP) to allow single devices, smartphones and laptops to remotely connect to the router If the AX3 is a router and is connected as a client to your main router, just...
by anav
Wed Nov 13, 2024 7:51 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 43
Views: 1229

Re: Mikrotik as Wireguard client behind NAT, loosing connection

GREAT, for testing purposes, I recommend getting rid of any connection to BTH. You should not need to change anything on the router except. BURN to hell any settings in IP cloud that are bth related. There should be no need to change any other settings on the router. On the opposite router, the clie...
by anav
Wed Nov 13, 2024 6:21 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 226
Views: 24515

Re: wAP ax?

I will, thanks....... what did you notice as the improvement over the stock old drivers??
by anav
Wed Nov 13, 2024 6:09 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 226
Views: 24515

Re: wAP ax?


With wifi-qcom-ac drivers cap ac works really well. Better than old legacy drivers.
Say what?? Do you mean I can do something new with my old Cap AC ????
by anav
Wed Nov 13, 2024 6:02 pm
Forum: General
Topic: RBmAPL-2nD admin access to ethernet
Replies: 10
Views: 282

Re: RBmAPL-2nD admin access to ethernet

Sure your name isn't Sindy as well. I started reading and didnt realize it was an MKX post, LOL Maybe its that close proximity to Czechia that is making you sound smarter. ;-)
by anav
Wed Nov 13, 2024 5:54 pm
Forum: Beginner Basics
Topic: PCC dual wan
Replies: 5
Views: 283

Re: PCC dual wan

Hikvision is a funny beast for sure.
If I recall the cameras and controller should be on the same subnet correct??
by anav
Wed Nov 13, 2024 4:19 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 43
Views: 1229

Re: Mikrotik as Wireguard client behind NAT, loosing connection

Are either of you using BTH in the setup or just plain manual wireguard setups???
by anav
Wed Nov 13, 2024 4:13 pm
Forum: Beginner Basics
Topic: How to firewall when behind ISP modem
Replies: 13
Views: 412

Re: How to firewall when behind ISP modem

Ahh now I understand your BTH approach. There is no need for BTH if your router gets a public IP, but as you note personal choice it is an option and a bit easier. The main difference is that BTH uses and relies upon the a Mikrotik cloud server ( and only covers devices to the home router, not route...
by anav
Wed Nov 13, 2024 1:33 pm
Forum: Beginner Basics
Topic: How to firewall when behind ISP modem
Replies: 13
Views: 412

Re: How to firewall when behind ISP modem

Why will you need BTH, its only for the case where you dont have a public IP or the ISP router doesnt get a public IP or the ISP router gets a public IP but you cannot forward a port to the MT device. Further, its only good for single devices to your router, it will not support remote router to your...
by anav
Wed Nov 13, 2024 3:44 am
Forum: Beginner Basics
Topic: PCC load balancing on OS7
Replies: 6
Views: 1370

Re: PCC load balancing on OS7

Not sure I understand but will look..... Do you send vpn traffic to WAN1 or WAN2?? Do you do any port forwarding on WAN1 or WAN2?? Maybe I misunderstood how you use VPN?? /ip firewall mangle add action=change-ttl chain=postrouting new-ttl=set:1 out-interface=Hotspot passthrough=yes { no idea what th...
by anav
Wed Nov 13, 2024 3:29 am
Forum: Beginner Basics
Topic: PCC dual wan
Replies: 5
Views: 283

Re: PCC dual wan

1. Rule of thumb, is never rely on your ISP to protect your network 100%! 2. I never said to set ping to anything, I set the distance of the second route so that there is no confusion in the router for any return traffic. In other words, if there is any traffic to the router ( vpn ) it would come in...
by anav
Wed Nov 13, 2024 3:15 am
Forum: Beginner Basics
Topic: Help me with port forwarding troubleshooting
Replies: 17
Views: 728

Re: Help me with port forwarding troubleshooting

Yes get rid of the private IP address you have for sfp-sfpplus1, its bogus! In terms of hairpin nat. StepOne: I already showed you what the forward chain firewall rules should look like. StepTwo: Add sourcenat rule as the FIRST rule in the NAT chain. add chain=srcnat action=masquerade src-address=19...
by anav
Wed Nov 13, 2024 3:06 am
Forum: Beginner Basics
Topic: Help me with port forwarding troubleshooting
Replies: 17
Views: 728

Re: Help me with port forwarding troubleshooting

Why are you asking me which servers?? Ahhh so they are both to the same web server? Why do even you make the unencrypted port 80 available ?? in any case long winded ;-) add action=dst-nat chain=dstnat dst-port=80 in-interface-list=WAN protocol=\ tcp to-addresses=192.168.0.101 to-ports=80 add action...
by anav
Tue Nov 12, 2024 11:03 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 44
Views: 2963

Re: How to Pass all traffic into WireGuard Cloudflare ?

Okay another one to try........ Its testing if the min prefix is stopping outgoing wan from router itself traffic,,,,very weird...... We think the min=-prefix command, not well understood may be getting in the way. Try this simple fix and see! We are adding another rule, as last rule so no need to f...
by anav
Tue Nov 12, 2024 10:49 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 22
Views: 785

Re: Cant get Wireguard client to work

Okay you mean. /routing rule add action=lookup-only-in-table min-prefix=0 table=main add action=lookup-only-in-table src-address=192.168.188.0/24 table=rtab-wg add action=lookup-only-in-table table=main It would seem min-prefix interpretation widely understood is not that accurate. I thought it was ...
by anav
Tue Nov 12, 2024 10:37 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 22
Views: 785

Re: Cant get Wireguard client to work

Hi Sindy since order is specific, should it be.....
/routing rule
add action=lookup-only-in-table table=main
add action=lookup-only-in-table min-prefix=0 table=main disabled=yes { disabled as to test your thinking }
add action=lookup-only-in-table src-address=192.168.188.0/24 table=rtab-wg
by anav
Tue Nov 12, 2024 10:34 pm
Forum: Beginner Basics
Topic: Issue with Ping and Local Access Configuration for MikroTik over VPN with WireGuard and ExpressVPN
Replies: 6
Views: 968

Re: Issue with Ping and Local Access Configuration for MikroTik over VPN with WireGuard and ExpressVPN

Didnt come close to answering my question. What kind of IP address does the MT router get from the ASUS router a. private WANIP from the LAN subnet of the ASUS ( most likely ) b. public IP, ASUS is in some form of bridge mode....... Assuming a. then the next question is -- Does the ASUS get a public...
by anav
Tue Nov 12, 2024 10:28 pm
Forum: General
Topic: Help with NAT
Replies: 6
Views: 269

Re: Help with NAT

Well I could do this on wireguard, but since you like ipsec and are able to satisfy the OP with less mess......... I will find another to assist.
by anav
Tue Nov 12, 2024 9:03 pm
Forum: Beginner Basics
Topic: Remote access from the Internet (WAN side)
Replies: 38
Views: 339231

Re: Remote access from the Internet (WAN side)

DO NOT ACCESS ROUTER VIA WINBOX AND WAN directly. Use VPN to access router securely and then use winbox. Wireguard is easy and works well for this. If you don't have a public IP, or ISP router does but cannot forward a port to MT device, then use BTH wireguard VPN on mikrotik. ( allows both MT rout...
by anav
Tue Nov 12, 2024 8:48 pm
Forum: Beginner Basics
Topic: How does (my) firewalling/routing work? [SOLVED]
Replies: 14
Views: 555

Re: How does (my) firewalling/routing work? [SOLVED]

Black Friday sales are coming soon, he wants to be on the good side....... How much better the house internet will be with a CCR2004 router.
by anav
Tue Nov 12, 2024 8:40 pm
Forum: General
Topic: untagg multiple VLAN on ether port
Replies: 14
Views: 434

Re: untagg multiple VLAN on ether port

Sorry you have further muddied the waters and perhaps my understanding is not correct. As MKX stated --> However: any given port can only tag untagged frames on ingress with one VID and there are no ifs or buts. Which essentially means that bidirectional communication works only for single VLAN ( th...
by anav
Tue Nov 12, 2024 8:30 pm
Forum: General
Topic: Help with NAT
Replies: 6
Views: 269

Re: Help with NAT

Can you EVEN do ipsec to ipsec without one side having a public IP???
by anav
Tue Nov 12, 2024 8:28 pm
Forum: Beginner Basics
Topic: Help me with port forwarding troubleshooting
Replies: 17
Views: 728

Re: Help me with port forwarding troubleshooting

Question: Do you have users on the same LAN subnet also using one or both servers?

If so, how are they connecting to the servers
a. by direct LANIP
b. by DYNDNS URL name etc........
by anav
Tue Nov 12, 2024 8:23 pm
Forum: Beginner Basics
Topic: Help me with port forwarding troubleshooting
Replies: 17
Views: 728

Re: Help me with port forwarding troubleshooting

1. Your words are not reflected in the config!!! /ip address add address= 192.168.11.2/24 interface= sfp-sfpplus1 network=192.168.11.0 Effectively assigning a private IP to sfp-sfpplus1 You also have this... and this is in conflict as you cannot use BOTH, so recommend you delete the IP address entry...
by anav
Tue Nov 12, 2024 8:20 pm
Forum: Beginner Basics
Topic: How does (my) firewalling/routing work? [SOLVED]
Replies: 14
Views: 555

Re: How does (my) firewalling/routing work? [SOLVED]

I can relate !!!

If you are doing multiple vlans and vlan-filtering on a single bridge, then to not get kicked out of the router from time to time,
suggest using one etherport for an OffBridge access.
If interested let me know.
by anav
Tue Nov 12, 2024 7:47 pm
Forum: General
Topic: untagg multiple VLAN on ether port
Replies: 14
Views: 434

Re: untagg multiple VLAN on ether port

Concur, and is why in post #3 I presented clear feedback. It was not me that muddied the waters by saying oh what your doing is possible sort of with caveats, oh yeah so clear !!!! ;-PP
by anav
Tue Nov 12, 2024 7:43 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 43
Views: 1229

Re: Mikrotik as Wireguard client behind NAT, loosing connection

I believe one only needs to apply the rule and scheduler at the client peer for handshake router.
If it is determined that this single device fix does not work, Sindy intimated that a more complex setup involving both client and server peer would be required.
by anav
Tue Nov 12, 2024 7:33 pm
Forum: General
Topic: untagg multiple VLAN on ether port
Replies: 14
Views: 434

Re: untagg multiple VLAN on ether port

Since all the vlans passing untagged out of the port do not offer bilateral communications, you are effectively admitting that there is no point because return traffic even if magically came back to the router, would not be accepted on input/return to the port, only the pVID vlan would have its traf...
by anav
Tue Nov 12, 2024 7:21 pm
Forum: General
Topic: untagg multiple VLAN on ether port
Replies: 14
Views: 434

Re: untagg multiple VLAN on ether port

You give false impressions mate. Quote: " But anyway, you can pass multiple VKANs untagged on any port, just make that port untagged member of all relevant VLANs " unquote. Is incorrect and misleading, let me reword it in real english. Although one can, in vlan-filtering=yes configs, PHYSI...
by anav
Tue Nov 12, 2024 5:47 pm
Forum: Beginner Basics
Topic: Probably firewall misconfig?
Replies: 8
Views: 389

Re: Probably firewall misconfig?

Yup, I much prefer the granular control of direct access. I use that for all my TP switches and APs. I would only use the controller in a corporate setting. By the way good luck trying to remove the controller settings and move to stand alone, I found it really hard to remove all the crap the contro...
by anav
Tue Nov 12, 2024 5:44 pm
Forum: General
Topic: untagg multiple VLAN on ether port
Replies: 14
Views: 434

Re: untagg multiple VLAN on ether port

Why are you defining and using vlan1 on any mikrotik router. WHAT DEVICE is at the other end of the port that will accept multiple untagged VLANS ???? +++++++++++++++++++++++++++++++++++++++++++++++ access-port --> goes to dumb device, ONLY ONE vlan can exist on an access port - untagging is used on...
by anav
Tue Nov 12, 2024 5:36 pm
Forum: General
Topic: forcing wireguard out specific IP
Replies: 6
Views: 249

Re: forcing wireguard out specific IP

If its working and you are happy stick with it. It is not the correct solution if the problem is the same as many others have encountered which is. PRIMARY WAN SECONDARY WAN ( failover wan ) - when one wants to use the secondary WAN for VPN wireguard Situation after Proper Wireguard setup -->Wiregua...
by anav
Tue Nov 12, 2024 5:16 pm
Forum: Beginner Basics
Topic: Help me with port forwarding troubleshooting
Replies: 17
Views: 728

Re: Help me with port forwarding troubleshooting

How do you expect to port forward if you dont have a public IP address?
If you can access the upstream ISP device and from there forward a port, then it could be done.
by anav
Tue Nov 12, 2024 5:14 pm
Forum: Beginner Basics
Topic: Issue with Ping and Local Access Configuration for MikroTik over VPN with WireGuard and ExpressVPN
Replies: 6
Views: 968

Re: Issue with Ping and Local Access Configuration for MikroTik over VPN with WireGuard and ExpressVPN

Be aware that without deep packet inspection, your PFsense IDS is not complete but I suppose better than nothing. Just be aware it has limitations. What is not clear to me is if you get a public IP at the MT router, (it appears you get a private WANIP ) from the ASUS device?? If so, does the ASUS de...
by anav
Tue Nov 12, 2024 5:09 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 22
Views: 785

Re: Cant get Wireguard client to work

I suspect an issue with DNS and so lets try some things........before I get there some more work required on firewall rules. 1. You need access as admin to the router so we need to add that to the input chain rules. To do this the easiest method is to identify the admins devices on the network wired...
by anav
Tue Nov 12, 2024 4:49 pm
Forum: Beginner Basics
Topic: Probably firewall misconfig?
Replies: 8
Views: 389

Re: Probably firewall misconfig?

Results not guaranteed by using dumb switch to carry vlans to smart devices.
I have provided my feedback............
I have several TP Link APs myself, I found the OMADA controller to be less than useful and manage my TPs each manually.
With only two its a better approach IMHO......
by anav
Tue Nov 12, 2024 4:32 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 44
Views: 2963

Re: How to Pass all traffic into WireGuard Cloudflare ?

Its 9:31pm your time, you there........?
by anav
Tue Nov 12, 2024 2:21 pm
Forum: General
Topic: 3 wan 3 subnets
Replies: 5
Views: 247

Re: 3 wan 3 subnets

Your request seems straightforward except for one problem........ First of all all users should ping each other and access ech other If all users should be able to access each other then you dont need 3 subnets, one subnet for all users is what your describing. Please state why that shouldnt be the ...
by anav
Tue Nov 12, 2024 5:59 am
Forum: General
Topic: WireGuard site to site routing help
Replies: 23
Views: 919

Re: WireGuard site to site routing help

Not sure if I need a relay rule in the case of mesh topology I’m not routing outside of wireguard interface or to the wan all connections are peer to peer. Unless I’m misunderstanding what relay does. Although a MESH, all connections are strictly peer to peer. Each hop needs to be considered. Take ...
by anav
Tue Nov 12, 2024 5:45 am
Forum: Beginner Basics
Topic: PCC dual wan
Replies: 5
Views: 283

Re: PCC dual wan

1. Remove router serial number from your post as precaution. 2. Remove this rule, its not normally used (first time i recall seeing it used, but my memory is faulty LOL ) /interface bridge nat add action=accept chain=srcnat out-interface-list=WAN 3. YOu cannot do both, one either assigns an address ...
by anav
Tue Nov 12, 2024 5:15 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 44
Views: 2963

Re: How to Pass all traffic into WireGuard Cloudflare ?

Just post here when you are around and I will watch out for it and respond if available.
by anav
Tue Nov 12, 2024 5:10 am
Forum: Beginner Basics
Topic: Completely lost with regards to VLANs
Replies: 8
Views: 416

Re: Completely lost with regards to VLANs

Super!
by anav
Tue Nov 12, 2024 5:09 am
Forum: Beginner Basics
Topic: assign vlan based on what i plug in lan port
Replies: 2
Views: 190

Re: assign vlan based on what i plug in lan port

NOPE....... but you can configure each router so that
ether1 is wan, ether2 has purpose W, ether3 has purpose X ether4 has purpose Y and ether5 has purpose Z
Label the port so users know which port to plug into for the necessary purpose.
by anav
Tue Nov 12, 2024 5:06 am
Forum: General
Topic: Force DNS request [SOLVED]
Replies: 8
Views: 390

Re: Force DNS request [SOLVED]

1. Ensure all users requiring adguard have a forward chain allow rule to reach 10.1.1.2 2. You need two dstnat rules (one for udp and one for tcp) and protocol has to spelled correctly SO /ip firewall nat add chain=dstnat src-address-list=!pi-hole protocol=udp dst-port=53 action=dst-nat to-address=1...
by anav
Tue Nov 12, 2024 4:58 am
Forum: General
Topic: forcing wireguard out specific IP
Replies: 6
Views: 249

Re: forcing wireguard out specific IP

cant help much else without seeing the full config
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc..)

Also do a print of your ip routes ( again not exposing any public WANIp information )
by anav
Tue Nov 12, 2024 4:55 am
Forum: General
Topic: WireGuard site to site routing help
Replies: 23
Views: 919

Re: WireGuard site to site routing help

I do have a question . Do you use same receiving port on each router??? What I would do is use a different one on each router. Router A - 111111 / Router B - 22222 / and so ON. SO on R1 I would have input chain rule for upd port 11111 I would have listening port set at 1323 1 on wg settings I would ...
by anav
Tue Nov 12, 2024 4:47 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 44
Views: 2963

Re: How to Pass all traffic into WireGuard Cloudflare ?

Yikes, going to bed soon but will figure out when I am available and then I can give you some contact info........
by anav
Tue Nov 12, 2024 12:35 am
Forum: Beginner Basics
Topic: Completely lost with regards to VLANs
Replies: 8
Views: 416

Re: Completely lost with regards to VLANs

It boggles my mind that you think we can see your config in our heads through the dark night over how many 1000s of miles

/export file=anynameyouwish (minus router serial numnber, any public WANIP information, keys etc.)
by anav
Mon Nov 11, 2024 11:01 pm
Forum: General
Topic: forcing wireguard out specific IP
Replies: 6
Views: 249

Re: forcing wireguard out specific IP

Common problem
Search for wireguard DSTNAT in the search, there is a fix and its known
by anav
Mon Nov 11, 2024 11:00 pm
Forum: Beginner Basics
Topic: How does (my) firewalling/routing work? [SOLVED]
Replies: 14
Views: 555

Re: How does (my) firewalling/routing work? [SOLVED]

MF, hahah done!
by anav
Mon Nov 11, 2024 10:58 pm
Forum: Beginner Basics
Topic: Probably firewall misconfig?
Replies: 8
Views: 389

Re: Probably firewall misconfig?

1. Used at /interface bridge ports normally From: /interface bridge add frame-types= admit-only-vlan-tagged name=bridge port-cost-mode=short \ vlan-filtering=yes TO: /interface bridge add name=bridge port-cost-mode=short vlan-filtering=yes 2. SO..... /interface bridge port add bridge=bridge ingress-...
by anav
Mon Nov 11, 2024 10:35 pm
Forum: Beginner Basics
Topic: Probably firewall misconfig?
Replies: 8
Views: 389

Re: Probably firewall misconfig?

YOu have every port an as access port to the home or trusted vlan 110 according to /interface bridge ports and no access ports for guest and no trunk ports it seems. YET You have in /interface bridge vlans EVERY PORT tagged for guests................... Therefore you need to be honest about what eac...
by anav
Mon Nov 11, 2024 9:58 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 22
Views: 785

Re: Cant get Wireguard client to work

Dont see anything obvious yet. 1. Change this to LAN /ip neighbor discovery-settings set discover-interface-list= all /ip neighbor discovery-settings set discover-interface-list= LAN 2. POSSIBLE ISSUE look at this config /interface wireguard peers add allowed-address= ::/0, 0.0.0.0/0 endpoint-addres...
by anav
Mon Nov 11, 2024 9:54 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 22
Views: 785

Re: Cant get Wireguard client to work

Should not be related, but: /interface list member add interface=bridge1 list=LAN add interface=ether1 list=WAN add interface=wireguard1 list=LAN wireguard1 should be WAN conceptually. The concept is..........to be clear, that the traffic from the router has to have one SOURCE IP to a third party s...
by anav
Mon Nov 11, 2024 9:41 pm
Forum: Beginner Basics
Topic: how to achieve this setup?
Replies: 4
Views: 280

Re: how to achieve this setup?

You cannot have the rb5009 providing separate subnets without double NAT ... You can. But TPlink has to perform NAT also for "slovenian" subnets on LAN side ... and I've no idea if that's possible or not. Hmmm well THIS IS possible THE 5009 Acting as Router with a few of its own subnets u...
by anav
Mon Nov 11, 2024 9:24 pm
Forum: General
Topic: WireGuard site to site routing help
Replies: 23
Views: 919

Re: WireGuard site to site routing help

Glad to hear it works no problem for 4 routers, perhaps 5 is a dark magic evil number. Did you name the new router LARSA by any chance? ;-PPP To add a fifth router means ON ALL FOUR ROUTERS you need to ADD another peer client add allowed-peers=IPaddress#5/32,(anysubnets on said router 5), interface=...
by anav
Mon Nov 11, 2024 9:11 pm
Forum: General
Topic: Wireguard - Cant Ping from inside a network
Replies: 4
Views: 218

Re: Wireguard - Cant Ping from inside a network

Since you use Capsman, will not be able to comment on vlans etc............ Will focus on wireguard and anything else glaring. Right off the top, dont care a whit about pinging, what I care about is required traffic flow is working. Until ping = person or device, its meaningless at the end...... 1. ...
by anav
Mon Nov 11, 2024 6:03 pm
Forum: Beginner Basics
Topic: CRS354-48P-4S+2Q+RM Performance Issues with Light Load
Replies: 5
Views: 314

Re: CRS354-48P-4S+2Q+RM Performance Issues with Light Load

Agreed, best to seek advice prior to purchase, it should be on top of the MIKROTIK HOME PAGE.
DO NOT BUY< GO STRAIGHT TO FORUM FOR USEFUL INFORMATION< OUR WEBSITE SUCKS
by anav
Mon Nov 11, 2024 6:02 pm
Forum: Beginner Basics
Topic: How does (my) firewalling/routing work? [SOLVED]
Replies: 14
Views: 555

Re: How does (my) firewalling/routing work? [SOLVED]

Yolks on me, much thanks!!!!
by anav
Mon Nov 11, 2024 5:54 pm
Forum: General
Topic: Wireguard - Cant Ping from inside a network
Replies: 4
Views: 218

Re: Wireguard - Cant Ping from inside a network

This could be a problem --> And so the tunnel is set up correctly. At the moment, there are no restrictions on network access, i.e. " allowed addresses" is set as 0.0.0.0/0 on both sides. Will look at both configs So as to understand one MT gets a public IP directly The other MT is connect...
by anav
Mon Nov 11, 2024 4:03 pm
Forum: Beginner Basics
Topic: how to achieve this setup?
Replies: 4
Views: 280

Re: how to achieve this setup?

Your request makes no sense to me.
You cannot have the rb5009 providing separate subnets without double NAT because its now acting as a router not a switch.
Why do you insist on using the TPLINK router at all...... Dump it.......
by anav
Mon Nov 11, 2024 3:33 pm
Forum: Beginner Basics
Topic: How does (my) firewalling/routing work? [SOLVED]
Replies: 14
Views: 555

Re: How does (my) firewalling/routing work? [SOLVED]

As a next step, there is no need to allow the entire LAN full access to the input chain. Its not the optimal good security practice. They only need access to services like DNS. SO add some user rules. add action=accept chain=input comment="full lan access" in-interface-list=LAN add action=...
by anav
Mon Nov 11, 2024 3:23 pm
Forum: Beginner Basics
Topic: How does (my) firewalling/routing work? [SOLVED]
Replies: 14
Views: 555

Re: How does (my) firewalling/routing work? [SOLVED]

To add to jaclaz, slight modification, NEVER put the drop all rule onto the input chain until the very end. ........... Basically ensuring you as admin or the LAN has access to config the router so I would amend his list, to be safe. #input chain add action=accept chain=input comment="defconf: ...
by anav
Mon Nov 11, 2024 3:15 pm
Forum: Beginner Basics
Topic: Part of my network does not have access to google.com
Replies: 38
Views: 1178

Re: Part of my network does not have access to google.com

Since you are running a business and actually want people to stay at your hotel..........surprized patrons havent burned it to the ground yet........ there is no shortage of help actually and the sort that can log into the router and assist live.

https://mikrotik.com/consultants
by anav
Mon Nov 11, 2024 6:45 am
Forum: Beginner Basics
Topic: Completely lost with regards to VLANs
Replies: 8
Views: 416

Re: Completely lost with regards to VLANs

Read this: https://forum.mikrotik.com/viewtopic.php?t=143620 Watch this: https://www.youtube.com/watch?v=YLtGQAQ8iS0&t=77s&pp=ygUMbmV0d29yayB0cmlw What I recommend is take a port OFF the bridge assign it an IP like 192.168.55.0/30 Then plug into the port with laptop and change IPV4 settings ...
by anav
Mon Nov 11, 2024 6:42 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 44
Views: 2963

Re: How to Pass all traffic into WireGuard Cloudflare ?

At this point, probably insert a chip into my brain and sever anytime I spend working on configs.........
Probably get up on discord and skype and use teamviewer or something to look at config and try things live.
What time zone you in??
by anav
Mon Nov 11, 2024 3:36 am
Forum: General
Topic: Routing between VLANS not working - CRS305
Replies: 2
Views: 185

Re: Routing between VLANS not working - CRS305

1. MISSING SOURCE - which port is WAN PORT, ether1 is disabled, sfpplus 2,3,4 appear to be LAN type ports and sfpplus 1 appears to be LANport of no definition, wrongly assigned to the bridge for dhcp. Exacerbated because the bridge has no definition for dhcp........... Last Point, Do not put WAN on ...
by anav
Mon Nov 11, 2024 3:34 am
Forum: General
Topic: RoS 7 problem connecting remotely with 3 pppoe wans
Replies: 10
Views: 1028

Re: RoS 7 problem connecting remotely with 3 pppoe wans

Would need to see the complete config to comment, but in terms of routes if gateway IP is the same that is the correct approach!!
by anav
Mon Nov 11, 2024 3:09 am
Forum: Beginner Basics
Topic: CRS354-48P-4S+2Q+RM Performance Issues with Light Load
Replies: 5
Views: 314

Re: CRS354-48P-4S+2Q+RM Performance Issues with Light Load

Check out ethernet routing results 25 fiilter rules at 512byte in Mbps which is the closest to real world routing performance. ----> Whopping 169 Mbps, if you use less rules is probably why you can get around 250. With no rules expect around 300Mbps. As MKX pointed out you got the wrong product for ...
by anav
Mon Nov 11, 2024 2:59 am
Forum: Beginner Basics
Topic: Internet only (NO LAN) access for IP Pool
Replies: 3
Views: 199

Re: Internet only (NO LAN) access for IP Pool

I understand your angst and know of what you speak. Putting the Media Server on its own vlan would be really easy since its a single device, could even be on a LAN port on the router. Users depending might be more difficult to separate ( internet only users and then those that can have internet acce...
by anav
Sun Nov 10, 2024 9:39 pm
Forum: Beginner Basics
Topic: Internet only (NO LAN) access for IP Pool
Replies: 3
Views: 199

Re: Internet only (NO LAN) access for IP Pool

If you have two subnets on the router, or two vlans.............. then yes you can easily stop communication between the subnets at L3, via firewall rules. If you mean that someone within 192.168.88.0/24 should NOT be able to access some else in 192.168.88.0/24, it cannot be done in firewall rules a...
by anav
Sun Nov 10, 2024 9:33 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 43
Views: 1229

Re: Mikrotik as Wireguard client behind NAT, loosing connection

Ahh what I was missing is the scheduler function.......so something else was needed.....good I am not going bonkers. :-)
Dare I look at your really horrific dst-nat solution to ensure that both directions are handled LOL.
by anav
Sun Nov 10, 2024 9:26 pm
Forum: General
Topic: inter vlan routing in CSS 326 24G
Replies: 6
Views: 250

Re: inter vlan routing in CSS 326 24G

Perhaps next time start out with the truth, there is not site A or Site B.
It sounds like if anything a single site, or location, but perhaps in different rooms?

Is it the same ISP and same gateway ????
by anav
Sun Nov 10, 2024 6:11 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 43
Views: 1229

Re: Mikrotik as Wireguard client behind NAT, loosing connection

Got it, but why would the source port change.....
Does not the source port not stay fixed once the wg connection is made?
Or are you taking advantage of thee fact that the source port changes with every actual use of traffic vice just keep alive pings.............
by anav
Sun Nov 10, 2024 4:31 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 44
Views: 2963

Re: How to Pass all traffic into WireGuard Cloudflare ?

Lost as you are............ Going back to basics. Have you ever had a WIREGUARD connection ........ ?? Not that this will make a difference but modify /ip route add check-gateway=ping comment=Recursive disabled=no distance=1 dst-address=\ 0.0.0.0/0 gateway=9.9.9.9 routing-table=main scope=10 \ suppr...
by anav
Sun Nov 10, 2024 4:13 pm
Forum: General
Topic: WireGuard site to site routing help
Replies: 23
Views: 919

Re: WireGuard site to site routing help

Well, That is the purpose of a Mesh topology, a remote device need only connect to one router and should be able to access ALL Lans subnets, and all routers for config purposes. If doing it with single server 3 client routers, one connects to the single server with the remote device and then you can...
by anav
Sun Nov 10, 2024 4:06 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 43
Views: 1229

Re: Mikrotik as Wireguard client behind NAT, loosing connection

Okay, lets forget for the moment the potential for the horrific solution with dstnat for now. Sticking to: chain=srcnat protocol=udp src-port=13231 dst-port=13231 src-address-type=local action=src-nat to-ports=40000-59999 I am trying to imagine what this actually does come traffic time or at tunnel ...
by anav
Sun Nov 10, 2024 3:48 pm
Forum: General
Topic: inter vlan routing in CSS 326 24G
Replies: 6
Views: 250

Re: inter vlan routing in CSS 326 24G

Does each router get its own WANIP from an ISP What is the main purpose off each router. If they are in different locations, how can they physically connect to the same switch? Why would users on pppoe router neeed access to subnet on hotspot router? Create a new common subnet on both routers assign...
by anav
Sun Nov 10, 2024 3:45 pm
Forum: General
Topic: ZeroTier Version Upgrade
Replies: 12
Views: 1874

Re: ZeroTier Version Upgrade

I find it hard to understand whey anybody would even attempt to fathom MT thought processes........... By the way its all in the phantom roadmap. ;-)
by anav
Sun Nov 10, 2024 12:38 am
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 43
Views: 1229

Re: Mikrotik as Wireguard client behind NAT, loosing connection

So Sindy are you saying that its not a problem with either Router but something at the ISP end. Is it interfering in any specific direction??? The fix is applied on which router? I am having trouble wrapping my head on exactly what this accomplishes post loss of connection..... Specifically, the por...
by anav
Sun Nov 10, 2024 12:33 am
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 552

Re: Configuring wireless on wAP R from zero

Is the upstream router its connected to a Mikrotik Router??
by anav
Sat Nov 09, 2024 9:14 pm
Forum: General
Topic: Periodic connectivity issues to external WinBox
Replies: 15
Views: 490

Re: Periodic connectivity issues to external WinBox

Hello everyone. I have a CHR v. 7.16 configured and in Whitelist I keep my Cloud address of home router). Everything worked fine and config was untouched for quite long time, but suddenly a periodic issue appeared: with whitelist access to Winbox (chain=input action=accept dst-port=8291 src-address...
by anav
Sat Nov 09, 2024 9:07 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 43
Views: 1229

Re: Mikrotik as Wireguard client behind NAT, loosing connection

Why why why are you using a FOREIGN term called operators............ It means nothing to me or anyone else. Do you mean operator router = Mikrotik Router OR do you mean operator router = ISP router. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ I am assuming you...
by anav
Sat Nov 09, 2024 8:11 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 22
Views: 785

Re: Cant get Wireguard client to work

Very strange indeed. So you confirm the following a. ip dhcp client has default route=yes? b. with RRules disabled and mangle disabled you go out the local internet (local WAN) no problem? c. while testing b, please attempt to ping the remote address you have entered in 1 below !!! Assuming yes to t...
by anav
Sat Nov 09, 2024 8:02 pm
Forum: Beginner Basics
Topic: Use hap ax lite as access point
Replies: 17
Views: 806

Re: Use hap ax lite as access point

Since I am getting tired of the lack effort and its a 5 minute config from typing from scratch. ASSUMING the single LAN subnet is 192.168.88.0/24 and the MT is assigned 192.168.88.5 /interface bridge add name=bridge /interface list add name=TRUSTED /interface wireless security-profiles set [ find de...
by anav
Sat Nov 09, 2024 7:52 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 43
Views: 1229

Re: Mikrotik as Wireguard client behind NAT, loosing connection

1. Please confirm on each router. The WANIP that shows up on IP DHCP client = whats my ip in browser = the public address associated in IP Cloud If A = B = C you are getting a public IP at the MT router If A ≠ B = C you are getting NOT getting a public IP at the MT router 2. Please confirm on each r...
by anav
Sat Nov 09, 2024 7:44 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 43
Views: 1229

Re: Mikrotik as Wireguard client behind NAT, loosing connection

It would appear that you are providing contradictory information ( which was also implied earlier ) and hence I asked for some clarification but still confusing. If the router is in a double nat scenario, aka behind the ISP modem/ROUTER or ISP ROUTER, then there is NO WAY the servers are connected d...
by anav
Sat Nov 09, 2024 7:34 pm
Forum: General
Topic: Why DNS servers are knocking port 5678 of pppoe-out1 interface?
Replies: 8
Views: 1068

Re: Why DNS servers are knocking port 5678 of pppoe-out1 interface?

Sounds like a good reason to turn it off........ Maybe needed for BTH?
In any case if a hacker can intercept your traffic and mimic being an mt cloud server perhaps its a good VECTOR to close down.
by anav
Sat Nov 09, 2024 7:21 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 43
Views: 1229

Re: Mikrotik as Wireguard client behind NAT, loosing connection

PROBLEM: 1. In the previous post I question if you quality for wireguard as you MAY not have an accessible public IP. 2. IF NOT, then an alternative in certain situations is BACK to HOME VPN, for some reason I didnt notice this before but in your peer Server router for handshake the following: /inte...
by anav
Sat Nov 09, 2024 7:19 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 43
Views: 1229

Re: Mikrotik as Wireguard client behind NAT, loosing connection

Okay normal wireguard will ONLY work if at least one of the ends of your connection has an accessible public IP. This needs to be the peer Server router for handshake. Accessible means that, if the MT router does not get a public IP, then the ISP router in front of it, MUST a. get a public, AND b. c...
by anav
Sat Nov 09, 2024 4:39 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 22
Views: 785

Re: Cant get Wireguard client to work

1. RRules
a. disable all mangles
b. change routing rules to the following

/routing rule
add action=lookup-only-in-table min-prefix=0 table=main comment="permits local traffic"
add action=lookup-only-in-table src-address=192.168.188.0/24 table=rtab-wg
by anav
Sat Nov 09, 2024 4:37 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 22
Views: 785

Re: Cant get Wireguard client to work

The reason I state this is because your router FIRST has to establish the tunnel with the other end............. then wireguard traffic can flow. If there is no route, then the tunnel will never happen......... Since you are getting internet locally it must exist.. ... Screenshot 2024-11-09 103534.p...
by anav
Sat Nov 09, 2024 3:41 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 22
Views: 785

Re: Cant get Wireguard client to work

What are you connecting to
a. a third party server?
b. another MT router?

You dont need to BOTH mangle and use Routing Rules...... one or the other.
Assuming that you have selected default route in IP DHCP client?
by anav
Sat Nov 09, 2024 2:56 pm
Forum: General
Topic: WireGuard site to site routing help
Replies: 23
Views: 919

Re: WireGuard site to site routing help

Yikes, I use no wizards, just do it manually LOL, and normally for keys one just puts "++++++" or something never the real keys. Okay that gives me a bit of a sense of what you are doing. Interesting, in 4 router scenario, its rare to have each one have a public IP. Normally its one, so wh...
by anav
Sat Nov 09, 2024 2:21 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 43
Views: 1229

Re: Mikrotik as Wireguard client behind NAT, loosing connection

1. Lack of firewall rules would likely NOT be the issue. 2. Not that this is a problem but recommend change this on allowed IPs on your peer client router....... so that you as a remote admin can access your peer Client router when away from both routers. /interface wireguard peers add allowed-addre...
by anav
Sat Nov 09, 2024 3:58 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 44
Views: 2963

Re: How to Pass all traffic into WireGuard Cloudflare ?

The only thing that proves is that you cannot hook up a dumb device (laptop) and get traffic from a trunk port.......... Ether3 is going to the switch and thus cannot be terminated on a laptop. Sure you may have changed the /interface bridge port settings, but did you change the /interface bridge vl...
by anav
Fri Nov 08, 2024 10:00 pm
Forum: General
Topic: RoS 7 problem connecting remotely with 3 pppoe wans
Replies: 10
Views: 1028

Re: RoS 7 problem connecting remotely with 3 pppoe wans

Okay once its all implemented............
Tell me what works and what doesnt, any improvment?
Plus of course the latest config........
by anav
Fri Nov 08, 2024 9:24 pm
Forum: Beginner Basics
Topic: WAN port belongs to two VLANs [SOLVED]
Replies: 11
Views: 558

Re: WAN port belongs to two VLANs [SOLVED]

What you are asking for is impossible. EITHER the students are on their own VLAN and subnet getting dhcp from the mikrotik and have no direct connection or need to use 2940, OR they are vlan2940 getting dhcp from the upstream router. and are connected directly to 2940 It cannot be both!! Also, since...
by anav
Fri Nov 08, 2024 9:00 pm
Forum: Beginner Basics
Topic: WAN port belongs to two VLANs [SOLVED]
Replies: 11
Views: 558

Re: WAN port belongs to two VLANs [SOLVED]

What you have to understand. A. What I provided ( acting like a router, students on isolated LAN ) if the VLAN2940 is for the router to get a WANIP, that works. behind the other router we can setup a LAN that is not related and simply uses the connection to go out the internet the management vlan is...
by anav
Fri Nov 08, 2024 8:55 pm
Forum: Beginner Basics
Topic: WAN port belongs to two VLANs [SOLVED]
Replies: 11
Views: 558

Re: WAN port belongs to two VLANs [SOLVED]

I just noticed you put the dhcp client on the vlan2904 which is not the management VLAN. Is this a typo and should have been set to VLAN1000? Nope, just following the directions given. You clearly stated that the ROUTER, the MT should get its IP address on this VLAN and thus the students get intern...
by anav
Fri Nov 08, 2024 8:51 pm
Forum: General
Topic: 5WAN_PCC very slow speed internet or no internet
Replies: 7
Views: 337

Re: 5WAN_PCC very slow speed internet or no internet

Since you refuse to answer clear questions, I will defer and let others help. ( I cannot say whether to delete or modify since you have not explained their purpose - unable to advise )
Good luck!
by anav
Fri Nov 08, 2024 8:49 pm
Forum: General
Topic: WireGuard site to site routing help
Replies: 23
Views: 919

Re: WireGuard site to site routing help

Yes, they are all peers once a connection has been established........ but generally speaking the router acting as server for handshake will have the udp port open on the input chain for example. Are you saying all routers have public IPs and open UDP ports for wireguard?? Can you post wireguard set...
by anav
Fri Nov 08, 2024 6:13 pm
Forum: Beginner Basics
Topic: WAN port belongs to two VLANs [SOLVED]
Replies: 11
Views: 558

Re: WAN port belongs to two VLANs [SOLVED]

Be advised, you wont be able to make any changes to this router since we are locking it down to only the Management VLAN coming in on ether1 !! If you require other access best stated from where........... Also how are management going to access this device, via WINBOX.................. need to know...
by anav
Fri Nov 08, 2024 6:02 pm
Forum: General
Topic: 5WAN_PCC very slow speed internet or no internet
Replies: 7
Views: 337

Re: 5WAN_PCC very slow speed internet or no internet

1. I dont check third party sites for the config they used, I am only interested in your config. :-) ( each scenario is different as everyone has different requirements ) 2. So are you saying you have no idea what the first two set of mangle rules are used for??? 3. Does your provider with the 5 wan...
by anav
Fri Nov 08, 2024 5:51 pm
Forum: General
Topic: perca de pacote rede interna
Replies: 3
Views: 172

Re: perca de pacote rede interna

If your business is facing critical disruptions, the best thing for you to do is call for paid help to get quickest resolution ---> https://mikrotik.com/consultants That is what a real IT admin would do if they are NOT knowledgeable on MT, OR are knowledgeable and still cannot find the source of the...
by anav
Fri Nov 08, 2024 4:29 pm
Forum: Beginner Basics
Topic: WAN port belongs to two VLANs [SOLVED]
Replies: 11
Views: 558

Re: WAN port belongs to two VLANs [SOLVED]

Understood, just trying to figure out how to use the management VLAN properly, the rest as you wish is very doable.
Typically the IP address given to the device is on the management vlan.
by anav
Fri Nov 08, 2024 4:26 pm
Forum: Beginner Basics
Topic: does RB5009UG support MSTP protocol?
Replies: 4
Views: 333

Re: does RB5009UG support MSTP protocol?

On the bridge interface ( its in RoS, not hardware specific ) is the STP tab. Check out protocol mode here and scroll down to read about bridge Spanning Tree Protocol ---> https://help.mikrotik.com/docs/spaces/ROS/pages/328068/Bridging+and+Switching Check out general spanning tree protocol page --> ...
by anav
Fri Nov 08, 2024 2:40 pm
Forum: Beginner Basics
Topic: Unable to access network share over Wireguard
Replies: 11
Views: 549

Re: Unable to access network share over Wireguard

Thats good news!!,
If you want to clean up the rest of the config, feel free to ask about any specific part of the comments.
by anav
Fri Nov 08, 2024 2:38 pm
Forum: Beginner Basics
Topic: Help me with port forwarding troubleshooting
Replies: 17
Views: 728

Re: Help me with port forwarding troubleshooting

I have 0 (Zero) firewall rules. That means, that everything is open (allow). Right? I understand, that eventually I'll need to close / limit few things, but i'm ok to have everything open while troubleshooting. Right? Depends, is your device connected directly to the internet and not behind an ISP ...
by anav
Fri Nov 08, 2024 2:34 pm
Forum: General
Topic: 5WAN_PCC very slow speed internet or no internet
Replies: 7
Views: 337

Re: 5WAN_PCC very slow speed internet or no internet

1. Remove all WAN bridges, not required. 2. None of the WANs have a reachable public IP??? no need to use back to home VPN if you have an accessible public IP. 3. The actual use of a bridge would be to assign all vlans to Bridge-Loop Bridge ports would consist of ether3, and ether4 and correct me if...
by anav
Fri Nov 08, 2024 5:01 am
Forum: General
Topic: WireGuard site to site routing help
Replies: 23
Views: 919

Re: WireGuard site to site routing help

Wireguard is very flexible anything is possible..........

Which of the four routers is the peer Server for handshake??
by anav
Fri Nov 08, 2024 4:59 am
Forum: General
Topic: RoS 7 problem connecting remotely with 3 pppoe wans
Replies: 10
Views: 1028

Re: RoS 7 problem connecting remotely with 3 pppoe wans

I was hoping for something bigger, but it will do. Will try to get to this tomorrow as I have some research to do on the cloud stuff. ---> see above post!!! It would appear that each VLAN is to only use one particluar WAN All external arriving special traffic is only to use WAN1 ( vpns etc.) As for ...
by anav
Fri Nov 08, 2024 12:37 am
Forum: General
Topic: RoS 7 problem connecting remotely with 3 pppoe wans
Replies: 10
Views: 1028

Re: RoS 7 problem connecting remotely with 3 pppoe wans

Sorry, very busy these days. If you fly me to Greece, assistance can be hands on. :-) 1. I thing we can agree clarity in the config helps so I prefer to identify each port...... and use proper VLAN rules.. and also add comments if necessary /interface bridge port add bridge=bridge_main ingress-filte...
by anav
Fri Nov 08, 2024 12:31 am
Forum: Beginner Basics
Topic: Mikrotik as OpenVPN client routing all VPN connection through wlan
Replies: 3
Views: 219

Re: Mikrotik as OpenVPN client routing all VPN connection through wlan

What I meant is that for MOST VPNs, one end must have access to a public IP at least at one end of the connection. The purpose of this is so that the peer SERVER can be reached by all users, be they from individual devices (laptop/smartphone) or from individuals behind another remote router. A stati...
by anav
Fri Nov 08, 2024 12:26 am
Forum: General
Topic: Towards Optimization of Production Firewall Rules
Replies: 13
Views: 623

Re: Towards Optimization of Production Firewall Rules

Instead of couching the requirements in vague terms be clear. You want the router to have the ability to 'sense' changes in traffic flow and react accordingly. Although there may be some rudimentary things one can do in logging and and then reading those logs and attempt to modify existing rules on ...
by anav
Fri Nov 08, 2024 12:18 am
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 17
Views: 973

Re: VLANs - there has to be a simpler way!

Cry me a river........... I am well aware of AI and how important it is and the impact it will have especially in the battlespace domain. Basically any decision making that requires analyzing large chunks of data no matter how disparate, at near or at real-time, gives a competitive advantage to thos...
by anav
Thu Nov 07, 2024 11:00 pm
Forum: General
Topic: Towards Optimization of Production Firewall Rules
Replies: 13
Views: 623

Re: Towards Optimization of Production Firewall Rules

"In most cases not significantly enough to warrant the loss of throughput by all the rules......... In other words throughput is directly affected by the number of firewall rules, so first things first, be LEAN." Is that a straw man argument? No worries, I only deal in practical advice, i...
by anav
Thu Nov 07, 2024 10:56 pm
Forum: Beginner Basics
Topic: Mikrotik as OpenVPN client routing all VPN connection through wlan
Replies: 3
Views: 219

Re: Mikrotik as OpenVPN client routing all VPN connection through wlan

As long as one of the MT devices gets a public IP, or an ISP router its attached to can
a. get a public IP
b. forward a port to the MT device,
Its doable.
However I only know how to do so using wireguard.
by anav
Thu Nov 07, 2024 10:54 pm
Forum: Beginner Basics
Topic: Issue with Ping and Local Access Configuration for MikroTik over VPN with WireGuard and ExpressVPN
Replies: 6
Views: 968

Re: Issue with Ping and Local Access Configuration for MikroTik over VPN with WireGuard and ExpressVPN

NO clue as to what your network looks like? Can you provide a detailed diagram. When you say express VPN, thats a third party service, so not sure how you are hosting a third party vpn server?? (The idea is that you could be an express client for this unnamed type of VPN ) either on a PC, or the rou...
by anav
Thu Nov 07, 2024 9:56 pm
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 17
Views: 973

Re: VLANs - there has to be a simpler way!

No one here is interested in looking at chat GPT outputs. What is in your interest is to put in the work to generate what you think is your best effort. Try to understand what each line in the config SAYS, and its purpose. Learning, is not done through bypassing the use of ones synapses Perhaps in v...
by anav
Thu Nov 07, 2024 9:54 pm
Forum: General
Topic: Towards Optimization of Production Firewall Rules
Replies: 13
Views: 623

Re: Towards Optimization of Production Firewall Rules

Do you have a new question???
by anav
Thu Nov 07, 2024 9:53 pm
Forum: Beginner Basics
Topic: Use hap ax lite as access point
Replies: 17
Views: 806

Re: Use hap ax lite as access point

Post what you come up with for review
by anav
Thu Nov 07, 2024 9:52 pm
Forum: Beginner Basics
Topic: Possibility to, within fw, group services in lists?
Replies: 2
Views: 188

Re: Possibility to, within fw, group services in lists?

Nope the best you can hope for is on any given rule portX,portY,portAA etc........
If you are lucky its in contiguous ranges dst-port=1556-1695
by anav
Thu Nov 07, 2024 9:50 pm
Forum: Beginner Basics
Topic: WAN port belongs to two VLANs [SOLVED]
Replies: 11
Views: 558

Re: WAN port belongs to two VLANs [SOLVED]

It sounds like what you are saying is that whatever MT device you have in place, it will strictly be acting as a switch. Please let us know your device and by the way this is perfectly doable........ The vlan 1000 is strictly a management vlan so that the switch can get assigned an IP address termin...
by anav
Thu Nov 07, 2024 8:31 pm
Forum: Beginner Basics
Topic: From old AirPort Express to cAP
Replies: 14
Views: 1316

Re: From old AirPort Express to cAP

TRUEDAT......... okay then keeping the capac as an AP/switch is the smart way to go...............cant help you if you want to make it a router................. the only reason to use it as a router is if you needed separate subnets and most likely vlans to go out the wifi.
by anav
Thu Nov 07, 2024 7:33 pm
Forum: Beginner Basics
Topic: From old AirPort Express to cAP
Replies: 14
Views: 1316

Re: From old AirPort Express to cAP

Okay I understand my misunderstandings..... Firstly: I assumed you had a capAC, but it would appear you have a CAP ONLY. Please confirm!!! It only has one port and that is a 10/100 based port. In addition acting as a router, its throughput would actually be less than 100Mbps based on having 25 filte...
by anav
Thu Nov 07, 2024 6:16 pm
Forum: Beginner Basics
Topic: Unable to access network share over Wireguard
Replies: 11
Views: 549

Re: Unable to access network share over Wireguard

Based on your feedback, I dont think there is anything I can add.
Hopefully others have more input.
Good luck!
by anav
Thu Nov 07, 2024 5:58 pm
Forum: General
Topic: Issues with bandwidth [SOLVED]
Replies: 19
Views: 891

Re: Issues with bandwidth [SOLVED]

If using the switch as a router, expect no faster than approx 200Mbps traffic to/fro internet.
You are not using fastrack or other firewall rules that may help increase the throughput.
by anav
Thu Nov 07, 2024 4:38 pm
Forum: Beginner Basics
Topic: Unable to access network share over Wireguard
Replies: 11
Views: 549

Re: Unable to access network share over Wireguard

As to windows shares, no idea. There is no windows share identifier or functionality withing RoS, that I am aware of. Seems like a window OS issue.
by anav
Thu Nov 07, 2024 4:34 pm
Forum: Beginner Basics
Topic: Unable to access network share over Wireguard
Replies: 11
Views: 549

Re: Unable to access network share over Wireguard

The advice is to properly config the router and make it secure as well as address any wireguard issues.... 1. Okay so the idea is you are trying to reach the USB held files.......... Well how do you propose to reach the files if the USB port has no identification path for the router to use ( ip addr...
by anav
Thu Nov 07, 2024 3:51 pm
Forum: General
Topic: Unable to log in to Winbox via Wireguard [SOLVED]
Replies: 3
Views: 251

Re: Unable to log in to Winbox via Wireguard [SOLVED]

"It turned out I forgot to open the ports on the VPS server"

Makes sense, as there was nothing seriously preventing it on the router side, nonetheless, one can always improve (cleanup) their config.
by anav
Thu Nov 07, 2024 1:37 pm
Forum: Beginner Basics
Topic: Unable to access network share over Wireguard
Replies: 11
Views: 549

Re: Unable to access network share over Wireguard

RULES THAT MAKE NO SENSE 1. If you are attempting FTP for example, the input chain is NOT used for this....... One uses the dstnat chain. One rule is used in the forward chain to allow port forwarding in general. add action=accept chain=input dst-port=21 in-interface-list=WAN log=yes \ log-prefix=&q...
by anav
Thu Nov 07, 2024 1:24 pm
Forum: Beginner Basics
Topic: Filter by IP address list
Replies: 2
Views: 183

Re: Filter by IP address list

Use cases please, will give us some context.
by anav
Thu Nov 07, 2024 1:22 pm
Forum: General
Topic: 1 Packet over Multiple Routs?
Replies: 14
Views: 1183

Re: 1 Packet over Multiple Routs?

Okay either I have to travel to UTAH or we get together on (take your pic skype/discord/teams) to discuss those very configs........... Use case: seamless failover between two WANS on the ground site, using CHR as the public IP hitting the internet. EOIP within wireguard. Trying to do better than ch...
by anav
Thu Nov 07, 2024 1:17 pm
Forum: General
Topic: Towards Optimization of Production Firewall Rules
Replies: 13
Views: 623

Re: Towards Optimization of Production Firewall Rules

Personally I tend to avoid the ! matchers ... yes, they can be useful, but when one starts combining multiple "NOT" criteria, they are a bit counterintuitive and thus prone for errors. Or if one wants to have multiple rules with similar matchers, the only difference being the "NOT&qu...
by anav
Thu Nov 07, 2024 1:15 pm
Forum: General
Topic: how to block youtube shorts?
Replies: 10
Views: 497

Re: how to block youtube shorts?

The first and only answer required = NO
The second response = education
The third response = discipline, Not as punishment infabo but as in will power ;-)
by anav
Thu Nov 07, 2024 1:35 am
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 14
Views: 1828

Re: Issue with Wireguard - Connected but no traffic

Home........ 1. On the Peer Server one identifes the peer client by single IP address at the allowed IPs settings!....so should be. /interface wireguard peers add allowed-address=10.20.30 .2/32 172.16.46.0/24 comment="remote router" interface=WG-Home name=peer1 public-key="KEY" 2...
by anav
Thu Nov 07, 2024 1:28 am
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 14
Views: 1828

Re: Issue with Wireguard - Connected but no traffic

Perstorp CLient Peer for handshake. 1. Keep the Network/Subnet in wireguard consistent so modify this /ip address add address=10.20.30.2/ 30 interface=WG-Perstorp network=10.20.30.0 TO: /ip address add address=10.20.30.2/ 29 interface=WG-Perstorp network=10.20.30.0 2. Firewall rules need work, for s...
by anav
Thu Nov 07, 2024 1:17 am
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 14
Views: 1828

Re: Issue with Wireguard - Connected but no traffic

Sorry dont always get back to posts................... dangers of not being paid LOL
by anav
Wed Nov 06, 2024 10:51 pm
Forum: Beginner Basics
Topic: VLan Setup DHCP issues
Replies: 1
Views: 264

Re: VLan Setup DHCP issues

/export file=anynameyouwish ( miinus router serial number, any public WANIP information, keys etc....) dont work with snippets, and this. /interface bridge port add bridge=bridge interface=ether2 pvid=172 add bridge=bridge interface=ether3 pvid=10 add bridge=bridge interface=ether4 pvid=10 add bridg...
by anav
Wed Nov 06, 2024 10:43 pm
Forum: Beginner Basics
Topic: Unable to access network share over Wireguard
Replies: 11
Views: 549

Re: Unable to access network share over Wireguard

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )

Also, do you have any Servers on the LAN
Single or dual wan and if dual wan how are they suppposed to be used........
by anav
Wed Nov 06, 2024 7:21 pm
Forum: General
Topic: Towards Optimization of Production Firewall Rules
Replies: 13
Views: 623

Re: Towards Optimization of Production Firewall Rules

In most cases not significantly enough to warrant the loss of throughput by all the rules......... In other words throughput is directly affected by the number of firewall rules, so first things first, be LEAN.
by anav
Wed Nov 06, 2024 7:18 pm
Forum: General
Topic: 1 Packet over Multiple Routs?
Replies: 14
Views: 1183

Re: 1 Packet over Multiple Routs?

Interesting!! Be cool for the sirbryan to conduct single router to single router tests of this tech, comparing zerotier to wireguard performance.........
by anav
Wed Nov 06, 2024 7:17 pm
Forum: Beginner Basics
Topic: From old AirPort Express to cAP
Replies: 14
Views: 1316

Re: From old AirPort Express to cAP

Please post your latest complete config and I will have a look.
by anav
Wed Nov 06, 2024 7:15 pm
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 17
Views: 1313

Re: Trying to wrap my head around VLANs

hahaha......... listen if you only need two subnets, nothing wrong with one bridge and one separate subnet or two separate subnets and no bridge. But if you choose any of the above, you are denying yourself the satisfaction of using vlans, and the sense of accomplishment and the ability to lord such...
by anav
Wed Nov 06, 2024 5:39 pm
Forum: General
Topic: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?
Replies: 25
Views: 5933

Re: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?

Basically, the whole thread should be in a MS forum, not an MT forum.........
by anav
Wed Nov 06, 2024 5:13 pm
Forum: Beginner Basics
Topic: how to connect to site to site vpn from back to home vpn
Replies: 5
Views: 581

Re: how to connect to site to site vpn from back to home vpn

I havent used the back to home app on my IOS, because I dont need it and yes its designed for BTH. I use WIREGUARD APP itself, and enter in the wireguard parameters as required. I use the MT IOS App to then config the router. PS. It was already clear that the two routers are at two diff locations wi...
by anav
Wed Nov 06, 2024 5:12 pm
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 17
Views: 1313

Re: Trying to wrap my head around VLANs

I just want to say that I have never been able to get a useful environment using VLANs. I’ve read the always-recommend post here, reads tons of other articles, watched videos and there is nothing that explains it and instructs in their construction clearly enough. I don’t know why, and I can’t sugg...
by anav
Wed Nov 06, 2024 5:10 pm
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 17
Views: 1313

Re: Trying to wrap my head around VLANs

I worked for 5 years with Mikrotik daily and didn't mnage to grasp VLAN. I have had a 5 year hiatus and then recently only after learning and implementing Cisco VLAN have I gone back over MikroTik VLAN in order to get it right. It's not the same but the difference was I understood the concepts bett...
by anav
Wed Nov 06, 2024 5:08 pm
Forum: Beginner Basics
Topic: Why is there no decent security on FTP Server on MK?
Replies: 22
Views: 717

Re: Why is there no decent security on FTP Server on MK?

OR....... continue to push a wet noodle up a straw............
by anav
Wed Nov 06, 2024 5:06 pm
Forum: Beginner Basics
Topic: Load balance between ether and wlan
Replies: 2
Views: 185

Re: Load balance between ether and wlan

You cannot combine two WAN inputs so that one session splits up their packets between the two to get the aggregate speed. What you can do is load balance between them so making the entire throughput available for users. Any one session, cannot use throughput greater than the max of one of the WAN co...
by anav
Wed Nov 06, 2024 1:26 pm
Forum: Beginner Basics
Topic: Problem with failover to backup ISP [SOLVED]
Replies: 10
Views: 506

Re: Problem with failover to backup ISP [SOLVED]

All as expected, check-ping basically attempts two pings every10 seconds to decide if the route is available...............
by anav
Wed Nov 06, 2024 1:24 pm
Forum: Beginner Basics
Topic: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+
Replies: 6
Views: 331

Re: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+

To add to mkx. On each device, take an unused port. Remove if from the bridge ( aka not on /interface bridge ports ). Add an address and ensure its on your TRUSTED or LAN interface list as a member /interface ethernet set [ find default-name=ether5 ] name=OffBridge5 /ip address add address=192.168.5...
by anav
Wed Nov 06, 2024 1:20 pm
Forum: Beginner Basics
Topic: Is my hAP ac broken?
Replies: 9
Views: 423

Re: Is my hAP ac broken?

Could be your config, but since you didnt post it, who can say.
by anav
Wed Nov 06, 2024 1:18 pm
Forum: General
Topic: VLAN PROBLEM
Replies: 7
Views: 439

Re: VLAN PROBLEM

My recommendations stand, you switched configs many times and went in several different directions.
Start from scratch and do only the basic networking and vlans with basic firewall rules.
Once up and running we can add in layers.
by anav
Wed Nov 06, 2024 1:14 pm
Forum: General
Topic: Unable to log in to Winbox via Wireguard [SOLVED]
Replies: 3
Views: 251

Re: Unable to log in to Winbox via Wireguard [SOLVED]

probably because you dont understand the rules you are using.... seems like your through crap on the wall hoping something would stick. 1. When you create the IP address for wireguard, the router automatically creates a rule add dst-address=192.168.12.0/24 interface=wireguard1 routing-table=main so ...
by anav
Wed Nov 06, 2024 12:47 pm
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 17
Views: 973

Re: VLANs - there has to be a simpler way!


wink indeed!
1) You do not use VLAN1
2) You DO NOT use VLAN1
3) You do not use Quickset
4) You do not use detect internet
5) Dont listen to jacklaz until his list is complete
6)...
:lol:
by anav
Wed Nov 06, 2024 5:52 am
Forum: Beginner Basics
Topic: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+
Replies: 6
Views: 331

Re: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+

If you are not using vlans why do you need a ccr2004 and a csr328 ??? Its like buying a ferrari, to simply drive your kids to school in a 15mph zone.
by anav
Wed Nov 06, 2024 12:55 am
Forum: Beginner Basics
Topic: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+
Replies: 6
Views: 331

Re: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+

There should be no need to use a bridge on the router for the WAN connection on a single port. Also assuming your using vlans did you read this guide....... ------> https://forum.mikrotik.com/viewtopic.php?t=143620 Post your confiig for both devices. /export file=anynameyouwish ( minus device serial...
by anav
Wed Nov 06, 2024 12:30 am
Forum: Beginner Basics
Topic: Route Wireguard traffic through specific WAN interface [SOLVED]
Replies: 14
Views: 7584

Re: Route Wireguard traffic through specific WAN interface [SOLVED]

well cannot read your mind, if you need an explanation or help.
draw a diagram
describe the wan situation
provide the complete config minus sensitive information
by anav
Wed Nov 06, 2024 12:24 am
Forum: Beginner Basics
Topic: hAP AC - Setup repeater with partial wireguard traffic
Replies: 6
Views: 887

Re: hAP AC - Setup repeater with partial wireguard traffic

No worries, the only automagic created routes are those from the IP address part of the config.
Or if you have selected use default route in IP DHCP Client settings.
by anav
Wed Nov 06, 2024 12:21 am
Forum: General
Topic: wAP coverage -- picture included
Replies: 37
Views: 1691

Re: wAP coverage -- picture included

Sweet!
by anav
Tue Nov 05, 2024 11:31 pm
Forum: General
Topic: VLAN PROBLEM
Replies: 7
Views: 439

Re: VLAN PROBLEM

I would go further, your config is so confused its a wonder anything works. Certainly it does not seem you have read the vlan bible ---> https://forum.mikrotik.com/viewtopic.php?t=143620 as your /interface bridge vlans are nonsensical! As noted above, it incomprehensible that you assign different su...
by anav
Tue Nov 05, 2024 10:09 pm
Forum: General
Topic: wAP coverage -- picture included
Replies: 37
Views: 1691

Re: wAP coverage -- picture included

What did your research find............. I would hazard a guess that dual band antennas need four connectors, so the best you can hope for is single band sector antennas.
by anav
Tue Nov 05, 2024 2:59 pm
Forum: Beginner Basics
Topic: Why is there no decent security on FTP Server on MK?
Replies: 22
Views: 717

Re: Why is there no decent security on FTP Server on MK?

MT does not deal in file services, that is the realm of FTP program or the operating OS, windows, mac etc............ and where it should reside.
by anav
Tue Nov 05, 2024 2:57 pm
Forum: Beginner Basics
Topic: Problem with failover to backup ISP [SOLVED]
Replies: 10
Views: 506

Re: Problem with failover to backup ISP [SOLVED]

Confusing words............ Lookiing at your config......... /ip dhcp-client add add-default-route=no comment=defconf interface=ether1 add add-default-route=no comment=backup interface=ether2 a. based on the above, the router didnt create any default routes. b. if they had created them, they dont sh...
by anav
Tue Nov 05, 2024 2:20 pm
Forum: Beginner Basics
Topic: Why is there no decent security on FTP Server on MK?
Replies: 22
Views: 717

Re: Why is there no decent security on FTP Server on MK?

Security on FTP is baked into whatever FTP software you are using in other words did you mean SFTP ??? ( and even SSH isnt the greatest protocol )
As noted plain FTP or hosting game servers these days is actually a dumb idea, begging to be hacked and will be hacked.
by anav
Tue Nov 05, 2024 2:17 pm
Forum: Beginner Basics
Topic: Problem with failover to backup ISP [SOLVED]
Replies: 10
Views: 506

Re: Problem with failover to backup ISP [SOLVED]

You have too many routes LOL /ip route add check-gateway=ping comment=ISP1 dst-address=0.0.0.0/0 gateway=8.8.8.8 routing-table=main scope=10 target-scope=12 add dst-address=8.8.8.8/32 gateway=192.168.100.100 routing-table=main scope=10 target-scope=11 ++++++++++++++++++++ add check-gateway=ping dist...
by anav
Tue Nov 05, 2024 2:10 pm
Forum: Beginner Basics
Topic: how to connect to site to site vpn from back to home vpn
Replies: 5
Views: 581

Re: how to connect to site to site vpn from back to home vpn

The answer to your dilemma is easy. REMOVE any back to home nonsense. Since you have public IPs at the MT, you use NORMAL wireguard. All your remote devices will connect to the MT Router without issue using normal wireguard. You will then be more able to move the incoming wireguard users into the VP...
by anav
Tue Nov 05, 2024 2:06 pm
Forum: Beginner Basics
Topic: Load balancing from the same ISP
Replies: 7
Views: 305

Re: Load balancing from the same ISP

Based on the first point you have two choices. - Max 1gb bridged connection, MT gets the public IP. - Max 4x1gb connection ( four lan ports, into four WAN ports on MT) you get 4gb total throughput via private IPs from ISP modem/router. As noted you dont have the right router to handle this load........
by anav
Tue Nov 05, 2024 1:59 pm
Forum: General
Topic: Wireguard peer responder clarification
Replies: 15
Views: 1421

Re: Wireguard peer responder clarification

Well then, its very confusing........... on that we can agree.
by anav
Tue Nov 05, 2024 4:28 am
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 17
Views: 973

Re: VLANs - there has to be a simpler way!

Assuming your home subnet is 192.168.10.0/24 and is identified as vlan10 and the guest network is identified as vlan20. The IP address given to the cap is 192.168.10.5 cap /interface bridge add ingress-filtering=no name=bridgecap vlan-filtering=no /interface ethernet set [ find default-name=ether2 ]...
by anav
Tue Nov 05, 2024 4:11 am
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 17
Views: 973

Re: VLANs - there has to be a simpler way!

Interesting advice on the avoidance of learning how to use vlans.....................

Post both configs
/export file=anynameyouwish ( minus router serial number, any public WANIP info, keys etc.)

PS, there are no firewall rules on my cap with vlans.
by anav
Tue Nov 05, 2024 12:10 am
Forum: General
Topic: wAP coverage -- picture included
Replies: 37
Views: 1691

Re: wAP coverage -- picture included

Yup, not a wifi techie, so sure you have to ensure compatibility of antenna with available connectors. Who woulda thunk it.......... an antenna with two connectors.................... I must be clairvoyant.......... https://mikrotik.com/product/mant_lte_5o The only advantage of europe is that they h...
by anav
Tue Nov 05, 2024 12:08 am
Forum: Beginner Basics
Topic: VLAN assignments by DHCP ARP table on a single hAP ax³ home network
Replies: 1
Views: 176

Re: VLAN assignments by DHCP ARP table on a single hAP ax³ home network

Here is the bible on assigning vlans - https://forum.mikrotik.com/viewtopic.php?t=143620 Easiest approach in the forward chain of firewall rules is to put a drop all else rule at the end and then above that you only need to add traffic you want to ALLOW/ACCEPT, after the default rules but before the...
by anav
Mon Nov 04, 2024 11:51 pm
Forum: Beginner Basics
Topic: From old AirPort Express to cAP
Replies: 14
Views: 1316

Re: From old AirPort Express to cAP

As was stated, we understand your request, the problem is you dont understand how basic networking functions.............. If you want all to be on the same network........... then do the following. Otherwise, suggesting on the main router to create a separate subnet, best done through vlans. /inter...
by anav
Mon Nov 04, 2024 11:33 pm
Forum: General
Topic: wAP coverage -- picture included
Replies: 37
Views: 1691

Re: wAP coverage -- picture included

First ---> Decide if you want OMNI antennal (360deg), sector antenna 90/110/120/140 degrees, point to point antenna ( narrow sector) Second --> Figure out what type of connectors does the device have............... Third --> Google BEST wifi/wisp antennas 2024, with connectors of type Y, with sector...
by anav
Mon Nov 04, 2024 10:01 pm
Forum: General
Topic: hAP AC2 Smart TV issues
Replies: 9
Views: 5599

Re: hAP AC2 Smart TV issues

Clearly MT devices know that too much TV is not good for your brain...... read more, buy more books, on how to config the MT devices LOL
by anav
Mon Nov 04, 2024 9:21 pm
Forum: General
Topic: Wireguard peer responder clarification
Replies: 15
Views: 1421

Re: Wireguard peer responder clarification

Why would the server keep trying to contact the peer client if its gone. There may be some attempt to establish communications to pass on lets say a new WANIP in a the normal wireguard but in BTH, the controlling entity is wireguard cloud relay. If both sides are not talking to the relay the connect...
by anav
Mon Nov 04, 2024 9:09 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1052

Re: Connecting Two Remote Locations Without Public IP

I think I was specific enough AMMO, I asked already if the ISP devices got public IPs themselves and also if they could port forward to his MT routers from them. Even if you could dyndns, if no port forwarding you would be poop out of luck :-) However its worth it to double check as the response to ...
by anav
Mon Nov 04, 2024 9:06 pm
Forum: Beginner Basics
Topic: hAP ac2 - help me make it into a simple managed switch please
Replies: 11
Views: 551

Re: hAP ac2 - help me make it into a simple managed switch please

No idea I always turn off all services except winbox and sometimes ssh.
by anav
Mon Nov 04, 2024 9:01 pm
Forum: General
Topic: Merging 2 providers to increase network speeds [SOLVED]
Replies: 4
Views: 277

Re: Merging 2 providers to increase network speeds [SOLVED]

Dont feel bad, I am more than 5x your age and I wouldnt attempt the bogus advice either!!
by anav
Mon Nov 04, 2024 8:59 pm
Forum: General
Topic: VLAN PROBLEM
Replies: 7
Views: 439

Re: VLAN PROBLEM

Diagram of network please, as your explanation sheds no light.
Config of MT device
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys)
by anav
Mon Nov 04, 2024 8:57 pm
Forum: General
Topic: Issue: Dual WAN Routing for HTTPS Access with Connection Mark and NAT Challenges
Replies: 5
Views: 322

Re: Issue: Dual WAN Routing for HTTPS Access with Connection Mark and NAT Challenges

Last chance, bud, I asked specific questions............ still not answered.
Also if you want answers, need complete config only, not bits please, as all is connected!

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
by anav
Mon Nov 04, 2024 8:52 pm
Forum: General
Topic: Problème de routage inter-VLAN avec OSPF et firewall sous RouterOS : besoin d’aide pour une segmentation avancée
Replies: 3
Views: 512

Re: Problème de routage inter-VLAN avec OSPF et firewall sous RouterOS : besoin d’aide pour une segmentation avancée

Hello everyone, I'm having a problem with implementing inter-VLAN routing and securing communications between multiple VLANs on a corporate network using RouterOS. I have configured OSPF to allow dynamic routing between multiple routers, but some VLANs still fail to communicate as expected. Here's t...
by anav
Mon Nov 04, 2024 8:49 pm
Forum: General
Topic: Wireguard peer responder clarification
Replies: 15
Views: 1421

Re: Wireguard peer responder clarification

There is no need to indicate responder in normal wireguard. It should a term only used in BTH, if thats where its coming up?? As per the documentation all the extra fields not normally used....... Used for the client-server setup scenario, when the configuration is imported using a qr code for a cli...
by anav
Mon Nov 04, 2024 4:21 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1052

Re: Connecting Two Remote Locations Without Public IP

@holvoetn
Adding
- Wireguard using ddns ( done it for years)
- Mikrotik's own BTH ( made for such purposes)
Really??
Show me how to use DDNS on a non-public IP scenario (behind an ISP router as well.
Always looking to learn new tricks.
by anav
Mon Nov 04, 2024 4:20 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1052

Re: Connecting Two Remote Locations Without Public IP

Hi Monty, Yes depending upon MT device, even if you dont have any public IPs, you can use BTH to connect single devices to your MT router. BTH will NOT provide new HEx router to new HEx router connection over wireguard. Only single devices like phones and laptops to either one of the two. TWO option...
by anav
Mon Nov 04, 2024 4:14 pm
Forum: General
Topic: New static route
Replies: 4
Views: 275

Re: New static route

Changing requirements when asking for assistance is not a good thing. A. provide a network diagram of what you would like to achieve with as much detail as possible. B. provide current config /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. ) C. provi...
by anav
Mon Nov 04, 2024 2:18 pm
Forum: Beginner Basics
Topic: hAP ac2 - help me make it into a simple managed switch please
Replies: 11
Views: 551

Re: hAP ac2 - help me make it into a simple managed switch please

The last question is easiest ................ imagine someone connecting to your router via its mac address only? Is that acceptable? No, the only access via mac address should be via winbox since its encrypted. Now if one doesnt change default winbox port, cant help that. Not perverted and probably...
by anav
Mon Nov 04, 2024 2:13 pm
Forum: General
Topic: Issue: Dual WAN Routing for HTTPS Access with Connection Mark and NAT Challenges
Replies: 5
Views: 322

Re: Issue: Dual WAN Routing for HTTPS Access with Connection Mark and NAT Challenges

What is not clear to me, is if you are connecting to the https Router provided service?
OR
Do you mean connecting to an HTTPS server you have on the LAN?
(if so are connections coming in on two different wans, going to the same LAN Https server ???)
by anav
Mon Nov 04, 2024 2:09 pm
Forum: General
Topic: Looking to upgrade
Replies: 4
Views: 243

Re: Looking to upgrade

Good point mkx! If you need assistance in slow time to changeover to vers7 let me know And this is why anav is the GOAT. He might be brisk. He might be bristly. But he routinely goes above and beyond to help others find their way in the Mikrotik ecosystem. Now if we could only do something about the...
by anav
Mon Nov 04, 2024 1:59 pm
Forum: General
Topic: Port Forward Not working on a bridged isp router
Replies: 5
Views: 249

Re: Port Forward Not working on a bridged isp router

Not really, your router will get hacked eventually without any firewall rules to speak of. You should unplug the router from the internet until you fix the rules. Default rules are a good start. /ip firewall filter add action=accept chain=input connection-state=established,related,untracked add acti...
by anav
Mon Nov 04, 2024 3:33 am
Forum: General
Topic: Looking to upgrade
Replies: 4
Views: 243

Re: Looking to upgrade

I have a similar device running on version 7.
The best bet is to take one port off the bridge give it an IP address and then you can access the config safely from your laptop or PC, set IPV4 settings to match.
If you need assistance in slow time to changeover to vers7 let me know
by anav
Sun Nov 03, 2024 7:46 pm
Forum: Beginner Basics
Topic: hAP ac2 - help me make it into a simple managed switch please
Replies: 11
Views: 551

Re: hAP ac2 - help me make it into a simple managed switch please

/interface bridge add ingress-filtering=no name=bridgeSwitch vlan-filtering=no /interface list add name=TRUSTED /interface bridge port add bridge=bridgeSwitch interface=ether1 add bridge=bridgeSwitch interface=ether2 add bridge=bridgeSwitch interface=ether3 add bridge=bridgeSwitch interface=ether4 ...
by anav
Sun Nov 03, 2024 7:34 pm
Forum: General
Topic: Port Forward Not working on a bridged isp router
Replies: 5
Views: 249

Re: Port Forward Not working on a bridged isp router

1. Whats with the three POOLS, one is a duplicate, remove it! and the other seems to have no purpose?? add name=dhcp_pool1 ranges=192.168.100.15-192.168.100.240 ????????? 2. Dont name your bridge LAN, the LAN is already used by the router as the common interface describing all Subnets. USE name=Brid...
by anav
Sun Nov 03, 2024 7:22 pm
Forum: General
Topic: Port Forward Not working on a bridged isp router
Replies: 5
Views: 249

Re: Port Forward Not working on a bridged isp router

If you are trying to view your webserver via the WANIP of your router instead of the LANIP of the server, then likely its your confiig that is not valid for that access and needs to be fixed.
In some routers this is called nat loopback.
by anav
Sun Nov 03, 2024 4:32 pm
Forum: General
Topic: WireGuard Setup and Connectivity Issues
Replies: 8
Views: 661

Re: WireGuard Setup and Connectivity Issues

MAIN PROBLEM Is R1 is configured very strangely. Configure it the same as R2, in terms of being a router, not a switch.
Use WAN and LAN interfaces and a fixed IP address or IP DHCP client, on or the other.
Do not use bridge to get WANIP..................
by anav
Sun Nov 03, 2024 4:28 pm
Forum: General
Topic: WireGuard Setup and Connectivity Issues
Replies: 8
Views: 661

Re: WireGuard Setup and Connectivity Issues

Remove all 0.0.0.0/0 in allowed-ips Okay you mean for R1, YES, my mistake for R1 this is GOOD advice.. R1 Allowed IPs should be: /interface wireguard peers add allowed-address=10.10.10.2/32,192.168.88.0/24 interface=\ wireguard1 name=R2 public-key=\ "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
by anav
Sun Nov 03, 2024 3:56 pm
Forum: General
Topic: WireGuard Setup and Connectivity Issues
Replies: 8
Views: 661

Re: WireGuard Setup and Connectivity Issues

ON R2, what is the purpose of this route? /ip route add dst-address=192.168.0.0/24 gateway=10.10.10.1 If your intent is to be able to reach the remote subnet at R1 then suggest: add dst-address=192.168.0.0/24 gateway=wireguard1 table=main There are no firewall rules on R2, so nothing is blocked........
by anav
Sun Nov 03, 2024 3:53 pm
Forum: General
Topic: WireGuard Setup and Connectivity Issues
Replies: 8
Views: 661

Re: WireGuard Setup and Connectivity Issues

@mantouboji Well the OP wants his user on R2 to be able to use the internet on R1, so why do you think 0.0.0.0/0 is wrong???? edit: I see now you were referring to R1!! Actually 0.0.0.0/0 is the only entry that is required in allowed IP on the peer client Router (R2). 0.0.0.0/0 means basically all ...
by anav
Sun Nov 03, 2024 2:03 pm
Forum: General
Topic: WireGuard Setup and Connectivity Issues
Replies: 8
Views: 661

Re: WireGuard Setup and Connectivity Issues

1. Ensure the MTU is the same on both routers and I think the default settiing 1420? would be the best starting point. 2. On the client peer router (RB) ONLY, try two different mangling setups. One of the two should work. If both dont, then start adjusting mtu with one of the rules ( keeping both th...
by anav
Sat Nov 02, 2024 11:38 pm
Forum: General
Topic: Port forwarding not working in lan
Replies: 5
Views: 318

Re: Port forwarding not working in lan

Change the first NAT rule, the hairpin nat rule, to this.
add chain=srcnat action=masquerade src-address=192.168.0.0/24 dst-address=192.168.0.0/24
by anav
Sat Nov 02, 2024 11:17 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 44
Views: 2963

Re: How to Pass all traffic into WireGuard Cloudflare ?

Since ether4 works, suspect the switch may be the culprit.

Reviewing the latest config....
by anav
Sat Nov 02, 2024 11:12 pm
Forum: General
Topic: Port forwarding not working in lan
Replies: 5
Views: 318

Re: Port forwarding not working in lan

I only comment on complete configs........... Glad its working for you now.
by anav
Sat Nov 02, 2024 11:11 pm
Forum: General
Topic: Wireguard interface in wan and lan list
Replies: 7
Views: 357

Re: Wireguard interface in wan and lan list

I suspect your config is sub-optimal as those config lines have nothing to do with VPN.
by anav
Sat Nov 02, 2024 10:10 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 44
Views: 2963

Re: How to Pass all traffic into WireGuard Cloudflare ?

Please post the current config for review.
by anav
Sat Nov 02, 2024 9:16 pm
Forum: General
Topic: Wireguard interface in wan and lan list
Replies: 7
Views: 357

Re: Wireguard interface in wan and lan list

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys )
by anav
Sat Nov 02, 2024 9:04 pm
Forum: Beginner Basics
Topic: Can't access device in different VLAN
Replies: 1
Views: 219

Re: Can't access device in different VLAN

Typically one posts there config here directly, nobody likes going to different websites in general, as there are risks....... Just use notepadd++ and edit out stuff, then paste here and use the code block above ( black square with white rectangular brackets ) No sense mixing apples and oranges........
by anav
Sat Nov 02, 2024 9:01 pm
Forum: Beginner Basics
Topic: WireGuard or OpenVPN [SOLVED]
Replies: 37
Views: 6045

Re: WireGuard or OpenVPN [SOLVED]

Much better just to move to Europe :-) No idea!
by anav
Sat Nov 02, 2024 9:00 pm
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 15
Views: 1139

Re: How to block camera from being accessed from WAN? [SOLVED]

Then if on a different subnet (vlan ) with permissions to the camera, it would normally work. I suspect that cameras are hard wired internally to only respond to requests from the same LAN, its not a mikrotik issue. The only thing I can recommend is to assign yourself a static dhcp lease on the iot ...
by anav
Sat Nov 02, 2024 4:41 pm
Forum: Beginner Basics
Topic: how to connect to site to site vpn from back to home vpn
Replies: 5
Views: 581

Re: how to connect to site to site vpn from back to home vpn

So, to get this straighy, a. the mikrotik router does NOT have a public IP nor does the ISP router its connected to, or if the ISP router does, but you are unable to forward ports on this ISP router. I am asking but you state wireguard connection for MAC not back to home, or did you mean the same th...
by anav
Sat Nov 02, 2024 4:38 pm
Forum: Beginner Basics
Topic: Help with setting up my first Mikrotik
Replies: 5
Views: 392

Re: Help with setting up my first Mikrotik

Did you post frequently on zyxel forums like eons ago LOL
by anav
Sat Nov 02, 2024 3:22 pm
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 15
Views: 1139

Re: How to block camera from being accessed from WAN? [SOLVED]

If you are blocking the Cameras access to the internet it makes sense no APP will find them as the APP is probably designed to go to the cloud server and then down to the camera and not for local access direct. You would have to need access the camera directly by its LANIP somehow...... maybe on a P...
by anav
Sat Nov 02, 2024 3:20 pm
Forum: Beginner Basics
Topic: Separate internet while using 3 modems
Replies: 12
Views: 656

Re: Separate internet while using 3 modems

Folder sharing sounds like a windows problem. With Mikrotik we can deal in subnets and IP addresses mostly.
by anav
Sat Nov 02, 2024 3:17 pm
Forum: Beginner Basics
Topic: Can Ping websites. No internet when trying to access
Replies: 4
Views: 303

Re: Can Ping websites. No internet when trying to access

Impossible without knowing what the requirements are ( with no mention of config )
a. identify users
b. identify what traffic they need to execute.
by anav
Sat Nov 02, 2024 3:16 pm
Forum: General
Topic: No internet access Ros 7.16.1 (3 ISP)
Replies: 1
Views: 189

Re: No internet access Ros 7.16.1 (3 ISP)

multiple posts....... ---> follow thread here viewtopic.php?t=212230
by anav
Sat Nov 02, 2024 3:14 pm
Forum: General
Topic: Wireguard interface in wan and lan list
Replies: 7
Views: 357

Re: Wireguard interface in wan and lan list

The documentation is not HOW to setup your router for all situations, its simply for a given scenario this is an option. So I tried to elicit the scenario you are dealing with to apply applicable rules............ Suggest you ignore the documentation and understand each line on the config and what i...
by anav
Sat Nov 02, 2024 1:45 am
Forum: General
Topic: Controversal - MikroTik state of technology
Replies: 11
Views: 648

Re: Controversal - MikroTik state of technology

Well its equally arrogant to think Europe is the centre of the Universe...... Of course its Canada but thats another discussion.
Suffice to say, it was an emotional short sighted statement that was a waste of carbon 1s and 0s.
by anav
Sat Nov 02, 2024 1:43 am
Forum: Beginner Basics
Topic: Stuck on device to vlan assignment principles
Replies: 10
Views: 482

Re: Stuck on device to vlan assignment principles

Or sit at your computer on the couch and order it online. Lots of sources for the CSS106-5G-1S I mentioned earlier.
Geez, I thought every one from Cali, had a fitbitch watch and was counting steps LOL
by anav
Sat Nov 02, 2024 1:29 am
Forum: Beginner Basics
Topic: 2 WAN loadbalancing configuration
Replies: 1
Views: 213

Re: 2 WAN loadbalancing configuration

Lets get some clarity. You are going to keep the two ISP modems and ISP routers in place. They will each provide their own private LAN like 192.168.1.0/24 and 192.168.2.0/24 You will assign a fixed private IP on each ISP router and will use that as the WANIP for the hex, WAN1 and WAN2 ++++++++++++++...
by anav
Sat Nov 02, 2024 1:21 am
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 15
Views: 1139

Re: How to block camera from being accessed from WAN? [SOLVED]

Please explain, "cannot access cameras from local net" ???
Do you mean you cannot view cameras in t he 10.1.3.0/24 subnet from your PC in the 10.1.1.0/24 subnet ??

Please post latest complete config!!
by anav
Sat Nov 02, 2024 1:14 am
Forum: Beginner Basics
Topic: Stuck on device to vlan assignment principles
Replies: 10
Views: 482

Re: Stuck on device to vlan assignment principles

In other words,s a 15 minute trip to staples or best buy, and 15 min back, and your done for the most part. TDW's route will lead to graying or loss of hair.
by anav
Fri Nov 01, 2024 11:46 pm
Forum: General
Topic: Controversal - MikroTik state of technology
Replies: 11
Views: 648

Re: Controversal - MikroTik state of technology

Yes, do pray tell, one must should have opinion on facts, vice rectal plucks.
by anav
Fri Nov 01, 2024 11:45 pm
Forum: General
Topic: Hairpin NAT not working
Replies: 11
Views: 802

Re: Hairpin NAT not working

Follow the bouncing ball..................... https://gregsowell.com/?p=4242 In a nutshell, when the router attempts to send the response from the local LAN member, without the sourcenat rule in place, the router will try to shortcut the response directly from the server to the LAN user ( as if the ...
by anav
Fri Nov 01, 2024 10:36 pm
Forum: Beginner Basics
Topic: Stuck on device to vlan assignment principles
Replies: 10
Views: 482

Re: Stuck on device to vlan assignment principles

I'm with K6................... simple managed switch or hex type device acting as a switch, send vlans from router to switch ( will need one for wall, leaving four different vlans could be served up)
by anav
Fri Nov 01, 2024 10:01 pm
Forum: General
Topic: Port forwarding not working in lan
Replies: 5
Views: 318

Re: Port forwarding not working in lan

1. Ensure port forwarding rule is more flexible, than the default rule.. Remove the current default forward chain rule that covers incoming from WAN and dstnat with a block rule, and Replace with add chain=forward action=accept comment="internet traffic" in-interface-list=LAN out-interface...
by anav
Fri Nov 01, 2024 9:54 pm
Forum: General
Topic: Wireguard interface in wan and lan list
Replies: 7
Views: 357

Re: Wireguard interface in wan and lan list

Nope, you need to better understand how wireguard works and what the interfaces on MT RoS are used for. So firstly are you connecting to a third party VPN server? If so, then generally speaking you will need to SOURCENAT all your LAN traffic heading in the directiion of the server to have ONE source...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 73