Community discussions

MikroTik App

Search found 21954 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 74
by anav
Thu Dec 05, 2024 4:33 am
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 14
Views: 943

Re: Dual Router Configuration Setup Assistance

I will look at the entire config only, a working config is the sum of its parts, only showing a section is not conducive to success.

/export file=anynameyouwish ( minus router serial number, any publicWANIP information, vpn keys etc. )
by anav
Thu Dec 05, 2024 2:02 am
Forum: Wireless Networking
Topic: Advice please hardware/Wifi/Wireless/CapsMan/VLAN confusion
Replies: 17
Views: 1616

Re: Advice please hardware/Wifi/Wireless/CapsMan/VLAN confusion

neki is bang on. it you wanted to give the 2011 a fixed IP address, then simply use IP address with interface vlan64 and not use IP DHCP client. Assuming Ether1 is the trunk port, and dont setup ports for people to access if not desired ( for example lets say only ether2 is used for home ! Also on s...
by anav
Wed Dec 04, 2024 10:40 pm
Forum: General
Topic: VPN Site to site ?
Replies: 10
Views: 354

Re: VPN Site to site ?

edit, no l onger requred
by anav
Wed Dec 04, 2024 8:30 pm
Forum: Wireless Networking
Topic: Which is fastest wifi device
Replies: 12
Views: 423

Re: Which is fastest wifi device

Wifi 7 devices.
by anav
Wed Dec 04, 2024 5:26 pm
Forum: General
Topic: Access web server trough WireGuard Site2Site setup
Replies: 3
Views: 130

Re: Access web server trough WireGuard Site2Site setup

Step back one. Remember port forwarding is based upon a destination port. So I use the public IP of the connection as the destination address and the dst port/protocol. When that arrives at the main router, the router looks at the NAT rules and sees a corresponding dstnat (port forwarding) rule, the...
by anav
Wed Dec 04, 2024 5:12 pm
Forum: General
Topic: Access web server trough WireGuard Site2Site setup
Replies: 3
Views: 130

Re: Access web server trough WireGuard Site2Site setup

Good news. Public IP on main router allows many things. a. remote road warrior or you as admin to access Main router via wireguard b. remote machine behind private IP can reach wireguard (using LTE as wireguard client router) +++++++++++++++++++++ via the main router c. admin while remote can reach ...
by anav
Wed Dec 04, 2024 5:02 pm
Forum: General
Topic: VPN Site to site ?
Replies: 10
Views: 354

Re: VPN Site to site ?

Hola, That is a very good plan. I often suggest the same, as its very easy for users to decide which country they want to access internet from ( or remote LAN devices ) by use of SSID ( different wlans ). Very easy to setup!, once you get the device setup in spain, I can assist via skype/discord/tea...
by anav
Wed Dec 04, 2024 4:32 pm
Forum: General
Topic: Dual WAN Failover no connection from VLANs
Replies: 4
Views: 269

Re: Dual WAN Failover no connection from VLANs

1. remove router serial number from initial post of config 2. need firewall rules 3. probably should upgrade to 7.16.2 latest firmware 4. probably should use vlans (https://forum.mikrotik.com/viewtopic.php?p=1111667#p1111667) 5. use normal pool setups Summary your vlan and pools and setup is a colos...
by anav
Wed Dec 04, 2024 4:11 pm
Forum: General
Topic: Dual Wan link to some isp router
Replies: 9
Views: 400

Re: Dual Wan link to some isp router

Understood, your parents are getting ripped off. They should provide a router with 2.5gb output on a single port. The only thing to do here is use three of the four output ports on the ISP router as three WAN inputs ether1,2,3 on the 5009 Load balance them as three different inputs and you will have...
by anav
Wed Dec 04, 2024 4:00 pm
Forum: General
Topic: VPN Site to site ?
Replies: 10
Views: 354

Re: VPN Site to site ?

AX3 is much better value IMHO, but of course its your budget. Both are capable of hosting wireguard. Since you require the opposite from normal, need internet out of client peer router, what I would do is create two wireguard tunnels. ONE JUST for the internet, for users on spain LAN to go out inter...
by anav
Wed Dec 04, 2024 3:55 pm
Forum: General
Topic: Secure Remote Access to Home Network Behind Carrier-Grade NAT [SOLVED]
Replies: 4
Views: 256

Re: Secure Remote Access to Home Network Behind Carrier-Grade NAT [SOLVED]

Correct, the way BTH works in a nutshell. Concept. Mikrotik provides relay servers that both the router and devices reach out too. The relay server connects them. DONE. Doesnt matter if your behind an ISP router or CGNAT or starlink etc......... a. On the hex refresh router, enable IP cloud and enab...
by anav
Wed Dec 04, 2024 3:47 pm
Forum: General
Topic: Wireguard is blocked by ISP any other solution
Replies: 19
Views: 939

Re: Wireguard is blocked by ISP any other solution

MISSING!! Besides the disabled=yes error, where is the interface? designated on that rule. Try /ip firewall mangle add action=change-mss chain=forward comment="Clamp MSS to PMTU for Outgoing packets" new-mss=clamp-to-pmtu out-interface=wireguard1 passthrough=yes protocol=tcp tcp-flags=syn...
by anav
Wed Dec 04, 2024 3:41 pm
Forum: General
Topic: VPN Site to site ?
Replies: 10
Views: 354

Re: VPN Site to site ?

What model of mikrotik routers do you have in Venezuela and Espana?
by anav
Wed Dec 04, 2024 3:39 pm
Forum: General
Topic: Wireguard s [SOLVED]
Replies: 9
Views: 788

Re: Wireguard s [SOLVED]

Basically a typo. From this: /interface list add name=VPN-WG /interface wireguard add listen-port=13232 mtu=1420 name=wireguard1 /interface list member add interface=wireguard1 list=VPN-WG /ip firewall address-list add address=10.19.99.0/24 list= WG-VPN TO /interface list add name=VPN-WG /interface ...
by anav
Wed Dec 04, 2024 2:54 am
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 20
Views: 2609

Re: Issue with Wireguard - Connected but no traffic

The wireguard settings look correct to me. The extra routing rules to find the non local subnet are bang on. The firewall rules allow traffic from one subnet to another. Mystery at this point. You do have weird DHCP settings, that I have never seen and you have all kinds of funky DNS settings that I...
by anav
Wed Dec 04, 2024 2:52 am
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 20
Views: 2609

Re: Issue with Wireguard - Connected but no traffic

HOME ROuter - again I dont see any issue here other than rearranging order of forward chain rules. see if that helps at all. Other than that, since I despise capsman will blame it LOL. /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked"...
by anav
Wed Dec 04, 2024 2:45 am
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 20
Views: 2609

Re: Issue with Wireguard - Connected but no traffic

Could not find any major on PERSTORP Firewall forward chain rules have to be moved in the order, and remove the old ones!!! /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked /ip firewall ...
by anav
Wed Dec 04, 2024 1:47 am
Forum: General
Topic: Dual Wan link to some isp router
Replies: 9
Views: 400

Re: Dual Wan link to some isp router

Many assumptions and questions from an inadequate initial explanation. Assuming that the ISP is not putting out 2.5ghz to either the ONT/modem or the ISP Router after the ONT `is based on the OP assuming the ports on the Router are only gigabit capable. We dont have a model # / Make and the OP may h...
by anav
Tue Dec 03, 2024 10:49 pm
Forum: General
Topic: BTH problem with Starlink
Replies: 1
Views: 130

Re: BTH problem with Starlink

How are you keeping the client devices endpoint address updated - aka what is it pointed at???
by anav
Tue Dec 03, 2024 10:46 pm
Forum: General
Topic: Secure Remote Access to Home Network Behind Carrier-Grade NAT [SOLVED]
Replies: 4
Views: 256

Re: Secure Remote Access to Home Network Behind Carrier-Grade NAT [SOLVED]

I would suggest wireguard BTH but that is not possible with your old and discontinued router. Suggest the new HEX refresh with ARM processor, is an excellent low cost device, that will handle your router needs and can conduct BTH wireguard, which is designed to use mikrotik relay servers so that you...
by anav
Tue Dec 03, 2024 10:42 pm
Forum: General
Topic: Two ports bridged and the rest in a second bridge. No internet second bridge [SOLVED]
Replies: 9
Views: 460

Re: Two ports bridged and the rest in a second bridge. No internet second bridge [SOLVED]

Based on your input, you want the L1009 to act as a router on the company network. The first thing is to ask your IT department if this is permitted as normally personal devices on a company network are not permitted. If you are in the IT department then I suppose its a request for some separate LAN...
by anav
Tue Dec 03, 2024 5:21 pm
Forum: Wireless Networking
Topic: WiFi 6 security configuration [SOLVED]
Replies: 7
Views: 500

Re: WiFi 6 security configuration [SOLVED]

Its a phuckng PILE of CWAP........ The new config for wifi reminds me of 10 years ago getting tools for kids from china, where the written instructions in english are so bad its comedy material.
The MT wifi config is NOT intuitive and borders on stewpid, and is no laughing matter.
by anav
Tue Dec 03, 2024 5:19 pm
Forum: Wireless Networking
Topic: Advice please hardware/Wifi/Wireless/CapsMan/VLAN confusion
Replies: 17
Views: 1616

Re: Advice please hardware/Wifi/Wireless/CapsMan/VLAN confusion

Great, network diagram so we know the topology, and both configs.......
/export file=anynameyouwish ( minus router serial number, any public WANIP information, vpn keys etc.)

Use code blocks around export ( black square with white square brackets on same line as Bold and Underline ).
by anav
Tue Dec 03, 2024 5:12 pm
Forum: Beginner Basics
Topic: rb5009 sfp altibox fiber
Replies: 12
Views: 905

Re: rb5009 sfp altibox fiber

In over my head......but where is vlan102 in IP DHCP client settings???

/ip dhcp-client
add add-default-route=special-classless default-route-distance=100 \
dhcp-options=vendor-class-identifier interface=vlan-altibox-voip \
use-peer-dns=no use-peer-ntp=no
by anav
Tue Dec 03, 2024 5:09 pm
Forum: Beginner Basics
Topic: How do setup as wired extender with hap ac2
Replies: 4
Views: 276

Re: How do setup as wired extender with hap ac2

Recommend moving to 7.16.2.

Do you simply mean that the second device is connected to the first device by ethernet cable and you want to us the second device as an AP/switch ??
by anav
Tue Dec 03, 2024 5:03 pm
Forum: General
Topic: Mainland China VPN Hong Kong via MikroTik and Wireguard
Replies: 1
Views: 240

Re: Mainland China VPN Hong Kong via MikroTik and Wireguard

What is the purpose of this thread??
Links to unknown sites are not recommended
by anav
Tue Dec 03, 2024 2:25 pm
Forum: General
Topic: Any Mikrotik tech in Cambodia, Sihanoukville ?
Replies: 4
Views: 360

Re: Any Mikrotik tech in Cambodia, Sihanoukville ?

Closest looks like Thailand or Vietnam
by anav
Tue Dec 03, 2024 2:22 pm
Forum: General
Topic: Forward multiple WANs inside LAN with VLANs [SOLVED]
Replies: 9
Views: 514

Re: Forward multiple WANs inside LAN with VLANs [SOLVED]

Impossible to define requirements.......and thus OP should a. identify all users/devices ( internal/externals and admin) b. identify all traffic they require without referring to any config speak. Also details on your wans separately How many. Public or private IP, static or dynamic, Detail which wa...
by anav
Tue Dec 03, 2024 4:11 am
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 14
Views: 943

Re: Dual Router Configuration Setup Assistance

A plan is a great start, ensure you capture all the traffic requirements such as vlan to vlan, shared printer etc, ( external incoming, any port forwarding or vpns --> at least wireguard so you as admin can remote in to the router ) You need either a trusted vlan ( home ) or create one specific just...
by anav
Tue Dec 03, 2024 2:36 am
Forum: General
Topic: VLAN UDM Pro Mikrotik
Replies: 1
Views: 195

Re: VLAN UDM Pro Mikrotik

What I do when configuring vlans is take one port off the bridge!! /interface ethernet set [ find default-name=eth8 ] name=OffBridge8 /ip address add address=192.168.77.1/30 interface=OffBridge8 network=192.168.77.0 /interface list member { only need one interface list on this device } add interface...
by anav
Mon Dec 02, 2024 10:57 pm
Forum: Beginner Basics
Topic: firewall drop connection
Replies: 6
Views: 383

Re: firewall drop connection

Strange ask but I guess you dont want anyone with access to be able to manually set 1-24 Assuming your IP address is set to 192.168.88.254 interface=bridge network=192.168.88.0 I would create a firewall address list of 192.168.88.25-192.168.88.253 list=ALLOWED /ip firewall filter add action=accept c...
by anav
Mon Dec 02, 2024 5:33 pm
Forum: General
Topic: how to block youtube shorts?
Replies: 12
Views: 1061

Re: how to block youtube shorts?

If you have level enterprise control over the browser, then that is possible. My experience at the enterprise level is that the whole YOUTUBE is just not accessible. :-)
by anav
Mon Dec 02, 2024 5:31 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 8851

Re: WireGuard Multi-WAN Policy Routing

Nothing prevents you from going to a different vendor, or using a different VPN then wireguard. Just suggestions.......... Or, Mikrotik fixes their implementation to work like the rest of RouterOS. That is my first choice too! Why wireguard is allowed to deviate from standard Mangle practices is be...
by anav
Mon Dec 02, 2024 5:30 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 2771

Re: am i using SOHO Firewall or not?

the config
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc.)
by anav
Mon Dec 02, 2024 5:28 pm
Forum: General
Topic: Hex REFRESH
Replies: 11
Views: 532

Re: Hex REFRESH

The point being is that 7.16 has most of the vers7 bugs worked out and has all the latest security improvements and most access to newest features. Its the way to go for sure at this point. If one has a business or provides services to businesses, the recommendation always is to test new firmware in...
by anav
Mon Dec 02, 2024 5:26 pm
Forum: General
Topic: Forward multiple WANs inside LAN with VLANs [SOLVED]
Replies: 9
Views: 514

Re: Forward multiple WANs inside LAN with VLANs [SOLVED]

Concur, confusing explanation is an understatement.......... Need a least a detailed diagram to sort out context.
Impossible to define requirements.......and thus OP should
a. identify all users/devices ( internal/externals and admin)
b. identify all traffic they require
by anav
Mon Dec 02, 2024 4:52 pm
Forum: Wireless Networking
Topic: how to add virtual wifi?
Replies: 4
Views: 345

Re: how to add virtual wifi?

Unless solving really means overcome brain fart..............
by anav
Mon Dec 02, 2024 4:14 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 8851

Re: WireGuard Multi-WAN Policy Routing

Nothing prevents you from going to a different vendor, or using a different VPN then wireguard. Just suggestions..........
Perhaps other vendors handle wireguard differently so that its not a problem for the more complex routing subnets?
by anav
Mon Dec 02, 2024 4:12 pm
Forum: General
Topic: Hex REFRESH
Replies: 11
Views: 532

Re: Hex REFRESH

Why the question asking the question?
Typically the LTS is acutally the most stable version available, who doesnt want that (rhetorical question)!
However, I have moved off vers6 on my main router recently to ver 7.16, as an LTS for ver7 seems unlikely. :-)
by anav
Mon Dec 02, 2024 2:04 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 987

Re: Access LAN B from LAN A, but not LAN A from LAN B

Hi Jaclaz, so the switch and LANA would be on the same private LAN subnet ( provided by the isp modem router) as the HEX? If this is the case then all users on LANB will be able to reach LANA. With sourcenat outgoing, all LANB user traffic would appear to come from router itself, so return traffic i...
by anav
Mon Dec 02, 2024 2:29 am
Forum: Beginner Basics
Topic: UDP Port forwarding
Replies: 3
Views: 269

Re: UDP Port forwarding

That has nothing to do with the router!
The router does not change ports on outbound, and thus its your server that is doing that ( changing the destination port when leaving the server )
by anav
Mon Dec 02, 2024 2:22 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 8851

Re: WireGuard Multi-WAN Policy Routing

niche in the sense that its for experts only doing more complex configs and they are not trivial nor a small number of cases.
As for a broken config, that is the reason for the hack!!
If the hack doesnt work for a more complex case, then stop being lazy and come up with a better hack.
by anav
Sun Dec 01, 2024 11:50 pm
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 14
Views: 943

Re: Dual Router Configuration Setup Assistance

Dont forget to install at least the common firewall rules on the 5009, probably have to do it manually. /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked add action=accept chain=input com...
by anav
Sun Dec 01, 2024 11:41 pm
Forum: General
Topic: RB4011 gradually stops accepting traffic on LAN Gateway bridge
Replies: 5
Views: 818

Re: RB4011 gradually stops accepting traffic on LAN Gateway bridge

How many bridges do you have............ I know some have used the fact of two chips on the unit to allow two bridges ports 1-A and B-Last port.
But other than that you should only use one bridge normally.
by anav
Sun Dec 01, 2024 11:37 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 8851

Re: WireGuard Multi-WAN Policy Routing

And the horse you rode in on AMMO. I never said that other than multiwan setups on the main routing tables was trivial.............. There is a need for multiple approaches for the very basic through to BGB/OSPF VRP etc.......... Nor did I say that Mikrotik focussing on either home users or advanced...
by anav
Sun Dec 01, 2024 10:14 pm
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 14
Views: 943

Re: Dual Router Configuration Setup Assistance

Nope........... Be it a two port or multiport device,

Take the extra port off bridge and do all your configuration from there safely.
give the port an ip address, use the ipv4 settings on laptop to access port and router.
by anav
Sun Dec 01, 2024 10:11 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 8851

Re: WireGuard Multi-WAN Policy Routing

Sorry your trivial case nonsense is pure BS. Many folks that come here for assistance have normal multi-wan setups, not all can have specialized, niche vpn WAN only setups.
by anav
Sun Dec 01, 2024 8:37 pm
Forum: General
Topic: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]
Replies: 11
Views: 557

Re: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]

No worries, there are many here with more patience! Ur in good hands on the forum.
by anav
Sun Dec 01, 2024 8:13 pm
Forum: Wireless Networking
Topic: Frequency control
Replies: 3
Views: 272

Re: Frequency control

and here I thought holvoe was answering an incontinence question. ;-)
by anav
Sun Dec 01, 2024 8:11 pm
Forum: General
Topic: Wireguard is blocked by ISP any other solution
Replies: 19
Views: 939

Re: Wireguard is blocked by ISP any other solution

If the ISP is blocking wireguard, the fact that you have tried numerous ports tells me that they are checking DPI, into the weeds to see the type of traffic. Therefore suggesting BTH is fruitless. However, if the lack of connection is either a. operator config error b. no access to public IP Then BT...
by anav
Sun Dec 01, 2024 8:09 pm
Forum: General
Topic: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]
Replies: 11
Views: 557

Re: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]

No worries, you came for help, I asked for the information to make that possible and then you decide magically you know where the problem is (or isnt) and thus I have to question why did you come for help in the first place. I have limited time and your wasting it.
by anav
Sun Dec 01, 2024 8:03 pm
Forum: Beginner Basics
Topic: help with DHCP on VLAN
Replies: 5
Views: 386

Re: help with DHCP on VLAN

1. The mistake is putting the WAN vlan on the bridge................. 2. You only have three ports active, 3 and two on the bridge 8, and sfp, so what in tarnation is ether6 doing in your config for example or ether4 for example 3. Forgot to tag bridge......... 4. Wrong address EDIT: my mistake crap...
by anav
Sun Dec 01, 2024 7:42 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 987

Re: Access LAN B from LAN A, but not LAN A from LAN B

VLANS are not required, although much more flexible and recommended if you run out of ports and need to send multiple subnets out a port to a switch or access point etc.. IP address assign subnetA to ether2 assign subnetB to ether3 assign both to interface list=LAN Then in forward chain firewall rul...
by anav
Sun Dec 01, 2024 7:38 pm
Forum: Beginner Basics
Topic: Firewall - drop rule within input chain
Replies: 11
Views: 687

Re: Firewall - drop rule within input chain

But then that rule (or a similar one) should go in chain forward. Quick recap: 1. chain input=connection to the router 2. chain forward=connection through the router Well stated except that similar rule is also bogus in forward chain as we drop all there as well!! add action=fasttrack-connection ch...
by anav
Sun Dec 01, 2024 7:29 pm
Forum: General
Topic: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]
Replies: 11
Views: 557

Re: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]

1. Assuming your mikrotik has a public IP and is the SERVER peer for handshake for your devices that need to connect remotely, then this is all that one should see. For some reason you have peer side noise in allowed Ips, which makes me think this was created by using BTH vice manual. Nothing wrong ...
by anav
Sun Dec 01, 2024 7:04 pm
Forum: General
Topic: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]
Replies: 11
Views: 557

Re: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]

Thanks for the config and continual understanding of the requirements both very helpful Before I delve into the config, output chain is not required to do what you need. One simply needs a firewall rule and routing mechanism to do so, while not conflicting with other traffic. Linking to other sites ...
by anav
Sun Dec 01, 2024 6:58 pm
Forum: General
Topic: Wireguard tunnel extremely slow, barely working (Winbox not working), possible reasons?
Replies: 2
Views: 339

Re: Wireguard tunnel extremely slow, barely working (Winbox not working), possible reasons?

I really can't see anything When you provide nothing, nothing can be seen. So lets get some clarity. What is the home mikrotik router? model and I assume you have no public IP. Confirm you also have a CHR in the cloud that you use as the wireguard server for handshake. The idea being you as a remot...
by anav
Sun Dec 01, 2024 5:12 pm
Forum: General
Topic: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]
Replies: 11
Views: 557

Re: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]

First a diagram as I have no idea what you mean about remote servers............ Right now I am assuming you have cloud servers behind a CHR. Second With a full config nothing really useful can be provided, I prefer not to guess. /export file=anynameyouwish (minus router serial number, any public WA...
by anav
Sun Dec 01, 2024 4:26 pm
Forum: Wireless Networking
Topic: Advice please hardware/Wifi/Wireless/CapsMan/VLAN confusion
Replies: 17
Views: 1616

Re: Advice please hardware/Wifi/Wireless/CapsMan/VLAN confusion

Lets start with the main router ONLY, it will handle vlans, dhcp and its own local wifi. Capsman will NOT be used............ starts singing Celebrate good times, come on (Let's celebrate) Follow the guidance document as suggested --> https://forum.mikrotik.com/viewtopic.php?t=143620 Create all the ...
by anav
Sun Dec 01, 2024 4:16 pm
Forum: Beginner Basics
Topic: Firewall - drop rule within input chain
Replies: 11
Views: 687

Re: Firewall - drop rule within input chain

No you get rid of it, not required. Its also wasteful, in that all good traffic has to go through that rule before the rest of the rules not efficient. That traffic already captured by the last rule....... Since you didnt answer the question --> what are you afraid of??? You can do want you want, op...
by anav
Sun Dec 01, 2024 4:12 pm
Forum: Beginner Basics
Topic: Difference between two Interface Lists
Replies: 19
Views: 1600

Re: Difference between two Interface Lists

This topic has gotten off the rails. 1. For the OP, most of us dont worry about blocking intervlan traffic because that is just a continuation of the default safe setup MT provides for newbies. Most of use, first thing, is turn the concept of block a few known bad things and allow everything else, T...
by anav
Sun Dec 01, 2024 3:59 pm
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 14
Views: 943

Re: Dual Router Configuration Setup Assistance

The 5009 should be connected to the MODEM The HAP should be connected to the 5009 The HAP should be ideally or most simply setup as an AP/Switch with no dhcp responsibilites ( done on 5009 ) your best tutorial on this is: https://forum.mikrotik.com/viewtopic.php?t=143620 when planning the network en...
by anav
Sun Dec 01, 2024 3:57 pm
Forum: Beginner Basics
Topic: help with DHCP on VLAN
Replies: 5
Views: 386

Re: help with DHCP on VLAN

As was stated, dont start the config until a. you have a plan for the network ( a network diagram helps ) b. you have identified -- all the users/devices on you network (both external/internal and admin) -- have described the traffic they require to accomplish. Sorry a config cannnot be made in part...
by anav
Sun Dec 01, 2024 3:53 pm
Forum: Beginner Basics
Topic: VLAN config help request for Mikrotik and Cisco
Replies: 2
Views: 239

Re: VLAN config help request for Mikrotik and Cisco

Just to add to that, the managment or trusted vlan is where all attached smart devices should get their LANIP from. So in addition to the data vlans ensure the management vlan also goes through the trunk to the CISCO. Surprized you dont use vlans already by the way. If this is the first time, then e...
by anav
Sun Dec 01, 2024 3:47 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1491

Re: Wireguard routing

Nice, its good to start once you have plan on paper as its much easier to see where things fit together on a config. There should be no issues to the VLANID you use at either router, just MAKE SURE that no two subnets are the same. However we never ask for PCUNITES view of the world for configuratio...
by anav
Sun Dec 01, 2024 3:41 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 2771

Re: am i using SOHO Firewall or not?

@anav
In the OP's current config the DNS server Is on another device, 192.168.1.9.
Hi Jaclaz, my intention was generic, thanks for pointing that out, in which case the OP only needs to allow local/vpn admin associated IPs to the input chain from the LAN side.
by anav
Sat Nov 30, 2024 10:33 pm
Forum: Beginner Basics
Topic: Firewall - drop rule within input chain
Replies: 11
Views: 687

Re: Firewall - drop rule within input chain

Yeah I /ip firewall address-list add address=192.168.77.X list= Authorized comment="admin desktop" add address=192.168.77.Y list=Authorized comment="admin laptop" add address=192.168.77.Y list=Authorized comment="admin smartphone" /ip firewall filter add action=accept c...
by anav
Sat Nov 30, 2024 10:21 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 2771

Re: am i using SOHO Firewall or not?

These two rules are almost the same: add action=accept chain=input src-address-list=allowed_to_router add action=accept chain=input in-interface-list=LAN Is an excellent start if the src-address-list is comprised of your LOCAL admin IPs ( wired/wifi/vpn if any) aka only those devices that need acces...
by anav
Sat Nov 30, 2024 6:01 pm
Forum: Beginner Basics
Topic: Firewall - drop rule within input chain
Replies: 11
Views: 687

Re: Firewall - drop rule within input chain

Nice try............. Not the complete config.

Also didnt answer the questioWhat is your intention with this rule.
block WAN access To the router
OR
bloc WAN access to your subnets/LANn.....

What are you afraid of??
by anav
Sat Nov 30, 2024 5:57 pm
Forum: General
Topic: Passthrough WAN inside LAN in separate VLAN
Replies: 7
Views: 522

Re: Passthrough WAN inside LAN in separate VLAN

I am confused by your explanation, do you mean you have separate WAN connections to the VMIs, and TVs?? I dont see those connections on the diagram Okay I get it now, you think NAT is the mechanism to provide internet to users,,,,,, its actually firewall rules that do so. So to be clear do you mean ...
by anav
Sat Nov 30, 2024 4:58 pm
Forum: Beginner Basics
Topic: WireGuard only to ether5 [SOLVED]
Replies: 5
Views: 632

Re: WireGuard only to ether5 [SOLVED]

Reading your first post. Want anyone using ethernet 5, to go out proton wireguard for internet. 1. Wireguarg does not get an IP pool. It simply an interface with a subnet ( it carries traffic from other wireguard address, typically incoming or outgoing and also, router to router it carries subnets)....
by anav
Sat Nov 30, 2024 4:02 pm
Forum: Beginner Basics
Topic: VLAN not handing out Internet
Replies: 5
Views: 480

Re: VLAN not handing out Internet

{rant on} It amazes me that we are asked to make a definitive call on a question on someones config, and they have the audacity to only show firewall rules. The config is a connected piece of work and thus a partial view is next to useless. {rant off} If your USER rules on input chain never get any ...
by anav
Sat Nov 30, 2024 3:55 pm
Forum: Beginner Basics
Topic: Firewall - drop rule within input chain
Replies: 11
Views: 687

Re: Firewall - drop rule within input chain

Do you understand how the firewall chains work in Router OS. Asking about a single rule, is not going to solve the issue of not understanding how to apply them properly/safely. What is your intention with this rule. block WAN access To the router OR bloc WAN access to your subnets/LAN I think you sh...
by anav
Sat Nov 30, 2024 3:51 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 2771

Re: am i using SOHO Firewall or not?

Ignore the bad advice above to modify the existing configuration.

The router should not be connected to the internet so remove.
1. use netinstall to upgrade to latest firmware, to be sure you have a non-compromised firmware on the router,
2. Then should have a decent starting point firewall.
by anav
Sat Nov 30, 2024 3:42 pm
Forum: General
Topic: Help with Extending WAN Physically with VLAN's.
Replies: 11
Views: 683

Re: Help with Extending WAN Physically with VLAN's.

The point is you dont have to create a subnet for the WAN traffic, just create a vlan, which will carry the data to the 5009. Untagged port at the switch on the port to the ISP modem, added to the trunk port going to the other switch, added to the trunk port on second switch coming from first switch...
by anav
Sat Nov 30, 2024 12:11 am
Forum: Beginner Basics
Topic: WireGuard only to ether5 [SOLVED]
Replies: 5
Views: 632

Re: WireGuard only to ether5 [SOLVED]

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
by anav
Sat Nov 30, 2024 12:09 am
Forum: General
Topic: Help with Extending WAN Physically with VLAN's.
Replies: 11
Views: 683

Re: Help with Extending WAN Physically with VLAN's.

You've misunderstood me so I must have not expressed myself clearly............... Other way round! In the old hookup there were two connections coming to the 5009 ( one from ISP modem ) and one from closest switch In the new hookup, there is only one connection available to the 5009 and that is si...
by anav
Fri Nov 29, 2024 11:17 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1491

Re: Wireguard routing

The only example I can think of is if there is some need for a 0.0.0.0/0 allowed IP on the server router, and thus any other needs would require a separate wg interface
by anav
Fri Nov 29, 2024 11:03 pm
Forum: General
Topic: Alarm.com and VLANs on my Mikrotik network
Replies: 2
Views: 283

Re: Alarm.com and VLANs on my Mikrotik network

It sounds like their equipment may be expecting a specific subnet? 192.168.0.1 or 192.168.1.1 ???
Can you plug one into a pc directly to test?
by anav
Fri Nov 29, 2024 9:17 pm
Forum: General
Topic: Bug in version in winbox and in routerboard
Replies: 11
Views: 655

Re: Bug in version in winbox and in routerboard

I think the OP has a bug in his brain!, but to be accurate its a worm.

To upgrade Routerboard, use System --> RouterBOARD that updates
by anav
Fri Nov 29, 2024 8:48 pm
Forum: Beginner Basics
Topic: VLAN not handing out Internet
Replies: 5
Views: 480

Re: VLAN not handing out Internet

1. Typically UNIFI requires the management or trusted vlan UNTAGGED, and the rest of the data vlans tagged. What is not clear to me is your trusted subnet, is it vlan10 production or vlan20 home.......... Since you have unifi untagged on 10 will assume its production. 2. All your /interface bridge p...
by anav
Fri Nov 29, 2024 8:30 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1491

Re: Wireguard routing

Actually AMMO, you can use a single wireguard interface, and just use a different IP address schema for the road warriors, if you need some granularity over firewall rules.....
by anav
Fri Nov 29, 2024 4:21 pm
Forum: Beginner Basics
Topic: Help: Can't figure out why VLANs aren't working
Replies: 3
Views: 388

Re: Help: Can't figure out why VLANs aren't working

You have four vlans but 5 pools is one clue. What was the first tip in my post above!!!
You only have two IP addresses???

Its clear to me you made NO effort to read the vlan link article.
Come back when you put an honest days work into the config.
by anav
Fri Nov 29, 2024 6:18 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 8851

Re: WireGuard Multi-WAN Policy Routing

MT knows, they have not put it high on their priority list to fix I guess? The fix........ one still needs to mangle but add a dst nat rule. - https://forum.mikrotik.com/viewtopic.php?p=1092192&hilit=wireguard+WAN2+dstnat+fix#p1092255 The thread is this one.. https://forum.mikrotik.com/viewtopic...
by anav
Fri Nov 29, 2024 6:16 am
Forum: Beginner Basics
Topic: Firewall rule can't match packet by interface
Replies: 6
Views: 508

Re: Firewall rule can't match packet by interface

Regardless, not the config.
by anav
Fri Nov 29, 2024 12:13 am
Forum: Beginner Basics
Topic: Firewall rule can't match packet by interface
Replies: 6
Views: 508

Re: Firewall rule can't match packet by interface

jpegs mean little to me, also hard on my old eyes LOL.
by anav
Thu Nov 28, 2024 11:58 pm
Forum: Beginner Basics
Topic: Firewall rule can't match packet by interface
Replies: 6
Views: 508

Re: Firewall rule can't match packet by interface

No idea without seeing the config.

/export file=anynameyouwish ( minus router serial number, any public WANIP information, VPN keys etc.)
by anav
Thu Nov 28, 2024 9:55 pm
Forum: Beginner Basics
Topic: Best way to setup backup route
Replies: 11
Views: 771

Re: Best way to setup backup route

haha, not pissed, I just speak plainly/factually ;-) You will know for sure if displeased. Consider the config is like the human body, you cannot talk about muscles without discussing nerves that actually trigger muscle movement, you cannot talk about muscles without talking about their food supply ...
by anav
Thu Nov 28, 2024 8:33 pm
Forum: General
Topic: Wireguard stops handshaking out of sudden - Change of port (only) solves it for weeks
Replies: 31
Views: 4851

Re: Wireguard stops handshaking out of sudden - Change of port (only) solves it for weeks

I note on beta 7.17.rc - this line......

*) bth - improved stability on system time change;

Has anyone with this problem used the latest beta to see if this change fixes it???
I am 100% convinced these slew of WG bugs were introduced with BTH changes...........just a theory.
by anav
Thu Nov 28, 2024 8:01 pm
Forum: Beginner Basics
Topic: Only one direction PING possible
Replies: 6
Views: 875

Re: Only one direction PING possible

You need to decide what is the purpose of AX2 devices. The Ax3 will be your MAIN router terminating the ISP connection( you get a public IP) and create private subnets behind the router. If you use the AX2 devices you will end up with double triple NAT etc, and unless needed for a specific reason sh...
by anav
Thu Nov 28, 2024 7:44 pm
Forum: Beginner Basics
Topic: VLANs leaking behind a switch? [SOLVED]
Replies: 8
Views: 742

Re: VLANs leaking behind a switch? [SOLVED]

Beyond my scope of knowledge sorry! Hopefully someone else will chime in.
by anav
Thu Nov 28, 2024 7:10 pm
Forum: Forwarding Protocols
Topic: Wireguard issues with OSPF [SOLVED]
Replies: 9
Views: 1373

Re: Wireguard issues with OSPF [SOLVED]

I purchased an online course that includes a Failover and Load Balancing script. The first two rules prevent packets entering through WAN1 from returning via WAN2. Not sure how those two points are related...... but one can pay through the nose for these rules. ;-) https://forum.mikrotik.com/viewto...
by anav
Thu Nov 28, 2024 6:50 pm
Forum: General
Topic: fingerprinting
Replies: 8
Views: 939

Re: fingerprinting

EAP? One unique fingerprint per device. Yay!
I hope I get at least 20 tries before getting locked out ( counting my toe prints) ;-)
by anav
Thu Nov 28, 2024 6:47 pm
Forum: Beginner Basics
Topic: VLANs leaking behind a switch? [SOLVED]
Replies: 8
Views: 742

Re: VLANs leaking behind a switch? [SOLVED]

ASSUMING VLAN10 is the trusted VLAN where all managed devices should get their IP address from!! On Router 1. MINOR From: /interface bridge port add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=10 add bridge=bridge frame-types=admit-only-untagged-and-priori...
by anav
Thu Nov 28, 2024 6:35 pm
Forum: Beginner Basics
Topic: Best way to setup backup route
Replies: 11
Views: 771

Re: Best way to setup backup route

You can source nat both WANS or use Sourcenat on WAN interface list. No mention of port forwarding before>>> This is what I call scope creep. I am not interested in chasing. If you have a network plan, then provide a network diagram. then list the requirements. a. identify all the users/devices incl...
by anav
Thu Nov 28, 2024 4:52 pm
Forum: Beginner Basics
Topic: multple vlans same dhcp subnet
Replies: 4
Views: 435

Re: multple vlans same dhcp subnet

Instead of a supout for people to view, use the export function in CLI commands in winbox menu entry NEW TERMINAL.

/export file=anynameyouwish ( minus router serial number, any public WANIP information, vpn keys )
by anav
Thu Nov 28, 2024 4:50 pm
Forum: Beginner Basics
Topic: im begginer and i have hex refresh
Replies: 5
Views: 420

Re: im begginer and i have hex refresh

Just to be clear you get a block of WANIPs from your ISP provider which is connected/terminated on ether1, using one of the WANIPs.
You wish to use the remainder of WANIPs to pass on to clients on ether 2,3,4 ???
by anav
Thu Nov 28, 2024 4:38 pm
Forum: General
Topic: Ticket not being responded to
Replies: 9
Views: 732

Re: Ticket not being responded to

If not interested in forum help,,,,,,,,, there is always --> https://mikrotik.com/consultants
by anav
Thu Nov 28, 2024 4:36 pm
Forum: General
Topic: How to block webpages by URL?
Replies: 5
Views: 521

Re: How to block webpages by URL?

Stand by computer user, when viewing unwanted information, place blindfold on computer user. No need for expensive routers. :)
by anav
Thu Nov 28, 2024 4:22 am
Forum: Beginner Basics
Topic: Proxy to my home services
Replies: 6
Views: 622

Re: Proxy to my home services

Therefore I was wondering the best way to expose these service ports in a secure way. This leads me to thinking you may want to try Zerotier, which basically joins participants as if they were in a layer 2 network ( my simpleton view ). Another thought is cloudflare zero trust, which is a way to ha...
by anav
Thu Nov 28, 2024 4:19 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 302
Views: 493304

Re: Using RouterOS to VLAN your network

Concur Holvoe........ The post made is nonsensical, based on the experience on this forum I have seen all manner of setups and none of the threads examples seem out of place compared to that of which one is exposed to here. The intent of the article is to help users navigate through implementing vla...
by anav
Thu Nov 28, 2024 12:54 am
Forum: Beginner Basics
Topic: Help: Can't figure out why VLANs aren't working
Replies: 3
Views: 388

Re: Help: Can't figure out why VLANs aren't working

Good time to learn. Tips --> once you use vlans, take bridge off any dhcp etc.. and take the home LAN and make it another vlan. get rid of vlan interface list group, not required, and add a TRUSTED interface list. If you do have a spare port or can spare one during the bulk of the configuration, hig...
by anav
Wed Nov 27, 2024 11:33 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

I want to know more about this line............ In case of going through relay, speed could be limited. Clearly we have limits on client end for ISP, and limits at Router end from its associated ISP connection and then there are losses due using VPN. So are they saying on top of that there may be ad...
by anav
Wed Nov 27, 2024 10:54 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

So in summary, its transparent to the end user, and hence why both apps can be used.
by anav
Wed Nov 27, 2024 8:27 pm
Forum: Wireless Networking
Topic: cAP or hAPax3?
Replies: 8
Views: 587

Re: cAP or hAPax3?

I like the suggestion of powerline, especially for the two bedrooms.......
https://www.tp-link.com/ca/home-network ... a7517-kit/

What I would personally use --> https://www.devolo.global/magic-2-wifi-6
by anav
Wed Nov 27, 2024 8:15 pm
Forum: Forwarding Protocols
Topic: Wireguard issues with OSPF [SOLVED]
Replies: 9
Views: 1373

Re: Wireguard issues with OSPF [SOLVED]

jajajajaja, I will stick to any errors that pop from the most basic of settings!!

For all those wireguards coming in on ISP1 and ISP2, where be the mangling required to ensure handshakes go back out correct WAN??
Cool one can bypass that with OSPF, I may have to learn it after all.
by anav
Wed Nov 27, 2024 8:06 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

Because the destination and source addresses are kept up to date by Wireguard ROS at either end, so MT ensures that if there is a direct connection that the client uses the direct dst IP address instead of the DDNS one. I am assuming that in the traffic back to the client, the BTH connection sends t...
by anav
Wed Nov 27, 2024 6:28 pm
Forum: Beginner Basics
Topic: Best way to setup backup route
Replies: 11
Views: 771

Re: Best way to setup backup route

All is possible. You can a. have all traffic go over ether1, and when that fails switch to ether3 b. load balance traffic between the two connections c. have some users or subnets go out ether1 and some users or subnets go out ether3 For basic failover ( primary and backup ) /ip route add check-gate...
by anav
Wed Nov 27, 2024 6:01 pm
Forum: Beginner Basics
Topic: VLANs: Which network does RouterOS use?
Replies: 5
Views: 354

Re: VLANs: Which network does RouterOS use?

Think of it as the native vlan, should not be used for data and should not be used as trusted or management. Its transparent in the background.
by anav
Wed Nov 27, 2024 5:58 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

As AMMO stated, the magic is the DDNS part of the BTH user config ( allowed IPs ). I am assuming this sends the user to the MT server. The server keeps track if the Mikrotik Router has a direct type of connection and then rejigs the destination/source address type information such that the BTH Users...
by anav
Wed Nov 27, 2024 5:53 pm
Forum: General
Topic: wireguard vpn + hotspot captive portal issue
Replies: 6
Views: 459

Re: wireguard vpn + hotspot captive portal issue

1. Only need one bridge. Using multiple bridges may seem like an easy go to but its not recommended. Use VLANs and vlan-filtering. 2. Add a safe port to continue config for vlans from a port NOT connected to the bridge. We give it an IP address 192.168.55.1/30. Plug your PC into port 5, give your PC...
by anav
Wed Nov 27, 2024 4:51 pm
Forum: General
Topic: Subnet-to-subnet only works in one direction
Replies: 2
Views: 301

Re: Subnet-to-subnet only works in one direction

network diagram would help as well.
by anav
Wed Nov 27, 2024 4:49 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

I am working on that bit ( improving docs ) and is why I am being nitpicky in my understanding.
I forget, where do the firewall rules show up that allow a USER to access the WAN and possibly the LAN???
by anav
Wed Nov 27, 2024 4:27 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

Okay so its just a convenience APP for the users second to infinity. The only critical use of the BTH app is for the first user ( admin ) as that account on that phone is the only one where the APP has MANAGE shares capability. The PRIMARY config loaded! You know its very annoying that your right ;-)
by anav
Wed Nov 27, 2024 2:28 pm
Forum: General
Topic: Complaints from v7.17rc [testing]
Replies: 45
Views: 2560

Re: v7.17rc [testing] is released!

There is never a perfect world. But for certain device types, cloud provisioning these days is leading the way. There also needs to be local management. If we cloud provision, the device info and network/device password would be saved at an administrative level. We copy password and use it to acces...
by anav
Wed Nov 27, 2024 6:21 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

Okay to be clear, it seems what you are saying is that you can take a wireguard config generated by the admin on the admins smartphone, for another user, using the Manage Shares approach, and it can be applied to any normal WIREGUARD APP, aka on smartphone or PC etc. ( stating that the BTH app is NO...
by anav
Wed Nov 27, 2024 5:43 am
Forum: General
Topic: Block Quic Protocol
Replies: 8
Views: 5181

Re: Block Quic Protocol

Stuffing a wet noodle up a straw request.
by anav
Wed Nov 27, 2024 5:41 am
Forum: Wireless Networking
Topic: cAP or hAPax3?
Replies: 8
Views: 587

Re: cAP or hAPax3?

IF all your allowed is one device, then why place it right away inside four walls. If anything I suspect a ceiling mount would be better (guessing)
However, you should really have posted in the wifi forum as keen wifi folks hang out there ......
...

Screenshot 2024-11-26 233758.jpg
by anav
Wed Nov 27, 2024 5:03 am
Forum: Beginner Basics
Topic: Best way to setup backup route
Replies: 11
Views: 771

Re: Best way to setup backup route

Not sure what you mean. Data flow is two way. If you mean can you have a dual WAN setup. Two modems, lets say cable from rogers, and fibre from bell, the answer is yes. Typically one uses the etherport for the WAN client, 3 common options. 1. pppoe setup 2. Dynamic public IP 3. Static public or priv...
by anav
Wed Nov 27, 2024 4:41 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

Not sure what you mean. If a user (not admin) uses the BTH app to setup a BTH tunnel after receiving the QR code, or URL link or export config file generated on the admins smartphone, then the user access is done through the BTH app, not the standard wireguard app. Now what has not been explained at...
by anav
Wed Nov 27, 2024 1:09 am
Forum: General
Topic: wireguard vpn + hotspot captive portal issue
Replies: 6
Views: 459

Re: wireguard vpn + hotspot captive portal issue

Got it, you host a bunch of users that you would like to push out the internet at some other location via Wireguard. Are these hotspot users on their own subnet? Can you separate your home or private use on a different subnet or would like to Do you want the ability to use wireguard to reach your ro...
by anav
Wed Nov 27, 2024 1:05 am
Forum: General
Topic: Peer DNS on ether1-wan when wireguard tunnel goes down with a script? [SOLVED]
Replies: 5
Views: 1115

Re: Peer DNS on ether1-wan when wireguard tunnel goes down with a script? [SOLVED]

Not clear it sounds like only one subnet is going through wireguard??
Do you have control over the other end??

need config!!
by anav
Tue Nov 26, 2024 11:47 pm
Forum: General
Topic: Peer DNS on ether1-wan when wireguard tunnel goes down with a script? [SOLVED]
Replies: 5
Views: 1115

Re: Peer DNS on ether1-wan when wireguard tunnel goes down with a script? [SOLVED]

So to be clear you want to use the far router for DNS when the wireguard tunnel is up and to allow local WAN access and local DNS when the tunnel is down. Is this for a single subnet, all subnets, some users??? Will need to see full config /export file=anynameyouwish (minus router serial number, any...
by anav
Tue Nov 26, 2024 10:19 pm
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 20
Views: 2609

Re: Issue with Wireguard - Connected but no traffic

Post both latest configs for review
by anav
Tue Nov 26, 2024 9:01 pm
Forum: Beginner Basics
Topic: Why can I not use static ip_
Replies: 13
Views: 839

Re: Why can I not use static ip_

Did the ISP provided you with a static WANIP with its associated gateway? If so then simply add this as an address entry ( and disable the ip dhcp client entry ) /ip address add address=ISP_provided_IP/24 gateway=ISP_provided_gateway-IP network=ISP_provided_network ( typically if IP is 192.168.55.1/...
by anav
Tue Nov 26, 2024 8:41 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

It's WG, so all are peers. The app and /ip/cloud just always create ONE peer upon enabling it. If you need more, you need the "managed shared" (or /ip/cloud/back-to-home-users). On the "shared" ones, there is the additional option to allow-lan= so that the only difference AFAIK....
by anav
Tue Nov 26, 2024 7:29 pm
Forum: General
Topic: Roast my config
Replies: 8
Views: 667

Re: Roast my config

You are in charge, not the MT device LOL. You decide based upon requirements. What I see is a two vlan requirement spanning 5009 to HAPAX3 (setup as an AP/switch) It is the logical choice. The only reason I would make the hapax3 as a router is if I wanted to use it for wireguard and not the 5009
by anav
Tue Nov 26, 2024 7:26 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 26
Views: 1764

Re: HEX Lite for routing between subnets [SOLVED]

++1
by anav
Tue Nov 26, 2024 7:22 pm
Forum: Beginner Basics
Topic: bridge has stopped working, all ports marked as not running
Replies: 12
Views: 690

Re: bridge has stopped working, all ports marked as not running

Post your own thread instead of hijacking this one! ;-PPP
by anav
Tue Nov 26, 2024 7:21 pm
Forum: Beginner Basics
Topic: Proxy to my home services
Replies: 6
Views: 622

Re: Proxy to my home services

First off, well done, the safest way to access home servers is coming in on VPN and then accessing the server from behind the router. Second, if your request was to do something similar using standard port forwarding, a proxy server would not be required. For example, if you wanted users to come in ...
by anav
Tue Nov 26, 2024 7:10 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

Wont say you are wrong, I would rather use obtuse! ;-) First though, I would agree that the associated MT router probably receives the new peer information UPON creation on the admin's smartphone. My assumption was that the router gets populated upon first hookup attempt. However after reading your ...
by anav
Tue Nov 26, 2024 6:58 pm
Forum: General
Topic: VPN Type / PC with x Users
Replies: 17
Views: 753

Re: VPN Type / PC with x Users

I quite agree with you that native windows VPN app is very limited but as well as Mikrotik has some limitations to achieve this scenario. Not at all. MT as per normal wireguard protocol assigns a unique IP address to each peer. Further it has firewall rules to assign permissions as required for eac...
by anav
Tue Nov 26, 2024 5:27 pm
Forum: Beginner Basics
Topic: bridge has stopped working, all ports marked as not running
Replies: 12
Views: 690

Re: bridge has stopped working, all ports marked as not running

Sorry, but ASSUME is not in my vocabulary............................
I have one size HAMMER............... it works 95% of time................ the other 5%, is when you and mkx get lucky first, on the whackamole game you like to play.
by anav
Tue Nov 26, 2024 5:24 pm
Forum: Beginner Basics
Topic: Problem with WAX204 (AP mode) in VLAN setup and security questions [SOLVED]
Replies: 4
Views: 345

Re: Problem with WAX204 (AP mode) in VLAN setup and security questions [SOLVED]

If you provide jpegs of all vlan setting pages on TP link switch ( at least two, maybe three if pvid is a separate setting page ) Full config of hex. /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc.) It should be fairly quick to straighten out. ++++++...
by anav
Tue Nov 26, 2024 5:21 pm
Forum: Beginner Basics
Topic: bridge has stopped working, all ports marked as not running
Replies: 12
Views: 690

Re: bridge has stopped working, all ports marked as not running

While my two esteemed colleagues, okay they are professionals, Im just the floor washer in their office, jump around like frogs, please provide the config. /export file=anynameyouwish (minus router serial number, any public WANIP info, keys etc.. ) Also if you are wireguarding to another device, als...
by anav
Tue Nov 26, 2024 5:18 pm
Forum: General
Topic: wireguard vpn + hotspot captive portal issue
Replies: 6
Views: 459

Re: wireguard vpn + hotspot captive portal issue

To be clear.
What is the purpose of wireguard in this setup.

For you as admin to reach the router while away from the main site?
Something else??
by anav
Tue Nov 26, 2024 5:13 pm
Forum: General
Topic: Hairpin NAT - acces to my web site on local server [SOLVED]
Replies: 3
Views: 388

Re: Hairpin NAT - acces to my web site on local server [SOLVED]

I just use LANIP ;-P
Another option is to use DNS settings to point all internal users, aiming at webserver be redirected to LANIP.
by anav
Tue Nov 26, 2024 5:12 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 26
Views: 1764

Re: HEX Lite for routing between subnets [SOLVED]

Wow, such trick phuckery. I also need to see the final config, as to try and understand, the magical fairy wizard dust Sindy contrived. :-)
Basically, will help better solidfy ones understanding of some basic stuff, power of ip address, dst-nat and source-nat.
by anav
Tue Nov 26, 2024 5:09 pm
Forum: General
Topic: Roast my config
Replies: 8
Views: 667

Re: Roast my config

Here is the problem, you want the hapax to be a simple AP switch, but then you try to add a second network behind the router. This is not possible be it assigning a subnet to a WLAN, creating a second bridge etc.............. The fact of the matter is you only have one subnet reaching the hapax3.......
by anav
Tue Nov 26, 2024 4:53 pm
Forum: General
Topic: VPN Type / PC with x Users
Replies: 17
Views: 753

Re: VPN Type / PC with x Users

Not necessarily. Lets say each user has to login into the PC. Lets say each user has their own wireguard APP on the PC. Lets say each user gets a different wireguard IP address on the MT ROuter wireguard subnet (in fact we will actually make the subnet different for each user but attached to same wi...
by anav
Tue Nov 26, 2024 4:31 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

anav:1 ammo:0 ( but whose counting) - by the way it looks my advice after inauguration day will cost 25% more jajajaja ( ps dont worry only applies to USA, rest of the world, same free advice, quality not guaranteed until reviewed by mkx/sob and a few others.......... ) Edit................... Damn ...
by anav
Tue Nov 26, 2024 4:28 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

Hi Normis, Understood, the One Time user available on the ROUTER itself, is for the ADMIN, to use. I presume this is meant to be put on the admins phone and from there he can easily generate additional qr codes or configs to send to as many clients as he/she,it,they,them etc desires. I also understa...
by anav
Tue Nov 26, 2024 2:33 am
Forum: General
Topic: Any advice for further debugging handshaking failed on wireguard roadwarrior setup?
Replies: 13
Views: 1057

Re: Any advice for further debugging handshaking failed on wireguard roadwarrior setup?

Diagram please detailing the wans etc.... It could be a well known wireguard routing issue but a diagram will help orient me to your network.
by anav
Tue Nov 26, 2024 12:01 am
Forum: General
Topic: Roast my config
Replies: 8
Views: 667

Re: Roast my config

1. Is this router BEHIND the RB5009, in double NAT, or acting as a switch/AP OR Is this router in front of the Rb5009 and public IP facing. 2. Why is this error showing?? /interface bridge port add bridge=bridge comment=defconf interface=*6 internal-path-cost=10 path-cost=10 3. Why do you have two b...
by anav
Mon Nov 25, 2024 7:57 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

okay hopefully NORMIS will provide his usual clarity. :-) :-)
by anav
Mon Nov 25, 2024 7:41 pm
Forum: General
Topic: WAN interface Passes more data than the LAN interface
Replies: 13
Views: 738

Re: WAN interface Passes more data than the LAN interface

Belgian chocolate makes one smarter, apparently. Screenshots are hard on my eyes so I try to avoid them.
by anav
Mon Nov 25, 2024 7:11 pm
Forum: General
Topic: Understanding Back to Home VPN (Wireguard) mysterious peer
Replies: 5
Views: 445

Re: Understanding Back to Home VPN (Wireguard) mysterious peer

Thank you emarj, I misunderstood your question and gave you a duff answer, now I understand that additional BTH config, and will be able to assist others more accurately down the line. Thanks to @Normis, for clearing that up................... Suggest you add it to the MT document section on BTH so ...
by anav
Mon Nov 25, 2024 7:04 pm
Forum: General
Topic: WAN interface Passes more data than the LAN interface
Replies: 13
Views: 738

Re: WAN interface Passes more data than the LAN interface

Your firewall rules are over the top complex and simplifying them will enable troubleshooting to some extent. However far more worrisome.......... if assuming 8295,8296 are something to do with accessing winbox and your router is public facing, you are asking to be hacked . Also without seeing the F...
by anav
Mon Nov 25, 2024 6:56 pm
Forum: Beginner Basics
Topic: VLAN setup problem
Replies: 2
Views: 530

Re: VLAN setup problem

Just to be clear, ether1 and ether2 are WAN links Ether 3 reserved ---> what I would do NOW, is to make this an OFF BRIDGE access for doing all the vlan configuring, much safer , trust me !! /interface ethernet set [ find default-name=ether3] name=OffBridge3 Ether4-10 would be on the bridge. Create ...
by anav
Mon Nov 25, 2024 6:34 pm
Forum: Beginner Basics
Topic: WireGuard setup for home server hosting
Replies: 7
Views: 603

Re: WireGuard setup for home server hosting

Okay my bad, I read so many posts, I can easily get confused........ may also be an old brain thing :-) So you have you own private VPN server hosted in the cloud. That is super so assuming you want to use it for a myriad of things a. users to come in and access your game servers b. for you to remot...
by anav
Mon Nov 25, 2024 6:18 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

Read the docs y.......... Connect to router Enable DDNS Cloud service: `/ip/cloud/set ddns-enabled=yes` Enable Back To Home: `/ip/cloud/set back-to-home-vpn=enabled` Print tunnel configuration: `/ip/cloud/print` Scan QR Code (`vpn-wireguard-client-config-qrcode`) or Copy config (`vpn-wireguard-clien...
by anav
Mon Nov 25, 2024 5:56 am
Forum: Beginner Basics
Topic: WireGuard setup for home server hosting
Replies: 7
Views: 603

Re: WireGuard setup for home server hosting

No understood. Here is the point If you have public IP then you dont need nordvpn wireguard Be advised NordVPN is NOT for people coming to you. Its strictly outgoing traffic from your side, usually to avoid local WANIP restrictions etc... As noted your best bet is a. Rent a cloud server, get a CHR l...
by anav
Mon Nov 25, 2024 4:05 am
Forum: General
Topic: Dynamic WireGuard endpoint traffic routed outbound to a specific interface.
Replies: 4
Views: 569

Re: Dynamic WireGuard endpoint traffic routed outbound to a specific interface.

So on this HAP device, a. you have a public WANIP ?? and b. you have nordguard vpn............ WHY you can access your router as admin or guests or another router via Wireguard without nordvpn. c. Perhaps you want users to go out a different internet public IP then your own and that is the reason? d...
by anav
Mon Nov 25, 2024 3:49 am
Forum: General
Topic: Any advice for further debugging handshaking failed on wireguard roadwarrior setup?
Replies: 13
Views: 1057

Re: Any advice for further debugging handshaking failed on wireguard roadwarrior setup?

You know the drill Post the config of the MT router ( assuming its acting as peer Server for handshake )? Since you have a public IP this should be fairly easy to fix. If you have multiple WANs, then provide a detailed diagram for clarity as well as config. /export file=anynameyouwish (minus router ...
by anav
Mon Nov 25, 2024 1:14 am
Forum: General
Topic: Blocking Video and Music Downloads on MikroTik
Replies: 4
Views: 370

Re: Blocking Video and Music Downloads on MikroTik

You cannot do it with a mikrotik device,
You need an $$router with a $$subscription service.
Your School IT staff would know this,,,,,,,

If this is a single school with little resources, not much you can do.
However, students shouldnt be on their cell phones in the classroom anyway.
by anav
Mon Nov 25, 2024 1:13 am
Forum: General
Topic: Minimum requirement to be a official Mikrotik consultant
Replies: 14
Views: 903

Re: Minimum requirement to be a official Mikrotik consultant

I think @ToTheFull refers to the requirement that one has to be "active" on the forum in order to maintain their official consultant status. But the particular kind of activity is not specified. I guess it would be complicated to verify conformance to a more specific requirement, like &qu...
by anav
Mon Nov 25, 2024 1:11 am
Forum: Beginner Basics
Topic: WireGuard setup for home server hosting
Replies: 7
Views: 603

Re: WireGuard setup for home server hosting

No problem at all. You haven't stated what kind of VPN service, do you mean a third party VPN provider or something else? By the way, if the third party Cloud is hosting it, it cant be as per your title is HOME SERVER Hosting LOL Im assuming two things forcing you to a VPN provider. a. no public IP ...
by anav
Sun Nov 24, 2024 10:56 pm
Forum: Beginner Basics
Topic: PCC dual wan
Replies: 8
Views: 938

Re: PCC dual wan

Screw MT, what is important is that you are feeling better!!!
by anav
Sun Nov 24, 2024 10:53 pm
Forum: General
Topic: AWS Wireguard Slow
Replies: 21
Views: 1292

Re: AWS Wireguard Slow

You get what you measure...

Hi Ammo, cant recall did it long ago but on a 1gig connection on either end same city same provider, rb4011 to RB450G maybe,????? while ago....
I got around 300Mbps or so........... Sorry havent tested in a while.
Perhaps I should test with holvoe sometime.
by anav
Sun Nov 24, 2024 10:51 pm
Forum: General
Topic: How setup own VPN app creat and import WG tunnel automatically
Replies: 3
Views: 344

Re: How setup own VPN app creat and import WG tunnel automatically

Well the instructions are not difficult.
Open BTH app on smartphone and import QR code.
It will be up to you to make easy follow instructions for users.
Suggest you try it a couple of times to figure out how best to describe it to users
by anav
Sun Nov 24, 2024 10:49 pm
Forum: General
Topic: Comments and other Enquiry
Replies: 1
Views: 256

Re: Comments and other Enquiry

Well here is the scoop to use wireguard NORMAL, manual config, or port forwarding for that matter you need a. a public IP address OR b. an upstream router/modem, usually the iSP one, with a public IP AND the ability to forward ports. If you have the above then you dont need to use BTH. +++++++++++++...
by anav
Sun Nov 24, 2024 8:38 pm
Forum: General
Topic: AWS Wireguard Slow
Replies: 21
Views: 1292

Re: AWS Wireguard Slow

IPSec has its place in the enterprise world, but here in home soho user land, wireguard is easier to setup and reasonably fast and secure. Sure it takes a hit but looking at IPSEC stats on the MT routers, its not a shining star either. I trust mozerd, who deals with a wide variety of NON enterprise,...
by anav
Sun Nov 24, 2024 8:15 pm
Forum: Beginner Basics
Topic: NAT Setup Question
Replies: 3
Views: 366

Re: NAT Setup Question

I still don't understand your setup. Typically the Router has a public WANIP, either static or dynamic. OR if not a Private IP from an upstream router for example. Behind the router is a DIFFERENT private subnet, so not sure what you are doing or what kind of network you have. It would appear you ne...
by anav
Sun Nov 24, 2024 8:01 pm
Forum: Beginner Basics
Topic: Wireguard show-client-config generates ListenPort value when not set
Replies: 1
Views: 228

Re: Wireguard show-client-config generates ListenPort value when not set

The listen port is a horrible name I will agree. It only pertains to a wireguard router that is server for handshake. In the case of a client that port (typically identified under Wireguard Interface) is simply the outgoing port the initial connection uses to reach the Server etc......... So in a cl...
by anav
Sun Nov 24, 2024 3:20 pm
Forum: Beginner Basics
Topic: NAT Setup Question
Replies: 3
Views: 366

Re: NAT Setup Question

Draw a detailed network diagram as your explanation is NOT understandable
by anav
Sun Nov 24, 2024 3:17 pm
Forum: Beginner Basics
Topic: Could anyone audit my setup?
Replies: 2
Views: 348

Re: Could anyone audit my setup?

1. You forgot to include your 5ghz wifi WLAN in /interface bridge port settings /interface bridge port add bridge=Bridge-LAN interface=ether2-LAN add bridge=Bridge-LAN interface=ether3-LAN add bridge=Bridge-LAN interface=ether4-LAN add bridge=Bridge-LAN interface=ether5-LAN add bridge=Bridge-LAN int...
by anav
Sun Nov 24, 2024 2:55 pm
Forum: General
Topic: Wireguard between two mikrotik
Replies: 8
Views: 5737

Re: Wireguard between two mikrotik

@Mesquite - remember Your kind words the next time you ask for help at a car repair shop, or at a birthday present, or when painting your room...
Your post makes no sense, suspect language barrier, try google translate next time.
by anav
Sun Nov 24, 2024 1:09 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

Hi Ammo reading the docs there is only one qr/code one can generate from the router itself, the rest if I read this right, is that you can easily create and manage additional Qr codes and send them all from the admin smartphone.
by anav
Sun Nov 24, 2024 1:04 am
Forum: General
Topic: Minimum requirement to be a official Mikrotik consultant
Replies: 14
Views: 903

Re: Minimum requirement to be a official Mikrotik consultant

As per https://mikrotik.com/consultants . Additionally, as a consultant we expect you to participate in the MikroTik Forum and attend the MUM events in your country as a presenter conducting RouterOS case studies or workshops. @muaazteladia - Wow, one post in DEC 2022 and now a few posts today out ...
by anav
Sat Nov 23, 2024 8:31 pm
Forum: General
Topic: Understanding Back to Home VPN (Wireguard) mysterious peer
Replies: 5
Views: 445

Re: Understanding Back to Home VPN (Wireguard) odd peer

From my understanding, one uses your smartphone to create an initial tunnel while behind the router. Then one can use the smartphone BTH app ( under MANAGED SHARES) to generate qr codes or config files for other smart phones/laptops etc...... (laptops use the wireguard app itself). THe router is cap...
by anav
Sat Nov 23, 2024 8:28 pm
Forum: General
Topic: How setup own VPN app creat and import WG tunnel automatically
Replies: 3
Views: 344

Re: How Playstore app creat and import WG tunnel

The MT router can provide 1 QR codes or config file for that special client that is remote. I believe but not certain, the way to create multiple accounts ( Qr codes or config files) is from the BTH app on your smart phone. Step1: Create a BTH tunnel on your smartphone while behind the MT router aka...
by anav
Sat Nov 23, 2024 8:25 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360093

Re: NEW FEATURE: Back to Home VPN

Trying to understand BTH some more. It would appear that it does not function as I thought. One cannot create QR codes for all remote users and send them each their own QR code, at which time the BTH app on android or Iphone could then simply use to setup their end. It would appear this can only be ...
by anav
Sat Nov 23, 2024 5:25 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1491

Re: Wireguard routing

Okay I added a bunch more questions above,,,,,,that need answering. You only need one wireguard network now that I know your wireguard requirements but only when two things happen. a. you fix your guest VPN and bridge setup. recommend create vlan for bridge subnet, put both vlans on same bridge as p...
by anav
Sat Nov 23, 2024 4:58 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1491

Re: Wireguard routing

Okay will see what I can figure out, just confused why you have two different WIREGUARD NETWORKS??? Can you provide network diagrams for each side, its very confusing due to all the extra subnets showing that are not complete subnets. For Example. Router A has a Bridge network of 192.168.88.0/24 But...
by anav
Sat Nov 23, 2024 3:47 pm
Forum: General
Topic: VLAN Trunk - DHCP issue
Replies: 12
Views: 773

Re: VLAN Trunk - DHCP issue

1. Remove serial number from post. 2. DO NOT USE bridge firewall rules, this is an advanced setting for specific cases, use normal firewall rules for most needs. 3. Clean up pools 4. Fixed up /interface bridge port and bridge vlan 5. Wireguard settings are incorrect. It would appear that the MT is a...
by anav
Sat Nov 23, 2024 2:28 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1491

Re: Wireguard routing

I asked for config at both ends? Which Router is supposed to be the Server for wireguard handshake?? Missing the wireguard address in allowed addresses ( depends upon if server or client for handshake what it should be). Why do you limite wg to /30 at least make it /29 so you can as admin remotely c...
by anav
Sat Nov 23, 2024 2:37 am
Forum: General
Topic: Minimum requirement to be a official Mikrotik consultant
Replies: 14
Views: 903

Re: Minimum requirement to be a official Mikrotik consultant

Not sure but if the answer is YEs, I will be sure to make recommendations except for Alex from Malaysia ;-)
by anav
Sat Nov 23, 2024 1:32 am
Forum: General
Topic: VLAN setup in RouterOS Switch
Replies: 11
Views: 574

Re: VLAN setup in RouterOS Switch

Need a coherent plan.
Provide a network diagram detailing what is supposed to travel over ports, from that, takes 2 minutes to configure okay maybe 5
by anav
Sat Nov 23, 2024 1:27 am
Forum: General
Topic: Wireguard only for WiFi sitting in its own VLAN
Replies: 4
Views: 459

Re: Wireguard only for WiFi sitting in its own VLAN

1. Remove vlan and datapath from wifi setting, we will apply it on the bridge ports/interface settings. 2. Only need one bridge 3. I am not sure if this is LEGAL. your slave WLAN for wireguard has a different BAND from the master. Is this allowed, I know the frequency and such is copied over...........
by anav
Fri Nov 22, 2024 8:48 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6813

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]



MikroTik and CloudFlare business relationship would be a good idea. Even on a limited level with ClouldFlare Free plain. It would be a start.
Would require open minds and forward thinking business planning! Will see if both exist.
by anav
Fri Nov 22, 2024 8:46 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1491

Re: Wireguard routing

Please post config at both ends.
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
by anav
Fri Nov 22, 2024 7:04 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6813

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Utah and North Pole have spoken. Cloudflare or bust!
by anav
Fri Nov 22, 2024 2:12 pm
Forum: General
Topic: How to Secure Ether8 Port for AP Without Disrupting Wi-Fi Clients on Mikrotik
Replies: 4
Views: 319

Re: How to Secure Ether8 Port for AP Without Disrupting Wi-Fi Clients on Mikrotik

Assuming you are talking about segregating users when they are coming on ether8 or that AP, when they are on the same SUBNET as other users???
If so, why not simply create a separate vlan for those users....
by anav
Thu Nov 21, 2024 11:58 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 11
Views: 1093

Re: Port Forwarding

Most of us turn internet detect to NONE, as it can have bad effects.
by anav
Thu Nov 21, 2024 11:55 pm
Forum: Beginner Basics
Topic: Internet only (NO LAN) access for IP Pool
Replies: 5
Views: 723

Re: Internet only (NO LAN) access for IP Pool

Great.
When done post config of both devices for review.
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc.)
by anav
Thu Nov 21, 2024 6:47 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6813

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

We would need to set forum.mikrotik.com DNS to be handled by CloudFlare (or any other 3rd party service). We don't want to pay for that.. Fixed for accuracy. :-) For the really unspoken....... We would need to set forum.mikrotik.com DNS to be handled by CloudFlare (or any other 3rd party service). ...
by anav
Thu Nov 21, 2024 6:19 pm
Forum: Beginner Basics
Topic: hAP ax3: change default internet port ether1 to ether2 [SOLVED]
Replies: 23
Views: 1458

Re: hAP ax3: change default internet port ether1 to ether2 [SOLVED]

The hidden point here, is that before you start configuring anything have a plan.
The plan should start with a detailed network diagram ( and in this case would have shown the issue prior to changes on the router).
by anav
Thu Nov 21, 2024 5:23 pm
Forum: Beginner Basics
Topic: WireGuard in VLAN Environment
Replies: 10
Views: 833

Re: WireGuard in VLAN Environment

Awesome!!!
by anav
Thu Nov 21, 2024 5:05 pm
Forum: General
Topic: DNS failover for redudancy
Replies: 5
Views: 447

Re: DNS failover for redudancy


Now, @anav: what was you question in the post above? :wink:
Oh no question, I was giving you the FACTS, the bible so to speak.
I was hoping for you to state where I was dead wrong........
Apparently, I speak truth. ;-)
by anav
Thu Nov 21, 2024 5:03 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6813

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

I think he might get the picture if you stick those fangs into him..............
by anav
Thu Nov 21, 2024 5:02 pm
Forum: General
Topic: Can't ping devices in a LAN over WireGuard tunnel
Replies: 3
Views: 334

Re: Can't ping devices in a LAN over WireGuard tunnel

1 Persistent Keep alive is not required at SITE A wireguard. THe client for handshake requires it, not the server at handshake. 2.Normally client (for handshake) peer devices usually more than one, are identified by singular IP address .. 3. ONLY one dhcp client interface is valid, I suspect its the...
by anav
Thu Nov 21, 2024 4:26 pm
Forum: General
Topic: Can't ping devices in a LAN over WireGuard tunnel
Replies: 3
Views: 334

Re: Can't ping devices in a LAN over WireGuard tunnel

1. The listening port on the wireguard interface does not have to match the endpoint of the server router, there is no direct correlation. 2. 192.168.50 is a local subnet, allowed addresses is for REMOTE addresses (those local user may have as dst address, or that may be coming into the local router...
by anav
Thu Nov 21, 2024 4:12 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6813

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

inside joke there wfburton, but yes anything at this point.
by anav
Thu Nov 21, 2024 4:09 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6813

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Or use cloudflare in between WWW and server. Now if only cloudflare zerotrust was available as an options package on at least ARM routers and newer.......!!!
by anav
Thu Nov 21, 2024 6:03 am
Forum: General
Topic: Router on a stick with WAN on the stick
Replies: 7
Views: 558

Re: Router on a stick with WAN on the stick

As for SWOS barn switch. Keep in mind, the trusted vlan is 20 and thus all smart devices should get an IP address on this vlan, preferably by taking mac address and asssiging a static DHCP lease on the RB router. Port - VLAN MODE / VLAN RECEIVE / VLAN ID SFP1 - strict / allow only tagged frames / de...
by anav
Thu Nov 21, 2024 5:50 am
Forum: General
Topic: Router on a stick with WAN on the stick
Replies: 7
Views: 558

Re: Router on a stick with WAN on the stick

Okay so basically on the router one uses IP DCHP client
/ip dhcp-client
add interface=ether1 use-peer-dns=no
add interface=WAN_VLAN use-peer-dns=no


and remove IP address for WAN_VLAN.
by anav
Thu Nov 21, 2024 5:04 am
Forum: General
Topic: Router on a stick with WAN on the stick
Replies: 7
Views: 558

Re: Router on a stick with WAN on the stick

Thats like asking to use a rowboat to sail to the moon. Hah, thanks for putting it in perspective. I don't have the experience to know if I just need a different approach. I guess if I upgraded the switch to a router, even the same RB2011 model, it would make things quite a bit simpler. Perhaps tha...
by anav
Thu Nov 21, 2024 5:03 am
Forum: General
Topic: Router on a stick with WAN on the stick
Replies: 7
Views: 558

Re: Router on a stick with WAN on the stick

Now for the RB device.... /interface bridge add comment="main bridge" ingress-filtering=no name=local port-cost-mode=\ short protocol-mode=none vlan-filtering=yes /interface vlan add interface=local name=HOME_VLAN vlan-id=10 /interface list add name=WAN add name=VLAN add name=BASE /ip dhcp...
by anav
Thu Nov 21, 2024 4:07 am
Forum: General
Topic: Router on a stick with WAN on the stick
Replies: 7
Views: 558

Re: Router on a stick with WAN on the stick

Thats like asking to use a rowboat to sail to the moon. The switch is not a router but a very simple managed switch. Your router should be setup to to vlan filtering with one bridge.... Decide on either a separate management LAN or perhaps use one of the VLANs as a trusted vlan for this purpseose le...
by anav
Wed Nov 20, 2024 9:47 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 26
Views: 1764

Re: HEX Lite for routing between subnets [SOLVED]

We need a more granular understanding of the relationship between the controller and devices. A. Who initiates traffic. --> does the controller reach out first and state any devices here ---> do the devices reach out first, is there any controller out there. B. How does the controller know which dev...
by anav
Wed Nov 20, 2024 9:40 pm
Forum: Beginner Basics
Topic: WireGuard in VLAN Environment
Replies: 10
Views: 833

Re: WireGuard in VLAN Environment

Well everything is setup properly it looks like in terms of treating the port as a hybrid port.
management vlan comes in untagged vlan10 and the other vlan guest goes in tagged.

Suggest review unifi setup to ensure its not setup for some other condition.
by anav
Wed Nov 20, 2024 9:13 pm
Forum: General
Topic: DNS failover for redudancy
Replies: 5
Views: 447

Re: DNS failover for redudancy

Always a good topic to discuss....... I feel like DNS is like one of the key enzymes in the human body!! Forgetting about static for now to keep it simple....... To use for pointing out all my wrong assumptions and incorrect thinking and for general discussion. What I understand. CASE A: Remote Requ...
by anav
Wed Nov 20, 2024 6:24 pm
Forum: General
Topic: VRRP with single WAN and Single LAN Address
Replies: 34
Views: 2014

Re: VRRP with single WAN and Single LAN Address

99.999 percent over my head, but I thought that when one leased a server for CHR, part of the deal was redundancy so that if the server failed, the CHR would automatically be migrated to another server etc....... ?? ex.... https://www.vultr.com/company/sla/ https://docs.vultr.com/high-availability-o...
by anav
Wed Nov 20, 2024 4:06 pm
Forum: General
Topic: check-for-updates and user\group rights
Replies: 5
Views: 645

Re: check-for-updates and user\group rights

Normis is practically minded, just sometimes in the wrong direction. :-)
by anav
Wed Nov 20, 2024 4:03 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376794

Re: 📣 WinBox 4 is here 📣

Its clear the cat rules the house!! Nice pic.
by anav
Tue Nov 19, 2024 10:09 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6813

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

I meant before MT gives in and adds a third-party DDoS protection service.
Ah. This we agree upon: it's past time they shove it behind some Cloudfare or whatnot.
+1
by anav
Tue Nov 19, 2024 7:53 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6813

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

This is nothing but a disguised attempt to decrease the use of this forum........ and its eventual closure, as the discord channel is so much better ( holds nose ).
by anav
Tue Nov 19, 2024 7:21 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6813

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

I wonder if related to two submerged sea comm cables getting cut, I read about in the news.
by anav
Tue Nov 19, 2024 7:03 pm
Forum: Forwarding Protocols
Topic: Wireguard issues with OSPF [SOLVED]
Replies: 9
Views: 1373

Re: Wireguard issues with OSPF [SOLVED]

Not necessarily, but without seeing the config, its impossible to know how badly you mucked things up! :-)

/export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc.)
by anav
Tue Nov 19, 2024 6:55 pm
Forum: General
Topic: Help with NAT [SOLVED]
Replies: 8
Views: 900

Re: Help with NAT [SOLVED]

I apologize for the delay in responding. Had other fires to extinguish, ha. By adding 10.116.12.128/28 to the Judah MK, resolved the issue. I didn't realize that was necessary for the NAT process. It makes total sense. I really appreciate you slapping me and telling me the simple fix! haha Too funn...
by anav
Tue Nov 19, 2024 6:50 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6813

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Bots still there but forum is back to being zippy. Normis must have come back from holiday! ;-)
by anav
Tue Nov 19, 2024 6:46 pm
Forum: Beginner Basics
Topic: Run VPN for specific application
Replies: 4
Views: 1193

Re: Run VPN for specific application

Nope, you dedicate one vlan to be connected to the VPN at all times.
Users can join that VLAN by accessing an SSID for that purpose ( A WLAN connected to the VLAN ) or they connect to a port on a switch ( and join same vlan )
by anav
Tue Nov 19, 2024 6:42 pm
Forum: Beginner Basics
Topic: Whitelisting all traffic
Replies: 3
Views: 328

Re: Whitelisting all traffic

That is why STEAM exists, and why folks should not attempt to host games at home. Bots will be knocking on the door day and night. Suggestions 1. Limit users by source-address-list a. users must have a static WANIP address b. users must have a dynamic WANIP address ( and they must create a dydndns U...
by anav
Tue Nov 19, 2024 6:36 pm
Forum: Beginner Basics
Topic: Troubles with configuring hairpin NAT
Replies: 7
Views: 749

Re: Troubles with configuring hairpin NAT

If you have a dynamic private IP address for your WANIP, then you will not be able to port forward. If you can access your upstream ISP router and IT HAS a public IP ........ AND........... you can forward ports from the ISP router to your MT device ( either yourself accessing the menu or asking ISP...
by anav
Tue Nov 19, 2024 6:25 pm
Forum: Beginner Basics
Topic: Port forwarding with to ISP issue
Replies: 1
Views: 446

Re: Port forwarding with to ISP issue

You need to post your complete config /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc.) Problems 1. If using pPPOE it usually provides a dynamic WANIP. So if using PPPOE interface, one should not use IP address to define the WANIP. 2. You need public ...
by anav
Sun Nov 17, 2024 8:29 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 50
Views: 3408

Re: Cant get Wireguard client to work

Interesting the OP stated that he is connecting to a private server. I did ask what DNS the private server was using.......... No idea when the idea of using 10.255.255.3 popped into the head?????? Firstly set DETECT INTERNET TO NONE, ,,,,,,,its known to cause issues. +++++++++++++++++++++++++++++++...
by anav
Sun Nov 17, 2024 8:09 pm
Forum: Beginner Basics
Topic: WireGuard in VLAN Environment
Replies: 10
Views: 833

Re: WireGuard in VLAN Environment

1. Adjust /interface bridge port to /interface bridge port add bridge=BR1 interface=ether2 pvid=10 comment="hybrid port - UNIFI" add bridge=BR1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=10 add bridge=BR1 ingress-filtering=yes frame-type...
by anav
Sun Nov 17, 2024 6:18 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 246
Views: 28689

Re: wAP ax?

The only reason for capsman is for roaming between devices, the other APs are tp links not to worry........not going down capsman sinkhole anytime soon
I also despise the armada controller, all done on the device!!
by anav
Sun Nov 17, 2024 4:46 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 246
Views: 28689

Re: wAP ax?

Okay, I loaded new drivers into the capac. After a time, or a few times anyway, I finally got the hang of it. I will say again, tis the worst wifi configuration process anyone has to experience, they must enjoy torture as a recreational activity in Latvia ;-) Not even sure if I have it right but it ...
by anav
Sun Nov 17, 2024 3:31 pm
Forum: General
Topic: Need a second pair of eyes
Replies: 7
Views: 814

Re: Need a second pair of eyes

Silly me!!
This is the problem
/ip pool
add name=dhcp ranges=10.0.0.100-10.0.0.200

SHould be:
/ip pool
add name=dhcp ranges=10.0.0.100-10.0.1.200


Or perhaps you need to express it like so
add name=dhcp ranges=10.0.0.100-10.0.0.254,10.0.0.1-10.0.0.254
by anav
Sun Nov 17, 2024 3:27 pm
Forum: General
Topic: Need a second pair of eyes
Replies: 7
Views: 814

Re: Need a second pair of eyes

Grasping at straws myself.. 1A. Lets clean up DNS a bit. From /ip dhcp-server network add address=10.0.0.0/23 comment=defconf dns-server=10.0.0.21,1.1.1.1,8.8.8.8 \ gateway=10.0.0.1 netmask=23 TO: /ip dhcp-server network add address=10.0.0.0/23 comment=defconf dns-server=10.0.0.1 gateway=10.0.0.1 (n...
by anav
Sun Nov 17, 2024 3:07 pm
Forum: Beginner Basics
Topic: Unable to access network share over Wireguard
Replies: 13
Views: 1228

Re: Unable to access network share over Wireguard

Your post has nothing to do with this thread, start a NEW thread.
a. post network diagrams
b. complete config /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
by anav
Sun Nov 17, 2024 5:32 am
Forum: General
Topic: Separate YouTube, Facebook, Instagram, and Netflix traffic or IPs (CDN of ISP)
Replies: 9
Views: 549

Re: Seprate YouTube, Facebook, Instagram, and Netflix traffic or IPs (CDN of ISP)

Cannot be done with Mikrotik routers. You would need very expensive routers and then pay a subscription fee on top, for that IDS/IDP service on the router.
by anav
Sun Nov 17, 2024 5:31 am
Forum: General
Topic: Need a second pair of eyes
Replies: 7
Views: 814

Re: Need a second pair of eyes

1. First try rebooting the router. 2. Everything looks good so far, did you enter in netmask manually or did it simply popup?? Go back and re-enter this 10.0.0.0/24 for address dns-server=10.0.0.21,1.1.1.1,8.8.8.8 and gateway=10.0.0.1 and ensure netmask is not filled in ( then hit apply ) 3. Remove ...
by anav
Sun Nov 17, 2024 5:13 am
Forum: General
Topic: Wireguard/RouterOS issue
Replies: 7
Views: 471

Re: Wireguard/RouterOS issue

Like this? Forgive me if i'm totally wrong lol /ip firewall nat add action=masquerade chain=srcnat comment="WG masquerade" in-interface=wg0 Thanks for the guess. That a wild assed stab at nothing. Remove that line if entered. THe traffic is from client 10.88.0.2 to the router and is setup...
by anav
Sun Nov 17, 2024 5:12 am
Forum: General
Topic: Wireguard/RouterOS issue
Replies: 7
Views: 471

Re: Wireguard/RouterOS issue

1. No pool / dhcp-server / dhcp-server network for BASE VLAN? 2. Modify some rules......... ( + remove connection-state=new, not required) add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes add action=accept chain=...
by anav
Sat Nov 16, 2024 10:39 pm
Forum: Beginner Basics
Topic: Troubles with configuring hairpin NAT
Replies: 7
Views: 749

Re: Troubles with configuring hairpin NAT

1. Your approach to Bridge and VLANs is incorrect. - ASSIGN all vlans to interface bridge. - ASSIGN all vlans addresses - Add bridge ports/wlans - Add bridge vlan IDs DO NOT assign any subnets to bridge, its unnecessary and adds confusion /interface vlan add interface=bridge-lan name=HomeLAN vlan-id...
by anav
Sat Nov 16, 2024 10:37 pm
Forum: Beginner Basics
Topic: port forwarding (stream game server behind mikrotik) confusing
Replies: 9
Views: 745

Re: port forwarding (stream game server behind mikrotik) confusing

Super and my bad on the rule it was supposed to be accept.
add chain=forward action=accept comment="internet traffic in-interface-list=LAN out-interface-list=WAN

Post latest rendition of config and I will relook;
by anav
Sat Nov 16, 2024 10:31 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 11
Views: 1093

Re: Port Forwarding

Based on your feedback and TWO comments 1. DO not use a public IP address to define the servers local subnet. use 192.168 / 172.16. / 10.0.0 but NOT 192.0.0. 2. Also regarding the first mangle rule the correct way, apologies for confusion is to state it like this: /ip firewall mangle { ACCEPT RULES ...
by anav
Sat Nov 16, 2024 10:07 pm
Forum: General
Topic: Dual WAN LTE (Main) + Cable (Secondary) [SOLVED]
Replies: 10
Views: 952

Re: Dual WAN LTE (Main) + Cable (Secondary) [SOLVED]

Understood! 1. modify /interface bridge port add bridge=bridge1 interface=ether5-MGMT pvid=20 TO /interface bridge port add bridge=bridge1 ingress-filtering=yes frame-types=admit-prioirity-and-untagged interface=ether5-MGMT pvid=20 2. Remove this rule, it means nothing. /interface bridge vlan add br...
by anav
Sat Nov 16, 2024 9:56 pm
Forum: General
Topic: VLAN confusion
Replies: 19
Views: 868

Re: VLAN confusion

From my learning experience, I tend to generally (although they are a bit connected ) think of /interface bridge ports as the INGRESS identifier...... /interface bridge vlan as the EGRESS identifier..... MT is unique in its setup but regardless of tools, the /interface bridge port line either has a ...
by anav
Sat Nov 16, 2024 6:45 pm
Forum: General
Topic: SSTP VPN Server questions and best practices? [SOLVED]
Replies: 3
Views: 401

Re: SSTP VPN Server questions and best practices? [SOLVED]

Did you try a non-standard wireguard port like 15678 or even 443 for that matter. I cannot see a cruise ship being that capable of blocking wireguard............
by anav
Sat Nov 16, 2024 6:44 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6813

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

They are probably several cloudflare versions behind in their own account! ;-)
by anav
Sat Nov 16, 2024 3:51 pm
Forum: General
Topic: Dual WAN LTE (Main) + Cable (Secondary) [SOLVED]
Replies: 10
Views: 952

Re: Dual WAN LTE (Main) + Cable (Secondary) [SOLVED]

No POINT in working on config for finesse of routing until fix the main issues! 1. WRONG change to. /interface vlan add interface=bridge1 name=MGMT_VLAN vlan-id= 20 2. IS WRONG, The main point being is that vlans should NOT be identified as bridge ports!! would change from: /interface bridge add fra...
by anav
Sat Nov 16, 2024 3:26 pm
Forum: Beginner Basics
Topic: port forwarding (stream game server behind mikrotik) confusing
Replies: 9
Views: 745

Re: port forwarding (stream game server behind mikrotik) confusing

Were you ever able to port forward games from your ISP, on this or a previous router?? Quick check, do these results provide the same answer. 1. Browser check --> whats my IP = ???? 2. IP cloud check >>> public IP = ??? 3. IP DHCP client if used --->IP address = ??? or Assigned static IP address = ?...
by anav
Sat Nov 16, 2024 3:21 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 50
Views: 3408

Re: Cant get Wireguard client to work

So Sindy, the rule is not a problem if we remove the check-gateway=ping? Or are you saying its still causing issues and its better simply to define the local subnets that need to be reached (old method using dst-address=subnet)
by anav
Sat Nov 16, 2024 3:18 pm
Forum: Beginner Basics
Topic: Difference between two Interface Lists
Replies: 19
Views: 1600

Re: Difference between two Interface Lists

In short once you assign vlans to the bridge, then dont use the bridge for dhcp of any subnets. In terms of interface list members, once the bridge is off the hook and just does bridging, it should not be used on interface list members, BUT all vlans if applicable should be identified as LAN membersl
by anav
Sat Nov 16, 2024 3:15 pm
Forum: General
Topic: 💀⚠️CRITICAL: Never trust who provides scripts containing "/import" from "/tool fetch" from external sources.
Replies: 35
Views: 5051

Re: 💀⚠️CRITICAL: Never trust who provides scripts containing "/import" from "/tool fetch" from external sources.

I am always open to new information, but due to your initial approach, I am closed to any information from you.
Your loss and I guess some folks can't handle the truth. I find honest no BS answers refreshing and they are irrefutable when back up by technical acumen.
by anav
Sat Nov 16, 2024 4:51 am
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 50
Views: 3408

Re: Cant get Wireguard client to work

Good pickup, missed that entirely :-((
by anav
Sat Nov 16, 2024 4:49 am
Forum: General
Topic: Only one Wireguard peer working at a time [SOLVED]
Replies: 8
Views: 5909

Re: Only one Wireguard peer working at a time [SOLVED]

... /32 for wireguard addresses ... For routed links work: # 2024-11-15 16:42:06 by RouterOS 7.12.1 # /interface wireguard peers add allowed-address[color=#008000][b]=10.254.10.34/32,0.0.0.0/0 ... add allowed-address=10.254.10.35/32,0.0.0.0/0 ...[/b][/color] # There is no point in putting 0.0.0.0/0...
by anav
Sat Nov 16, 2024 4:42 am
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6813

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Yeah, that “help” doesn’t do much to stop real DDoS attacks. Pretty sure MT staff mentioned this in the forum too. A must-read for the MT team: ” Distributed denial-of-service (DDoS) protection ” https://www.cloudflare.com/en-ca/network-services/products/magic-transit/ Only pennies every nanosecond...
by anav
Fri Nov 15, 2024 10:55 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6813

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Might be time to try out a frontend like Cloudflare or similar to get rid of the DDoS attacks.
One would think MT would use its own advice --->>>https://help.mikrotik.com/docs/spaces/R ... Protection
OR
realize its crap and remove it from MT Docs.
by anav
Fri Nov 15, 2024 10:47 pm
Forum: General
Topic: RB5009 and VLANs
Replies: 19
Views: 1165

Re: RB5009 and VLANs

Safer way to config device is to take one port off the bridge give it an IP address and then access by changing IPV4 settings on your laptop. /interface ethernet set [ find default-name=ether8 ] name=OffBridge8 /ip address add address=192.168.55./30 interface=OffBridge8 network=192.168.55.0 /interfa...
by anav
Fri Nov 15, 2024 9:24 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6813

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

still laggy and times out, bandaids maybe, no fix!
by anav
Fri Nov 15, 2024 5:16 pm
Forum: Beginner Basics
Topic: port forwarding (stream game server behind mikrotik) confusing
Replies: 9
Views: 745

Re: port forwarding (stream game server behind mikrotik) confusing

The main issue is the WANIP, what is it static or dynamic????? see 6. 1. Get rid of this empty line. /ip dhcp-server network add address=0.0.0.0/24 comment=defconf dns-server=0.0.0.0 gateway=0.0.0.0 netmask=24 add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24 2. You...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 74