Community discussions

MikroTik App

Search found 21609 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 73
by anav
Sun Nov 10, 2024 6:11 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 24
Views: 626

Re: Mikrotik as Wireguard client behind NAT, loosing connection

Got it, but why would the source port change.....
Does not the source port not stay fixed once the wg connection is made?
Or are you taking advantage of thee fact that the source port changes with every actual use of traffic vice just keep alive pings.............
by anav
Sun Nov 10, 2024 4:31 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

Lost as you are............ Going back to basics. Have you ever had a WIREGUARD connection ........ ?? Not that this will make a difference but modify /ip route add check-gateway=ping comment=Recursive disabled=no distance=1 dst-address=\ 0.0.0.0/0 gateway=9.9.9.9 routing-table=main scope=10 \ suppr...
by anav
Sun Nov 10, 2024 4:13 pm
Forum: General
Topic: WireGuard site to site routing help
Replies: 15
Views: 425

Re: WireGuard site to site routing help

Well, That is the purpose of a Mesh topology, a remote device need only connect to one router and should be able to access ALL Lans subnets, and all routers for config purposes. If doing it with single server 3 client routers, one connects to the single server with the remote device and then you can...
by anav
Sun Nov 10, 2024 4:06 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 24
Views: 626

Re: Mikrotik as Wireguard client behind NAT, loosing connection

Okay, lets forget for the moment the potential for the horrific solution with dstnat for now. Sticking to: chain=srcnat protocol=udp src-port=13231 dst-port=13231 src-address-type=local action=src-nat to-ports=40000-59999 I am trying to imagine what this actually does come traffic time or at tunnel ...
by anav
Sun Nov 10, 2024 3:48 pm
Forum: General
Topic: inter vlan routing in CSS 326 24G
Replies: 3
Views: 110

Re: inter vlan routing in CSS 326 24G

Does each router get its own WANIP from an ISP What is the main purpose off each router. If they are in different locations, how can they physically connect to the same switch? Why would users on pppoe router neeed access to subnet on hotspot router? Create a new common subnet on both routers assign...
by anav
Sun Nov 10, 2024 3:45 pm
Forum: General
Topic: ZeroTier Version Upgrade
Replies: 12
Views: 1603

Re: ZeroTier Version Upgrade

I find it hard to understand whey anybody would even attempt to fathom MT thought processes........... By the way its all in the phantom roadmap. ;-)
by anav
Sun Nov 10, 2024 12:38 am
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 24
Views: 626

Re: Mikrotik as Wireguard client behind NAT, loosing connection

So Sindy are you saying that its not a problem with either Router but something at the ISP end. Is it interfering in any specific direction??? The fix is applied on which router? I am having trouble wrapping my head on exactly what this accomplishes post loss of connection..... Specifically, the por...
by anav
Sun Nov 10, 2024 12:33 am
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 12
Views: 359

Re: Configuring wireless on wAP R from zero

Is the upstream router its connected to a Mikrotik Router??
by anav
Sat Nov 09, 2024 9:14 pm
Forum: General
Topic: Periodic connectivity issues to external WinBox
Replies: 14
Views: 396

Re: Periodic connectivity issues to external WinBox

Hello everyone. I have a CHR v. 7.16 configured and in Whitelist I keep my Cloud address of home router). Everything worked fine and config was untouched for quite long time, but suddenly a periodic issue appeared: with whitelist access to Winbox (chain=input action=accept dst-port=8291 src-address...
by anav
Sat Nov 09, 2024 9:07 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 24
Views: 626

Re: Mikrotik as Wireguard client behind NAT, loosing connection

Why why why are you using a FOREIGN term called operators............ It means nothing to me or anyone else. Do you mean operator router = Mikrotik Router OR do you mean operator router = ISP router. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ I am assuming you...
by anav
Sat Nov 09, 2024 8:11 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 8
Views: 264

Re: Cant get Wireguard client to work

Very strange indeed. So you confirm the following a. ip dhcp client has default route=yes? b. with RRules disabled and mangle disabled you go out the local internet (local WAN) no problem? c. while testing b, please attempt to ping the remote address you have entered in 1 below !!! Assuming yes to t...
by anav
Sat Nov 09, 2024 8:02 pm
Forum: Beginner Basics
Topic: Use hap ax lite as access point
Replies: 15
Views: 547

Re: Use hap ax lite as access point

Since I am getting tired of the lack effort and its a 5 minute config from typing from scratch. ASSUMING the single LAN subnet is 192.168.88.0/24 and the MT is assigned 192.168.88.5 /interface bridge add name=bridge /interface list add name=TRUSTED /interface wireless security-profiles set [ find de...
by anav
Sat Nov 09, 2024 7:52 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 24
Views: 626

Re: Mikrotik as Wireguard client behind NAT, loosing connection

1. Please confirm on each router. The WANIP that shows up on IP DHCP client = whats my ip in browser = the public address associated in IP Cloud If A = B = C you are getting a public IP at the MT router If A ≠ B = C you are getting NOT getting a public IP at the MT router 2. Please confirm on each r...
by anav
Sat Nov 09, 2024 7:44 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 24
Views: 626

Re: Mikrotik as Wireguard client behind NAT, loosing connection

It would appear that you are providing contradictory information ( which was also implied earlier ) and hence I asked for some clarification but still confusing. If the router is in a double nat scenario, aka behind the ISP modem/ROUTER or ISP ROUTER, then there is NO WAY the servers are connected d...
by anav
Sat Nov 09, 2024 7:34 pm
Forum: General
Topic: Why DNS servers are knocking port 5678 of pppoe-out1 interface?
Replies: 8
Views: 885

Re: Why DNS servers are knocking port 5678 of pppoe-out1 interface?

Sounds like a good reason to turn it off........ Maybe needed for BTH?
In any case if a hacker can intercept your traffic and mimic being an mt cloud server perhaps its a good VECTOR to close down.
by anav
Sat Nov 09, 2024 7:21 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 24
Views: 626

Re: Mikrotik as Wireguard client behind NAT, loosing connection

PROBLEM: 1. In the previous post I question if you quality for wireguard as you MAY not have an accessible public IP. 2. IF NOT, then an alternative in certain situations is BACK to HOME VPN, for some reason I didnt notice this before but in your peer Server router for handshake the following: /inte...
by anav
Sat Nov 09, 2024 7:19 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 24
Views: 626

Re: Mikrotik as Wireguard client behind NAT, loosing connection

Okay normal wireguard will ONLY work if at least one of the ends of your connection has an accessible public IP. This needs to be the peer Server router for handshake. Accessible means that, if the MT router does not get a public IP, then the ISP router in front of it, MUST a. get a public, AND b. c...
by anav
Sat Nov 09, 2024 4:39 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 8
Views: 264

Re: Cant get Wireguard client to work

1. RRules
a. disable all mangles
b. change routing rules to the following

/routing rule
add action=lookup-only-in-table min-prefix=0 table=main comment="permits local traffic"
add action=lookup-only-in-table src-address=192.168.188.0/24 table=rtab-wg
by anav
Sat Nov 09, 2024 4:37 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 8
Views: 264

Re: Cant get Wireguard client to work

The reason I state this is because your router FIRST has to establish the tunnel with the other end............. then wireguard traffic can flow. If there is no route, then the tunnel will never happen......... Since you are getting internet locally it must exist.. ... Screenshot 2024-11-09 103534.p...
by anav
Sat Nov 09, 2024 3:41 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 8
Views: 264

Re: Cant get Wireguard client to work

What are you connecting to
a. a third party server?
b. another MT router?

You dont need to BOTH mangle and use Routing Rules...... one or the other.
Assuming that you have selected default route in IP DHCP client?
by anav
Sat Nov 09, 2024 2:56 pm
Forum: General
Topic: WireGuard site to site routing help
Replies: 15
Views: 425

Re: WireGuard site to site routing help

Yikes, I use no wizards, just do it manually LOL, and normally for keys one just puts "++++++" or something never the real keys. Okay that gives me a bit of a sense of what you are doing. Interesting, in 4 router scenario, its rare to have each one have a public IP. Normally its one, so wh...
by anav
Sat Nov 09, 2024 2:21 pm
Forum: General
Topic: Mikrotik as Wireguard client behind NAT, loosing connection
Replies: 24
Views: 626

Re: Mikrotik as Wireguard client behind NAT, loosing connection

1. Lack of firewall rules would likely NOT be the issue. 2. Not that this is a problem but recommend change this on allowed IPs on your peer client router....... so that you as a remote admin can access your peer Client router when away from both routers. /interface wireguard peers add allowed-addre...
by anav
Sat Nov 09, 2024 3:58 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

The only thing that proves is that you cannot hook up a dumb device (laptop) and get traffic from a trunk port.......... Ether3 is going to the switch and thus cannot be terminated on a laptop. Sure you may have changed the /interface bridge port settings, but did you change the /interface bridge vl...
by anav
Fri Nov 08, 2024 10:00 pm
Forum: General
Topic: RoS 7 problem connecting remotely with 3 pppoe wans
Replies: 8
Views: 675

Re: RoS 7 problem connecting remotely with 3 pppoe wans

Okay once its all implemented............
Tell me what works and what doesnt, any improvment?
Plus of course the latest config........
by anav
Fri Nov 08, 2024 9:24 pm
Forum: Beginner Basics
Topic: WAN port belongs to two VLANs [SOLVED]
Replies: 10
Views: 368

Re: WAN port belongs to two VLANs [SOLVED]

What you are asking for is impossible. EITHER the students are on their own VLAN and subnet getting dhcp from the mikrotik and have no direct connection or need to use 2940, OR they are vlan2940 getting dhcp from the upstream router. and are connected directly to 2940 It cannot be both!! Also, since...
by anav
Fri Nov 08, 2024 9:00 pm
Forum: Beginner Basics
Topic: WAN port belongs to two VLANs [SOLVED]
Replies: 10
Views: 368

Re: WAN port belongs to two VLANs [SOLVED]

What you have to understand. A. What I provided ( acting like a router, students on isolated LAN ) if the VLAN2940 is for the router to get a WANIP, that works. behind the other router we can setup a LAN that is not related and simply uses the connection to go out the internet the management vlan is...
by anav
Fri Nov 08, 2024 8:55 pm
Forum: Beginner Basics
Topic: WAN port belongs to two VLANs [SOLVED]
Replies: 10
Views: 368

Re: WAN port belongs to two VLANs [SOLVED]

I just noticed you put the dhcp client on the vlan2904 which is not the management VLAN. Is this a typo and should have been set to VLAN1000? Nope, just following the directions given. You clearly stated that the ROUTER, the MT should get its IP address on this VLAN and thus the students get intern...
by anav
Fri Nov 08, 2024 8:51 pm
Forum: General
Topic: 5WAN_PCC very slow speed internet or no internet
Replies: 7
Views: 278

Re: 5WAN_PCC very slow speed internet or no internet

Since you refuse to answer clear questions, I will defer and let others help. ( I cannot say whether to delete or modify since you have not explained their purpose - unable to advise )
Good luck!
by anav
Fri Nov 08, 2024 8:49 pm
Forum: General
Topic: WireGuard site to site routing help
Replies: 15
Views: 425

Re: WireGuard site to site routing help

Yes, they are all peers once a connection has been established........ but generally speaking the router acting as server for handshake will have the udp port open on the input chain for example. Are you saying all routers have public IPs and open UDP ports for wireguard?? Can you post wireguard set...
by anav
Fri Nov 08, 2024 6:13 pm
Forum: Beginner Basics
Topic: WAN port belongs to two VLANs [SOLVED]
Replies: 10
Views: 368

Re: WAN port belongs to two VLANs [SOLVED]

Be advised, you wont be able to make any changes to this router since we are locking it down to only the Management VLAN coming in on ether1 !! If you require other access best stated from where........... Also how are management going to access this device, via WINBOX.................. need to know...
by anav
Fri Nov 08, 2024 6:02 pm
Forum: General
Topic: 5WAN_PCC very slow speed internet or no internet
Replies: 7
Views: 278

Re: 5WAN_PCC very slow speed internet or no internet

1. I dont check third party sites for the config they used, I am only interested in your config. :-) ( each scenario is different as everyone has different requirements ) 2. So are you saying you have no idea what the first two set of mangle rules are used for??? 3. Does your provider with the 5 wan...
by anav
Fri Nov 08, 2024 5:51 pm
Forum: General
Topic: perca de pacote rede interna
Replies: 3
Views: 133

Re: perca de pacote rede interna

If your business is facing critical disruptions, the best thing for you to do is call for paid help to get quickest resolution ---> https://mikrotik.com/consultants That is what a real IT admin would do if they are NOT knowledgeable on MT, OR are knowledgeable and still cannot find the source of the...
by anav
Fri Nov 08, 2024 4:29 pm
Forum: Beginner Basics
Topic: WAN port belongs to two VLANs [SOLVED]
Replies: 10
Views: 368

Re: WAN port belongs to two VLANs [SOLVED]

Understood, just trying to figure out how to use the management VLAN properly, the rest as you wish is very doable.
Typically the IP address given to the device is on the management vlan.
by anav
Fri Nov 08, 2024 4:26 pm
Forum: Beginner Basics
Topic: does RB5009UG support MSTP protocol?
Replies: 4
Views: 274

Re: does RB5009UG support MSTP protocol?

On the bridge interface ( its in RoS, not hardware specific ) is the STP tab. Check out protocol mode here and scroll down to read about bridge Spanning Tree Protocol ---> https://help.mikrotik.com/docs/spaces/ROS/pages/328068/Bridging+and+Switching Check out general spanning tree protocol page --> ...
by anav
Fri Nov 08, 2024 2:40 pm
Forum: Beginner Basics
Topic: Unable to access network share over Wireguard
Replies: 11
Views: 498

Re: Unable to access network share over Wireguard

Thats good news!!,
If you want to clean up the rest of the config, feel free to ask about any specific part of the comments.
by anav
Fri Nov 08, 2024 2:38 pm
Forum: Beginner Basics
Topic: Help me with port forwarding troubleshooting
Replies: 8
Views: 277

Re: Help me with port forwarding troubleshooting

I have 0 (Zero) firewall rules. That means, that everything is open (allow). Right? I understand, that eventually I'll need to close / limit few things, but i'm ok to have everything open while troubleshooting. Right? Depends, is your device connected directly to the internet and not behind an ISP ...
by anav
Fri Nov 08, 2024 2:34 pm
Forum: General
Topic: 5WAN_PCC very slow speed internet or no internet
Replies: 7
Views: 278

Re: 5WAN_PCC very slow speed internet or no internet

1. Remove all WAN bridges, not required. 2. None of the WANs have a reachable public IP??? no need to use back to home VPN if you have an accessible public IP. 3. The actual use of a bridge would be to assign all vlans to Bridge-Loop Bridge ports would consist of ether3, and ether4 and correct me if...
by anav
Fri Nov 08, 2024 5:01 am
Forum: General
Topic: WireGuard site to site routing help
Replies: 15
Views: 425

Re: WireGuard site to site routing help

Wireguard is very flexible anything is possible..........

Which of the four routers is the peer Server for handshake??
by anav
Fri Nov 08, 2024 4:59 am
Forum: General
Topic: RoS 7 problem connecting remotely with 3 pppoe wans
Replies: 8
Views: 675

Re: RoS 7 problem connecting remotely with 3 pppoe wans

I was hoping for something bigger, but it will do. Will try to get to this tomorrow as I have some research to do on the cloud stuff. ---> see above post!!! It would appear that each VLAN is to only use one particluar WAN All external arriving special traffic is only to use WAN1 ( vpns etc.) As for ...
by anav
Fri Nov 08, 2024 12:37 am
Forum: General
Topic: RoS 7 problem connecting remotely with 3 pppoe wans
Replies: 8
Views: 675

Re: RoS 7 problem connecting remotely with 3 pppoe wans

Sorry, very busy these days. If you fly me to Greece, assistance can be hands on. :-) 1. I thing we can agree clarity in the config helps so I prefer to identify each port...... and use proper VLAN rules.. and also add comments if necessary /interface bridge port add bridge=bridge_main ingress-filte...
by anav
Fri Nov 08, 2024 12:31 am
Forum: Beginner Basics
Topic: Mikrotik as OpenVPN client routing all VPN connection through wlan
Replies: 3
Views: 185

Re: Mikrotik as OpenVPN client routing all VPN connection through wlan

What I meant is that for MOST VPNs, one end must have access to a public IP at least at one end of the connection. The purpose of this is so that the peer SERVER can be reached by all users, be they from individual devices (laptop/smartphone) or from individuals behind another remote router. A stati...
by anav
Fri Nov 08, 2024 12:26 am
Forum: General
Topic: Towards Optimization of Production Firewall Rules
Replies: 13
Views: 568

Re: Towards Optimization of Production Firewall Rules

Instead of couching the requirements in vague terms be clear. You want the router to have the ability to 'sense' changes in traffic flow and react accordingly. Although there may be some rudimentary things one can do in logging and and then reading those logs and attempt to modify existing rules on ...
by anav
Fri Nov 08, 2024 12:18 am
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 17
Views: 868

Re: VLANs - there has to be a simpler way!

Cry me a river........... I am well aware of AI and how important it is and the impact it will have especially in the battlespace domain. Basically any decision making that requires analyzing large chunks of data no matter how disparate, at near or at real-time, gives a competitive advantage to thos...
by anav
Thu Nov 07, 2024 11:00 pm
Forum: General
Topic: Towards Optimization of Production Firewall Rules
Replies: 13
Views: 568

Re: Towards Optimization of Production Firewall Rules

"In most cases not significantly enough to warrant the loss of throughput by all the rules......... In other words throughput is directly affected by the number of firewall rules, so first things first, be LEAN." Is that a straw man argument? No worries, I only deal in practical advice, i...
by anav
Thu Nov 07, 2024 10:56 pm
Forum: Beginner Basics
Topic: Mikrotik as OpenVPN client routing all VPN connection through wlan
Replies: 3
Views: 185

Re: Mikrotik as OpenVPN client routing all VPN connection through wlan

As long as one of the MT devices gets a public IP, or an ISP router its attached to can
a. get a public IP
b. forward a port to the MT device,
Its doable.
However I only know how to do so using wireguard.
by anav
Thu Nov 07, 2024 10:54 pm
Forum: Beginner Basics
Topic: Issue with Ping and Local Access Configuration for MikroTik over VPN with WireGuard and ExpressVPN
Replies: 1
Views: 303

Re: Issue with Ping and Local Access Configuration for MikroTik over VPN with WireGuard and ExpressVPN

NO clue as to what your network looks like? Can you provide a detailed diagram. When you say express VPN, thats a third party service, so not sure how you are hosting a third party vpn server?? (The idea is that you could be an express client for this unnamed type of VPN ) either on a PC, or the rou...
by anav
Thu Nov 07, 2024 9:56 pm
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 17
Views: 868

Re: VLANs - there has to be a simpler way!

No one here is interested in looking at chat GPT outputs. What is in your interest is to put in the work to generate what you think is your best effort. Try to understand what each line in the config SAYS, and its purpose. Learning, is not done through bypassing the use of ones synapses Perhaps in v...
by anav
Thu Nov 07, 2024 9:54 pm
Forum: General
Topic: Towards Optimization of Production Firewall Rules
Replies: 13
Views: 568

Re: Towards Optimization of Production Firewall Rules

Do you have a new question???
by anav
Thu Nov 07, 2024 9:53 pm
Forum: Beginner Basics
Topic: Use hap ax lite as access point
Replies: 15
Views: 547

Re: Use hap ax lite as access point

Post what you come up with for review
by anav
Thu Nov 07, 2024 9:52 pm
Forum: Beginner Basics
Topic: Possibility to, within fw, group services in lists?
Replies: 2
Views: 148

Re: Possibility to, within fw, group services in lists?

Nope the best you can hope for is on any given rule portX,portY,portAA etc........
If you are lucky its in contiguous ranges dst-port=1556-1695
by anav
Thu Nov 07, 2024 9:50 pm
Forum: Beginner Basics
Topic: WAN port belongs to two VLANs [SOLVED]
Replies: 10
Views: 368

Re: WAN port belongs to two VLANs [SOLVED]

It sounds like what you are saying is that whatever MT device you have in place, it will strictly be acting as a switch. Please let us know your device and by the way this is perfectly doable........ The vlan 1000 is strictly a management vlan so that the switch can get assigned an IP address termin...
by anav
Thu Nov 07, 2024 8:31 pm
Forum: Beginner Basics
Topic: From old AirPort Express to cAP
Replies: 14
Views: 1212

Re: From old AirPort Express to cAP

TRUEDAT......... okay then keeping the capac as an AP/switch is the smart way to go...............cant help you if you want to make it a router................. the only reason to use it as a router is if you needed separate subnets and most likely vlans to go out the wifi.
by anav
Thu Nov 07, 2024 7:33 pm
Forum: Beginner Basics
Topic: From old AirPort Express to cAP
Replies: 14
Views: 1212

Re: From old AirPort Express to cAP

Okay I understand my misunderstandings..... Firstly: I assumed you had a capAC, but it would appear you have a CAP ONLY. Please confirm!!! It only has one port and that is a 10/100 based port. In addition acting as a router, its throughput would actually be less than 100Mbps based on having 25 filte...
by anav
Thu Nov 07, 2024 6:16 pm
Forum: Beginner Basics
Topic: Unable to access network share over Wireguard
Replies: 11
Views: 498

Re: Unable to access network share over Wireguard

Based on your feedback, I dont think there is anything I can add.
Hopefully others have more input.
Good luck!
by anav
Thu Nov 07, 2024 5:58 pm
Forum: General
Topic: Issues with bandwidth [SOLVED]
Replies: 19
Views: 717

Re: Issues with bandwidth [SOLVED]

If using the switch as a router, expect no faster than approx 200Mbps traffic to/fro internet.
You are not using fastrack or other firewall rules that may help increase the throughput.
by anav
Thu Nov 07, 2024 4:38 pm
Forum: Beginner Basics
Topic: Unable to access network share over Wireguard
Replies: 11
Views: 498

Re: Unable to access network share over Wireguard

As to windows shares, no idea. There is no windows share identifier or functionality withing RoS, that I am aware of. Seems like a window OS issue.
by anav
Thu Nov 07, 2024 4:34 pm
Forum: Beginner Basics
Topic: Unable to access network share over Wireguard
Replies: 11
Views: 498

Re: Unable to access network share over Wireguard

The advice is to properly config the router and make it secure as well as address any wireguard issues.... 1. Okay so the idea is you are trying to reach the USB held files.......... Well how do you propose to reach the files if the USB port has no identification path for the router to use ( ip addr...
by anav
Thu Nov 07, 2024 3:51 pm
Forum: General
Topic: Unable to log in to Winbox via Wireguard [SOLVED]
Replies: 3
Views: 206

Re: Unable to log in to Winbox via Wireguard [SOLVED]

"It turned out I forgot to open the ports on the VPS server"

Makes sense, as there was nothing seriously preventing it on the router side, nonetheless, one can always improve (cleanup) their config.
by anav
Thu Nov 07, 2024 1:37 pm
Forum: Beginner Basics
Topic: Unable to access network share over Wireguard
Replies: 11
Views: 498

Re: Unable to access network share over Wireguard

RULES THAT MAKE NO SENSE 1. If you are attempting FTP for example, the input chain is NOT used for this....... One uses the dstnat chain. One rule is used in the forward chain to allow port forwarding in general. add action=accept chain=input dst-port=21 in-interface-list=WAN log=yes \ log-prefix=&q...
by anav
Thu Nov 07, 2024 1:24 pm
Forum: Beginner Basics
Topic: Filter by IP address list
Replies: 2
Views: 166

Re: Filter by IP address list

Use cases please, will give us some context.
by anav
Thu Nov 07, 2024 1:22 pm
Forum: General
Topic: 1 Packet over Multiple Routs?
Replies: 14
Views: 1098

Re: 1 Packet over Multiple Routs?

Okay either I have to travel to UTAH or we get together on (take your pic skype/discord/teams) to discuss those very configs........... Use case: seamless failover between two WANS on the ground site, using CHR as the public IP hitting the internet. EOIP within wireguard. Trying to do better than ch...
by anav
Thu Nov 07, 2024 1:17 pm
Forum: General
Topic: Towards Optimization of Production Firewall Rules
Replies: 13
Views: 568

Re: Towards Optimization of Production Firewall Rules

Personally I tend to avoid the ! matchers ... yes, they can be useful, but when one starts combining multiple "NOT" criteria, they are a bit counterintuitive and thus prone for errors. Or if one wants to have multiple rules with similar matchers, the only difference being the "NOT&qu...
by anav
Thu Nov 07, 2024 1:15 pm
Forum: General
Topic: how to block youtube shorts?
Replies: 10
Views: 436

Re: how to block youtube shorts?

The first and only answer required = NO
The second response = education
The third response = discipline, Not as punishment infabo but as in will power ;-)
by anav
Thu Nov 07, 2024 1:35 am
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 14
Views: 1791

Re: Issue with Wireguard - Connected but no traffic

Home........ 1. On the Peer Server one identifes the peer client by single IP address at the allowed IPs settings!....so should be. /interface wireguard peers add allowed-address=10.20.30 .2/32 172.16.46.0/24 comment="remote router" interface=WG-Home name=peer1 public-key="KEY" 2...
by anav
Thu Nov 07, 2024 1:28 am
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 14
Views: 1791

Re: Issue with Wireguard - Connected but no traffic

Perstorp CLient Peer for handshake. 1. Keep the Network/Subnet in wireguard consistent so modify this /ip address add address=10.20.30.2/ 30 interface=WG-Perstorp network=10.20.30.0 TO: /ip address add address=10.20.30.2/ 29 interface=WG-Perstorp network=10.20.30.0 2. Firewall rules need work, for s...
by anav
Thu Nov 07, 2024 1:17 am
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 14
Views: 1791

Re: Issue with Wireguard - Connected but no traffic

Sorry dont always get back to posts................... dangers of not being paid LOL
by anav
Wed Nov 06, 2024 10:51 pm
Forum: Beginner Basics
Topic: VLan Setup DHCP issues
Replies: 1
Views: 222

Re: VLan Setup DHCP issues

/export file=anynameyouwish ( miinus router serial number, any public WANIP information, keys etc....) dont work with snippets, and this. /interface bridge port add bridge=bridge interface=ether2 pvid=172 add bridge=bridge interface=ether3 pvid=10 add bridge=bridge interface=ether4 pvid=10 add bridg...
by anav
Wed Nov 06, 2024 10:43 pm
Forum: Beginner Basics
Topic: Unable to access network share over Wireguard
Replies: 11
Views: 498

Re: Unable to access network share over Wireguard

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )

Also, do you have any Servers on the LAN
Single or dual wan and if dual wan how are they suppposed to be used........
by anav
Wed Nov 06, 2024 7:21 pm
Forum: General
Topic: Towards Optimization of Production Firewall Rules
Replies: 13
Views: 568

Re: Towards Optimization of Production Firewall Rules

In most cases not significantly enough to warrant the loss of throughput by all the rules......... In other words throughput is directly affected by the number of firewall rules, so first things first, be LEAN.
by anav
Wed Nov 06, 2024 7:18 pm
Forum: General
Topic: 1 Packet over Multiple Routs?
Replies: 14
Views: 1098

Re: 1 Packet over Multiple Routs?

Interesting!! Be cool for the sirbryan to conduct single router to single router tests of this tech, comparing zerotier to wireguard performance.........
by anav
Wed Nov 06, 2024 7:17 pm
Forum: Beginner Basics
Topic: From old AirPort Express to cAP
Replies: 14
Views: 1212

Re: From old AirPort Express to cAP

Please post your latest complete config and I will have a look.
by anav
Wed Nov 06, 2024 7:15 pm
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 17
Views: 1103

Re: Trying to wrap my head around VLANs

hahaha......... listen if you only need two subnets, nothing wrong with one bridge and one separate subnet or two separate subnets and no bridge. But if you choose any of the above, you are denying yourself the satisfaction of using vlans, and the sense of accomplishment and the ability to lord such...
by anav
Wed Nov 06, 2024 5:39 pm
Forum: General
Topic: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?
Replies: 25
Views: 5873

Re: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?

Basically, the whole thread should be in a MS forum, not an MT forum.........
by anav
Wed Nov 06, 2024 5:13 pm
Forum: Beginner Basics
Topic: how to connect to site to site vpn from back to home vpn
Replies: 5
Views: 546

Re: how to connect to site to site vpn from back to home vpn

I havent used the back to home app on my IOS, because I dont need it and yes its designed for BTH. I use WIREGUARD APP itself, and enter in the wireguard parameters as required. I use the MT IOS App to then config the router. PS. It was already clear that the two routers are at two diff locations wi...
by anav
Wed Nov 06, 2024 5:12 pm
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 17
Views: 1103

Re: Trying to wrap my head around VLANs

I just want to say that I have never been able to get a useful environment using VLANs. I’ve read the always-recommend post here, reads tons of other articles, watched videos and there is nothing that explains it and instructs in their construction clearly enough. I don’t know why, and I can’t sugg...
by anav
Wed Nov 06, 2024 5:10 pm
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 17
Views: 1103

Re: Trying to wrap my head around VLANs

I worked for 5 years with Mikrotik daily and didn't mnage to grasp VLAN. I have had a 5 year hiatus and then recently only after learning and implementing Cisco VLAN have I gone back over MikroTik VLAN in order to get it right. It's not the same but the difference was I understood the concepts bett...
by anav
Wed Nov 06, 2024 5:08 pm
Forum: Beginner Basics
Topic: Why is there no decent security on FTP Server on MK?
Replies: 22
Views: 691

Re: Why is there no decent security on FTP Server on MK?

OR....... continue to push a wet noodle up a straw............
by anav
Wed Nov 06, 2024 5:06 pm
Forum: Beginner Basics
Topic: Load balance between ether and wlan
Replies: 2
Views: 153

Re: Load balance between ether and wlan

You cannot combine two WAN inputs so that one session splits up their packets between the two to get the aggregate speed. What you can do is load balance between them so making the entire throughput available for users. Any one session, cannot use throughput greater than the max of one of the WAN co...
by anav
Wed Nov 06, 2024 1:26 pm
Forum: Beginner Basics
Topic: Problem with failover to backup ISP [SOLVED]
Replies: 10
Views: 471

Re: Problem with failover to backup ISP [SOLVED]

All as expected, check-ping basically attempts two pings every10 seconds to decide if the route is available...............
by anav
Wed Nov 06, 2024 1:24 pm
Forum: Beginner Basics
Topic: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+
Replies: 6
Views: 297

Re: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+

To add to mkx. On each device, take an unused port. Remove if from the bridge ( aka not on /interface bridge ports ). Add an address and ensure its on your TRUSTED or LAN interface list as a member /interface ethernet set [ find default-name=ether5 ] name=OffBridge5 /ip address add address=192.168.5...
by anav
Wed Nov 06, 2024 1:20 pm
Forum: Beginner Basics
Topic: Is my hAP ac broken?
Replies: 9
Views: 396

Re: Is my hAP ac broken?

Could be your config, but since you didnt post it, who can say.
by anav
Wed Nov 06, 2024 1:18 pm
Forum: General
Topic: VLAN PROBLEM
Replies: 7
Views: 389

Re: VLAN PROBLEM

My recommendations stand, you switched configs many times and went in several different directions.
Start from scratch and do only the basic networking and vlans with basic firewall rules.
Once up and running we can add in layers.
by anav
Wed Nov 06, 2024 1:14 pm
Forum: General
Topic: Unable to log in to Winbox via Wireguard [SOLVED]
Replies: 3
Views: 206

Re: Unable to log in to Winbox via Wireguard [SOLVED]

probably because you dont understand the rules you are using.... seems like your through crap on the wall hoping something would stick. 1. When you create the IP address for wireguard, the router automatically creates a rule add dst-address=192.168.12.0/24 interface=wireguard1 routing-table=main so ...
by anav
Wed Nov 06, 2024 12:47 pm
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 17
Views: 868

Re: VLANs - there has to be a simpler way!


wink indeed!
1) You do not use VLAN1
2) You DO NOT use VLAN1
3) You do not use Quickset
4) You do not use detect internet
5) Dont listen to jacklaz until his list is complete
6)...
:lol:
by anav
Wed Nov 06, 2024 5:52 am
Forum: Beginner Basics
Topic: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+
Replies: 6
Views: 297

Re: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+

If you are not using vlans why do you need a ccr2004 and a csr328 ??? Its like buying a ferrari, to simply drive your kids to school in a 15mph zone.
by anav
Wed Nov 06, 2024 12:55 am
Forum: Beginner Basics
Topic: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+
Replies: 6
Views: 297

Re: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+

There should be no need to use a bridge on the router for the WAN connection on a single port. Also assuming your using vlans did you read this guide....... ------> https://forum.mikrotik.com/viewtopic.php?t=143620 Post your confiig for both devices. /export file=anynameyouwish ( minus device serial...
by anav
Wed Nov 06, 2024 12:30 am
Forum: Beginner Basics
Topic: Route Wireguard traffic through specific WAN interface [SOLVED]
Replies: 14
Views: 7036

Re: Route Wireguard traffic through specific WAN interface [SOLVED]

well cannot read your mind, if you need an explanation or help.
draw a diagram
describe the wan situation
provide the complete config minus sensitive information
by anav
Wed Nov 06, 2024 12:24 am
Forum: Beginner Basics
Topic: hAP AC - Setup repeater with partial wireguard traffic
Replies: 6
Views: 858

Re: hAP AC - Setup repeater with partial wireguard traffic

No worries, the only automagic created routes are those from the IP address part of the config.
Or if you have selected use default route in IP DHCP Client settings.
by anav
Wed Nov 06, 2024 12:21 am
Forum: General
Topic: wAP coverage -- picture included
Replies: 37
Views: 1532

Re: wAP coverage -- picture included

Sweet!
by anav
Tue Nov 05, 2024 11:31 pm
Forum: General
Topic: VLAN PROBLEM
Replies: 7
Views: 389

Re: VLAN PROBLEM

I would go further, your config is so confused its a wonder anything works. Certainly it does not seem you have read the vlan bible ---> https://forum.mikrotik.com/viewtopic.php?t=143620 as your /interface bridge vlans are nonsensical! As noted above, it incomprehensible that you assign different su...
by anav
Tue Nov 05, 2024 10:09 pm
Forum: General
Topic: wAP coverage -- picture included
Replies: 37
Views: 1532

Re: wAP coverage -- picture included

What did your research find............. I would hazard a guess that dual band antennas need four connectors, so the best you can hope for is single band sector antennas.
by anav
Tue Nov 05, 2024 2:59 pm
Forum: Beginner Basics
Topic: Why is there no decent security on FTP Server on MK?
Replies: 22
Views: 691

Re: Why is there no decent security on FTP Server on MK?

MT does not deal in file services, that is the realm of FTP program or the operating OS, windows, mac etc............ and where it should reside.
by anav
Tue Nov 05, 2024 2:57 pm
Forum: Beginner Basics
Topic: Problem with failover to backup ISP [SOLVED]
Replies: 10
Views: 471

Re: Problem with failover to backup ISP [SOLVED]

Confusing words............ Lookiing at your config......... /ip dhcp-client add add-default-route=no comment=defconf interface=ether1 add add-default-route=no comment=backup interface=ether2 a. based on the above, the router didnt create any default routes. b. if they had created them, they dont sh...
by anav
Tue Nov 05, 2024 2:20 pm
Forum: Beginner Basics
Topic: Why is there no decent security on FTP Server on MK?
Replies: 22
Views: 691

Re: Why is there no decent security on FTP Server on MK?

Security on FTP is baked into whatever FTP software you are using in other words did you mean SFTP ??? ( and even SSH isnt the greatest protocol )
As noted plain FTP or hosting game servers these days is actually a dumb idea, begging to be hacked and will be hacked.
by anav
Tue Nov 05, 2024 2:17 pm
Forum: Beginner Basics
Topic: Problem with failover to backup ISP [SOLVED]
Replies: 10
Views: 471

Re: Problem with failover to backup ISP [SOLVED]

You have too many routes LOL /ip route add check-gateway=ping comment=ISP1 dst-address=0.0.0.0/0 gateway=8.8.8.8 routing-table=main scope=10 target-scope=12 add dst-address=8.8.8.8/32 gateway=192.168.100.100 routing-table=main scope=10 target-scope=11 ++++++++++++++++++++ add check-gateway=ping dist...
by anav
Tue Nov 05, 2024 2:10 pm
Forum: Beginner Basics
Topic: how to connect to site to site vpn from back to home vpn
Replies: 5
Views: 546

Re: how to connect to site to site vpn from back to home vpn

The answer to your dilemma is easy. REMOVE any back to home nonsense. Since you have public IPs at the MT, you use NORMAL wireguard. All your remote devices will connect to the MT Router without issue using normal wireguard. You will then be more able to move the incoming wireguard users into the VP...
by anav
Tue Nov 05, 2024 2:06 pm
Forum: Beginner Basics
Topic: Load balancing from the same ISP
Replies: 7
Views: 271

Re: Load balancing from the same ISP

Based on the first point you have two choices. - Max 1gb bridged connection, MT gets the public IP. - Max 4x1gb connection ( four lan ports, into four WAN ports on MT) you get 4gb total throughput via private IPs from ISP modem/router. As noted you dont have the right router to handle this load........
by anav
Tue Nov 05, 2024 1:59 pm
Forum: General
Topic: Wireguard peer responder clarification
Replies: 15
Views: 1368

Re: Wireguard peer responder clarification

Well then, its very confusing........... on that we can agree.
by anav
Tue Nov 05, 2024 4:28 am
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 17
Views: 868

Re: VLANs - there has to be a simpler way!

Assuming your home subnet is 192.168.10.0/24 and is identified as vlan10 and the guest network is identified as vlan20. The IP address given to the cap is 192.168.10.5 cap /interface bridge add ingress-filtering=no name=bridgecap vlan-filtering=no /interface ethernet set [ find default-name=ether2 ]...
by anav
Tue Nov 05, 2024 4:11 am
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 17
Views: 868

Re: VLANs - there has to be a simpler way!

Interesting advice on the avoidance of learning how to use vlans.....................

Post both configs
/export file=anynameyouwish ( minus router serial number, any public WANIP info, keys etc.)

PS, there are no firewall rules on my cap with vlans.
by anav
Tue Nov 05, 2024 12:10 am
Forum: General
Topic: wAP coverage -- picture included
Replies: 37
Views: 1532

Re: wAP coverage -- picture included

Yup, not a wifi techie, so sure you have to ensure compatibility of antenna with available connectors. Who woulda thunk it.......... an antenna with two connectors.................... I must be clairvoyant.......... https://mikrotik.com/product/mant_lte_5o The only advantage of europe is that they h...
by anav
Tue Nov 05, 2024 12:08 am
Forum: Beginner Basics
Topic: VLAN assignments by DHCP ARP table on a single hAP ax³ home network
Replies: 1
Views: 163

Re: VLAN assignments by DHCP ARP table on a single hAP ax³ home network

Here is the bible on assigning vlans - https://forum.mikrotik.com/viewtopic.php?t=143620 Easiest approach in the forward chain of firewall rules is to put a drop all else rule at the end and then above that you only need to add traffic you want to ALLOW/ACCEPT, after the default rules but before the...
by anav
Mon Nov 04, 2024 11:51 pm
Forum: Beginner Basics
Topic: From old AirPort Express to cAP
Replies: 14
Views: 1212

Re: From old AirPort Express to cAP

As was stated, we understand your request, the problem is you dont understand how basic networking functions.............. If you want all to be on the same network........... then do the following. Otherwise, suggesting on the main router to create a separate subnet, best done through vlans. /inter...
by anav
Mon Nov 04, 2024 11:33 pm
Forum: General
Topic: wAP coverage -- picture included
Replies: 37
Views: 1532

Re: wAP coverage -- picture included

First ---> Decide if you want OMNI antennal (360deg), sector antenna 90/110/120/140 degrees, point to point antenna ( narrow sector) Second --> Figure out what type of connectors does the device have............... Third --> Google BEST wifi/wisp antennas 2024, with connectors of type Y, with sector...
by anav
Mon Nov 04, 2024 10:01 pm
Forum: General
Topic: hAP AC2 Smart TV issues
Replies: 9
Views: 5579

Re: hAP AC2 Smart TV issues

Clearly MT devices know that too much TV is not good for your brain...... read more, buy more books, on how to config the MT devices LOL
by anav
Mon Nov 04, 2024 9:21 pm
Forum: General
Topic: Wireguard peer responder clarification
Replies: 15
Views: 1368

Re: Wireguard peer responder clarification

Why would the server keep trying to contact the peer client if its gone. There may be some attempt to establish communications to pass on lets say a new WANIP in a the normal wireguard but in BTH, the controlling entity is wireguard cloud relay. If both sides are not talking to the relay the connect...
by anav
Mon Nov 04, 2024 9:09 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1017

Re: Connecting Two Remote Locations Without Public IP

I think I was specific enough AMMO, I asked already if the ISP devices got public IPs themselves and also if they could port forward to his MT routers from them. Even if you could dyndns, if no port forwarding you would be poop out of luck :-) However its worth it to double check as the response to ...
by anav
Mon Nov 04, 2024 9:06 pm
Forum: Beginner Basics
Topic: hAP ac2 - help me make it into a simple managed switch please
Replies: 11
Views: 518

Re: hAP ac2 - help me make it into a simple managed switch please

No idea I always turn off all services except winbox and sometimes ssh.
by anav
Mon Nov 04, 2024 9:01 pm
Forum: General
Topic: Merging 2 providers to increase network speeds [SOLVED]
Replies: 4
Views: 258

Re: Merging 2 providers to increase network speeds [SOLVED]

Dont feel bad, I am more than 5x your age and I wouldnt attempt the bogus advice either!!
by anav
Mon Nov 04, 2024 8:59 pm
Forum: General
Topic: VLAN PROBLEM
Replies: 7
Views: 389

Re: VLAN PROBLEM

Diagram of network please, as your explanation sheds no light.
Config of MT device
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys)
by anav
Mon Nov 04, 2024 8:57 pm
Forum: General
Topic: Issue: Dual WAN Routing for HTTPS Access with Connection Mark and NAT Challenges
Replies: 4
Views: 225

Re: Issue: Dual WAN Routing for HTTPS Access with Connection Mark and NAT Challenges

Last chance, bud, I asked specific questions............ still not answered.
Also if you want answers, need complete config only, not bits please, as all is connected!

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
by anav
Mon Nov 04, 2024 8:52 pm
Forum: General
Topic: Problème de routage inter-VLAN avec OSPF et firewall sous RouterOS : besoin d’aide pour une segmentation avancée
Replies: 3
Views: 491

Re: Problème de routage inter-VLAN avec OSPF et firewall sous RouterOS : besoin d’aide pour une segmentation avancée

Hello everyone, I'm having a problem with implementing inter-VLAN routing and securing communications between multiple VLANs on a corporate network using RouterOS. I have configured OSPF to allow dynamic routing between multiple routers, but some VLANs still fail to communicate as expected. Here's t...
by anav
Mon Nov 04, 2024 8:49 pm
Forum: General
Topic: Wireguard peer responder clarification
Replies: 15
Views: 1368

Re: Wireguard peer responder clarification

There is no need to indicate responder in normal wireguard. It should a term only used in BTH, if thats where its coming up?? As per the documentation all the extra fields not normally used....... Used for the client-server setup scenario, when the configuration is imported using a qr code for a cli...
by anav
Mon Nov 04, 2024 4:21 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1017

Re: Connecting Two Remote Locations Without Public IP

@holvoetn
Adding
- Wireguard using ddns ( done it for years)
- Mikrotik's own BTH ( made for such purposes)
Really??
Show me how to use DDNS on a non-public IP scenario (behind an ISP router as well.
Always looking to learn new tricks.
by anav
Mon Nov 04, 2024 4:20 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1017

Re: Connecting Two Remote Locations Without Public IP

Hi Monty, Yes depending upon MT device, even if you dont have any public IPs, you can use BTH to connect single devices to your MT router. BTH will NOT provide new HEx router to new HEx router connection over wireguard. Only single devices like phones and laptops to either one of the two. TWO option...
by anav
Mon Nov 04, 2024 4:14 pm
Forum: General
Topic: New static route
Replies: 4
Views: 248

Re: New static route

Changing requirements when asking for assistance is not a good thing. A. provide a network diagram of what you would like to achieve with as much detail as possible. B. provide current config /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. ) C. provi...
by anav
Mon Nov 04, 2024 2:18 pm
Forum: Beginner Basics
Topic: hAP ac2 - help me make it into a simple managed switch please
Replies: 11
Views: 518

Re: hAP ac2 - help me make it into a simple managed switch please

The last question is easiest ................ imagine someone connecting to your router via its mac address only? Is that acceptable? No, the only access via mac address should be via winbox since its encrypted. Now if one doesnt change default winbox port, cant help that. Not perverted and probably...
by anav
Mon Nov 04, 2024 2:13 pm
Forum: General
Topic: Issue: Dual WAN Routing for HTTPS Access with Connection Mark and NAT Challenges
Replies: 4
Views: 225

Re: Issue: Dual WAN Routing for HTTPS Access with Connection Mark and NAT Challenges

What is not clear to me, is if you are connecting to the https Router provided service?
OR
Do you mean connecting to an HTTPS server you have on the LAN?
(if so are connections coming in on two different wans, going to the same LAN Https server ???)
by anav
Mon Nov 04, 2024 2:09 pm
Forum: General
Topic: Looking to upgrade
Replies: 4
Views: 226

Re: Looking to upgrade

Good point mkx! If you need assistance in slow time to changeover to vers7 let me know And this is why anav is the GOAT. He might be brisk. He might be bristly. But he routinely goes above and beyond to help others find their way in the Mikrotik ecosystem. Now if we could only do something about the...
by anav
Mon Nov 04, 2024 1:59 pm
Forum: General
Topic: Port Forward Not working on a bridged isp router
Replies: 5
Views: 226

Re: Port Forward Not working on a bridged isp router

Not really, your router will get hacked eventually without any firewall rules to speak of. You should unplug the router from the internet until you fix the rules. Default rules are a good start. /ip firewall filter add action=accept chain=input connection-state=established,related,untracked add acti...
by anav
Mon Nov 04, 2024 3:33 am
Forum: General
Topic: Looking to upgrade
Replies: 4
Views: 226

Re: Looking to upgrade

I have a similar device running on version 7.
The best bet is to take one port off the bridge give it an IP address and then you can access the config safely from your laptop or PC, set IPV4 settings to match.
If you need assistance in slow time to changeover to vers7 let me know
by anav
Sun Nov 03, 2024 7:46 pm
Forum: Beginner Basics
Topic: hAP ac2 - help me make it into a simple managed switch please
Replies: 11
Views: 518

Re: hAP ac2 - help me make it into a simple managed switch please

/interface bridge add ingress-filtering=no name=bridgeSwitch vlan-filtering=no /interface list add name=TRUSTED /interface bridge port add bridge=bridgeSwitch interface=ether1 add bridge=bridgeSwitch interface=ether2 add bridge=bridgeSwitch interface=ether3 add bridge=bridgeSwitch interface=ether4 ...
by anav
Sun Nov 03, 2024 7:34 pm
Forum: General
Topic: Port Forward Not working on a bridged isp router
Replies: 5
Views: 226

Re: Port Forward Not working on a bridged isp router

1. Whats with the three POOLS, one is a duplicate, remove it! and the other seems to have no purpose?? add name=dhcp_pool1 ranges=192.168.100.15-192.168.100.240 ????????? 2. Dont name your bridge LAN, the LAN is already used by the router as the common interface describing all Subnets. USE name=Brid...
by anav
Sun Nov 03, 2024 7:22 pm
Forum: General
Topic: Port Forward Not working on a bridged isp router
Replies: 5
Views: 226

Re: Port Forward Not working on a bridged isp router

If you are trying to view your webserver via the WANIP of your router instead of the LANIP of the server, then likely its your confiig that is not valid for that access and needs to be fixed.
In some routers this is called nat loopback.
by anav
Sun Nov 03, 2024 4:32 pm
Forum: General
Topic: WireGuard Setup and Connectivity Issues
Replies: 7
Views: 362

Re: WireGuard Setup and Connectivity Issues

MAIN PROBLEM Is R1 is configured very strangely. Configure it the same as R2, in terms of being a router, not a switch.
Use WAN and LAN interfaces and a fixed IP address or IP DHCP client, on or the other.
Do not use bridge to get WANIP..................
by anav
Sun Nov 03, 2024 4:28 pm
Forum: General
Topic: WireGuard Setup and Connectivity Issues
Replies: 7
Views: 362

Re: WireGuard Setup and Connectivity Issues

Remove all 0.0.0.0/0 in allowed-ips Okay you mean for R1, YES, my mistake for R1 this is GOOD advice.. R1 Allowed IPs should be: /interface wireguard peers add allowed-address=10.10.10.2/32,192.168.88.0/24 interface=\ wireguard1 name=R2 public-key=\ "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
by anav
Sun Nov 03, 2024 3:56 pm
Forum: General
Topic: WireGuard Setup and Connectivity Issues
Replies: 7
Views: 362

Re: WireGuard Setup and Connectivity Issues

ON R2, what is the purpose of this route? /ip route add dst-address=192.168.0.0/24 gateway=10.10.10.1 If your intent is to be able to reach the remote subnet at R1 then suggest: add dst-address=192.168.0.0/24 gateway=wireguard1 table=main There are no firewall rules on R2, so nothing is blocked........
by anav
Sun Nov 03, 2024 3:53 pm
Forum: General
Topic: WireGuard Setup and Connectivity Issues
Replies: 7
Views: 362

Re: WireGuard Setup and Connectivity Issues

@mantouboji Well the OP wants his user on R2 to be able to use the internet on R1, so why do you think 0.0.0.0/0 is wrong???? edit: I see now you were referring to R1!! Actually 0.0.0.0/0 is the only entry that is required in allowed IP on the peer client Router (R2). 0.0.0.0/0 means basically all ...
by anav
Sun Nov 03, 2024 2:03 pm
Forum: General
Topic: WireGuard Setup and Connectivity Issues
Replies: 7
Views: 362

Re: WireGuard Setup and Connectivity Issues

1. Ensure the MTU is the same on both routers and I think the default settiing 1420? would be the best starting point. 2. On the client peer router (RB) ONLY, try two different mangling setups. One of the two should work. If both dont, then start adjusting mtu with one of the rules ( keeping both th...
by anav
Sat Nov 02, 2024 11:38 pm
Forum: General
Topic: Port forwarding not working in lan
Replies: 5
Views: 293

Re: Port forwarding not working in lan

Change the first NAT rule, the hairpin nat rule, to this.
add chain=srcnat action=masquerade src-address=192.168.0.0/24 dst-address=192.168.0.0/24
by anav
Sat Nov 02, 2024 11:17 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

Since ether4 works, suspect the switch may be the culprit.

Reviewing the latest config....
by anav
Sat Nov 02, 2024 11:12 pm
Forum: General
Topic: Port forwarding not working in lan
Replies: 5
Views: 293

Re: Port forwarding not working in lan

I only comment on complete configs........... Glad its working for you now.
by anav
Sat Nov 02, 2024 11:11 pm
Forum: General
Topic: Wireguard interface in wan and lan list
Replies: 7
Views: 339

Re: Wireguard interface in wan and lan list

I suspect your config is sub-optimal as those config lines have nothing to do with VPN.
by anav
Sat Nov 02, 2024 10:10 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

Please post the current config for review.
by anav
Sat Nov 02, 2024 9:16 pm
Forum: General
Topic: Wireguard interface in wan and lan list
Replies: 7
Views: 339

Re: Wireguard interface in wan and lan list

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys )
by anav
Sat Nov 02, 2024 9:04 pm
Forum: Beginner Basics
Topic: Can't access device in different VLAN
Replies: 1
Views: 198

Re: Can't access device in different VLAN

Typically one posts there config here directly, nobody likes going to different websites in general, as there are risks....... Just use notepadd++ and edit out stuff, then paste here and use the code block above ( black square with white rectangular brackets ) No sense mixing apples and oranges........
by anav
Sat Nov 02, 2024 9:01 pm
Forum: Beginner Basics
Topic: WireGuard or OpenVPN [SOLVED]
Replies: 37
Views: 5568

Re: WireGuard or OpenVPN [SOLVED]

Much better just to move to Europe :-) No idea!
by anav
Sat Nov 02, 2024 9:00 pm
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 15
Views: 1106

Re: How to block camera from being accessed from WAN? [SOLVED]

Then if on a different subnet (vlan ) with permissions to the camera, it would normally work. I suspect that cameras are hard wired internally to only respond to requests from the same LAN, its not a mikrotik issue. The only thing I can recommend is to assign yourself a static dhcp lease on the iot ...
by anav
Sat Nov 02, 2024 4:41 pm
Forum: Beginner Basics
Topic: how to connect to site to site vpn from back to home vpn
Replies: 5
Views: 546

Re: how to connect to site to site vpn from back to home vpn

So, to get this straighy, a. the mikrotik router does NOT have a public IP nor does the ISP router its connected to, or if the ISP router does, but you are unable to forward ports on this ISP router. I am asking but you state wireguard connection for MAC not back to home, or did you mean the same th...
by anav
Sat Nov 02, 2024 4:38 pm
Forum: Beginner Basics
Topic: Help with setting up my first Mikrotik
Replies: 5
Views: 369

Re: Help with setting up my first Mikrotik

Did you post frequently on zyxel forums like eons ago LOL
by anav
Sat Nov 02, 2024 3:22 pm
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 15
Views: 1106

Re: How to block camera from being accessed from WAN? [SOLVED]

If you are blocking the Cameras access to the internet it makes sense no APP will find them as the APP is probably designed to go to the cloud server and then down to the camera and not for local access direct. You would have to need access the camera directly by its LANIP somehow...... maybe on a P...
by anav
Sat Nov 02, 2024 3:20 pm
Forum: Beginner Basics
Topic: Separate internet while using 3 modems
Replies: 12
Views: 634

Re: Separate internet while using 3 modems

Folder sharing sounds like a windows problem. With Mikrotik we can deal in subnets and IP addresses mostly.
by anav
Sat Nov 02, 2024 3:17 pm
Forum: Beginner Basics
Topic: Can Ping websites. No internet when trying to access
Replies: 4
Views: 283

Re: Can Ping websites. No internet when trying to access

Impossible without knowing what the requirements are ( with no mention of config )
a. identify users
b. identify what traffic they need to execute.
by anav
Sat Nov 02, 2024 3:16 pm
Forum: General
Topic: No internet access Ros 7.16.1 (3 ISP)
Replies: 1
Views: 160

Re: No internet access Ros 7.16.1 (3 ISP)

multiple posts....... ---> follow thread here viewtopic.php?t=212230
by anav
Sat Nov 02, 2024 3:14 pm
Forum: General
Topic: Wireguard interface in wan and lan list
Replies: 7
Views: 339

Re: Wireguard interface in wan and lan list

The documentation is not HOW to setup your router for all situations, its simply for a given scenario this is an option. So I tried to elicit the scenario you are dealing with to apply applicable rules............ Suggest you ignore the documentation and understand each line on the config and what i...
by anav
Sat Nov 02, 2024 1:45 am
Forum: General
Topic: Controversal - MikroTik state of technology
Replies: 11
Views: 630

Re: Controversal - MikroTik state of technology

Well its equally arrogant to think Europe is the centre of the Universe...... Of course its Canada but thats another discussion.
Suffice to say, it was an emotional short sighted statement that was a waste of carbon 1s and 0s.
by anav
Sat Nov 02, 2024 1:43 am
Forum: Beginner Basics
Topic: Stuck on device to vlan assignment principles
Replies: 10
Views: 457

Re: Stuck on device to vlan assignment principles

Or sit at your computer on the couch and order it online. Lots of sources for the CSS106-5G-1S I mentioned earlier.
Geez, I thought every one from Cali, had a fitbitch watch and was counting steps LOL
by anav
Sat Nov 02, 2024 1:29 am
Forum: Beginner Basics
Topic: 2 WAN loadbalancing configuration
Replies: 1
Views: 199

Re: 2 WAN loadbalancing configuration

Lets get some clarity. You are going to keep the two ISP modems and ISP routers in place. They will each provide their own private LAN like 192.168.1.0/24 and 192.168.2.0/24 You will assign a fixed private IP on each ISP router and will use that as the WANIP for the hex, WAN1 and WAN2 ++++++++++++++...
by anav
Sat Nov 02, 2024 1:21 am
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 15
Views: 1106

Re: How to block camera from being accessed from WAN? [SOLVED]

Please explain, "cannot access cameras from local net" ???
Do you mean you cannot view cameras in t he 10.1.3.0/24 subnet from your PC in the 10.1.1.0/24 subnet ??

Please post latest complete config!!
by anav
Sat Nov 02, 2024 1:14 am
Forum: Beginner Basics
Topic: Stuck on device to vlan assignment principles
Replies: 10
Views: 457

Re: Stuck on device to vlan assignment principles

In other words,s a 15 minute trip to staples or best buy, and 15 min back, and your done for the most part. TDW's route will lead to graying or loss of hair.
by anav
Fri Nov 01, 2024 11:46 pm
Forum: General
Topic: Controversal - MikroTik state of technology
Replies: 11
Views: 630

Re: Controversal - MikroTik state of technology

Yes, do pray tell, one must should have opinion on facts, vice rectal plucks.
by anav
Fri Nov 01, 2024 11:45 pm
Forum: General
Topic: Hairpin NAT not working
Replies: 11
Views: 784

Re: Hairpin NAT not working

Follow the bouncing ball..................... https://gregsowell.com/?p=4242 In a nutshell, when the router attempts to send the response from the local LAN member, without the sourcenat rule in place, the router will try to shortcut the response directly from the server to the LAN user ( as if the ...
by anav
Fri Nov 01, 2024 10:36 pm
Forum: Beginner Basics
Topic: Stuck on device to vlan assignment principles
Replies: 10
Views: 457

Re: Stuck on device to vlan assignment principles

I'm with K6................... simple managed switch or hex type device acting as a switch, send vlans from router to switch ( will need one for wall, leaving four different vlans could be served up)
by anav
Fri Nov 01, 2024 10:01 pm
Forum: General
Topic: Port forwarding not working in lan
Replies: 5
Views: 293

Re: Port forwarding not working in lan

1. Ensure port forwarding rule is more flexible, than the default rule.. Remove the current default forward chain rule that covers incoming from WAN and dstnat with a block rule, and Replace with add chain=forward action=accept comment="internet traffic" in-interface-list=LAN out-interface...
by anav
Fri Nov 01, 2024 9:54 pm
Forum: General
Topic: Wireguard interface in wan and lan list
Replies: 7
Views: 339

Re: Wireguard interface in wan and lan list

Nope, you need to better understand how wireguard works and what the interfaces on MT RoS are used for. So firstly are you connecting to a third party VPN server? If so, then generally speaking you will need to SOURCENAT all your LAN traffic heading in the directiion of the server to have ONE source...
by anav
Fri Nov 01, 2024 9:47 pm
Forum: General
Topic: Hairpin NAT not working
Replies: 11
Views: 784

Re: Hairpin NAT not working

Of course its not going to work, what did you forward to the LAN server (answer --> NOTHING ) no ports/protocol is delineated!! Then: 0 chain=srcnat action=masquerade out-interface=ether5[internet] log=no log-prefix="" 1 chain=srcnat action=masquerade src-address=10.10.42.0/24 dst-address=...
by anav
Fri Nov 01, 2024 5:45 pm
Forum: Beginner Basics
Topic: Is my firewall safe?
Replies: 8
Views: 571

Re: Is my firewall safe?

The firewall address list entries with LAN subnet IPs, should be set statically via DHCP leases.
by anav
Fri Nov 01, 2024 5:43 pm
Forum: General
Topic: Controversal - MikroTik state of technology
Replies: 11
Views: 630

Re: Controversal - MikroTik state of technology

So you have no issue that needs assistance in resolving............ moving on.
by anav
Fri Nov 01, 2024 2:42 pm
Forum: Beginner Basics
Topic: Is my firewall safe?
Replies: 8
Views: 571

Re: Is my firewall safe?

/ip firewall address-list add address=adminIP1-trustedsubnet/32 list= AUTHORIZED comment="admin device wired" add address=adminIP2-trustedsubnet/32 list=AUTHORIZED comment="admin device wifi" add address=wg0-IP1/32 list=AUTHORIZED comment="admin remote device1" add add...
by anav
Fri Nov 01, 2024 2:24 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 978

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Assuming this is the HOME ROUTER? /ip firewall address-list { set static DHCP leases where applicable } add address=192.168.88. A /32 list= AUTHORIZED comment="admin device wired" add address=192.168.88. B /32 list=AUTHORIZED comment="admin device wifi" add address=192.168.40.0/2...
by anav
Fri Nov 01, 2024 4:19 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

Also, what do you mean you cannot ping the subnets..........
Ping from where???

So the major changes are dstnat rules IP address is the remote address 172.16.0.1
and the IP DNS settings are simply
add server=1.1.1.1,1.0.0.1

Once we get everything working THEN we will do the failover changes!!!
by anav
Fri Nov 01, 2024 4:13 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

1. Confirm when you are surfing the net, the source is the home router IP??? aka through wireguard!! 1.Confirm cannot connect via winbox a. using wifi connection b. using ethernet4 if you changed the winbox port from default then you need to put in IPaddress:port# I always use mac address. 2. Change...
by anav
Fri Nov 01, 2024 1:27 am
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1017

Re: Connecting Two Remote Locations Without Public IP

Can you confirm that both sites dont have an ISP router with a public IP, where you can forward ports to your router?? Currently your best option is to pay for a cloud server ( $6 US a month ) and buy a CHR license from MT and put it on the server. This will connect all your router easily via wiregu...
by anav
Fri Nov 01, 2024 1:25 am
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 14
Views: 1791

Re: Issue with Wireguard - Connected but no traffic

As requested please post the latest configs of both devices.
by anav
Fri Nov 01, 2024 1:22 am
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 978

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

1. Yes the only folks that should have access in the input chain is the admin. The source address list is easy to maintain and allows the admin to identify all the LAN subnet IPs he has on any connected network as well as any wireguard IPs assigned to his/her devices. There are many places to contro...
by anav
Fri Nov 01, 2024 1:15 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

Post your latest config and please explain a bit more clearly what is NOT working yet .
by anav
Thu Oct 31, 2024 10:22 pm
Forum: Beginner Basics
Topic: Is my firewall safe?
Replies: 8
Views: 571

Re: Is my firewall safe?

Clearly you didnt ---> I followed this guide for VLANs: viewtopic.php?t=143620
Just check out your /interface bridge port settings LOL
by anav
Thu Oct 31, 2024 9:50 pm
Forum: Beginner Basics
Topic: Automatically divide customers into 4 internet lines equally
Replies: 17
Views: 1496

Re: Automatically divide customers into 4 internet lines equally

What I would do is /mangle connection marks for pcc WAN1 for user4 connection marks for pcc WAN2 for user4 connection marks for pcc WAN3 for user4 routing marks for pcc WAN1 for user4 routing marks for pcc WAN2 for user4 routing marks for pcc WAN3 for user4 /routing rules direct user1 to routing mar...
by anav
Thu Oct 31, 2024 8:43 pm
Forum: General
Topic: DUAL WAN into one connection use
Replies: 10
Views: 437

Re: DUAL WAN into one connection use

With two 200mb connection there should be no issues to both tsream and download, you may with to separate the two functions between the two WANs, such that you dont impact any attempts at streaming while you are downloading.
by anav
Thu Oct 31, 2024 8:27 pm
Forum: Beginner Basics
Topic: Sites connected with Wireguard but not able to access other hosts
Replies: 8
Views: 428

Re: Sites connected with Wireguard but not able to access other hosts

ROUTER A 1. Allowed IPs needs work ( the small change ensures that the remote admin can access this router from any location ) /interface wireguard peers add allowed-address=10.2.200 .0/24, 192.168.201.1/32 endpoint-address=\ <code> endpoint-port=59123 interface=wg-fs name=\ fs persistent-keepalive...
by anav
Thu Oct 31, 2024 7:40 pm
Forum: Beginner Basics
Topic: Double NAT with 2 WAN and wireguard
Replies: 11
Views: 679

Re: Double NAT with 2 WAN and wireguard

Sorry I cannot proceed because you continue to HIDE FACTS. a. why are there two wireguard interfaces on ATL and home, you only discussed one wireguard previously. b. its impossible to know which wireguard interface you are referring to in the configs because you CRAZILY hide the names, for some unkn...
by anav
Thu Oct 31, 2024 5:08 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 978

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Remember I need both latest snapshot of both devices to ensure they integrate. extra NAT should not be needed because we covers incoming traffic via allowed IPs and firewall rules. Due to the fact that your rules still need work is why......Once fixed the NAT rule will not be required. ( it also def...
by anav
Thu Oct 31, 2024 4:59 pm
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 17
Views: 1103

Re: Trying to wrap my head around VLANs

KAL EYE 4RN EYE EH
I try to keep up with code/acronyms/etc., but huh???

BTW, K6, I'm a KC2
Its not code just a pronounciation schema.
Californicators are a tad odd. ;-)
by anav
Thu Oct 31, 2024 4:55 pm
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 14
Views: 1791

Re: Issue with Wireguard - Connected but no traffic

Please post the latest versions of each device.

1. Warning if you have not made suggested changes, I wont respond further
2. If you dont answer the questions asked, I wont respond further
by anav
Thu Oct 31, 2024 4:50 pm
Forum: General
Topic: I have problem with two internets and two intervlan.
Replies: 1
Views: 132

Re: I have problem with two internets and two intervlan.

You have started the conversation, that is important. A diagram helps to explain as the requirements need to be COMPLETE and CLEAR, before starting a config. It would appear you have two or more subnets/vlans in the mix. Any other subnets on the router, if so just make sure its a vlan too. Decide wh...
by anav
Thu Oct 31, 2024 4:37 pm
Forum: General
Topic: I have problem with two internets and two intervlan.
Replies: 1
Views: 142

Re: I have problem with two internets and two intervlan.

Please do not create duplicate posts, following this thread here ---> viewtopic.php?t=212172
by anav
Thu Oct 31, 2024 4:32 pm
Forum: General
Topic: Routing through two VPNs
Replies: 2
Views: 193

Re: Routing through two VPNs

Not sure, but i would use wireguard for all your VPN and drop the other two methods. Why do you need CHR if you have a public IP on the home router? If you do not, then the CHR makes sense and one can control all users accessing the home router via the VPN connection to the CHR. Additionally one cou...
by anav
Thu Oct 31, 2024 4:27 pm
Forum: General
Topic: RouterOS - Simple WireGuard Client Setup
Replies: 6
Views: 8857

Re: RouterOS - Simple WireGuard Client Setup

Sure. Think about it. The 3rd party VPN provider gives you ONE, a single IP address for wireguard. Therefore all traffic, coming from the MT, with source address that is NOT that single address will be dropped, when it shows up at the 3rd party peer Server. Similar to NAT, how all private LAN traffi...
by anav
Thu Oct 31, 2024 3:49 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 978

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Now will handle firewall rules separately. On the travel router......... we can basically (holding my nose) keep the existing defaults.. Dont make any firewall changes yet, as you need to decide which approach wrt to wireguard you will take. The below is notional, just to show you the direction head...
by anav
Thu Oct 31, 2024 3:29 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 978

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

The great thing about Wireguard is that you have many options. 1. Simplest approach because its easier only to change the single peer, since you have several others already tied to the .40 subnet. TRAVEL ROUTER add address=192.168.40.12/24 interface=wireguard network=192.168.40.0 { assuming .12 is w...
by anav
Thu Oct 31, 2024 1:30 pm
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 17
Views: 1103

Re: Trying to wrap my head around VLANs

Yeah, k6 but your from KAL EYE 4RN EYE EH ................... freakish ;-))

There is logic and rules, it works, the reference is accurate.
by anav
Thu Oct 31, 2024 1:28 pm
Forum: Beginner Basics
Topic: Sites connected with Wireguard but not able to access other hosts
Replies: 8
Views: 428

Re: Sites connected with Wireguard but not able to access other hosts

Yes, please provide config for BOTH routers!! /export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc. ) Not a problem that one router is behind another router. First, which router is the peer SERVER for handshake?? ( the one with public IP address, or has an ...
by anav
Thu Oct 31, 2024 1:24 pm
Forum: Beginner Basics
Topic: Separate internet while using 3 modems
Replies: 12
Views: 634

Re: Separate internet while using 3 modems

AESMITH, you are being like a premature ej.......... Are all three modems from same provider, was wondering what backup functionality was needed if modem A stops working for example. If from same provider could assume no neeed for backup as if one goes down it probably means all three go down. Any p...
by anav
Thu Oct 31, 2024 1:16 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 978

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Well the two devices will never connect.............. two different subnets.......

HOME
add address=192.168.40.1/24 interface=wireguard network=192.168.40.0


TRAVEL
add address=172.16.16.1/24 interface=wireguard network=172.16.16.0
by anav
Thu Oct 31, 2024 1:10 pm
Forum: General
Topic: Cannot ping default gateway on one of WAN interfaces [SOLVED]
Replies: 10
Views: 428

Re: Cannot ping default gateway on one of WAN interfaces [SOLVED]

It almost sounds like you stole this router from someone else, seeing as you dont remember half the config on the thing ;-ppp Just kidding.
by anav
Thu Oct 31, 2024 2:50 am
Forum: Beginner Basics
Topic: Automatically divide customers into 4 internet lines equally
Replies: 17
Views: 1496

Re: Automatically divide customers into 4 internet lines equally

I will think about the best way to approach this. Either 6 mangles rules ( connection mark and routing mark ) sub1 to wan1 sub2 to wan2 sub3 to wan3 and then 6 PCC rules Sub4 connectiion mark and routing marks for wans 1,2,3 OR 6 PCC rules and 3 Routing Rules. With required ip routes and firewall ru...
by anav
Thu Oct 31, 2024 2:14 am
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 17
Views: 1103

Re: Trying to wrap my head around VLANs

Best resource is here --> https://forum.mikrotik.com/viewtopic.php?t=143620 First mistake is mixing apples and oranges, once you have vlans, remove subnet from bridge so it does no dhcp, much less confusing. Bridge ports are wrong Not sure why you are even touching ethernet switch settings of any IL...
by anav
Thu Oct 31, 2024 2:05 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

Yes for the nth time get rid of this rule.
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new disabled=yes in-interface-list=WAN


Other than that not sure why its not working.
by anav
Thu Oct 31, 2024 1:39 am
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 15
Views: 1106

Re: How to block camera from being accessed from WAN? [SOLVED]

Well when you hide requirements expect an incomplete or incorrect answer............... Then we take a different approach ensuring IOT vlan is part of LAN interface list. /interface list member add interface=ether1_WAN list=WAN add interface=Home10 list=LAN add interface=Guest20 list=LAN add interfa...
by anav
Thu Oct 31, 2024 1:37 am
Forum: Beginner Basics
Topic: Looking for a good tutorial to learn about Network configuration
Replies: 2
Views: 221

Re: Looking for a good tutorial to learn about Network configuration

Check out The Network berg on Youtube Free Training --> https://www.youtube.com/watch?v=EX6QqHmbBpY&list=PLJ7SGFemsLl0ld4OrcnVBHg4kPk0Y2_Z9&pp=iAQB Check out MAICT (Maher Haddad) has paid courses ---> https://www.youtube.com/watch?v=Aok7lM3NuOw&list=PLnskIrDs6jFcO0wUpP_0Pe9CEq7KbX2Oe&...
by anav
Thu Oct 31, 2024 1:29 am
Forum: General
Topic: Cannot ping default gateway on one of WAN interfaces [SOLVED]
Replies: 10
Views: 428

Re: Cannot ping default gateway on one of WAN interfaces [SOLVED]

Well I suspect you have a plethora of issues. Not the least is the fact that you have no VLANs, but have tried to add an unneeded /interface bridge vlan entry ( which does show error) /interface bridge vlan add bridge= *46 tagged=ether5 untagged=ether1,ether2,ether3,ether4 vlan-ids="" Gene...
by anav
Thu Oct 31, 2024 1:13 am
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 978

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Okay understood, so you will alway wire the AP from etherport to your laptop etc. ( via ether2) Also need the export of the home router!! Not quite right /routing rule add action=lookup-only-in-table comment="enable local traffic" disabled=no \ table=main add action=lookup-only-in-table di...
by anav
Wed Oct 30, 2024 9:24 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 978

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Just for my edification, Can you please describe where the device is getting WAN from. I understand it could be either WAN1 for a wired connection from hotel to the travel router either WLAN 2ghz for a wifi connection from hotel to travel router ( or to android phone acting as WAN ) either WLAN 5ghz...
by anav
Wed Oct 30, 2024 9:20 pm
Forum: General
Topic: DUAL WAN into one connection use
Replies: 10
Views: 437

Re: DUAL WAN into one connection use

Nice purchase!!
You will be happy with it..........
It will load balance your two WANS quite well, unless you supply all the fans at wembly stadium with service at the same time, you should be content with performance.
by anav
Wed Oct 30, 2024 7:28 pm
Forum: Beginner Basics
Topic: Not enough permissions? [SOLVED]
Replies: 17
Views: 1208

Re: Not enough permissions? [SOLVED]

Have a copy of your config prior to being locked out??
/export file=anynameyouwish ( minus router serial number, any public WANIP info, keys)
by anav
Wed Oct 30, 2024 7:25 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 978

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

HI there,should be very doable. The idea is that the travel router connects to a local internet connection and the private subnet traffic behind the router goes out wireguard instead of the local internet. The confusing bit is your WAN side, It would appear that you are a. using 2ghz chain to get in...
by anav
Wed Oct 30, 2024 7:03 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

1. Why are all your bridge ports disabled??? only ether4 should be disabled ( for now ) in any case cleaned up all....... Why is ether2 on the bridge at all, its one of the WAN ports right? Ether3 is a trunk port going to the TPLINK switch, it has no PVID. Lets fix it...... /interface bridge port ad...
by anav
Wed Oct 30, 2024 6:10 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

The good news is that you still can access the router ( hopefully via ether4 ) as you can provide a config. :-) Yes Sorry it should be four rules. add action=dst-nat chain=dstnat in-interface=home-vlan10 dst-port=53 protocol=udp to-address=172.16.0.1 add action=dst-nat chain=dstnat in-interface=home...
by anav
Wed Oct 30, 2024 4:59 pm
Forum: General
Topic: RouterOS 7 VLAN access problem on PPC architecture
Replies: 15
Views: 4048

Re: RouterOS 7 VLAN access problem on PPC architecture

Have supout bug reports been sent to MT, on these issues??
by anav
Wed Oct 30, 2024 4:57 pm
Forum: General
Topic: DUAL WAN into one connection use
Replies: 10
Views: 437

Re: DUAL WAN into one connection use

The quick answer is no, you need to have the same provider doing this through something called ISP bonding. If you want 400Mbps throughput pay for it and then a single session could access that speed. However, what you do have is a. redundancy, in that if ISPA, fails, you still maintain connectivity...
by anav
Wed Oct 30, 2024 4:49 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 1
Views: 232

Re: Port Forwarding

With a complex config like that you didnt have the decency to state which DSTNAT rules work and which didnt???? Why not!!!!
by anav
Wed Oct 30, 2024 4:42 pm
Forum: Beginner Basics
Topic: VPN traffic marking
Replies: 1
Views: 180

Re: VPN traffic marking

What is better is not to twist yourself into a pretzel about the config..... What you should do is communicate clearly your requirements a. identify users b. identify traffic they need ( for example LAN1 and LAN2 might need PCC, but LAn3 only WAN1, or a group of users or devices has specificity ) c....
by anav
Wed Oct 30, 2024 3:55 pm
Forum: Beginner Basics
Topic: Issues with hEX RB750Gr3 - VPN and Reconnect
Replies: 9
Views: 671

Re: Issues with hEX RB750Gr3 - VPN and Reconnect

Read this thread for example....
viewtopic.php?t=212140
by anav
Wed Oct 30, 2024 3:44 pm
Forum: Beginner Basics
Topic: What's wrong with my firewall rules? [SOLVED]
Replies: 9
Views: 583

Re: What's wrong with my firewall rules? [SOLVED]

If not actually using IPV6, what I recommend, is disabling it and removing all the associated firewall address lists and rules save add chain=input action=drop add chain=forward action=drop Yes, the firewall default filter rules are safe out of the box. They are basically designed to block the worst...
by anav
Wed Oct 30, 2024 3:41 pm
Forum: Beginner Basics
Topic: Hairpin NAT in v7.10
Replies: 4
Views: 321

Re: Hairpin NAT in v7.10

What does that have to to with the price of tea in China>>>>
by anav
Wed Oct 30, 2024 3:38 pm
Forum: Beginner Basics
Topic: Issues with hEX RB750Gr3 - VPN and Reconnect
Replies: 9
Views: 671

Re: Issues with hEX RB750Gr3 - VPN and Reconnect

The router is basically SAFE with the default rules the router comes with. That is the best starting place to learn from. Before making any changes, go through the config line by line and try to make sense of the purpose of each line. That is the start of the education process. In your case, its ver...
by anav
Wed Oct 30, 2024 3:45 am
Forum: Beginner Basics
Topic: What's wrong with my firewall rules? [SOLVED]
Replies: 9
Views: 583

Re: What's wrong with my firewall rules? [SOLVED]

It is always dropping traffic as there is much noise on the net, not to be concerned.
by anav
Wed Oct 30, 2024 3:41 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

Changes only BY the way your bridge ports were not adjusted, if you dont apply recommended changes we cannot progress, and note that taking ether4 off the bridge means NOT having it as bridge port! Also removed ref to powerline, your router doesnt have an extra powerline connection that I am aware o...
by anav
Tue Oct 29, 2024 10:30 pm
Forum: General
Topic: Help with WireGuard Client-to-Site VPN Setup
Replies: 1
Views: 193

Re: Help with WireGuard Client-to-Site VPN Setup

Remove your verbose config and replace with normal export

/export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc.)
by anav
Tue Oct 29, 2024 10:24 pm
Forum: Beginner Basics
Topic: What's wrong with my DNS settings? [SOLVED]
Replies: 4
Views: 378

Re: What's wrong with my DNS settings? [SOLVED]

In addition to the point above by elbob, either use that approach or the approach by infabo below. 1. Fix your IP address, mistakenly set to ether2 ( the default ). /ip address add address=192.168.1.1/24 interface =ether2 network=192.168.1.0 Should be: /ip address add address=192.168.1.1/24 interfac...
by anav
Tue Oct 29, 2024 9:18 pm
Forum: General
Topic: Wireguard Keeps trying to reconnect
Replies: 13
Views: 1988

Re: Wireguard Keeps trying to reconnect

Well your allowed IPs, on the SErver peer Router is not correct. /interface wireguard peers add allowed-address=192.168.55. 0/24 interface=wireguard_TB name=TB public-key=\ "xxxxxxXxxxXxXXXXXXxxxxXxXXxXXxXxXXXXXXXxxxX(client Public key)=" Each peer client should be detailed in a separate l...
by anav
Tue Oct 29, 2024 8:23 pm
Forum: Beginner Basics
Topic: Routing between VLANs on RB4011 [SOLVED]
Replies: 6
Views: 407

Re: Routing between VLANs on RB4011 [SOLVED]

Sorry my bad, I missed that for some reason.......old age :-)
by anav
Tue Oct 29, 2024 8:22 pm
Forum: Beginner Basics
Topic: Double NAT with 2 WAN and wireguard
Replies: 11
Views: 679

Re: Double NAT with 2 WAN and wireguard

This is like pulling teeth, How hard is it to use /export file=anynameyouwish in the Command Line tab>> Then use notepadd ++ to open it, remove router serial number, put in fake numbers for any public waninfo like 1.2.3.4, change keys to "======" Copy and paste here, and oh, dont forget to...
by anav
Tue Oct 29, 2024 7:20 pm
Forum: Beginner Basics
Topic: Mikrotik no longer handing IPs in reverse order?
Replies: 12
Views: 658

Re: Mikrotik no longer handing IPs in reverse order?

/export file=anynameyouwish ( minus router serial number, any public WANIP info, keys etc. )
by anav
Tue Oct 29, 2024 1:08 pm
Forum: Beginner Basics
Topic: Issues with hEX RB750Gr3 - VPN and Reconnect
Replies: 9
Views: 671

Re: Issues with hEX RB750Gr3 - VPN and Reconnect

You would be better off using wireguard which is native on the router ( assuming you have a public IP or the ISP router does and can forward ports to the hex ). 1. Why do you have two IP pools, and why do they overlap ??? 2. Recommend set this to NONE /interface detect-internet set detect-interface-...
by anav
Tue Oct 29, 2024 12:59 pm
Forum: Beginner Basics
Topic: Routing between VLANs on RB4011 [SOLVED]
Replies: 6
Views: 407

Re: Routing between VLANs on RB4011 [SOLVED]

What mkx is really stating that its rude not to provide the entire config so we actually have the facts to help.........
/export fiile=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
by anav
Tue Oct 29, 2024 12:54 pm
Forum: Beginner Basics
Topic: Double NAT with 2 WAN and wireguard
Replies: 11
Views: 679

Re: Double NAT with 2 WAN and wireguard

Please confirm EACH LINE 1. MAIN ROUTER is wireguard server peer for handshake Y/N 2. External www users should reach the server indirectly by contacting the main router which forwards that to the server via the wireguard tunnel Y/N 3. The pC hosting the server should, for all its other traffic need...
by anav
Tue Oct 29, 2024 12:50 pm
Forum: Beginner Basics
Topic: Hairpin NAT in v7.10
Replies: 4
Views: 321

Re: Hairpin NAT [can't figure it out]

Put hairpin nat in search (top right of page)
by anav
Tue Oct 29, 2024 4:39 am
Forum: General
Topic: Hairpin NAT not working
Replies: 11
Views: 784

Re: Hairpin NAT not working

To be clear, thats a nonsensical statement.
The chain is srcnat the action is masquerade for the 'normal' hairpin nat rule

add chain=srcnat action=masquerade dst-address=subnetofServer src-address=subnetofServer
by anav
Tue Oct 29, 2024 2:36 am
Forum: General
Topic: Hairpin NAT not working
Replies: 11
Views: 784

Re: Hairpin NAT not working

Dont be too lazy,
Select the search in the upper right, type in hairpin nat.
by anav
Tue Oct 29, 2024 2:28 am
Forum: General
Topic: 2 x Mikrotik CRS326-24G-2S+RM, one as router, other as a switch
Replies: 8
Views: 388

Re: 2 x Mikrotik CRS326-24G-2S+RM, one as router, other as a switch

Will the ports require POE? Total draw???
I would look at the 5009 and for switch, something cheap you can get off ebay.
Brocade, Aruba, Dell, HP, and more probably in the $150ish range.
by anav
Tue Oct 29, 2024 12:13 am
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 15
Views: 1106

Re: How to block camera from being accessed from WAN? [SOLVED]

To make this clear, These cameras can be accessed by you the admin from the LAN. They are designed to be accessible while away from home via the cloud. You want to stop them talking to the cloud. +++++++++++++++++++++++++++++++++++++++++++++ You didnt make it clear what is connected on each port, bu...
by anav
Mon Oct 28, 2024 10:59 pm
Forum: General
Topic: VLans over Hotspot server and PtP and PtMP Link
Replies: 3
Views: 438

Re: VLans over Hotspot server and PtP and PtMP Link

Best guide for vlans is: viewtopic.php?t=143620
by anav
Mon Oct 28, 2024 9:40 pm
Forum: Beginner Basics
Topic: Mikrotik hAP ax3 - slow download speed through wired connection
Replies: 6
Views: 1443

Re: Mikrotik hAP ax3 - slow download speed through wired connection

Your config looks pretty basic, so these are try it just in case, or normal things to do. 1. Change this to NONE /interface detect-internet set detect-interface-list= NONE 2. I noted that this config line is in red? Lets modify it. From: add action=masquerade chain=srcnat comment=https://help.mikrot...
by anav
Mon Oct 28, 2024 9:13 pm
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 15
Views: 1106

Re: How to block camera from being accessed from WAN? [SOLVED]

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
I know brits prefer pictures but us colonials need the detail.
by anav
Mon Oct 28, 2024 9:09 pm
Forum: Beginner Basics
Topic: Double NAT with 2 WAN and wireguard
Replies: 11
Views: 679

Re: Double NAT with 2 WAN and wireguard

Ahh thanks, so basically they are not physically connected. You want to use the Main router, which has a public IP for two reasons. a. wireguard server peer for handshake b. initial starting point for users on the WWW, to reach a server behind the LTE device ( aka server entry point ). Is it just on...
by anav
Mon Oct 28, 2024 8:09 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

This is correct until you add back in etherport 4, but lets get the rest of the config up and working first, all vlans, and wireguard working, then worry about bringing ether4 and lag/bond back up!!! /interface bridge ports add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged i...
by anav
Mon Oct 28, 2024 8:04 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

Your bridge diagram doesnt seem quite correct yet... However the config it came from would have been better to view. /export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc..) The IOT devices should not be a problem. The VPN should move to WAN2 in case of fail...
by anav
Mon Oct 28, 2024 7:55 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

Okay, I think I understand. All LAN traffic will go through VPN. VPN will use WAN1. If WAN1 goes down, you want only HOME users to be able to access WAN2 during this time. Please confirm that WAN2 traffic should also go out VPN for internet and not directly WAN2 to www. On the TPLINK Switch 1. VLANI...
by anav
Mon Oct 28, 2024 7:53 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 50
Views: 5587

Re: Newsletter #121 | October 2024

MKX you make some really good points.......... ensuring hardware choices dont bite in the ass, and not paying front end chip prices..........
by anav
Mon Oct 28, 2024 7:45 pm
Forum: Beginner Basics
Topic: VLAN Problem
Replies: 1
Views: 183

Re: VLAN Problem

Draw a network diagram.
State/identify the users on the network and the traffic they need, since its not clear why you need a vlan.
by anav
Mon Oct 28, 2024 7:44 pm
Forum: Beginner Basics
Topic: Double NAT with 2 WAN and wireguard
Replies: 11
Views: 679

Re: Double NAT with 2 WAN and wireguard

Just so I get this straight...

My question is why not simply make
ISP one into hex on port 1 as WAN1
ISP two into hex on port 2 (RT ATL) as WAN2

Hex ports 3 and 4 are LAN ports for all users/devices..
Hex hosts wireguard for externals users......
by anav
Mon Oct 28, 2024 5:40 pm
Forum: Beginner Basics
Topic: Issues with hEX RB750Gr3 - VPN and Reconnect
Replies: 9
Views: 671

Re: Issues with hEX RB750Gr3 - VPN and Reconnect

The fact that the PC rebooting resets their connection tells me that the issue is not with the routers connection to the internet as that is separate. However, what is clear is that your best bet is to buy UPS, if nothing else for your ISP modem and router to protect them from damage. The same goes ...
by anav
Mon Oct 28, 2024 5:36 pm
Forum: Beginner Basics
Topic: Automatically divide customers into 4 internet lines equally
Replies: 17
Views: 1496

Re: Automatically divide customers into 4 internet lines equally

Cannot until you decide which requirements are valid, a. per the diagram and the list I provided which was very clear 1u to w1, 2u to w2, 3u to w3, and hotspot users LB between WAN 1,2,3 OR b. the ambiguous --> best way to distribute the load among 3 Internet providers, aka you dont care ( 1,2,3 and...
by anav
Mon Oct 28, 2024 5:27 pm
Forum: General
Topic: Port Forwarding FROM CHR [SOLVED]
Replies: 9
Views: 508

Re: Port Forwarding FROM CHR [SOLVED]

Okay, sounds like you have it well in hand.
As to keep alive, ONLY the peer client for handshake ( the initiator of the conversation) requires persistent keep alive, the peer server for handshake does not.
by anav
Mon Oct 28, 2024 5:21 pm
Forum: General
Topic: Wireguard Keeps trying to reconnect
Replies: 13
Views: 1988

Re: Wireguard Keeps trying to reconnect

Without seeing your config at least the wirguard settings, impossible to comment one way or the other. Are you using BTH settings or just normal wireguard settings. If the former would need to see snapshot of BTH settings and config part of wireguard etc......... of relevant MT devices. (and wiregua...
by anav
Mon Oct 28, 2024 5:19 pm
Forum: General
Topic: Mikrotik router should connect to Opnsense via WG.
Replies: 8
Views: 373

Re: Mikrotik router should connect to Opnsense via WG.

Full config of MT
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )

For opensense, the wireguard settings and any applicable firewall rules and routing rules ( with the same caveats as above. )
by anav
Mon Oct 28, 2024 5:15 pm
Forum: General
Topic: 2 x Mikrotik CRS326-24G-2S+RM, one as router, other as a switch
Replies: 8
Views: 388

Re: 2 x Mikrotik CRS326-24G-2S+RM, one as router, other as a switch

I want to use one as the main router and the other as a regular switch, creating an uplink between the two via the SFP port. Is this possible? Sure you want to have a switch act as a router? What WAN-LAN throughput do you require? Expect about 250-350 Mbps throughput on the WAN side, using filter r...
by anav
Mon Oct 28, 2024 2:36 am
Forum: General
Topic: Wireguard Tunnel
Replies: 3
Views: 259

Re: Wireguard Tunnel

When you have made some progress and need some assistance, post both configs /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. ) Finally, I really recommend, as a first step, take one port OFF the bridge and give it its own IP address such as 192.168.5...
by anav
Mon Oct 28, 2024 1:23 am
Forum: General
Topic: Port Forwarding FROM CHR [SOLVED]
Replies: 9
Views: 508

Re: Port Forwarding FROM CHR [SOLVED]

" But the price to pay for this simplicity is the loss of information about the actual source IP address of the incoming requests - in some cases this doesn't matter, in some cases it is a show stopper . Why not simply log the users hitting the port forwarding rule on the CHR to fulful the admi...
by anav
Mon Oct 28, 2024 1:09 am
Forum: General
Topic: EMULATING peplink BONDING with RoS
Replies: 3
Views: 504

Re: EMULATING peplink BONDING with RoS

I am in your camp, this is nothing more than automating some tunnels (I would use eoip and wireguard myself) over and using OSPF BDF functionality to ensure smoothest transition between WANS links to a common CHR cloud access to the internet. The additional bit is that there concern is not transpare...
by anav
Mon Oct 28, 2024 1:01 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

As for the TP link switch is configured incorrectly but you left out some of the other TP link config screens to confirm either way??? The single or bonded ports on the router /interface bridge ports add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=ether3 ( or bon...
by anav
Mon Oct 28, 2024 12:04 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 34
Views: 2071

Re: How to Pass all traffic into WireGuard Cloudflare ?

On accessing the router by IP address....... do you mean using winbox, I always use macaddress for the very simple reason its easier and available and just need to click on it. If I use IP address I have to actually physically type in the IP address and remember also the winbox port ( one of the fir...
by anav
Sun Oct 27, 2024 6:36 pm
Forum: General
Topic: Wireguard Tunnel
Replies: 3
Views: 259

Re: Wireguard Tunnel

You are golden! Two MT routers can be used to provide a single wireguard VPN tunnel providing as much subnet connectivity you desire. Through the use of allowed IP settings at both ends, one delineates what can enter and exit tunnels at the local device, add to that more granularity via firewall rul...
by anav
Sun Oct 27, 2024 5:42 pm
Forum: Beginner Basics
Topic: Wireless AP and Router on different subnets - imperfect communication
Replies: 3
Views: 254

Re: Wireless AP and Router on different subnets - imperfect communication

Second MKx's comment. The router can handle all DHCP and routing traffic for all clients.
The Ap should simply act as an AP switch......... what are we missing out of your scenario???
by anav
Sun Oct 27, 2024 5:37 pm
Forum: Beginner Basics
Topic: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]
Replies: 60
Views: 3220

Re: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]

The onus of the ISP provider is to ensure the difference of their device in bridged mode or Router mode is crystal clear. Using doublenat, should have no significant slow down in traffic so there is no downside other than a slightly more complicated setup on the MT and possibly the need to forward p...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 73