Community discussions

MikroTik App

Search found 21524 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 72
by anav
Wed Nov 06, 2024 5:52 am
Forum: Beginner Basics
Topic: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+
Replies: 4
Views: 152

Re: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+

If you are not using vlans why do you need a ccr2004 and a csr328 ??? Its like buying a ferrari, to simply drive your kids to school in a 15mph zone.
by anav
Wed Nov 06, 2024 12:55 am
Forum: Beginner Basics
Topic: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+
Replies: 4
Views: 152

Re: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+

There should be no need to use a bridge on the router for the WAN connection on a single port. Also assuming your using vlans did you read this guide....... ------> https://forum.mikrotik.com/viewtopic.php?t=143620 Post your confiig for both devices. /export file=anynameyouwish ( minus device serial...
by anav
Wed Nov 06, 2024 12:30 am
Forum: Beginner Basics
Topic: Route Wireguard traffic through specific WAN interface [SOLVED]
Replies: 14
Views: 6727

Re: Route Wireguard traffic through specific WAN interface [SOLVED]

well cannot read your mind, if you need an explanation or help.
draw a diagram
describe the wan situation
provide the complete config minus sensitive information
by anav
Wed Nov 06, 2024 12:24 am
Forum: Beginner Basics
Topic: hAP AC - Setup repeater with partial wireguard traffic
Replies: 6
Views: 608

Re: hAP AC - Setup repeater with partial wireguard traffic

No worries, the only automagic created routes are those from the IP address part of the config.
Or if you have selected use default route in IP DHCP Client settings.
by anav
Wed Nov 06, 2024 12:21 am
Forum: General
Topic: wAP coverage -- picture included
Replies: 26
Views: 884

Re: wAP coverage -- picture included

Sweet!
by anav
Tue Nov 05, 2024 11:31 pm
Forum: General
Topic: VLAN PROBLEM
Replies: 6
Views: 267

Re: VLAN PROBLEM

I would go further, your config is so confused its a wonder anything works. Certainly it does not seem you have read the vlan bible ---> https://forum.mikrotik.com/viewtopic.php?t=143620 as your /interface bridge vlans are nonsensical! As noted above, it incomprehensible that you assign different su...
by anav
Tue Nov 05, 2024 10:09 pm
Forum: General
Topic: wAP coverage -- picture included
Replies: 26
Views: 884

Re: wAP coverage -- picture included

What did your research find............. I would hazard a guess that dual band antennas need four connectors, so the best you can hope for is single band sector antennas.
by anav
Tue Nov 05, 2024 2:59 pm
Forum: Beginner Basics
Topic: Why is there no decent security on FTP Server on MK?
Replies: 20
Views: 538

Re: Why is there no decent security on FTP Server on MK?

MT does not deal in file services, that is the realm of FTP program or the operating OS, windows, mac etc............ and where it should reside.
by anav
Tue Nov 05, 2024 2:57 pm
Forum: Beginner Basics
Topic: Problem with failover to backup ISP
Replies: 8
Views: 268

Re: Problem with failover to backup ISP

Confusing words............ Lookiing at your config......... /ip dhcp-client add add-default-route=no comment=defconf interface=ether1 add add-default-route=no comment=backup interface=ether2 a. based on the above, the router didnt create any default routes. b. if they had created them, they dont sh...
by anav
Tue Nov 05, 2024 2:20 pm
Forum: Beginner Basics
Topic: Why is there no decent security on FTP Server on MK?
Replies: 20
Views: 538

Re: Why is there no decent security on FTP Server on MK?

Security on FTP is baked into whatever FTP software you are using in other words did you mean SFTP ??? ( and even SSH isnt the greatest protocol )
As noted plain FTP or hosting game servers these days is actually a dumb idea, begging to be hacked and will be hacked.
by anav
Tue Nov 05, 2024 2:17 pm
Forum: Beginner Basics
Topic: Problem with failover to backup ISP
Replies: 8
Views: 268

Re: Problem with failover to backup ISP

You have too many routes LOL /ip route add check-gateway=ping comment=ISP1 dst-address=0.0.0.0/0 gateway=8.8.8.8 routing-table=main scope=10 target-scope=12 add dst-address=8.8.8.8/32 gateway=192.168.100.100 routing-table=main scope=10 target-scope=11 ++++++++++++++++++++ add check-gateway=ping dist...
by anav
Tue Nov 05, 2024 2:10 pm
Forum: Beginner Basics
Topic: how to connect to site to site vpn from back to home vpn
Replies: 3
Views: 203

Re: how to connect to site to site vpn from back to home vpn

The answer to your dilemma is easy. REMOVE any back to home nonsense. Since you have public IPs at the MT, you use NORMAL wireguard. All your remote devices will connect to the MT Router without issue using normal wireguard. You will then be more able to move the incoming wireguard users into the VP...
by anav
Tue Nov 05, 2024 2:06 pm
Forum: Beginner Basics
Topic: Load balancing from the same ISP
Replies: 7
Views: 200

Re: Load balancing from the same ISP

Based on the first point you have two choices. - Max 1gb bridged connection, MT gets the public IP. - Max 4x1gb connection ( four lan ports, into four WAN ports on MT) you get 4gb total throughput via private IPs from ISP modem/router. As noted you dont have the right router to handle this load........
by anav
Tue Nov 05, 2024 1:59 pm
Forum: General
Topic: Wireguard peer responder clarification
Replies: 15
Views: 1163

Re: Wireguard peer responder clarification

Well then, its very confusing........... on that we can agree.
by anav
Tue Nov 05, 2024 4:28 am
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 7
Views: 336

Re: VLANs - there has to be a simpler way!

Assuming your home subnet is 192.168.10.0/24 and is identified as vlan10 and the guest network is identified as vlan20. The IP address given to the cap is 192.168.10.5 cap /interface bridge add ingress-filtering=no name=bridgecap vlan-filtering=no /interface ethernet set [ find default-name=ether2 ]...
by anav
Tue Nov 05, 2024 4:11 am
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 7
Views: 336

Re: VLANs - there has to be a simpler way!

Interesting advice on the avoidance of learning how to use vlans.....................

Post both configs
/export file=anynameyouwish ( minus router serial number, any public WANIP info, keys etc.)

PS, there are no firewall rules on my cap with vlans.
by anav
Tue Nov 05, 2024 12:10 am
Forum: General
Topic: wAP coverage -- picture included
Replies: 26
Views: 884

Re: wAP coverage -- picture included

Yup, not a wifi techie, so sure you have to ensure compatibility of antenna with available connectors. Who woulda thunk it.......... an antenna with two connectors.................... I must be clairvoyant.......... https://mikrotik.com/product/mant_lte_5o The only advantage of europe is that they h...
by anav
Tue Nov 05, 2024 12:08 am
Forum: Beginner Basics
Topic: VLAN assignments by DHCP ARP table on a single hAP ax³ home network
Replies: 1
Views: 105

Re: VLAN assignments by DHCP ARP table on a single hAP ax³ home network

Here is the bible on assigning vlans - https://forum.mikrotik.com/viewtopic.php?t=143620 Easiest approach in the forward chain of firewall rules is to put a drop all else rule at the end and then above that you only need to add traffic you want to ALLOW/ACCEPT, after the default rules but before the...
by anav
Mon Nov 04, 2024 11:51 pm
Forum: Beginner Basics
Topic: From old AirPort Express to cAP
Replies: 5
Views: 569

Re: From old AirPort Express to cAP

As was stated, we understand your request, the problem is you dont understand how basic networking functions.............. If you want all to be on the same network........... then do the following. Otherwise, suggesting on the main router to create a separate subnet, best done through vlans. /inter...
by anav
Mon Nov 04, 2024 11:33 pm
Forum: General
Topic: wAP coverage -- picture included
Replies: 26
Views: 884

Re: wAP coverage -- picture included

First ---> Decide if you want OMNI antennal (360deg), sector antenna 90/110/120/140 degrees, point to point antenna ( narrow sector) Second --> Figure out what type of connectors does the device have............... Third --> Google BEST wifi/wisp antennas 2024, with connectors of type Y, with sector...
by anav
Mon Nov 04, 2024 10:01 pm
Forum: General
Topic: hAP AC2 Smart TV issues
Replies: 9
Views: 5436

Re: hAP AC2 Smart TV issues

Clearly MT devices know that too much TV is not good for your brain...... read more, buy more books, on how to config the MT devices LOL
by anav
Mon Nov 04, 2024 9:21 pm
Forum: General
Topic: Wireguard peer responder clarification
Replies: 15
Views: 1163

Re: Wireguard peer responder clarification

Why would the server keep trying to contact the peer client if its gone. There may be some attempt to establish communications to pass on lets say a new WANIP in a the normal wireguard but in BTH, the controlling entity is wireguard cloud relay. If both sides are not talking to the relay the connect...
by anav
Mon Nov 04, 2024 9:09 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 804

Re: Connecting Two Remote Locations Without Public IP

I think I was specific enough AMMO, I asked already if the ISP devices got public IPs themselves and also if they could port forward to his MT routers from them. Even if you could dyndns, if no port forwarding you would be poop out of luck :-) However its worth it to double check as the response to ...
by anav
Mon Nov 04, 2024 9:06 pm
Forum: Beginner Basics
Topic: hAP ac2 - help me make it into a simple managed switch please
Replies: 11
Views: 449

Re: hAP ac2 - help me make it into a simple managed switch please

No idea I always turn off all services except winbox and sometimes ssh.
by anav
Mon Nov 04, 2024 9:01 pm
Forum: General
Topic: Merging 2 providers to increase network speeds [SOLVED]
Replies: 4
Views: 214

Re: Merging 2 providers to increase network speeds [SOLVED]

Dont feel bad, I am more than 5x your age and I wouldnt attempt the bogus advice either!!
by anav
Mon Nov 04, 2024 8:59 pm
Forum: General
Topic: VLAN PROBLEM
Replies: 6
Views: 267

Re: VLAN PROBLEM

Diagram of network please, as your explanation sheds no light.
Config of MT device
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys)
by anav
Mon Nov 04, 2024 8:57 pm
Forum: General
Topic: Issue: Dual WAN Routing for HTTPS Access with Connection Mark and NAT Challenges
Replies: 4
Views: 192

Re: Issue: Dual WAN Routing for HTTPS Access with Connection Mark and NAT Challenges

Last chance, bud, I asked specific questions............ still not answered.
Also if you want answers, need complete config only, not bits please, as all is connected!

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
by anav
Mon Nov 04, 2024 8:52 pm
Forum: General
Topic: Problème de routage inter-VLAN avec OSPF et firewall sous RouterOS : besoin d’aide pour une segmentation avancée
Replies: 3
Views: 460

Re: Problème de routage inter-VLAN avec OSPF et firewall sous RouterOS : besoin d’aide pour une segmentation avancée

Hello everyone, I'm having a problem with implementing inter-VLAN routing and securing communications between multiple VLANs on a corporate network using RouterOS. I have configured OSPF to allow dynamic routing between multiple routers, but some VLANs still fail to communicate as expected. Here's t...
by anav
Mon Nov 04, 2024 8:49 pm
Forum: General
Topic: Wireguard peer responder clarification
Replies: 15
Views: 1163

Re: Wireguard peer responder clarification

There is no need to indicate responder in normal wireguard. It should a term only used in BTH, if thats where its coming up?? As per the documentation all the extra fields not normally used....... Used for the client-server setup scenario, when the configuration is imported using a qr code for a cli...
by anav
Mon Nov 04, 2024 4:21 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 804

Re: Connecting Two Remote Locations Without Public IP

@holvoetn
Adding
- Wireguard using ddns ( done it for years)
- Mikrotik's own BTH ( made for such purposes)
Really??
Show me how to use DDNS on a non-public IP scenario (behind an ISP router as well.
Always looking to learn new tricks.
by anav
Mon Nov 04, 2024 4:20 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 804

Re: Connecting Two Remote Locations Without Public IP

Hi Monty, Yes depending upon MT device, even if you dont have any public IPs, you can use BTH to connect single devices to your MT router. BTH will NOT provide new HEx router to new HEx router connection over wireguard. Only single devices like phones and laptops to either one of the two. TWO option...
by anav
Mon Nov 04, 2024 4:14 pm
Forum: General
Topic: New static route
Replies: 4
Views: 214

Re: New static route

Changing requirements when asking for assistance is not a good thing. A. provide a network diagram of what you would like to achieve with as much detail as possible. B. provide current config /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. ) C. provi...
by anav
Mon Nov 04, 2024 2:18 pm
Forum: Beginner Basics
Topic: hAP ac2 - help me make it into a simple managed switch please
Replies: 11
Views: 449

Re: hAP ac2 - help me make it into a simple managed switch please

The last question is easiest ................ imagine someone connecting to your router via its mac address only? Is that acceptable? No, the only access via mac address should be via winbox since its encrypted. Now if one doesnt change default winbox port, cant help that. Not perverted and probably...
by anav
Mon Nov 04, 2024 2:13 pm
Forum: General
Topic: Issue: Dual WAN Routing for HTTPS Access with Connection Mark and NAT Challenges
Replies: 4
Views: 192

Re: Issue: Dual WAN Routing for HTTPS Access with Connection Mark and NAT Challenges

What is not clear to me, is if you are connecting to the https Router provided service?
OR
Do you mean connecting to an HTTPS server you have on the LAN?
(if so are connections coming in on two different wans, going to the same LAN Https server ???)
by anav
Mon Nov 04, 2024 2:09 pm
Forum: General
Topic: Looking to upgrade
Replies: 4
Views: 198

Re: Looking to upgrade

Good point mkx! If you need assistance in slow time to changeover to vers7 let me know And this is why anav is the GOAT. He might be brisk. He might be bristly. But he routinely goes above and beyond to help others find their way in the Mikrotik ecosystem. Now if we could only do something about the...
by anav
Mon Nov 04, 2024 1:59 pm
Forum: General
Topic: Port Forward Not working on a bridged isp router
Replies: 5
Views: 197

Re: Port Forward Not working on a bridged isp router

Not really, your router will get hacked eventually without any firewall rules to speak of. You should unplug the router from the internet until you fix the rules. Default rules are a good start. /ip firewall filter add action=accept chain=input connection-state=established,related,untracked add acti...
by anav
Mon Nov 04, 2024 3:33 am
Forum: General
Topic: Looking to upgrade
Replies: 4
Views: 198

Re: Looking to upgrade

I have a similar device running on version 7.
The best bet is to take one port off the bridge give it an IP address and then you can access the config safely from your laptop or PC, set IPV4 settings to match.
If you need assistance in slow time to changeover to vers7 let me know
by anav
Sun Nov 03, 2024 7:46 pm
Forum: Beginner Basics
Topic: hAP ac2 - help me make it into a simple managed switch please
Replies: 11
Views: 449

Re: hAP ac2 - help me make it into a simple managed switch please

/interface bridge add ingress-filtering=no name=bridgeSwitch vlan-filtering=no /interface list add name=TRUSTED /interface bridge port add bridge=bridgeSwitch interface=ether1 add bridge=bridgeSwitch interface=ether2 add bridge=bridgeSwitch interface=ether3 add bridge=bridgeSwitch interface=ether4 ...
by anav
Sun Nov 03, 2024 7:34 pm
Forum: General
Topic: Port Forward Not working on a bridged isp router
Replies: 5
Views: 197

Re: Port Forward Not working on a bridged isp router

1. Whats with the three POOLS, one is a duplicate, remove it! and the other seems to have no purpose?? add name=dhcp_pool1 ranges=192.168.100.15-192.168.100.240 ????????? 2. Dont name your bridge LAN, the LAN is already used by the router as the common interface describing all Subnets. USE name=Brid...
by anav
Sun Nov 03, 2024 7:22 pm
Forum: General
Topic: Port Forward Not working on a bridged isp router
Replies: 5
Views: 197

Re: Port Forward Not working on a bridged isp router

If you are trying to view your webserver via the WANIP of your router instead of the LANIP of the server, then likely its your confiig that is not valid for that access and needs to be fixed.
In some routers this is called nat loopback.
by anav
Sun Nov 03, 2024 4:32 pm
Forum: General
Topic: WireGuard Setup and Connectivity Issues
Replies: 7
Views: 306

Re: WireGuard Setup and Connectivity Issues

MAIN PROBLEM Is R1 is configured very strangely. Configure it the same as R2, in terms of being a router, not a switch.
Use WAN and LAN interfaces and a fixed IP address or IP DHCP client, on or the other.
Do not use bridge to get WANIP..................
by anav
Sun Nov 03, 2024 4:28 pm
Forum: General
Topic: WireGuard Setup and Connectivity Issues
Replies: 7
Views: 306

Re: WireGuard Setup and Connectivity Issues

Remove all 0.0.0.0/0 in allowed-ips Okay you mean for R1, YES, my mistake for R1 this is GOOD advice.. R1 Allowed IPs should be: /interface wireguard peers add allowed-address=10.10.10.2/32,192.168.88.0/24 interface=\ wireguard1 name=R2 public-key=\ "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
by anav
Sun Nov 03, 2024 3:56 pm
Forum: General
Topic: WireGuard Setup and Connectivity Issues
Replies: 7
Views: 306

Re: WireGuard Setup and Connectivity Issues

ON R2, what is the purpose of this route? /ip route add dst-address=192.168.0.0/24 gateway=10.10.10.1 If your intent is to be able to reach the remote subnet at R1 then suggest: add dst-address=192.168.0.0/24 gateway=wireguard1 table=main There are no firewall rules on R2, so nothing is blocked........
by anav
Sun Nov 03, 2024 3:53 pm
Forum: General
Topic: WireGuard Setup and Connectivity Issues
Replies: 7
Views: 306

Re: WireGuard Setup and Connectivity Issues

@mantouboji Well the OP wants his user on R2 to be able to use the internet on R1, so why do you think 0.0.0.0/0 is wrong???? edit: I see now you were referring to R1!! Actually 0.0.0.0/0 is the only entry that is required in allowed IP on the peer client Router (R2). 0.0.0.0/0 means basically all ...
by anav
Sun Nov 03, 2024 2:03 pm
Forum: General
Topic: WireGuard Setup and Connectivity Issues
Replies: 7
Views: 306

Re: WireGuard Setup and Connectivity Issues

1. Ensure the MTU is the same on both routers and I think the default settiing 1420? would be the best starting point. 2. On the client peer router (RB) ONLY, try two different mangling setups. One of the two should work. If both dont, then start adjusting mtu with one of the rules ( keeping both th...
by anav
Sat Nov 02, 2024 11:38 pm
Forum: General
Topic: Port forwarding not working in lan
Replies: 5
Views: 255

Re: Port forwarding not working in lan

Change the first NAT rule, the hairpin nat rule, to this.
add chain=srcnat action=masquerade src-address=192.168.0.0/24 dst-address=192.168.0.0/24
by anav
Sat Nov 02, 2024 11:17 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

Since ether4 works, suspect the switch may be the culprit.

Reviewing the latest config....
by anav
Sat Nov 02, 2024 11:12 pm
Forum: General
Topic: Port forwarding not working in lan
Replies: 5
Views: 255

Re: Port forwarding not working in lan

I only comment on complete configs........... Glad its working for you now.
by anav
Sat Nov 02, 2024 11:11 pm
Forum: General
Topic: Wireguard interface in wan and lan list
Replies: 7
Views: 306

Re: Wireguard interface in wan and lan list

I suspect your config is sub-optimal as those config lines have nothing to do with VPN.
by anav
Sat Nov 02, 2024 10:10 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

Please post the current config for review.
by anav
Sat Nov 02, 2024 9:16 pm
Forum: General
Topic: Wireguard interface in wan and lan list
Replies: 7
Views: 306

Re: Wireguard interface in wan and lan list

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys )
by anav
Sat Nov 02, 2024 9:04 pm
Forum: Beginner Basics
Topic: Can't access device in different VLAN
Replies: 1
Views: 156

Re: Can't access device in different VLAN

Typically one posts there config here directly, nobody likes going to different websites in general, as there are risks....... Just use notepadd++ and edit out stuff, then paste here and use the code block above ( black square with white rectangular brackets ) No sense mixing apples and oranges........
by anav
Sat Nov 02, 2024 9:01 pm
Forum: Beginner Basics
Topic: WireGuard or OpenVPN [SOLVED]
Replies: 37
Views: 5418

Re: WireGuard or OpenVPN [SOLVED]

Much better just to move to Europe :-) No idea!
by anav
Sat Nov 02, 2024 9:00 pm
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 15
Views: 1019

Re: How to block camera from being accessed from WAN? [SOLVED]

Then if on a different subnet (vlan ) with permissions to the camera, it would normally work. I suspect that cameras are hard wired internally to only respond to requests from the same LAN, its not a mikrotik issue. The only thing I can recommend is to assign yourself a static dhcp lease on the iot ...
by anav
Sat Nov 02, 2024 4:41 pm
Forum: Beginner Basics
Topic: how to connect to site to site vpn from back to home vpn
Replies: 3
Views: 203

Re: how to connect to site to site vpn from back to home vpn

So, to get this straighy, a. the mikrotik router does NOT have a public IP nor does the ISP router its connected to, or if the ISP router does, but you are unable to forward ports on this ISP router. I am asking but you state wireguard connection for MAC not back to home, or did you mean the same th...
by anav
Sat Nov 02, 2024 4:38 pm
Forum: Beginner Basics
Topic: Help with setting up my first Mikrotik
Replies: 5
Views: 319

Re: Help with setting up my first Mikrotik

Did you post frequently on zyxel forums like eons ago LOL
by anav
Sat Nov 02, 2024 3:22 pm
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 15
Views: 1019

Re: How to block camera from being accessed from WAN? [SOLVED]

If you are blocking the Cameras access to the internet it makes sense no APP will find them as the APP is probably designed to go to the cloud server and then down to the camera and not for local access direct. You would have to need access the camera directly by its LANIP somehow...... maybe on a P...
by anav
Sat Nov 02, 2024 3:20 pm
Forum: Beginner Basics
Topic: Separate internet while using 3 modems
Replies: 12
Views: 566

Re: Separate internet while using 3 modems

Folder sharing sounds like a windows problem. With Mikrotik we can deal in subnets and IP addresses mostly.
by anav
Sat Nov 02, 2024 3:17 pm
Forum: Beginner Basics
Topic: Can Ping websites. No internet when trying to access
Replies: 4
Views: 218

Re: Can Ping websites. No internet when trying to access

Impossible without knowing what the requirements are ( with no mention of config )
a. identify users
b. identify what traffic they need to execute.
by anav
Sat Nov 02, 2024 3:16 pm
Forum: General
Topic: No internet access Ros 7.16.1 (3 ISP)
Replies: 1
Views: 126

Re: No internet access Ros 7.16.1 (3 ISP)

multiple posts....... ---> follow thread here viewtopic.php?t=212230
by anav
Sat Nov 02, 2024 3:14 pm
Forum: General
Topic: Wireguard interface in wan and lan list
Replies: 7
Views: 306

Re: Wireguard interface in wan and lan list

The documentation is not HOW to setup your router for all situations, its simply for a given scenario this is an option. So I tried to elicit the scenario you are dealing with to apply applicable rules............ Suggest you ignore the documentation and understand each line on the config and what i...
by anav
Sat Nov 02, 2024 1:45 am
Forum: General
Topic: Controversal - MikroTik state of technology
Replies: 11
Views: 597

Re: Controversal - MikroTik state of technology

Well its equally arrogant to think Europe is the centre of the Universe...... Of course its Canada but thats another discussion.
Suffice to say, it was an emotional short sighted statement that was a waste of carbon 1s and 0s.
by anav
Sat Nov 02, 2024 1:43 am
Forum: Beginner Basics
Topic: Stuck on device to vlan assignment principles
Replies: 10
Views: 394

Re: Stuck on device to vlan assignment principles

Or sit at your computer on the couch and order it online. Lots of sources for the CSS106-5G-1S I mentioned earlier.
Geez, I thought every one from Cali, had a fitbitch watch and was counting steps LOL
by anav
Sat Nov 02, 2024 1:29 am
Forum: Beginner Basics
Topic: 2 WAN loadbalancing configuration
Replies: 1
Views: 144

Re: 2 WAN loadbalancing configuration

Lets get some clarity. You are going to keep the two ISP modems and ISP routers in place. They will each provide their own private LAN like 192.168.1.0/24 and 192.168.2.0/24 You will assign a fixed private IP on each ISP router and will use that as the WANIP for the hex, WAN1 and WAN2 ++++++++++++++...
by anav
Sat Nov 02, 2024 1:21 am
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 15
Views: 1019

Re: How to block camera from being accessed from WAN? [SOLVED]

Please explain, "cannot access cameras from local net" ???
Do you mean you cannot view cameras in t he 10.1.3.0/24 subnet from your PC in the 10.1.1.0/24 subnet ??

Please post latest complete config!!
by anav
Sat Nov 02, 2024 1:14 am
Forum: Beginner Basics
Topic: Stuck on device to vlan assignment principles
Replies: 10
Views: 394

Re: Stuck on device to vlan assignment principles

In other words,s a 15 minute trip to staples or best buy, and 15 min back, and your done for the most part. TDW's route will lead to graying or loss of hair.
by anav
Fri Nov 01, 2024 11:46 pm
Forum: General
Topic: Controversal - MikroTik state of technology
Replies: 11
Views: 597

Re: Controversal - MikroTik state of technology

Yes, do pray tell, one must should have opinion on facts, vice rectal plucks.
by anav
Fri Nov 01, 2024 11:45 pm
Forum: General
Topic: Hairpin NAT not working
Replies: 11
Views: 745

Re: Hairpin NAT not working

Follow the bouncing ball..................... https://gregsowell.com/?p=4242 In a nutshell, when the router attempts to send the response from the local LAN member, without the sourcenat rule in place, the router will try to shortcut the response directly from the server to the LAN user ( as if the ...
by anav
Fri Nov 01, 2024 10:36 pm
Forum: Beginner Basics
Topic: Stuck on device to vlan assignment principles
Replies: 10
Views: 394

Re: Stuck on device to vlan assignment principles

I'm with K6................... simple managed switch or hex type device acting as a switch, send vlans from router to switch ( will need one for wall, leaving four different vlans could be served up)
by anav
Fri Nov 01, 2024 10:01 pm
Forum: General
Topic: Port forwarding not working in lan
Replies: 5
Views: 255

Re: Port forwarding not working in lan

1. Ensure port forwarding rule is more flexible, than the default rule.. Remove the current default forward chain rule that covers incoming from WAN and dstnat with a block rule, and Replace with add chain=forward action=accept comment="internet traffic" in-interface-list=LAN out-interface...
by anav
Fri Nov 01, 2024 9:54 pm
Forum: General
Topic: Wireguard interface in wan and lan list
Replies: 7
Views: 306

Re: Wireguard interface in wan and lan list

Nope, you need to better understand how wireguard works and what the interfaces on MT RoS are used for. So firstly are you connecting to a third party VPN server? If so, then generally speaking you will need to SOURCENAT all your LAN traffic heading in the directiion of the server to have ONE source...
by anav
Fri Nov 01, 2024 9:47 pm
Forum: General
Topic: Hairpin NAT not working
Replies: 11
Views: 745

Re: Hairpin NAT not working

Of course its not going to work, what did you forward to the LAN server (answer --> NOTHING ) no ports/protocol is delineated!! Then: 0 chain=srcnat action=masquerade out-interface=ether5[internet] log=no log-prefix="" 1 chain=srcnat action=masquerade src-address=10.10.42.0/24 dst-address=...
by anav
Fri Nov 01, 2024 5:45 pm
Forum: Beginner Basics
Topic: Is my firewall safe?
Replies: 8
Views: 495

Re: Is my firewall safe?

The firewall address list entries with LAN subnet IPs, should be set statically via DHCP leases.
by anav
Fri Nov 01, 2024 5:43 pm
Forum: General
Topic: Controversal - MikroTik state of technology
Replies: 11
Views: 597

Re: Controversal - MikroTik state of technology

So you have no issue that needs assistance in resolving............ moving on.
by anav
Fri Nov 01, 2024 2:42 pm
Forum: Beginner Basics
Topic: Is my firewall safe?
Replies: 8
Views: 495

Re: Is my firewall safe?

/ip firewall address-list add address=adminIP1-trustedsubnet/32 list= AUTHORIZED comment="admin device wired" add address=adminIP2-trustedsubnet/32 list=AUTHORIZED comment="admin device wifi" add address=wg0-IP1/32 list=AUTHORIZED comment="admin remote device1" add add...
by anav
Fri Nov 01, 2024 2:24 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 893

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Assuming this is the HOME ROUTER? /ip firewall address-list { set static DHCP leases where applicable } add address=192.168.88. A /32 list= AUTHORIZED comment="admin device wired" add address=192.168.88. B /32 list=AUTHORIZED comment="admin device wifi" add address=192.168.40.0/2...
by anav
Fri Nov 01, 2024 4:19 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

Also, what do you mean you cannot ping the subnets..........
Ping from where???

So the major changes are dstnat rules IP address is the remote address 172.16.0.1
and the IP DNS settings are simply
add server=1.1.1.1,1.0.0.1

Once we get everything working THEN we will do the failover changes!!!
by anav
Fri Nov 01, 2024 4:13 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

1. Confirm when you are surfing the net, the source is the home router IP??? aka through wireguard!! 1.Confirm cannot connect via winbox a. using wifi connection b. using ethernet4 if you changed the winbox port from default then you need to put in IPaddress:port# I always use mac address. 2. Change...
by anav
Fri Nov 01, 2024 1:27 am
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 804

Re: Connecting Two Remote Locations Without Public IP

Can you confirm that both sites dont have an ISP router with a public IP, where you can forward ports to your router?? Currently your best option is to pay for a cloud server ( $6 US a month ) and buy a CHR license from MT and put it on the server. This will connect all your router easily via wiregu...
by anav
Fri Nov 01, 2024 1:25 am
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 10
Views: 1385

Re: Issue with Wireguard - Connected but no traffic

As requested please post the latest configs of both devices.
by anav
Fri Nov 01, 2024 1:22 am
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 893

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

1. Yes the only folks that should have access in the input chain is the admin. The source address list is easy to maintain and allows the admin to identify all the LAN subnet IPs he has on any connected network as well as any wireguard IPs assigned to his/her devices. There are many places to contro...
by anav
Fri Nov 01, 2024 1:15 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

Post your latest config and please explain a bit more clearly what is NOT working yet .
by anav
Thu Oct 31, 2024 10:22 pm
Forum: Beginner Basics
Topic: Is my firewall safe?
Replies: 8
Views: 495

Re: Is my firewall safe?

Clearly you didnt ---> I followed this guide for VLANs: viewtopic.php?t=143620
Just check out your /interface bridge port settings LOL
by anav
Thu Oct 31, 2024 9:50 pm
Forum: Beginner Basics
Topic: Automatically divide customers into 4 internet lines equally
Replies: 17
Views: 1445

Re: Automatically divide customers into 4 internet lines equally

What I would do is /mangle connection marks for pcc WAN1 for user4 connection marks for pcc WAN2 for user4 connection marks for pcc WAN3 for user4 routing marks for pcc WAN1 for user4 routing marks for pcc WAN2 for user4 routing marks for pcc WAN3 for user4 /routing rules direct user1 to routing mar...
by anav
Thu Oct 31, 2024 8:43 pm
Forum: General
Topic: DUAL WAN into one connection use
Replies: 10
Views: 409

Re: DUAL WAN into one connection use

With two 200mb connection there should be no issues to both tsream and download, you may with to separate the two functions between the two WANs, such that you dont impact any attempts at streaming while you are downloading.
by anav
Thu Oct 31, 2024 8:27 pm
Forum: Beginner Basics
Topic: Sites connected with Wireguard but not able to access other hosts
Replies: 8
Views: 375

Re: Sites connected with Wireguard but not able to access other hosts

ROUTER A 1. Allowed IPs needs work ( the small change ensures that the remote admin can access this router from any location ) /interface wireguard peers add allowed-address=10.2.200 .0/24, 192.168.201.1/32 endpoint-address=\ <code> endpoint-port=59123 interface=wg-fs name=\ fs persistent-keepalive...
by anav
Thu Oct 31, 2024 7:40 pm
Forum: Beginner Basics
Topic: Double NAT with 2 WAN and wireguard
Replies: 11
Views: 599

Re: Double NAT with 2 WAN and wireguard

Sorry I cannot proceed because you continue to HIDE FACTS. a. why are there two wireguard interfaces on ATL and home, you only discussed one wireguard previously. b. its impossible to know which wireguard interface you are referring to in the configs because you CRAZILY hide the names, for some unkn...
by anav
Thu Oct 31, 2024 5:08 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 893

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Remember I need both latest snapshot of both devices to ensure they integrate. extra NAT should not be needed because we covers incoming traffic via allowed IPs and firewall rules. Due to the fact that your rules still need work is why......Once fixed the NAT rule will not be required. ( it also def...
by anav
Thu Oct 31, 2024 4:59 pm
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 10
Views: 453

Re: Trying to wrap my head around VLANs

KAL EYE 4RN EYE EH
I try to keep up with code/acronyms/etc., but huh???

BTW, K6, I'm a KC2
Its not code just a pronounciation schema.
Californicators are a tad odd. ;-)
by anav
Thu Oct 31, 2024 4:55 pm
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 10
Views: 1385

Re: Issue with Wireguard - Connected but no traffic

Please post the latest versions of each device.

1. Warning if you have not made suggested changes, I wont respond further
2. If you dont answer the questions asked, I wont respond further
by anav
Thu Oct 31, 2024 4:50 pm
Forum: General
Topic: I have problem with two internets and two intervlan.
Replies: 1
Views: 111

Re: I have problem with two internets and two intervlan.

You have started the conversation, that is important. A diagram helps to explain as the requirements need to be COMPLETE and CLEAR, before starting a config. It would appear you have two or more subnets/vlans in the mix. Any other subnets on the router, if so just make sure its a vlan too. Decide wh...
by anav
Thu Oct 31, 2024 4:37 pm
Forum: General
Topic: I have problem with two internets and two intervlan.
Replies: 1
Views: 122

Re: I have problem with two internets and two intervlan.

Please do not create duplicate posts, following this thread here ---> viewtopic.php?t=212172
by anav
Thu Oct 31, 2024 4:32 pm
Forum: General
Topic: Routing through two VPNs
Replies: 2
Views: 162

Re: Routing through two VPNs

Not sure, but i would use wireguard for all your VPN and drop the other two methods. Why do you need CHR if you have a public IP on the home router? If you do not, then the CHR makes sense and one can control all users accessing the home router via the VPN connection to the CHR. Additionally one cou...
by anav
Thu Oct 31, 2024 4:27 pm
Forum: General
Topic: RouterOS - Simple WireGuard Client Setup
Replies: 6
Views: 8662

Re: RouterOS - Simple WireGuard Client Setup

Sure. Think about it. The 3rd party VPN provider gives you ONE, a single IP address for wireguard. Therefore all traffic, coming from the MT, with source address that is NOT that single address will be dropped, when it shows up at the 3rd party peer Server. Similar to NAT, how all private LAN traffi...
by anav
Thu Oct 31, 2024 3:49 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 893

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Now will handle firewall rules separately. On the travel router......... we can basically (holding my nose) keep the existing defaults.. Dont make any firewall changes yet, as you need to decide which approach wrt to wireguard you will take. The below is notional, just to show you the direction head...
by anav
Thu Oct 31, 2024 3:29 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 893

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

The great thing about Wireguard is that you have many options. 1. Simplest approach because its easier only to change the single peer, since you have several others already tied to the .40 subnet. TRAVEL ROUTER add address=192.168.40.12/24 interface=wireguard network=192.168.40.0 { assuming .12 is w...
by anav
Thu Oct 31, 2024 1:30 pm
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 10
Views: 453

Re: Trying to wrap my head around VLANs

Yeah, k6 but your from KAL EYE 4RN EYE EH ................... freakish ;-))

There is logic and rules, it works, the reference is accurate.
by anav
Thu Oct 31, 2024 1:28 pm
Forum: Beginner Basics
Topic: Sites connected with Wireguard but not able to access other hosts
Replies: 8
Views: 375

Re: Sites connected with Wireguard but not able to access other hosts

Yes, please provide config for BOTH routers!! /export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc. ) Not a problem that one router is behind another router. First, which router is the peer SERVER for handshake?? ( the one with public IP address, or has an ...
by anav
Thu Oct 31, 2024 1:24 pm
Forum: Beginner Basics
Topic: Separate internet while using 3 modems
Replies: 12
Views: 566

Re: Separate internet while using 3 modems

AESMITH, you are being like a premature ej.......... Are all three modems from same provider, was wondering what backup functionality was needed if modem A stops working for example. If from same provider could assume no neeed for backup as if one goes down it probably means all three go down. Any p...
by anav
Thu Oct 31, 2024 1:16 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 893

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Well the two devices will never connect.............. two different subnets.......

HOME
add address=192.168.40.1/24 interface=wireguard network=192.168.40.0


TRAVEL
add address=172.16.16.1/24 interface=wireguard network=172.16.16.0
by anav
Thu Oct 31, 2024 1:10 pm
Forum: General
Topic: Cannot ping default gateway on one of WAN interfaces [SOLVED]
Replies: 10
Views: 396

Re: Cannot ping default gateway on one of WAN interfaces [SOLVED]

It almost sounds like you stole this router from someone else, seeing as you dont remember half the config on the thing ;-ppp Just kidding.
by anav
Thu Oct 31, 2024 2:50 am
Forum: Beginner Basics
Topic: Automatically divide customers into 4 internet lines equally
Replies: 17
Views: 1445

Re: Automatically divide customers into 4 internet lines equally

I will think about the best way to approach this. Either 6 mangles rules ( connection mark and routing mark ) sub1 to wan1 sub2 to wan2 sub3 to wan3 and then 6 PCC rules Sub4 connectiion mark and routing marks for wans 1,2,3 OR 6 PCC rules and 3 Routing Rules. With required ip routes and firewall ru...
by anav
Thu Oct 31, 2024 2:14 am
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 10
Views: 453

Re: Trying to wrap my head around VLANs

Best resource is here --> https://forum.mikrotik.com/viewtopic.php?t=143620 First mistake is mixing apples and oranges, once you have vlans, remove subnet from bridge so it does no dhcp, much less confusing. Bridge ports are wrong Not sure why you are even touching ethernet switch settings of any IL...
by anav
Thu Oct 31, 2024 2:05 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

Yes for the nth time get rid of this rule.
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new disabled=yes in-interface-list=WAN


Other than that not sure why its not working.
by anav
Thu Oct 31, 2024 1:39 am
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 15
Views: 1019

Re: How to block camera from being accessed from WAN? [SOLVED]

Well when you hide requirements expect an incomplete or incorrect answer............... Then we take a different approach ensuring IOT vlan is part of LAN interface list. /interface list member add interface=ether1_WAN list=WAN add interface=Home10 list=LAN add interface=Guest20 list=LAN add interfa...
by anav
Thu Oct 31, 2024 1:37 am
Forum: Beginner Basics
Topic: Looking for a good tutorial to learn about Network configuration
Replies: 2
Views: 184

Re: Looking for a good tutorial to learn about Network configuration

Check out The Network berg on Youtube Free Training --> https://www.youtube.com/watch?v=EX6QqHmbBpY&list=PLJ7SGFemsLl0ld4OrcnVBHg4kPk0Y2_Z9&pp=iAQB Check out MAICT (Maher Haddad) has paid courses ---> https://www.youtube.com/watch?v=Aok7lM3NuOw&list=PLnskIrDs6jFcO0wUpP_0Pe9CEq7KbX2Oe&...
by anav
Thu Oct 31, 2024 1:29 am
Forum: General
Topic: Cannot ping default gateway on one of WAN interfaces [SOLVED]
Replies: 10
Views: 396

Re: Cannot ping default gateway on one of WAN interfaces [SOLVED]

Well I suspect you have a plethora of issues. Not the least is the fact that you have no VLANs, but have tried to add an unneeded /interface bridge vlan entry ( which does show error) /interface bridge vlan add bridge= *46 tagged=ether5 untagged=ether1,ether2,ether3,ether4 vlan-ids="" Gene...
by anav
Thu Oct 31, 2024 1:13 am
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 893

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Okay understood, so you will alway wire the AP from etherport to your laptop etc. ( via ether2) Also need the export of the home router!! Not quite right /routing rule add action=lookup-only-in-table comment="enable local traffic" disabled=no \ table=main add action=lookup-only-in-table di...
by anav
Wed Oct 30, 2024 9:24 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 893

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

Just for my edification, Can you please describe where the device is getting WAN from. I understand it could be either WAN1 for a wired connection from hotel to the travel router either WLAN 2ghz for a wifi connection from hotel to travel router ( or to android phone acting as WAN ) either WLAN 5ghz...
by anav
Wed Oct 30, 2024 9:20 pm
Forum: General
Topic: DUAL WAN into one connection use
Replies: 10
Views: 409

Re: DUAL WAN into one connection use

Nice purchase!!
You will be happy with it..........
It will load balance your two WANS quite well, unless you supply all the fans at wembly stadium with service at the same time, you should be content with performance.
by anav
Wed Oct 30, 2024 7:28 pm
Forum: Beginner Basics
Topic: Not enough permissions? [SOLVED]
Replies: 17
Views: 860

Re: Not enough permissions? [SOLVED]

Have a copy of your config prior to being locked out??
/export file=anynameyouwish ( minus router serial number, any public WANIP info, keys)
by anav
Wed Oct 30, 2024 7:25 pm
Forum: General
Topic: Route all traffic through wireguard aka full tunnel [SOLVED]
Replies: 21
Views: 893

Re: Route all traffic through wireguard aka full tunnel [SOLVED]

HI there,should be very doable. The idea is that the travel router connects to a local internet connection and the private subnet traffic behind the router goes out wireguard instead of the local internet. The confusing bit is your WAN side, It would appear that you are a. using 2ghz chain to get in...
by anav
Wed Oct 30, 2024 7:03 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

1. Why are all your bridge ports disabled??? only ether4 should be disabled ( for now ) in any case cleaned up all....... Why is ether2 on the bridge at all, its one of the WAN ports right? Ether3 is a trunk port going to the TPLINK switch, it has no PVID. Lets fix it...... /interface bridge port ad...
by anav
Wed Oct 30, 2024 6:10 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

The good news is that you still can access the router ( hopefully via ether4 ) as you can provide a config. :-) Yes Sorry it should be four rules. add action=dst-nat chain=dstnat in-interface=home-vlan10 dst-port=53 protocol=udp to-address=172.16.0.1 add action=dst-nat chain=dstnat in-interface=home...
by anav
Wed Oct 30, 2024 4:59 pm
Forum: General
Topic: RouterOS 7 VLAN access problem on PPC architecture
Replies: 15
Views: 4028

Re: RouterOS 7 VLAN access problem on PPC architecture

Have supout bug reports been sent to MT, on these issues??
by anav
Wed Oct 30, 2024 4:57 pm
Forum: General
Topic: DUAL WAN into one connection use
Replies: 10
Views: 409

Re: DUAL WAN into one connection use

The quick answer is no, you need to have the same provider doing this through something called ISP bonding. If you want 400Mbps throughput pay for it and then a single session could access that speed. However, what you do have is a. redundancy, in that if ISPA, fails, you still maintain connectivity...
by anav
Wed Oct 30, 2024 4:49 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 1
Views: 202

Re: Port Forwarding

With a complex config like that you didnt have the decency to state which DSTNAT rules work and which didnt???? Why not!!!!
by anav
Wed Oct 30, 2024 4:42 pm
Forum: Beginner Basics
Topic: VPN traffic marking
Replies: 1
Views: 140

Re: VPN traffic marking

What is better is not to twist yourself into a pretzel about the config..... What you should do is communicate clearly your requirements a. identify users b. identify traffic they need ( for example LAN1 and LAN2 might need PCC, but LAn3 only WAN1, or a group of users or devices has specificity ) c....
by anav
Wed Oct 30, 2024 3:55 pm
Forum: Beginner Basics
Topic: Issues with hEX RB750Gr3 - VPN and Reconnect
Replies: 9
Views: 599

Re: Issues with hEX RB750Gr3 - VPN and Reconnect

Read this thread for example....
viewtopic.php?t=212140
by anav
Wed Oct 30, 2024 3:44 pm
Forum: Beginner Basics
Topic: What's wrong with my firewall rules? [SOLVED]
Replies: 9
Views: 530

Re: What's wrong with my firewall rules? [SOLVED]

If not actually using IPV6, what I recommend, is disabling it and removing all the associated firewall address lists and rules save add chain=input action=drop add chain=forward action=drop Yes, the firewall default filter rules are safe out of the box. They are basically designed to block the worst...
by anav
Wed Oct 30, 2024 3:41 pm
Forum: Beginner Basics
Topic: Hairpin NAT in v7.10
Replies: 4
Views: 270

Re: Hairpin NAT in v7.10

What does that have to to with the price of tea in China>>>>
by anav
Wed Oct 30, 2024 3:38 pm
Forum: Beginner Basics
Topic: Issues with hEX RB750Gr3 - VPN and Reconnect
Replies: 9
Views: 599

Re: Issues with hEX RB750Gr3 - VPN and Reconnect

The router is basically SAFE with the default rules the router comes with. That is the best starting place to learn from. Before making any changes, go through the config line by line and try to make sense of the purpose of each line. That is the start of the education process. In your case, its ver...
by anav
Wed Oct 30, 2024 3:45 am
Forum: Beginner Basics
Topic: What's wrong with my firewall rules? [SOLVED]
Replies: 9
Views: 530

Re: What's wrong with my firewall rules? [SOLVED]

It is always dropping traffic as there is much noise on the net, not to be concerned.
by anav
Wed Oct 30, 2024 3:41 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

Changes only BY the way your bridge ports were not adjusted, if you dont apply recommended changes we cannot progress, and note that taking ether4 off the bridge means NOT having it as bridge port! Also removed ref to powerline, your router doesnt have an extra powerline connection that I am aware o...
by anav
Tue Oct 29, 2024 10:30 pm
Forum: General
Topic: Help with WireGuard Client-to-Site VPN Setup
Replies: 1
Views: 170

Re: Help with WireGuard Client-to-Site VPN Setup

Remove your verbose config and replace with normal export

/export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc.)
by anav
Tue Oct 29, 2024 10:24 pm
Forum: Beginner Basics
Topic: What's wrong with my DNS settings? [SOLVED]
Replies: 4
Views: 330

Re: What's wrong with my DNS settings? [SOLVED]

In addition to the point above by elbob, either use that approach or the approach by infabo below. 1. Fix your IP address, mistakenly set to ether2 ( the default ). /ip address add address=192.168.1.1/24 interface =ether2 network=192.168.1.0 Should be: /ip address add address=192.168.1.1/24 interfac...
by anav
Tue Oct 29, 2024 9:18 pm
Forum: General
Topic: Wireguard Keeps trying to reconnect
Replies: 13
Views: 1953

Re: Wireguard Keeps trying to reconnect

Well your allowed IPs, on the SErver peer Router is not correct. /interface wireguard peers add allowed-address=192.168.55. 0/24 interface=wireguard_TB name=TB public-key=\ "xxxxxxXxxxXxXXXXXXxxxxXxXXxXXxXxXXXXXXXxxxX(client Public key)=" Each peer client should be detailed in a separate l...
by anav
Tue Oct 29, 2024 8:23 pm
Forum: Beginner Basics
Topic: Routing between VLANs on RB4011 [SOLVED]
Replies: 6
Views: 364

Re: Routing between VLANs on RB4011 [SOLVED]

Sorry my bad, I missed that for some reason.......old age :-)
by anav
Tue Oct 29, 2024 8:22 pm
Forum: Beginner Basics
Topic: Double NAT with 2 WAN and wireguard
Replies: 11
Views: 599

Re: Double NAT with 2 WAN and wireguard

This is like pulling teeth, How hard is it to use /export file=anynameyouwish in the Command Line tab>> Then use notepadd ++ to open it, remove router serial number, put in fake numbers for any public waninfo like 1.2.3.4, change keys to "======" Copy and paste here, and oh, dont forget to...
by anav
Tue Oct 29, 2024 7:20 pm
Forum: Beginner Basics
Topic: Mikrotik no longer handing IPs in reverse order?
Replies: 12
Views: 610

Re: Mikrotik no longer handing IPs in reverse order?

/export file=anynameyouwish ( minus router serial number, any public WANIP info, keys etc. )
by anav
Tue Oct 29, 2024 1:08 pm
Forum: Beginner Basics
Topic: Issues with hEX RB750Gr3 - VPN and Reconnect
Replies: 9
Views: 599

Re: Issues with hEX RB750Gr3 - VPN and Reconnect

You would be better off using wireguard which is native on the router ( assuming you have a public IP or the ISP router does and can forward ports to the hex ). 1. Why do you have two IP pools, and why do they overlap ??? 2. Recommend set this to NONE /interface detect-internet set detect-interface-...
by anav
Tue Oct 29, 2024 12:59 pm
Forum: Beginner Basics
Topic: Routing between VLANs on RB4011 [SOLVED]
Replies: 6
Views: 364

Re: Routing between VLANs on RB4011 [SOLVED]

What mkx is really stating that its rude not to provide the entire config so we actually have the facts to help.........
/export fiile=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
by anav
Tue Oct 29, 2024 12:54 pm
Forum: Beginner Basics
Topic: Double NAT with 2 WAN and wireguard
Replies: 11
Views: 599

Re: Double NAT with 2 WAN and wireguard

Please confirm EACH LINE 1. MAIN ROUTER is wireguard server peer for handshake Y/N 2. External www users should reach the server indirectly by contacting the main router which forwards that to the server via the wireguard tunnel Y/N 3. The pC hosting the server should, for all its other traffic need...
by anav
Tue Oct 29, 2024 12:50 pm
Forum: Beginner Basics
Topic: Hairpin NAT in v7.10
Replies: 4
Views: 270

Re: Hairpin NAT [can't figure it out]

Put hairpin nat in search (top right of page)
by anav
Tue Oct 29, 2024 4:39 am
Forum: General
Topic: Hairpin NAT not working
Replies: 11
Views: 745

Re: Hairpin NAT not working

To be clear, thats a nonsensical statement.
The chain is srcnat the action is masquerade for the 'normal' hairpin nat rule

add chain=srcnat action=masquerade dst-address=subnetofServer src-address=subnetofServer
by anav
Tue Oct 29, 2024 2:36 am
Forum: General
Topic: Hairpin NAT not working
Replies: 11
Views: 745

Re: Hairpin NAT not working

Dont be too lazy,
Select the search in the upper right, type in hairpin nat.
by anav
Tue Oct 29, 2024 2:28 am
Forum: General
Topic: 2 x Mikrotik CRS326-24G-2S+RM, one as router, other as a switch
Replies: 8
Views: 364

Re: 2 x Mikrotik CRS326-24G-2S+RM, one as router, other as a switch

Will the ports require POE? Total draw???
I would look at the 5009 and for switch, something cheap you can get off ebay.
Brocade, Aruba, Dell, HP, and more probably in the $150ish range.
by anav
Tue Oct 29, 2024 12:13 am
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 15
Views: 1019

Re: How to block camera from being accessed from WAN? [SOLVED]

To make this clear, These cameras can be accessed by you the admin from the LAN. They are designed to be accessible while away from home via the cloud. You want to stop them talking to the cloud. +++++++++++++++++++++++++++++++++++++++++++++ You didnt make it clear what is connected on each port, bu...
by anav
Mon Oct 28, 2024 10:59 pm
Forum: General
Topic: VLans over Hotspot server and PtP and PtMP Link
Replies: 3
Views: 415

Re: VLans over Hotspot server and PtP and PtMP Link

Best guide for vlans is: viewtopic.php?t=143620
by anav
Mon Oct 28, 2024 9:40 pm
Forum: Beginner Basics
Topic: Mikrotik hAP ax3 - slow download speed through wired connection
Replies: 6
Views: 1408

Re: Mikrotik hAP ax3 - slow download speed through wired connection

Your config looks pretty basic, so these are try it just in case, or normal things to do. 1. Change this to NONE /interface detect-internet set detect-interface-list= NONE 2. I noted that this config line is in red? Lets modify it. From: add action=masquerade chain=srcnat comment=https://help.mikrot...
by anav
Mon Oct 28, 2024 9:13 pm
Forum: Beginner Basics
Topic: How to block camera from being accessed from WAN? [SOLVED]
Replies: 15
Views: 1019

Re: How to block camera from being accessed from WAN? [SOLVED]

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
I know brits prefer pictures but us colonials need the detail.
by anav
Mon Oct 28, 2024 9:09 pm
Forum: Beginner Basics
Topic: Double NAT with 2 WAN and wireguard
Replies: 11
Views: 599

Re: Double NAT with 2 WAN and wireguard

Ahh thanks, so basically they are not physically connected. You want to use the Main router, which has a public IP for two reasons. a. wireguard server peer for handshake b. initial starting point for users on the WWW, to reach a server behind the LTE device ( aka server entry point ). Is it just on...
by anav
Mon Oct 28, 2024 8:09 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

This is correct until you add back in etherport 4, but lets get the rest of the config up and working first, all vlans, and wireguard working, then worry about bringing ether4 and lag/bond back up!!! /interface bridge ports add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged i...
by anav
Mon Oct 28, 2024 8:04 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

Your bridge diagram doesnt seem quite correct yet... However the config it came from would have been better to view. /export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc..) The IOT devices should not be a problem. The VPN should move to WAN2 in case of fail...
by anav
Mon Oct 28, 2024 7:55 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

Okay, I think I understand. All LAN traffic will go through VPN. VPN will use WAN1. If WAN1 goes down, you want only HOME users to be able to access WAN2 during this time. Please confirm that WAN2 traffic should also go out VPN for internet and not directly WAN2 to www. On the TPLINK Switch 1. VLANI...
by anav
Mon Oct 28, 2024 7:53 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 50
Views: 5213

Re: Newsletter #121 | October 2024

MKX you make some really good points.......... ensuring hardware choices dont bite in the ass, and not paying front end chip prices..........
by anav
Mon Oct 28, 2024 7:45 pm
Forum: Beginner Basics
Topic: VLAN Problem
Replies: 1
Views: 151

Re: VLAN Problem

Draw a network diagram.
State/identify the users on the network and the traffic they need, since its not clear why you need a vlan.
by anav
Mon Oct 28, 2024 7:44 pm
Forum: Beginner Basics
Topic: Double NAT with 2 WAN and wireguard
Replies: 11
Views: 599

Re: Double NAT with 2 WAN and wireguard

Just so I get this straight...

My question is why not simply make
ISP one into hex on port 1 as WAN1
ISP two into hex on port 2 (RT ATL) as WAN2

Hex ports 3 and 4 are LAN ports for all users/devices..
Hex hosts wireguard for externals users......
by anav
Mon Oct 28, 2024 5:40 pm
Forum: Beginner Basics
Topic: Issues with hEX RB750Gr3 - VPN and Reconnect
Replies: 9
Views: 599

Re: Issues with hEX RB750Gr3 - VPN and Reconnect

The fact that the PC rebooting resets their connection tells me that the issue is not with the routers connection to the internet as that is separate. However, what is clear is that your best bet is to buy UPS, if nothing else for your ISP modem and router to protect them from damage. The same goes ...
by anav
Mon Oct 28, 2024 5:36 pm
Forum: Beginner Basics
Topic: Automatically divide customers into 4 internet lines equally
Replies: 17
Views: 1445

Re: Automatically divide customers into 4 internet lines equally

Cannot until you decide which requirements are valid, a. per the diagram and the list I provided which was very clear 1u to w1, 2u to w2, 3u to w3, and hotspot users LB between WAN 1,2,3 OR b. the ambiguous --> best way to distribute the load among 3 Internet providers, aka you dont care ( 1,2,3 and...
by anav
Mon Oct 28, 2024 5:27 pm
Forum: General
Topic: Port Forwarding FROM CHR [SOLVED]
Replies: 9
Views: 480

Re: Port Forwarding FROM CHR [SOLVED]

Okay, sounds like you have it well in hand.
As to keep alive, ONLY the peer client for handshake ( the initiator of the conversation) requires persistent keep alive, the peer server for handshake does not.
by anav
Mon Oct 28, 2024 5:21 pm
Forum: General
Topic: Wireguard Keeps trying to reconnect
Replies: 13
Views: 1953

Re: Wireguard Keeps trying to reconnect

Without seeing your config at least the wirguard settings, impossible to comment one way or the other. Are you using BTH settings or just normal wireguard settings. If the former would need to see snapshot of BTH settings and config part of wireguard etc......... of relevant MT devices. (and wiregua...
by anav
Mon Oct 28, 2024 5:19 pm
Forum: General
Topic: Mikrotik router should connect to Opnsense via WG.
Replies: 8
Views: 347

Re: Mikrotik router should connect to Opnsense via WG.

Full config of MT
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )

For opensense, the wireguard settings and any applicable firewall rules and routing rules ( with the same caveats as above. )
by anav
Mon Oct 28, 2024 5:15 pm
Forum: General
Topic: 2 x Mikrotik CRS326-24G-2S+RM, one as router, other as a switch
Replies: 8
Views: 364

Re: 2 x Mikrotik CRS326-24G-2S+RM, one as router, other as a switch

I want to use one as the main router and the other as a regular switch, creating an uplink between the two via the SFP port. Is this possible? Sure you want to have a switch act as a router? What WAN-LAN throughput do you require? Expect about 250-350 Mbps throughput on the WAN side, using filter r...
by anav
Mon Oct 28, 2024 2:36 am
Forum: General
Topic: Wireguard Tunnel
Replies: 3
Views: 231

Re: Wireguard Tunnel

When you have made some progress and need some assistance, post both configs /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. ) Finally, I really recommend, as a first step, take one port OFF the bridge and give it its own IP address such as 192.168.5...
by anav
Mon Oct 28, 2024 1:23 am
Forum: General
Topic: Port Forwarding FROM CHR [SOLVED]
Replies: 9
Views: 480

Re: Port Forwarding FROM CHR [SOLVED]

" But the price to pay for this simplicity is the loss of information about the actual source IP address of the incoming requests - in some cases this doesn't matter, in some cases it is a show stopper . Why not simply log the users hitting the port forwarding rule on the CHR to fulful the admi...
by anav
Mon Oct 28, 2024 1:09 am
Forum: General
Topic: EMULATING peplink BONDING with RoS
Replies: 3
Views: 446

Re: EMULATING peplink BONDING with RoS

I am in your camp, this is nothing more than automating some tunnels (I would use eoip and wireguard myself) over and using OSPF BDF functionality to ensure smoothest transition between WANS links to a common CHR cloud access to the internet. The additional bit is that there concern is not transpare...
by anav
Mon Oct 28, 2024 1:01 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

As for the TP link switch is configured incorrectly but you left out some of the other TP link config screens to confirm either way??? The single or bonded ports on the router /interface bridge ports add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=ether3 ( or bon...
by anav
Mon Oct 28, 2024 12:04 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

On accessing the router by IP address....... do you mean using winbox, I always use macaddress for the very simple reason its easier and available and just need to click on it. If I use IP address I have to actually physically type in the IP address and remember also the winbox port ( one of the fir...
by anav
Sun Oct 27, 2024 6:36 pm
Forum: General
Topic: Wireguard Tunnel
Replies: 3
Views: 231

Re: Wireguard Tunnel

You are golden! Two MT routers can be used to provide a single wireguard VPN tunnel providing as much subnet connectivity you desire. Through the use of allowed IP settings at both ends, one delineates what can enter and exit tunnels at the local device, add to that more granularity via firewall rul...
by anav
Sun Oct 27, 2024 5:42 pm
Forum: Beginner Basics
Topic: Wireless AP and Router on different subnets - imperfect communication
Replies: 3
Views: 224

Re: Wireless AP and Router on different subnets - imperfect communication

Second MKx's comment. The router can handle all DHCP and routing traffic for all clients.
The Ap should simply act as an AP switch......... what are we missing out of your scenario???
by anav
Sun Oct 27, 2024 5:37 pm
Forum: Beginner Basics
Topic: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]
Replies: 60
Views: 3153

Re: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]

The onus of the ISP provider is to ensure the difference of their device in bridged mode or Router mode is crystal clear. Using doublenat, should have no significant slow down in traffic so there is no downside other than a slightly more complicated setup on the MT and possibly the need to forward p...
by anav
Sun Oct 27, 2024 5:26 pm
Forum: General
Topic: Port Forwarding FROM CHR [SOLVED]
Replies: 9
Views: 480

Re: Port Forwarding FROM CHR [SOLVED]

Technicalities aside............. Why would someone need to mangle SERVER traffic responses back out wireguard from a CHR connection. One simply sourcenats the original inquiries coming into the tunnel at the CHR and the responses flow back from the server no problem, no fuss. One reason I can come ...
by anav
Sun Oct 27, 2024 5:11 pm
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

The config was not intended for you to blindly copy and get into trouble, it was there to generate questions and discussions. Until you understand what I touched upon and answered the ambiguities and questions, there is no point in changing any of the config. In terms of making changes to the config...
by anav
Sun Oct 27, 2024 5:05 pm
Forum: General
Topic: Business case Mikrotik...
Replies: 6
Views: 742

Re: Business case Mikrotik...

Completely not affiliated or experienced with anything related to wisp, but to add: Starlink is just one medium, it may be feasible as a primary or backup link, like wisp or LTE connections. How to provide a redundant network to a home or community or a network within a home, a more complete solutio...
by anav
Sun Oct 27, 2024 5:03 pm
Forum: General
Topic: Port Forwarding FROM CHR [SOLVED]
Replies: 9
Views: 480

Re: Port Forwarding FROM CHR [SOLVED]

Firstly we are not in your head............ Which MT device is the peer Server for handshake and which MT entity is the peer Client for handshake??? You have to clarify the point in Green to me below.............it makes no sense. a. public IP on main HOME Router ( or have an IPS router that can for...
by anav
Sun Oct 27, 2024 3:04 am
Forum: Beginner Basics
Topic: 2 Mikrotiks, one switch, vlans
Replies: 2
Views: 280

Re: 2 Mikrotiks, one switch, vlans

Concur dont use vlan1. Decide on a managment or trusted vlan. All your smart devices should get their IP address from this vlan. on the hex the only vlan you identify (and tag) to the bridge is this trusted vlan. The rest just flow in the trunk port and go out the other ports ( as per /interface bri...
by anav
Sun Oct 27, 2024 3:02 am
Forum: Beginner Basics
Topic: so I can use cAP ax as my router?!?! [SOLVED]
Replies: 9
Views: 580

Re: so I can use cAP ax as my router?!?! [SOLVED]

Good point jaclaz, didnt notice before the routing speed at 25 filter rules just over 1gig. thanks!!!
by anav
Sun Oct 27, 2024 2:58 am
Forum: Beginner Basics
Topic: Best practice chaining routers
Replies: 4
Views: 286

Re: Best practice chaining routers

Why do you need two routers??
by anav
Sun Oct 27, 2024 2:56 am
Forum: Beginner Basics
Topic: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]
Replies: 60
Views: 3153

Re: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]

Yeah jaclaz that was way simpler than just using two vlans. ;-PP
by anav
Sun Oct 27, 2024 2:51 am
Forum: General
Topic: AmneziaWG in RouterOS?
Replies: 37
Views: 17776

Re: AmneziaWG in RouterOS?

yet another properitary shortlived VPN solution - no thanks.
sounds like a shortsighted opinion............. the concept has validity whether or not we will ever see a viable rendition is anyones guess.
by anav
Sun Oct 27, 2024 2:50 am
Forum: General
Topic: Multiple Vlan for ISP router
Replies: 5
Views: 317

Re: Multiple Vlan for ISP router

I would not make any promises on the MT product because its not the limiting factor. Sticking an unmanaged switch in-between is your issue, replace it with managed switch and then the MT is golden.
by anav
Sun Oct 27, 2024 2:47 am
Forum: General
Topic: RouterOS 7 WAN failover -- ARP?
Replies: 11
Views: 475

Re: RouterOS 7 WAN failover -- ARP?

Recursive has been the same for every sub version of version7, to my knowledge anyway.
by anav
Sat Oct 26, 2024 4:06 am
Forum: General
Topic: No fasttrack on HAP AX2 ?
Replies: 10
Views: 443

Re: No fasttrack on HAP AX2 ?

So its not needed for normal traffic then.........its a testing tracing tool support .........
by anav
Sat Oct 26, 2024 4:05 am
Forum: General
Topic: How to block YouTube effectively
Replies: 43
Views: 15319

Re: How to block YouTube effectively

Not with MT equipment, as stated you need to procure high end routers with IDS/IDP, and then pay for subscription services to use their de-encryption engines to look at https traffic etc...... Now reading above maybe that is not enough. I know on the enterprise stuff I use, its not accessible, so wi...
by anav
Sat Oct 26, 2024 3:57 am
Forum: General
Topic: How to Pass all traffic into WireGuard Cloudflare ?
Replies: 30
Views: 1708

Re: How to Pass all traffic into WireGuard Cloudflare ?

# model = RB941-2nD # serial number = # /interface bridge add admin-mac=# auto-mac=no comment=defconf \ ingress-filtering=no name=bridge port-cost-mode=short vlan-filtering=yes /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \ country=indonesia distance...
by anav
Sat Oct 26, 2024 1:05 am
Forum: General
Topic: Hung up problem in pppoe
Replies: 2
Views: 196

Re: Hung up problem in pppoe

Not enough information. a. what did you upgrade too? b. if version7 likely not all the config was able to be updated cleanly. suggest in this case copy your config from vers6, then netinstall a clean version 0f 7 onto the router and then manually add back in the config. Depending upon complexity, ak...
by anav
Sat Oct 26, 2024 12:32 am
Forum: General
Topic: No fasttrack on HAP AX2 ?
Replies: 10
Views: 443

Re: No fasttrack on HAP AX2 ?

Kleshki, one needs to actually read the OPs post, he stated that in the end he disabled the rule, so it should be no surprize to find it 'disabled'. I would tend to find other things'out of the ordinary' 1 - Being a DNS idiot, but this looks funny to me...... /ip dns set allow-remote-requests=yes us...
by anav
Fri Oct 25, 2024 11:03 pm
Forum: General
Topic: No fasttrack on HAP AX2 ?
Replies: 10
Views: 443

Re: No fasttrack on HAP AX2 ?

Sounds like a mis configuration perhaps....... however no facts, no comment.
by anav
Fri Oct 25, 2024 10:29 pm
Forum: Wireless Networking
Topic: WiFi Disconnect Issues with hAP ax² - Seeking Advice on Stable Version and Future Updates
Replies: 8
Views: 1114

Re: WiFi Disconnect Issues with hAP ax² - Seeking Advice on Stable Version and Future Updates

Did you disable wpa3 ???
By the way tis why I rely on TPLINK wifi, while practicing with ax wifi.
by anav
Fri Oct 25, 2024 10:27 pm
Forum: Beginner Basics
Topic: cAP X and 2 DHCP on one network
Replies: 13
Views: 628

Re: cAP X and 2 DHCP on one network

So your saying that the router provides two subnets for you to use. A. 192.168.1.1/24 and 192.168.2.1/24 OR gives you B. 192.168.1.2 for your device, and 192.168.1.3-192.168.1.254 for other users?? If A, how does the router pass you two subnets on one port?? Im assuming vlans or perhaps over two por...
by anav
Fri Oct 25, 2024 10:24 pm
Forum: Beginner Basics
Topic: DHCP Client on VLAN
Replies: 4
Views: 362

Re: DHCP Client on VLAN

1. Remove serial number from your posted config. 2. Dont get fancy with naming of bridge, spelled wrong anyway and ONLY ONE bridge is needed. 3. It is not clear. Is this device supposed to be a switch ( aka get vlans from upstream router and then distribute to users on ports )?? Is this device suppo...
by anav
Fri Oct 25, 2024 10:15 pm
Forum: General
Topic: VXLAN inside Wireguard MTU [SOLVED]
Replies: 3
Views: 320

Re: VXLAN inside Wireguard MTU [SOLVED]

From someone way smarter than me......... at least on MT stuff, and networking, and ..........

the answer is yes, the UDP + vxlan header + ethernet header occupy 50 bytes in total, so indeed if the MTU of the carrier interface (Wireguard) is 1420, the MTU of the VxLAN interface will be 1370
by anav
Fri Oct 25, 2024 10:10 pm
Forum: General
Topic: RouterOS 7 WAN failover -- ARP?
Replies: 11
Views: 475

Re: RouterOS 7 WAN failover -- ARP?

Your post is rambling nonsense, Wan and failover works just fine in RoS7.
by anav
Fri Oct 25, 2024 5:05 pm
Forum: General
Topic: Assistance with L3 HW offloading on CCR2216
Replies: 1
Views: 149

Re: Assistance with L3 HW offloading on CCR2216

This may provide you with a useful guide for setting up your vlans.
viewtopic.php?t=143620
by anav
Fri Oct 25, 2024 3:56 pm
Forum: Beginner Basics
Topic: so I can use cAP ax as my router?!?! [SOLVED]
Replies: 9
Views: 580

Re: so I can use cAP ax as my router?!?! [SOLVED]

Well you implied you may need more ports????? capac is supposed to be a ceiling/wall mount and although it has a second port it may be difficult to setup. The new wapAX may be more conducive to a non wall..ceiling install....a but still only two ports and thus you could feed a switch........ if you ...
by anav
Fri Oct 25, 2024 3:50 pm
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 10
Views: 1385

Re: Issue with Wireguard - Connected but no traffic

1. Until you make up your mind on wireguard, no progress can be made. Which is router peer SERVER for handshake? Which is router peer CLIENT for handshake? 2. You limit wireguard to one effective user (/30) WHY???........... it limits your ability as admin for both routers, to access both router whi...
by anav
Fri Oct 25, 2024 3:20 pm
Forum: Beginner Basics
Topic: cAP X and 2 DHCP on one network
Replies: 13
Views: 628

Re: cAP X and 2 DHCP on one network

dont understand your initial request. ON the main router, makes as many vlans as you need, feed to the cap and other devices a. the management vlan ( it gets its IP address on this vlan and the only vlan tagged on the bridge ). b. all other required vlans which need to be tied into WLANs and by ipso...
by anav
Fri Oct 25, 2024 3:13 pm
Forum: General
Topic: Issue with Wireguard connection
Replies: 1
Views: 161

Re: Issue with Wireguard connection

Firstly, no advice can be given without the full config of the MT and at least the wireguard settings on the fritzbox /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc.. ) Secondly, your statement is problematic. The wireguard service on Mikrotik is set...
by anav
Thu Oct 24, 2024 11:02 pm
Forum: Beginner Basics
Topic: Mangle Rules blocked my DNS IP
Replies: 9
Views: 637

Re: Mangle Rules blocked my DNS IP

Yup waste of time. Education is the winner.
by anav
Thu Oct 24, 2024 10:59 pm
Forum: Beginner Basics
Topic: cAP X and 2 DHCP on one network
Replies: 13
Views: 628

Re: cAP X and 2 DHCP on one network

Is there a router before the capax ????
by anav
Thu Oct 24, 2024 10:58 pm
Forum: Beginner Basics
Topic: so I can use cAP ax as my router?!?! [SOLVED]
Replies: 9
Views: 580

Re: so I can use cAP ax as my router?!?! [SOLVED]

If you will never need 1Gbps internet speeds the new hex coming out is a great device, to handle your ISP connection and then connect to the capax. I would also look at the new wapAX just released as an alternative. This gives you additional ports on the hex for other needs, and the possibility of u...
by anav
Thu Oct 24, 2024 10:53 pm
Forum: Beginner Basics
Topic: Can't figure out port forwarding
Replies: 12
Views: 537

Re: Can't figure out port forwarding

Not sure if the router added this in (netmask), but if you put it in manually please remove. /ip dhcp-server network add address=192.168.0.0/24 comment=defconf dns-server=192.168.0.1 gateway=\ 192.168.0.1 netmask=24 Dont recommend or use UPNP but wondering if this new construct is interferening with...
by anav
Thu Oct 24, 2024 10:49 pm
Forum: General
Topic: Wireguard setup
Replies: 2
Views: 198

Re: Wireguard setup

Sorry your explanation is not helpful as we are not in your head and thus cannot make all the same assumptions........ Draw a diagram. It would appear you have a. a Mikrotik device ( acting as a server peer ( for handshake ) b. one or more client peer devices such as laptops, smartphones, etc to con...
by anav
Thu Oct 24, 2024 10:40 pm
Forum: General
Topic: Wireguard Client - Handshake for peer did not complete
Replies: 22
Views: 21813

Re: Wireguard Client - Handshake for peer did not complete

On the client peer device (for handshake) there is no persistent keep alive set??
by anav
Thu Oct 24, 2024 10:39 pm
Forum: General
Topic: How to change WG handshake timeout
Replies: 8
Views: 1027

Re: How to change WG handshake timeout

No config, no truth......
/export file=anynameyouwish (minus router serial number, router-mac address, any public WANIP information, keys etc. )
by anav
Thu Oct 24, 2024 10:36 pm
Forum: General
Topic: RoS 7 problem connecting remotely with 3 pppoe wans
Replies: 2
Views: 240

Re: RoS 7 problem connecting remotely with 3 pppoe wans

(1) Why are you trying to access winbox remotely?? It should only be done after connecting through VPN such as wireguard etc........... L2TP is terrible in comparison to wireguard. (2) Secondly, once you have vlan filtering and a number of vlans, I see zero point to mixing apples and oranges, if eve...
by anav
Wed Oct 23, 2024 10:57 pm
Forum: General
Topic: Datasheet for new improved hEX?
Replies: 40
Views: 4011

Re: Datasheet for new improved hEX?

Concur, lets put MKXs brain in an AI machine so we can siphon off knowledge of specific posts, when we need it 24/7 and 100 years into the future.
by anav
Wed Oct 23, 2024 5:20 pm
Forum: Beginner Basics
Topic: Access VPN Tunnel via VLAN
Replies: 5
Views: 296

Re: Access VPN Tunnel via VLAN

No worries, I am able to travel, please send airplane tickets to Athens and then obviously the boat to get to the island. I would definitely plan for loss of connectivity and need to be on site and the good news is that the location is not being used at the moment and the update can be done when pos...
by anav
Wed Oct 23, 2024 4:29 pm
Forum: General
Topic: EMULATING peplink BONDING with RoS
Replies: 3
Views: 446

EMULATING peplink BONDING with RoS

https://www.youtube.com/watch?v=g7-44SOtEXw It would appear that a vendor is selling the ability to 'BOND" to ISP connections such as starlink such that both are being utilized. I am not sure how this is any better than or different from load balancing. I think trying to understand it, its more...
by anav
Wed Oct 23, 2024 2:19 pm
Forum: General
Topic: AmneziaWG in RouterOS?
Replies: 37
Views: 17776

Re: AmneziaWG in RouterOS?

You know people who join just to PLUS1 this thread are either bots, trolls, or the original poster LOL.............. no one is fooled by this stupidity.

EDIT: the stupidity continues see below.
by anav
Wed Oct 23, 2024 2:17 pm
Forum: General
Topic: Whats the point of this default FW rule?
Replies: 21
Views: 1334

Re: Whats the point of this default FW rule?

Oh I assume they have already tried but couldnt get past my drop all else rule. :-)
I have no false illusions,,,,,,if i had something valuable enough, it would have already been taken.
by anav
Wed Oct 23, 2024 1:42 am
Forum: Wireless Networking
Topic: wAP ax?
Replies: 170
Views: 21495

Re: wAP ax?

getic don't have any with a UK plug, my distributer will have them in stock in 1-2 weeks so they say :(
https://encrypted-tbn2.gstatic.com/shop ... bwOSAmiw5g
by anav
Wed Oct 23, 2024 1:37 am
Forum: Wireless Networking
Topic: Network problem WiFi
Replies: 5
Views: 349

Re: Network problem WiFi

Lucky, yeah right, its a built-in MT stress tester. The best case scenario is one totally loses it, destroys their MT product, then feels stupid and goes and buys an MT replacement unit. The worst case scenario is that two things happen. a. they come here and read this thread and realize that no oth...
by anav
Wed Oct 23, 2024 1:31 am
Forum: General
Topic: l2tp subnet routing router to router
Replies: 11
Views: 436

Re: l2tp subnet routing router to router

The only times I have seen gateways IPs not used ( aka interface name ) vice gateway LANIP, is wireguard and PPPoE wan connections ( talking routes here ).
In mangles and other config locations, interface name should work.
by anav
Wed Oct 23, 2024 1:29 am
Forum: General
Topic: wireless atheros missing
Replies: 1
Views: 169

Re: wireless atheros missing

MT software automatically dumps non MT equipment from all settings. Its a feature not a bug. ;-)
by anav
Wed Oct 23, 2024 1:28 am
Forum: General
Topic: Mikrotik support please have a look!
Replies: 4
Views: 339

Re: Mikrotik support please have a look!

My chatGPT uses brainwaves, talking is so yesterday.
by anav
Wed Oct 23, 2024 1:26 am
Forum: Beginner Basics
Topic: Static routes
Replies: 8
Views: 453

Re: Static routes

Fair enough, now what is on the other end of the L2TP connection,,,,,,,, a. you have a cloud server with public IP (which OS?) b. a friends router with a public IP c. ???? Problem is am unfamiliar with how L2TP works........ Wireguard I understand more fully. In any case for your scenario.... If you...
by anav
Tue Oct 22, 2024 11:25 pm
Forum: Beginner Basics
Topic: Static routes
Replies: 8
Views: 453

Re: Static routes

Okay so the CCTV ip address is 192.168.1.9 and is the only IP address on the router that requires access to the LT2P tunnel............ But this is not true, you have port forwarding so IS IT THE CASE THAT you want to access the CCTV remotely?? Confused, I though you wanted to co nfigure the router ...
by anav
Tue Oct 22, 2024 8:39 pm
Forum: General
Topic: Whats the point of this default FW rule?
Replies: 21
Views: 1334

Re: Whats the point of this default FW rule?

Okay if you want to split c-hairs!! Hey, curly hairs, friggin readers with minds in the gutter!! Lets make the distinction more plain instead of your amusing but confusing obfuscations.... MKX --> And what I'm saying is that when a packet with dst-address=<some valid LAN IP> enters router via WAN in...
by anav
Tue Oct 22, 2024 8:26 pm
Forum: General
Topic: Datasheet for new improved hEX?
Replies: 40
Views: 4011

Re: Datasheet for new improved hEX?

Added as 4. to my post.
by anav
Tue Oct 22, 2024 5:56 pm
Forum: Scripting
Topic: Scripting skills
Replies: 15
Views: 701

Re: Scripting skills

My skills are actually limited but my ability to pester those far more knowledgeable are second to none!
by anav
Tue Oct 22, 2024 5:55 pm
Forum: General
Topic: Static Route
Replies: 6
Views: 303

Re: Static Route

Concur, and unless any ones so called version of IDS/IDP does not look at encrypted traffic, its bogus.
by anav
Tue Oct 22, 2024 5:52 pm
Forum: Beginner Basics
Topic: Static routes
Replies: 8
Views: 453

Re: Static routes

Okay understand you have a. ONE WAN via starlink. b. over this one WAN you have an L2TP connection and assuming its in a client capacity and is connecting to an L2TP server somewhere. This remote site has access to a public IP that is reachable for remote access via the LT2p tunnel and further, has ...
by anav
Tue Oct 22, 2024 5:42 pm
Forum: Beginner Basics
Topic: Static routes
Replies: 8
Views: 453

Re: Static routes

Why do you have two dstnat rules for the same port??? The first one has no WAN interface identified, but the second does. Thus just want to know the purpose/reason for both rules! /ip firewall nat add action=dst-nat chain=dstnat comment="CCTV STREAM" dst-port=2220 protocol=\ tcp to-address...
by anav
Tue Oct 22, 2024 5:37 pm
Forum: Beginner Basics
Topic: Automatically divide customers into 4 internet lines equally
Replies: 17
Views: 1445

Re: Automatically divide customers into 4 internet lines equally

USER is now stating the switch is in reality a hOTSPOT and has moved ADSN wan links to Starlink links, problem is the same The request is basically the same, the only thing that is different is that its clear you either dont know what you have for ISP, or were not being truthful on the first post, b...
by anav
Tue Oct 22, 2024 5:36 pm
Forum: Beginner Basics
Topic: Load balancing
Replies: 3
Views: 271

Re: Load balancing

The request is basically the same, see the original thread for responses
p.s. I included the diagram for you !!
by anav
Tue Oct 22, 2024 5:24 pm
Forum: Beginner Basics
Topic: Using RB5009 in bridge mode [SOLVED]
Replies: 18
Views: 7924

Re: Using RB5009 in bridge mode [SOLVED]

What makes sense to me is the following RB5009 terminates the PPPOE connection RB5009 creates private subnet to send to UDM ( and thus we have WAN2 for UDM ) RB5009 via vlan100 marks the fiber traffic and simply passes it to the USG for termination aka WAN1 for the UDM What is unknown to me, is - wh...
by anav
Tue Oct 22, 2024 5:13 pm
Forum: Beginner Basics
Topic: DHCP Client on VLAN
Replies: 4
Views: 362

Re: DHCP Client on VLAN

/export file=anynameyouwish (minus router serial number, router mac address, any public WANIP info, keys etc.)
by anav
Tue Oct 22, 2024 5:10 pm
Forum: Wireless Networking
Topic: Poor Wi-Fi range on cAP AX
Replies: 15
Views: 826

Re: Poor Wi-Fi range on cAP AX

Not sure why you expect any two chain wifi device to compete with a four chain device?? You are comparing american processed cheese (ax) to Swiss gruyere (AC88U)................ which is harder and more durable, the swiss cheese, which has flavour and aroma, the swiss cheese, which can you use to co...
by anav
Tue Oct 22, 2024 5:00 pm
Forum: Scripting
Topic: Scripting skills
Replies: 15
Views: 701

Re: Scripting skills

Congrats on your scripting journey, seriously! I will say you are braver than I. I have only dabbled in scripting and am mostly content to use functionality as already available, and thus admire anyone that makes the effort. Where I think people are just plain nuts is there love for capsman. I am hi...
by anav
Tue Oct 22, 2024 4:57 pm
Forum: General
Topic: Whats the point of this default FW rule?
Replies: 21
Views: 1334

Re: Whats the point of this default FW rule?

This statement is not true with regard of hitting forward chain (as I described above). Alas @OP was questioning the drop rule which takes care of cases where IP addressing used on ingress packets is not what normally should be ... a nd I was arguing that we need rules which deal with unexpected pa...
by anav
Tue Oct 22, 2024 4:43 pm
Forum: General
Topic: 1 Packet over Multiple Routs?
Replies: 5
Views: 440

Re: 1 Packet over Multiple Routs?

This is a mikrotik forum bud.......... not applications for fancy routing.
by anav
Tue Oct 22, 2024 4:42 pm
Forum: General
Topic: Change in the test results of the HEX RB750GR3.
Replies: 5
Views: 435

Re: Change in the test results of the HEX RB750GR3.

No worries MKX, send me your CCR2016 and I will send you two hexes to play with. :-)
by anav
Tue Oct 22, 2024 4:40 pm
Forum: Scripting
Topic: Scripting skills
Replies: 15
Views: 701

Re: Scripting skills

Why are you posting in the General Forum instead of the Scripting Forum???????

Want a ---->
cookie.jpg
??
by anav
Tue Oct 22, 2024 4:32 pm
Forum: General
Topic: Static Route
Replies: 6
Views: 303

Re: Static Route

This is what bums me out, users who dont know what the heck they are talking about. The ability to filter traffic effectively at that level requires very expensive brand name routers with $$$$ subscriptions to access such things as IPS IDS. Even then with the latest protocols in use now and in the f...
by anav
Tue Oct 22, 2024 4:17 pm
Forum: General
Topic: Datasheet for new improved hEX?
Replies: 40
Views: 4011

Re: Datasheet for new improved hEX?

If not, is there a chart of which adapters work for which devices? Are you that lazy?? Checking the plain old hex........ pwr1.JPG ... pwr2.JPG ................. Rules of thumb: 1. voltage (dc output of adapter) must be an exact match for device input voltage ( or within the stated range if one is ...
by anav
Tue Oct 22, 2024 2:10 pm
Forum: Beginner Basics
Topic: Load balancing
Replies: 3
Views: 271

Re: Load balancing

Please stop repeating threads -------> for others the original thread is here: viewtopic.php?p=1103253&hilit=load+balancing#p1103253
by anav
Tue Oct 22, 2024 2:06 pm
Forum: General
Topic: Routing Mark problem after moving from RouterOS 6.49.17 to 7.15.3 [SOLVED]
Replies: 10
Views: 1568

Re: Routing Mark problem after moving from RouterOS 6.49.17 to 7.15.3 [SOLVED]

Way before wireguard you have to fix the errors in your config....... Firstly, you state ether2 is a WAN port and yet you have ether2 on the bridge........ It should be removed. It also states that you ahve ether3, and ether4 on the bridge but earlier you have them bonded and you also have the bond ...
by anav
Tue Oct 22, 2024 12:45 am
Forum: General
Topic: l2tp subnet routing router to router
Replies: 11
Views: 436

Re: l2tp subnet routing router to router

I went from openvpn (no udp support in Tik) to ipsec (hardware encryption) to wireguard. Wireguard blows ipsec with hardware encryption out of the water in terms of performance. @NetWorker - WireGuard uses pure software encryption (ChaCha20), so it’ll never beat IPsec when it’s using hardware accel...
by anav
Tue Oct 22, 2024 12:44 am
Forum: General
Topic: Routing Mark problem after moving from RouterOS 6.49.17 to 7.15.3 [SOLVED]
Replies: 10
Views: 1568

Re: Routing Mark problem after moving from RouterOS 6.49.17 to 7.15.3 [SOLVED]

Post your config for assessment, I have already discovered something missing on h is config

/export file=anynameyouwish ( minus router serial number, mac address, any publicWANIP information, keys etc. )
by anav
Mon Oct 21, 2024 11:35 pm
Forum: General
Topic: l2tp subnet routing router to router
Replies: 11
Views: 436

Re: l2tp subnet routing router to router

I would do it via wireguard........... ( or possibly zerotier, just to make Larsa happy )
by anav
Mon Oct 21, 2024 11:33 pm
Forum: Beginner Basics
Topic: Static routes
Replies: 8
Views: 453

Re: Static routes

I dont play guessing games............
/export file=anynameyouwish (minus router serial number, mac address, public WANIP information, keys etc. )
by anav
Mon Oct 21, 2024 11:30 pm
Forum: Beginner Basics
Topic: Firewall rules
Replies: 3
Views: 343

Re: Firewall rules

What is missing, is the Router............. where is the server for wireguard (handshake) in this picture. What are its settings/config and if not MT then what are its wireguard settings and firewall rules etc............ Can fix it if we dont know......... As for approach, yes tres simple to get pc...
by anav
Mon Oct 21, 2024 11:26 pm
Forum: Beginner Basics
Topic: Issues with multi-SSID VLAN configuration on cAP ax
Replies: 8
Views: 514

Re: Issues with multi-SSID VLAN configuration on cAP ax

You have two example now. Hints for router. - All the vlanIDs require bridge tagging (usually). - Use ALL VLANS, dont ask the bridge to do any dhcp. if you have and use a bridge subnet just change that to a vlan any number (not 1), very minor and quick changes to do this;. - use off bridge approach ...
by anav
Mon Oct 21, 2024 11:18 pm
Forum: Beginner Basics
Topic: Issues with multi-SSID VLAN configuration on cAP ax
Replies: 8
Views: 514

Re: Issues with multi-SSID VLAN configuration on cAP ax

Remove the interface bridge filtering entry, thats for advanced use only........ Do the config from port 8!!! put 192.168.88.2 in ipv4 settings on laptop. # 2024-10-21 18:45:32 by RouterOS 7.16.1 # # model = CRS310-8G+2S+ # /interface bridge add name=bridge port-cost-mode=short vlan-filtering=no { c...
by anav
Mon Oct 21, 2024 11:05 pm
Forum: Beginner Basics
Topic: Issues with multi-SSID VLAN configuration on cAP ax
Replies: 8
Views: 514

Re: Issues with multi-SSID VLAN configuration on cAP ax

To the point, safely do your CONFIGURING OFF THE BRIDGE as I explained it aka on the MT switch, router and ap.
by anav
Mon Oct 21, 2024 11:02 pm
Forum: General
Topic: Change in the test results of the HEX RB750GR3.
Replies: 5
Views: 435

Re: Change in the test results of the HEX RB750GR3.

All I know is that when they moved to RoS7, the throughput of 25 filters decreased across most devices. They realized the change and played catchup to ensure reality was represented on the data sheets. Too bad they dont update the marketing stick.......... Newest most powerful hexS but SLOWER than t...
by anav
Mon Oct 21, 2024 10:51 pm
Forum: General
Topic: Whats the point of this default FW rule?
Replies: 21
Views: 1334

Re: Whats the point of this default FW rule?

Hi MKX ( edit, sorry Sob I should have known you wouldn't make such a basic error!!) , good idea to confuse with a non WAN entering dstnat rule example, had to scratch my head on that one..... Still not sure what the point was................. However do disagree with this statement: "However, ...
by anav
Mon Oct 21, 2024 10:41 pm
Forum: General
Topic: Whats the point of this default FW rule?
Replies: 21
Views: 1334

Re: Whats the point of this default FW rule?

I see it differently, Lets make the scenario that both the Router on port 443 is listening on a router service and the OP also has a SERVER on the LAN waiting for incoming 443 traffic. ONLY A DST NAT RULE: Traffic comes to the router, first in PREROUTING CHAIN and the last function in prerouting cha...
by anav
Mon Oct 21, 2024 7:26 pm
Forum: Beginner Basics
Topic: Wireguard client don't have internet
Replies: 19
Views: 1349

Re: Wireguard client don't have internet

Please post your latest config after recommended changes and answer the following questions. Are you hosting a wireguard server on your mikrotik ( server for handshake ). Do you have remote client users that are connecting to your mikrotik for internet access? OR is your mikrotik router acting as a ...
by anav
Mon Oct 21, 2024 4:55 pm
Forum: Beginner Basics
Topic: Issues with multi-SSID VLAN configuration on cAP ax
Replies: 8
Views: 514

Re: Issues with multi-SSID VLAN configuration on cAP ax

To get you started on cap......... Note the first thing I do is use the second etherport as an emergency access port and a CONFIG port when initially setting up the router. Trust me, it will save you much grief as working with bridges and vlans can be frustrating trying to do it from a port on the b...
by anav
Mon Oct 21, 2024 4:14 pm
Forum: Beginner Basics
Topic: Issues with multi-SSID VLAN configuration on cAP ax
Replies: 8
Views: 514

Re: Issues with multi-SSID VLAN configuration on cAP ax

I can help without capsman............... which I loathe for the complexity it brings to the config and the gazillions lines of code required. Basically each device uses one bridge. The Ap and Switch get a trunk port from the router and distribute the vlans as necessary. In your case trunk from swit...
by anav
Mon Oct 21, 2024 4:07 pm
Forum: Beginner Basics
Topic: mikrotik advanced Firewall Rules
Replies: 9
Views: 656

Re: mikrotik advanced Firewall Rules

Isnt that what I just said..........."hogwash ;-P ( nice explanation though)
by anav
Mon Oct 21, 2024 4:05 pm
Forum: General
Topic: [Feature Request] Data Center Bridge support
Replies: 29
Views: 5770

Re: [Feature Request] Data Center Bridge support

As usual zing above my head. I have not even used vxlan yet and DarkNate wants me to go udp4 lite! As always, amazed at the amount of experience, knowledge and practical advice here. Also, just to point out DNate was clearly commenting on the functionality being crap nothing else. Trust me, if he wa...
by anav
Mon Oct 21, 2024 2:33 pm
Forum: Beginner Basics
Topic: mikrotik advanced Firewall Rules
Replies: 9
Views: 656

Re: mikrotik advanced Firewall Rules

I would say that your wasting your time overthinking it.
The place to drop traffic if its a valid concern, is in RAW and then there is no additional load on the router.
The other suggestions prior to the default rules is pure hogwash.
by anav
Mon Oct 21, 2024 3:25 am
Forum: Beginner Basics
Topic: hAP AC - Setup repeater with partial wireguard traffic
Replies: 6
Views: 608

Re: hAP AC - Setup repeater with partial wireguard traffic

Okay so I understand the diagram now. It does not matter if the WANIP is public or if you can forward ports from the ISP router if the Mikrotik is simply a client device here. Okay I see, your two LAN bridgse, no clue why you call it wireguard bridge, very confusing.............. is 192.168.89.0/24 ...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 72