Community discussions

MikroTik App

Search found 19156 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 64
by anav
Tue Mar 19, 2024 2:43 am
Forum: General
Topic: A strange day - VRRP/Wireguard
Replies: 5
Views: 291

Re: A strange day - VRRP/Wireguard

Without a diagram I have no clue what you are trying to do. Any explanation of requirements to date IS NOT user traffic based only, and is confused with config speak, a no no for communicating requirements. Short story, no diagram no user traffic requirements, no diagram, cannot help. Furthermore, w...
by anav
Tue Mar 19, 2024 2:38 am
Forum: Beginner Basics
Topic: Attempting to evolve from caveman's failover
Replies: 50
Views: 6967

Re: Attempting to evolve from caveman's failover

No one can force you to actually fix your config, that motivation has to come from within............
by anav
Tue Mar 19, 2024 12:15 am
Forum: General
Topic: Wireguard, pls explain ( 2 WANS )
Replies: 1
Views: 123

Re: Wireguard, pls explain ( 2 WANS )

Provide phone settings
Provide router settings

In both cases hide any public IPs, keys

/export file=anynameyouwish ( minus router serial number, public WANIP info, keys, long dchp lease lists )
by anav
Tue Mar 19, 2024 12:13 am
Forum: General
Topic: Network discovery over wireguard
Replies: 25
Views: 3238

Re: Network discovery over wireguard

If you actually read my post you would see that you need to create a common intermediary VLAN. ( vlan55 ). ;-)
by anav
Tue Mar 19, 2024 12:10 am
Forum: Beginner Basics
Topic: 2WAN as Failover and Setup Wireguard KEY as Client [SOLVED]
Replies: 11
Views: 578

Re: 2WAN as Failover and Setup Wireguard KEY as Client [SOLVED]

The mangle was recommended, not a random suggestions LOL. It does NO HARM to your setup and one never knows what particular website, through the thirdparty VPN, will give the router shits and giggles. So its a good safety net to keep. To improve your setup you can setup both failover on the main WAN...
by anav
Tue Mar 19, 2024 12:03 am
Forum: Beginner Basics
Topic: Attempting to evolve from caveman's failover
Replies: 50
Views: 6967

Re: Attempting to evolve from caveman's failover

Man do I have to state it in writing, your SCOPES are wrong!! LOL The config I gave works, its your config that is broken if it doesnt. I cannot read a winbox jpeg unless its very clealry delineated An RSC script I can read in seconds................... its just a story about requirements I cannot m...
by anav
Tue Mar 19, 2024 12:02 am
Forum: Beginner Basics
Topic: making VLANS + Ubiquiti WIFI
Replies: 1
Views: 106

Re: making VLANS + Ubiquiti WIFI

The switch comes in handy for any traffic within the same vlan from user to another.
The router comes into play between user and internet and traffic between different vlans.
by anav
Tue Mar 19, 2024 12:00 am
Forum: Beginner Basics
Topic: How to allow some mac addresses in firewall/filter rules [SOLVED]
Replies: 13
Views: 572

Re: How to allow some mac addresses in firewall/filter rules [SOLVED]

Well obviously I thought we were dealing with a router not an access point, which all radio setups have mac-filtering setup for layer2 traffic control ( NOT fw rules )
Again, i should have read more closely, glad you got it sorted.
by anav
Mon Mar 18, 2024 11:03 pm
Forum: Beginner Basics
Topic: Attempting to evolve from caveman's failover
Replies: 50
Views: 6967

Re: Attempting to evolve from caveman's failover

Your discriminatory skills are weak, hint. look at SCOPE!
by anav
Mon Mar 18, 2024 10:59 pm
Forum: Beginner Basics
Topic: 2WAN as Failover and Setup Wireguard KEY as Client [SOLVED]
Replies: 11
Views: 578

Re: 2WAN as Failover and Setup Wireguard KEY as Client [SOLVED]

1. Sorry my bad on the TYPO, WG1 is the correct entry on the routing rule to match the routing-table defined. 2. put IP address on your router for wireguard1 as add address=192.168.32.20/24 interface=wireguard1 network=192.168.32.0 3. As long as both WAN interfaces are interface list members of the ...
by anav
Mon Mar 18, 2024 10:56 pm
Forum: Beginner Basics
Topic: 2WAN as Failover and Setup Wireguard KEY as Client [SOLVED]
Replies: 11
Views: 578

Re: 2WAN as Failover and Setup Wireguard KEY as Client [SOLVED]

Your routing setup follows nothing of what I suggested. so cannot help you there.
You seem to forget that the handshake starts on your router.........
Best of luck..............
by anav
Mon Mar 18, 2024 9:19 pm
Forum: Beginner Basics
Topic: Attempting to evolve from caveman's failover
Replies: 50
Views: 6967

Re: Attempting to evolve from caveman's failover

Yes, there is, provided above. Probably it didnt work because your recursive was not correct.
by anav
Mon Mar 18, 2024 9:19 pm
Forum: Beginner Basics
Topic: How to allow some mac addresses in firewall/filter rules [SOLVED]
Replies: 13
Views: 572

Re: How to allow some mac addresses in firewall/filter rules [SOLVED]

Why do you want to use firewall rules, they are for layer3 traffic. if you need something else, I believe you may have success under bridge filters???
by anav
Mon Mar 18, 2024 9:18 pm
Forum: Beginner Basics
Topic: Newbie trying to setup 2.4wifi on Mikrotik RB921GS-5HPacD-15S
Replies: 7
Views: 351

Re: Newbie trying to setup 2.4wifi on Mikrotik RB921GS-5HPacD-15S

Hello, help me. I can't use the forum to ask questions. What do I have to do to be able to do them? As for example in this post it says "It is only visible until the moderator decides. Its a neaderthal approach to ensure your post is not spam, inflammatory etc.................. After a few day...
by anav
Mon Mar 18, 2024 8:51 pm
Forum: General
Topic: WireGuard useful learning [Linux]
Replies: 6
Views: 390

Re: WireGuard useful learning [Linux]

Larsa you need to stay off the magic shrooms. :-)
Next your going to claim you wear a cross, eat garlic and spend hours in front of mirrors.
by anav
Mon Mar 18, 2024 8:49 pm
Forum: Beginner Basics
Topic: Attempting to evolve from caveman's failover
Replies: 50
Views: 6967

Re: Attempting to evolve from caveman's failover

As I stated, thus far no reason to use VRF has been provided and as a matter of fact it would seem NOT appropriate in this case. Further, your recursive is incorrect. Simple solution works: /ip address add address=192.168.1.241 interface=ether1 network=192.168.1.1 add address=192.168.1.242 interface...
by anav
Mon Mar 18, 2024 7:47 pm
Forum: Beginner Basics
Topic: Attempting to evolve from caveman's failover
Replies: 50
Views: 6967

Re: Attempting to evolve from caveman's failover

Well when you post the complete config I can comment. Not sure why you are using VRFs at all, yet.
Assuming its 3 ISP modems into one router.
by anav
Mon Mar 18, 2024 7:44 pm
Forum: General
Topic: gateway spoof
Replies: 12
Views: 1111

Re: gateway spoof

Proper config of the router. It would appear the hacker is not getting into your router but manipulating the traffic reaching his router. The fact that other traffic can reach his device, id indicative of a leaky setup. Post your config /export file=anynameyouwish ( minus public IP address info, any...
by anav
Mon Mar 18, 2024 7:28 pm
Forum: General
Topic: Wireguard from MT to client (win10) with several users to several VLAN's [SOLVED]
Replies: 5
Views: 334

Re: Wireguard from MT to client (win10) with several users to several VLAN's [SOLVED]

NM................ There are bigger issues to solve first. 1. WHAT THE HECK is your WAN. You state: am setting up a config for a MT router which is behind NAT a. you have a static WANIP set up for ether1 which bares no resemblance to any of the VLANS. The static IP makes sense but not the subnet?? b...
by anav
Mon Mar 18, 2024 6:34 pm
Forum: Beginner Basics
Topic: Attempting to evolve from caveman's failover
Replies: 50
Views: 6967

Re: Attempting to evolve from caveman's failover

Simple question what if one was to use this in routes..... /ip route add distance=2 dst-address=0.0.0.0/0 gateway= 192.168.1.1%ether1 routing-table=main comment="RouteStarlink" add distance=3 dst-address=0.0.0.0/0 gateway= 192.168.1.1%ether2 routing-table=main comment="RouteOrange&quo...
by anav
Mon Mar 18, 2024 5:05 pm
Forum: Beginner Basics
Topic: Help SSH remote access
Replies: 5
Views: 325

Re: Help SSH remote access

kevinds, next time you fly to Nova Scotia, give me a shout, I think I owe you at least 3 beers :-)
by anav
Mon Mar 18, 2024 5:01 pm
Forum: RouterBOARD hardware
Topic: Many PSU failures in CCR1036
Replies: 6
Views: 25

Re: Very bad reliability Mikrotik Products and ROS

Well if you consider mikrotik is walking on your network, I suppose tread fits!! ( 'trademark' ). Concur, it seems that we are seeing an incomplete software process or maybe not. First, I blame the beta users, working for free and doing a lousy job of detecting all the new beta firmware problems ;-P...
by anav
Mon Mar 18, 2024 4:51 pm
Forum: Beginner Basics
Topic: TO CAKE OR IS IT BLOAT [SOLVED]
Replies: 2
Views: 360

TO CAKE OR IS IT BLOAT [SOLVED]

As the question asks.......
What is the point at which losing fastrack and throughput is worth it, vis-a-vis tackling bufferbloat??? ( queueing actually not required )
by anav
Mon Mar 18, 2024 4:49 pm
Forum: Beginner Basics
Topic: Mangle for QoS, CAKE
Replies: 10
Views: 432

Re: Mangle for QoS, CAKE

The question I have is why are you mangling or queueing at all...... You have nothing different in either direction.......... all incoming traffic goes to entire LAN, all outgoing traffic comes from entire LAN. Okay! Its about bufferbloat. For me I would have to weigh any advantage of bufferebloat o...
by anav
Mon Mar 18, 2024 4:37 pm
Forum: Beginner Basics
Topic: Help SSH remote access
Replies: 5
Views: 325

Re: Help SSH remote access

SSH between two MT routers is easy and requires no certificate even, but I only use it as a backup to wireguard.
by anav
Mon Mar 18, 2024 4:28 pm
Forum: General
Topic: Wireguard from MT to client (win10) with several users to several VLAN's [SOLVED]
Replies: 5
Views: 334

Re: Wireguard from MT to client (win10) with several users to several VLAN's [SOLVED]

No... /interface wireguard peers add allowed-address= wireguardIP-X/32 interface=wg1 public-key="public-key1" comment=Roadwarrior1 add allowed-address= wireguardIP-Y/32 interface=wg1 public-key="public-key2" comment=Roadwarrior2 add allowed-address= wireguardIP-Z/32 interface=wg1...
by anav
Mon Mar 18, 2024 2:20 pm
Forum: General
Topic: Possible memory leak in Winbox 7.14?
Replies: 7
Views: 282

Re: Possible memory leak in Winbox 7.14?

Is this a request? Supouts should go to Mikrotik Support if you think there is a bug.
by anav
Mon Mar 18, 2024 1:56 pm
Forum: Beginner Basics
Topic: Req for Help with Wireguard Config
Replies: 1
Views: 179

Re: Req for Help with Wireguard Config

Allowed IPs on the router is wrong....................... You need a separate peer line for each peer, on the router you dont need client endpoint............ /interface wireguard peers add allowed-address=192.168.40.5/32 comment=ChromeBook interface=wireguard1 public-key=**ELIDED** add allowed-addr...
by anav
Mon Mar 18, 2024 1:49 pm
Forum: General
Topic: Fibre ISP - VLAN PPPoe configuration
Replies: 1
Views: 123

Re: Fibre ISP - VLAN PPPoe configuration

Probably something like, assuming connected on ether1 /interface vlan add name=vlan40 interface=ether1 vlan-id=40 /interface pppoe-client add add-default-route=yes interface=vlan40 keepalive-timeout=10 \ name=pppoe-1 use-peer-dns=no user=username password=password /interface list members add interfa...
by anav
Mon Mar 18, 2024 1:36 pm
Forum: General
Topic: SSTP Mikrotik Client / probably bug 6.41.3
Replies: 17
Views: 6023

Re: SSTP Mikrotik Client / probably bug 6.41.3

Or time for a trip, sooner or later having remote devices means a trip. With wireguard and ver7 software probably soon.
It should be a built in plan to any IT equipment anyway.
by anav
Sun Mar 17, 2024 11:29 pm
Forum: Beginner Basics
Topic: CRS354 - vlans work only with specific networks
Replies: 4
Views: 253

Re: CRS354 - vlans work only with specific networks

For all your switches, only the manag3ment vlan need be identified..... (assuming its 192.168.251.0/24) I would take one port off bridge and use it as an emerg access like give it an IP address of 192.168.55.1/24 and then any pc with IPV4 settings set to 192.168.55.5 for example and your in! /interf...
by anav
Sun Mar 17, 2024 11:19 pm
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 2902

Re: 3-ISPs Load Balancing - need help [SOLVED]

If you have an issue please start a new thread
by anav
Sun Mar 17, 2024 11:12 pm
Forum: General
Topic: Block WebSites (Social Network, Youtube, etc)
Replies: 2
Views: 162

Re: Block WebSites (Social Network, Youtube, etc)

Not possible with the MT device, there are too many ways around the programming.
You need to get a router that does DPI $$$, and then pay their subscription service more $$$$.
by anav
Sun Mar 17, 2024 5:17 pm
Forum: General
Topic: VLANs between Unifi and MikroTik
Replies: 8
Views: 418

Re: VLANs between Unifi and MikroTik

Assuming for example vlan3 gateway is 192.168.33.1 (1) Why do you assign a PVID on the trunk port?? Remove it. add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether1 pvid=3 (2) You can add to each bridge port ingress-filtering=yes (3) There is no need set dhcp client, this is a privat...
by anav
Sun Mar 17, 2024 3:00 pm
Forum: General
Topic: Network discovery over wireguard
Replies: 25
Views: 3238

Re: Network discovery over wireguard

Here is one link to such an approach - https://forum.mikrotik.com/viewtopic.php?t=194842 and another. Discovery Between Two Locations SOLUTION METHOD ADD A CONNECTING SUBNET/INTERMEDIARY - EOIP OVER WIREGUARD a. create wireguard connectivity as per normal and then b. create the EOIP tunnel within th...
by anav
Sun Mar 17, 2024 2:03 am
Forum: General
Topic: How to exchange internet connection between 2 oficces.
Replies: 1
Views: 132

Re: How to exchange internet connection between 2 oficces.

Good question. Trying to think conceptually. Assuming you have one common cable over which to do this work, I would probably use two different VLANS. At each Router, one of the vlans would be an incoming WAN connection from the other Router. Via a private subnet. on ETHERPORT XY. At each Router the ...
by anav
Sun Mar 17, 2024 1:32 am
Forum: Beginner Basics
Topic: Winbox QoS ?
Replies: 3
Views: 276

Re: Winbox QoS ?

You are not alone, the documentation makes one believe its all there but............. its hiding well!!!! +++++++++++++++++++++++++++++++++++++++++ Planned QoS implementation phases: QoS Marking. QoS profile matching by ingress packet headers, then egress header alternation according to the assigned...
by anav
Sat Mar 16, 2024 10:53 pm
Forum: General
Topic: Anyone tested the new L009?
Replies: 16
Views: 4100

Re: Anyone tested the new L009?

I stand corrected! Thanks for that and I owe Loop an apology!!
Interestingly I have no problems with CPU usage or performance to date.
by anav
Sat Mar 16, 2024 9:50 pm
Forum: General
Topic: MikroTik hAP ax3 - bridge mode for WiFi.
Replies: 10
Views: 485

Re: MikroTik hAP ax3 - bridge mode for WiFi.

Post your config and I can comment on what should be changed if anything.
By the way, there is a route on the config provided ??
by anav
Sat Mar 16, 2024 7:11 pm
Forum: Beginner Basics
Topic: Redirect to external Public IP [SOLVED]
Replies: 19
Views: 1185

Re: Redirect to external Public IP [SOLVED]

/export file=anynameyouwish ( minus PUBLIC IP information, KEYS, long dhcp lease lists, etc..) There should be relatively little else to scrub ( possibly some names you give to things, comments etc..... ) Use code block to limit visible length and improved readability ( on same line as Bold and Unde...
by anav
Sat Mar 16, 2024 7:06 pm
Forum: General
Topic: MikroTik hAP ax3 - bridge mode for WiFi.
Replies: 10
Views: 485

Re: MikroTik hAP ax3 - bridge mode for WiFi.

Okay so you want it to be an access point switch, not sure why that is so hard to say. In that case, the default config is rather simple Nothing much other than bridge, WIFI settings bridge ports ( assuming ether1 is connected to the UDM ) /interface bridge port add bridge=bridge comment=defconf int...
by anav
Sat Mar 16, 2024 6:50 pm
Forum: General
Topic: Reset Button Hold Time (New feature)
Replies: 7
Views: 1300

Re: Reset Button Hold Time (New feature)

There is no such feature .............its actually called something else! To gain access to this function you have to really mean to do it, aka hard to do by accident. Its not clear how you managed to do this but not understand the ramifications are surprising. What there is are two relatively newis...
by anav
Sat Mar 16, 2024 6:40 pm
Forum: General
Topic: MikroTik hAP ax3 - bridge mode for WiFi.
Replies: 10
Views: 485

Re: MikroTik hAP ax3 - bridge mode for WiFi.

Yes it will be a problem to have two dhcp servers on the same network. Remove the UDM router it serves no purpose and only use the HAPAX3. The reason being that for all layer3 needs, the devices will go to the UDM and not to the hapax3. So you need to decide. Will the hapax simply act as a switch/AP...
by anav
Sat Mar 16, 2024 6:35 pm
Forum: Wireless Networking
Topic: Unifi Network Controller via Mikrotik Wireless Setup
Replies: 2
Views: 205

Re: Unifi Network Controller via Mikrotik Wireless Setup

The diagram labelling needs work. How do vlans 1920,1930 just popup out of the blue ( actually red and orange) for example. They should be traceable back to the 750. Its also not clear what is the management VLAN ( the vlan where every smart device should get its IP address from ). It would appear t...
by anav
Sat Mar 16, 2024 6:29 pm
Forum: Beginner Basics
Topic: Redirect to external Public IP [SOLVED]
Replies: 19
Views: 1185

Re: Redirect to external Public IP [SOLVED]

The point being, the OP should have provided his complete config on the first post........................
Another waste of a chasing thread because there is no first post process....... thankyou MT.
by anav
Sat Mar 16, 2024 6:22 pm
Forum: General
Topic: MikroTik hAP ax3 - bridge mode for WiFi.
Replies: 10
Views: 485

Re: MikroTik hAP ax3 - bridge mode for WiFi.

WAIT ONE - do you mean your hapax is only acting as a switch?? The below advice presumed that your hapax3 was connected to the internet via a modem and received a public IP. Do you actually mean your connected to an upstream router which provides a private LAN in the range 10.10.10.X ??? ++++++++++...
by anav
Sat Mar 16, 2024 5:52 pm
Forum: General
Topic: MikroTik hAP ax3 - bridge mode for WiFi.
Replies: 10
Views: 485

Re: MikroTik hAP ax3 - bridge mode for WiFi.

Who said you cannot use the hapax3 in bridge mode? I have the hapax3 and am using vlan-filtering with hardware offload.
This is a very capable router!!
by anav
Sat Mar 16, 2024 5:30 pm
Forum: Beginner Basics
Topic: Chateau LTE18 ax becomes zombie when lightly touched
Replies: 1
Views: 168

Re: Chateau LTE18 ax becomes zombie when lightly touched

Seems like a loose connector or something internally?
Might have to go through vendor to get an RMA?
by anav
Sat Mar 16, 2024 5:28 pm
Forum: Wireless Networking
Topic: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2
Replies: 53
Views: 13070

Re: Finally success - 802.11r/k/v fast roaming works reliably with WifiWave2

Concur, the setup process and menu selections are not intuitive and its easy to get lost, ( especially how there are hidden defaults etc. ) I am not a fan of how they have chosen to give flexibility, or more accurately how clear it is to the admin, what is actually configured. Dont feel bad, you are...
by anav
Sat Mar 16, 2024 5:24 pm
Forum: Wireless Networking
Topic: hAP-ax3 vs cAP ax
Replies: 6
Views: 437

Re: hAP-ax3 vs cAP ax

Not sure about latest renditions of WIFI, but most devices probably have a useful limit of around 20-30 active devices. Some devices are specifically made for larger numbers but that is a niche market.(ruckus comes to mind). With newer technologies mu-mimo and latest 6e and 7 technology, dont know. ...
by anav
Sat Mar 16, 2024 5:14 pm
Forum: Wireless Networking
Topic: Is it possible to install WiFi package on L009UiGS-RM? [SOLVED]
Replies: 6
Views: 637

Re: Is it possible to install WiFi package on L009UiGS-RM? [SOLVED]

Any RoS device should be able to function as a capsman controller was my understanding. Requirements Any RouterOS device can be a controlled wireless access point (CAP) as long as it has at least a Level 4 RouterOS license CAPsMAN server can be installed on any RouterOS device, even if the device it...
by anav
Sat Mar 16, 2024 3:51 am
Forum: Beginner Basics
Topic: port forwarding problem
Replies: 9
Views: 511

Re: port forwarding problem

Isnt the first non code block config and wont be the last........... you can thank Normis for ensuring the resulting the first posting experience of new users and those supporting them :-)
by anav
Fri Mar 15, 2024 11:18 pm
Forum: General
Topic: Wires Only Leased Line Hardware Recommendation
Replies: 10
Views: 770

Re: Wires Only Leased Line Hardware Recommendation

Not clear enough, do you mean each customer, each public IP should see approx 1gig up and down, or do they share a 1 gig pipe??
If just an edge type router the RB5009 should do fine 4x1 gig, throughput is well north of 4gigs in this scenario.
by anav
Fri Mar 15, 2024 8:40 pm
Forum: Scripting
Topic: Router maybe is hacked. Please help
Replies: 7
Views: 356

Re: Router maybe is hacked. Please help

Unplug router from internet. Netinstall latest stable firmware Put back config WITHOUT any port forwarding. a. think about having ONLY a server with a secure login process b. think about limiting in source address list which public IPs can access server. c. even better use wireguard and have people ...
by anav
Fri Mar 15, 2024 8:35 pm
Forum: Wireless Networking
Topic: hap ax3 other antennas
Replies: 8
Views: 458

Re: hap ax3 other antennas

Okay now you have me thinking perhaps repace my AX3s with these bad boys. https://www.amazon.ca/Portable-Antenna-Dual-Band-Omnidirectional-Router/dp/B08LZHV83P/ref=sr_1_7?crid=2LK4POLSJPVAY&dib=eyJ2IjoiMSJ9.d7o75FpnshnrVKGe5-c-B68HFFzp0iKhzPKsakuKGUIZn-erRPTYVZjKSuecgvF_aAxk649CL4RzmR20jM6Qn8jXN...
by anav
Fri Mar 15, 2024 8:29 pm
Forum: Forwarding Protocols
Topic: CCR2004-1G-12S+2XS vs CCR1036-12G-4S
Replies: 4
Views: 399

Re: CCR2004-1G-12S+2XS vs CCR1036-12G-4S

The 2114 then is your best bet comes with four 10Gig ports
by anav
Fri Mar 15, 2024 8:28 pm
Forum: General
Topic: Wires Only Leased Line Hardware Recommendation
Replies: 10
Views: 770

Re: Wires Only Leased Line Hardware Recommendation

It should be similar on MT router. I am no multi-WAN guru, but basically from what I have seen, A block of IPs is given to the admin, One IP address is used for the router itself, ( nat or no nat, depends on what the op wants to provide on this router ), the rest of the WANIPs can be netmapped to do...
by anav
Fri Mar 15, 2024 8:24 pm
Forum: General
Topic: RB5009UG+S+ download speed 600/1000 upload 800+/1000 [SOLVED]
Replies: 13
Views: 850

Re: RB5009UG+S+ download speed 600/1000 upload 800+/1000 [SOLVED]

One bridge............., chalk this up to another poster child for Normis' inaction on first posting process.... And they will keep coming day after day after day..................
by anav
Fri Mar 15, 2024 8:23 pm
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1118

Re: CRS310-8G+2S to split WAN connection

Sweet, KISS, thanks for the feedback.
by anav
Fri Mar 15, 2024 8:22 pm
Forum: General
Topic: OpenVPN not working
Replies: 4
Views: 218

Re: OpenVPN not working

Yes, but one cannot hang onto betamax forever..............
Heck even my mother in law, is sticking to CABLE TV vice streaming lets say over my appletv.......
Guess what, she upgraded her TV service and they are using android TV boxes LOL.
by anav
Fri Mar 15, 2024 8:20 pm
Forum: Beginner Basics
Topic: Load Balance for LAN
Replies: 13
Views: 616

Re: Load Balance for LAN

Zing over my head, what is the OP trying to do..... thats not available in queues, for example.
by anav
Fri Mar 15, 2024 6:15 pm
Forum: Beginner Basics
Topic: Load Balance for LAN
Replies: 13
Views: 616

Re: Load Balance for LAN

Okay so you want queues then??
by anav
Fri Mar 15, 2024 5:15 pm
Forum: General
Topic: Anyone tested the new L009?
Replies: 16
Views: 4100

Re: Anyone tested the new L009?

jargon voor afval, Sorry Loop, disagree! The 1009 2.5 port is a mystery to me as its real world WAN throughput is 300-400Mbps whereas the old hex will get you 400-500 Mbps. Both have two cores.......... The AX3 will get you over 1Gbps and has 4 cores and double the RAM of the L1009, its no contest, ...
by anav
Fri Mar 15, 2024 4:57 pm
Forum: General
Topic: OpenVPN not working
Replies: 4
Views: 218

Re: OpenVPN not working

Have you considered VPN that is better supported by MT such as wireguard??
by anav
Fri Mar 15, 2024 4:56 pm
Forum: General
Topic: Wires Only Leased Line Hardware Recommendation
Replies: 10
Views: 770

Re: Wires Only Leased Line Hardware Recommendation

Nicely worded statement to induce confusion :-). Wired and then point to point. Do you mean you need a router to terminate a land line connection and then equipment to take that signal over the airwaves in a point to point wifi type setup back to another wired device ????????? Request is too vague, ...
by anav
Fri Mar 15, 2024 4:52 pm
Forum: General
Topic: RB5009UG+S+ download speed 600/1000 upload 800+/1000 [SOLVED]
Replies: 13
Views: 850

Re: RB5009UG+S+ download speed 600/1000 upload 800+/1000 [SOLVED]

Its all conjecture and opinion without facts.....................
by anav
Fri Mar 15, 2024 4:51 pm
Forum: Beginner Basics
Topic: Using a wireguard VPN, access servers that are in a vlan.
Replies: 4
Views: 289

Re: Using a wireguard VPN, access servers that are in a vlan.

What is preventing the CGNAT LTE (second link) from being used recursively on your home router??
All devices can connect to your home router through the public IP, no need for CHR again.
by anav
Fri Mar 15, 2024 4:48 pm
Forum: Beginner Basics
Topic: Load Balance for LAN
Replies: 13
Views: 616

Re: Load Balance for LAN

Diagram and included detail is helpful. However this statement needs to be broken down AS requested - it makes zero sense as stated...... Now, I want to create a simple load balancer on e.g. 192.168.35.1/16 for these machines so LAN for LAN, WAN is no matter in this scheme Identify users/devices Ide...
by anav
Fri Mar 15, 2024 4:44 pm
Forum: Beginner Basics
Topic: mikrotik vlan mgmt, access ptp connect [SOLVED]
Replies: 2
Views: 349

Re: mikrotik vlan mgmt, access ptp connect [SOLVED]

What your missing is that each smart device should get an IP from a management vlan. Data vlans 17 and 89 are carried forward to each smart device as well. Assuming that the ROUTER has its own internal LAN, wheras, the receiver/txitter are acting solely as AP/switches and do not need an internal LAN...
by anav
Fri Mar 15, 2024 3:39 pm
Forum: Beginner Basics
Topic: Redirect to external Public IP [SOLVED]
Replies: 19
Views: 1185

Re: Redirect to external Public IP [SOLVED]

Still makes no sense....... Oh well, I will move on.
by anav
Fri Mar 15, 2024 3:24 pm
Forum: Beginner Basics
Topic: Separate filter rule for separate port
Replies: 5
Views: 295

Re: Separate filter rule for separate port

(1) I am not a queue user but there must be an easier way to do queues than what your config shows................. It would seem like you manually attributed queues on a per IP basis?? (2) Set this to none, as this setting has been known to cause weird issues and is not really needed. /interface de...
by anav
Fri Mar 15, 2024 12:44 pm
Forum: General
Topic: Interface list for multiple bridges? [SOLVED]
Replies: 4
Views: 599

Re: Interface list for multiple bridges? [SOLVED]

More efficient to use vlans and one bridge in most cases but concur with jaclaz's approach to fw rules, if sticking with two bridges......
KISS.
by anav
Fri Mar 15, 2024 12:41 pm
Forum: General
Topic: Wireguard tunnel local LAN
Replies: 16
Views: 823

Re: Wireguard tunnel local LAN

As holvoe noted, lets say take ether5 off the bridge. give it an Ip address add address=192.168.55.1/24 interface=ether5 network=192.168.55.0 Ensure ether5 is part of LAN LIST on interface members. Then to complete the config do it by connecting your PC to ether5 and give the pc an IPV4 address stat...
by anav
Fri Mar 15, 2024 4:16 am
Forum: Beginner Basics
Topic: port forwarding problem
Replies: 9
Views: 511

Re: port forwarding problem

Best to clean up the config and if still having issue post the latest config............
by anav
Thu Mar 14, 2024 11:26 pm
Forum: Beginner Basics
Topic: port forwarding problem
Replies: 9
Views: 511

Re: port forwarding problem

I use winbox, but webconfig should suffice. You already have a masquerade rule.
by anav
Thu Mar 14, 2024 10:38 pm
Forum: General
Topic: Temporary loss of access to network without disconnecting to AP
Replies: 7
Views: 369

Re: Temporary loss of access to network without disconnecting to AP

Hi holvoe, so you are saying that we should set bridge to what setting ......and from 7,14 onwards.....
by anav
Thu Mar 14, 2024 9:15 pm
Forum: Beginner Basics
Topic: port forwarding problem
Replies: 9
Views: 511

Re: port forwarding problem

(1) slight mod to dns.. /ip dns set allow-remote-requests=yes servers=1.1.1.1 REMOVE the following default.......... /ip dns static add address=192.168.88.1 comment=defconf name=router.lan (2) Take this default rule and create three new rules......... Clearer and better security. add action=drop cha...
by anav
Thu Mar 14, 2024 8:27 pm
Forum: General
Topic: DDNS configuration with 2 links
Replies: 7
Views: 287

Re: DDNS configuration with 2 links

I gather WAN1 is primary and WAN2 is secondary?
Is there any traffic for WAN2 even when WAN1 is up and running??
by anav
Thu Mar 14, 2024 8:26 pm
Forum: General
Topic: DDNS configuration with 2 links
Replies: 7
Views: 287

Re: DDNS configuration with 2 links

/ip route add check-gateway=ping distance= 2 dst-address=0.0.0.0/0 gateway=8.8.8.8 \ routing-table=main scope= 30 target-scope=11 add check-gateway=ping distance= 3 dst-address=0.0.0.0/0 gateway=8.8.4.4 \ routing-table=main scope= 30 target-scope=11 +++++++++++++++++++++++++++++++++++++++++++++++++...
by anav
Thu Mar 14, 2024 8:08 pm
Forum: General
Topic: DDNS configuration with 2 links
Replies: 7
Views: 287

Re: DDNS configuration with 2 links

The config was not really what I was asking for but since you did post it your routes are hosed/incorrect. More on that later. So the script finds the new IP for WAN1 and WAN2 locally on the router, and sends it to the dyndns website and updates it............. ?? To confirm, though it would appear ...
by anav
Thu Mar 14, 2024 7:48 pm
Forum: Beginner Basics
Topic: port forwarding problem
Replies: 9
Views: 511

Re: port forwarding problem

No idea without seeing the config.
by anav
Thu Mar 14, 2024 7:43 pm
Forum: Beginner Basics
Topic: Help SSH remote access
Replies: 5
Views: 325

Re: Help SSH remote access

The problem is either the configuration on your CHR MT router, or your home MT router.
https://help.mikrotik.com/docs/display/ROS/SSH
https://www.youtube.com/results?search_ ... h+mikrotik
by anav
Thu Mar 14, 2024 7:41 pm
Forum: General
Topic: CCR with a embedded LTE modem?
Replies: 6
Views: 295

Re: CCR with a embedded LTE modem?

To be honest I agree with holvoe, whatever market your trying to satisify it must be rather niche. It makes little sense to me to pair LTE with CCR2XXX products. Instead for CPE boxes look more at the chateau lineup. If you need outdoor antennas look at the ATL LTE 18 kit....... You would have to as...
by anav
Thu Mar 14, 2024 7:35 pm
Forum: General
Topic: DDNS configuration with 2 links
Replies: 7
Views: 287

Re: DDNS configuration with 2 links

You need to clarify....
a. who or what has a script?
b. where is this script aimed at.
c. what is the current configuration of your router ( vis-a-vis WAN setup ).
by anav
Thu Mar 14, 2024 6:08 pm
Forum: General
Topic: CCR with a embedded LTE modem?
Replies: 6
Views: 295

Re: CCR with a embedded LTE modem?

Know very little about LTE and routers, but if its like wifi, then LTE is probably best handled separately a. you can place LTE device where best suited, b. separate device can have a wide variety of antennae and type configurations c. can more easily change and or upgrade device without affecting r...
by anav
Thu Mar 14, 2024 5:48 pm
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1118

Re: CRS310-8G+2S to split WAN connection

No idea what you are doing now LOL......... I was strictly looking at the IPs to Routers work. You want each RX to send traffic from its assigned IP, You want each RX to only respond to arp requests for itself. ( maybe blocking arp requests to any other address than the allotted one is a better appr...
by anav
Thu Mar 14, 2024 5:31 pm
Forum: Beginner Basics
Topic: Separate filter rule for separate port
Replies: 5
Views: 295

Re: Separate filter rule for separate port

Without understanding how your rules are currently setup, it would be presumptive to come up with any solution as it would be guessing . One should realize that rules are integrated and can affect other rules and thus the flow of traffic. Others waste all our time by such frivolous attempts and quit...
by anav
Thu Mar 14, 2024 5:20 pm
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1118

Re: CRS310-8G+2S to split WAN connection

Quick set should be avoided for sure........... The idea of the bridge filter rules was to ensure the assignment sticks ( wan1 to R1 etc.........). My guess is that intended traffic between WANIPs, should not affected as the traffic would go to the ISP provider and then return, vice attempt to conne...
by anav
Thu Mar 14, 2024 5:02 pm
Forum: General
Topic: DDNS configuration with 2 links
Replies: 7
Views: 287

Re: DDNS configuration with 2 links

Typically a dyndns link to a public IP, is to ONE public IP not two and more specifically to the primary ACTIVE wanip.
If you have two active WANIPs, then you need two dyndns URLs to access them.
Not sure if that answers your question.
by anav
Thu Mar 14, 2024 4:31 pm
Forum: General
Topic: A place for poetry
Replies: 63
Views: 246961

Re: A place for poetry

Config a mess,
need to confess!
A script I'm told would be gold!
:If true , do { find a guru
then how much $$$$$$ ?
}
by anav
Thu Mar 14, 2024 4:24 pm
Forum: General
Topic: WireGuard Handshake
Replies: 4
Views: 247

Re: WireGuard Handshake

In the immortal words of some short guy......
Help me Help you!
by anav
Thu Mar 14, 2024 4:19 pm
Forum: Scripting
Topic: Mikrotik script syntax highlight
Replies: 10
Views: 547

Re: Mikrotik script syntax highlight

Amazing work................. both AMMO and rextended seem more comfortable with syntax than most are with adding a vlan to a pppoe interface...........
by anav
Thu Mar 14, 2024 3:48 pm
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1118

Re: CRS310-8G+2S to split WAN connection

Understood but it was material, one should not have floating unused ports on any configuration unless one knows that they will be used in the future. Thus if the OP had stated 4 now and possibly more WANS later, all the power to you, otherwise, its junk and security wise poor design. Caveat I have n...
by anav
Thu Mar 14, 2024 3:43 pm
Forum: General
Topic: Implementing MikroTik Solutions for a New Business
Replies: 2
Views: 204

Re: Implementing MikroTik Solutions for a New Business

They can also answer your homework questions as well. :-)
by anav
Thu Mar 14, 2024 3:35 pm
Forum: General
Topic: Bridge and Web Interface - RESOLVED [SOLVED]
Replies: 15
Views: 888

Re: Bridge and Web Interface - RESOLVED [SOLVED]

To your first post --> https://help.mikrotik.com/docs/display/ROS/MAC+server Since there is no problem or issue you need rectified but are seeking knowledge. Suggest start by reading the appropriate documentation applicable to your area of interest. - https://help.mikrotik.com/docs/display/ROS/Route...
by anav
Thu Mar 14, 2024 5:03 am
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1118

Re: CRS310-8G+2S to split WAN connection

No worries, If not useful so be it. @tangent, did you read the first line of the OPs first post?? have a CRS310-8G+2S that needs to go between my fiber modem and 4 routers to split the WAN connection between the routers (technical requirement). Our current He goes on to state in another line ether4-...
by anav
Thu Mar 14, 2024 3:17 am
Forum: Beginner Basics
Topic: Load Balance for LAN
Replies: 13
Views: 616

Re: Load Balance for LAN

Its not just a matter of details, its ensuring the OP has a clear understanding of what is required and has an actual plan.
by anav
Thu Mar 14, 2024 3:15 am
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1118

Re: CRS310-8G+2S to split WAN connection

I see this similarly (except using basic math if you have four routers you need four ports 4,5,6,7 [ including port 8 would make 5 there tangent ;-) ] I will take a stab at this for grins and giggles......... Not an expert so it could be useless. a. the switch is connected to the network via the man...
by anav
Thu Mar 14, 2024 2:25 am
Forum: Beginner Basics
Topic: Stuck no internet on CRS326 behind RB4011 [SOLVED]
Replies: 10
Views: 1081

Re: Stuck no internet on CRS326 behind RB4011 [SOLVED]

Yes I am the admin and wish to eliminate them LOL.........
by anav
Thu Mar 14, 2024 2:25 am
Forum: Beginner Basics
Topic: Load Balance for LAN
Replies: 13
Views: 616

Re: Load Balance for LAN

A clear set of requirements will lead to an optimal design a. identify all users/devices that will interact on the network ( internal, external including admin) b. identify all traffic flows they require draw a diagram of what you wish to accomplish, identifying devices, WAN, vlans etc. post your co...
by anav
Thu Mar 14, 2024 2:22 am
Forum: General
Topic: Bridge and Web Interface - RESOLVED [SOLVED]
Replies: 15
Views: 888

Re: Bridge and Web Interface [SOLVED]

Guessing is a waste of time, get facts!
by anav
Wed Mar 13, 2024 10:37 pm
Forum: General
Topic: Use Mikrotik's HotSpot solution to unblock Wireguard???
Replies: 13
Views: 648

Re: Use Mikrotik's HotSpot solution to unblock Wireguard???

Yikes, cant imagine doing that for 150 users........
by anav
Wed Mar 13, 2024 7:35 pm
Forum: Scripting
Topic: ✂ Rextended Fragments of Snippets
Replies: 96
Views: 61745

Re: ✂ Rextended Fragments of Snippets

Sertik, most of the angst caused is a cumulative thing. When like rextended, one has answered, day in day out, post after post that has zero quality control its very hard to remain patient and one justs gets to the point directly!! ( you have heard of RSI (injury)). Over the years, having been invol...
by anav
Wed Mar 13, 2024 7:00 pm
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 1296

Re: Hex Lite and NTP client updates

I think I understand how it works now and am asking pe1chl to confirm, if I have it right, partially right or wrong.
It certainly wasn't a question posed to you, but if you are happy to answer....... :-) ( or trying to pad posting stats LOL )
by anav
Wed Mar 13, 2024 6:39 pm
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 1296

Re: Hex Lite and NTP client updates

Sure was, I hope I dont get interviewed by Hur,,,,, guess I'm too old to run for president.
( note probably at that instance I didnt understand what the fix entailed regarding traffic flow and just assumed it would work )
by anav
Wed Mar 13, 2024 5:45 pm
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 1296

Re: Hex Lite and NTP client updates

Bananas are yellow, spewing forth a fact doesnt explain the supposed traffic flow. What you seem to have suggested is.. ROUTER sends out a WAN signal to an existing NTP server with dst-port 123 BUT ALSO source port 123??? The router sourcenats that outbound to port 12300, so that at the NTP site, th...
by anav
Wed Mar 13, 2024 5:40 pm
Forum: General
Topic: Wireguard and sites not opening
Replies: 2
Views: 175

Re: Wireguard and sites not opening

Must be your config at the office MT.
What MT router do you have at home as well ( if attempting to connect on a PC at home ) and its config may also be a problem.
by anav
Wed Mar 13, 2024 5:37 pm
Forum: Beginner Basics
Topic: Stuck no internet on CRS326 behind RB4011 [SOLVED]
Replies: 10
Views: 1081

Re: Stuck no internet on CRS326 behind RB4011 [SOLVED]

Can I assume this will also work then?
............
/ip/dhcp-server/lease/remove [find where static]
by anav
Wed Mar 13, 2024 5:31 pm
Forum: Beginner Basics
Topic: Another begginer's VLAN issue, network connection of the "switch" [SOLVED]
Replies: 8
Views: 793

Re: Another begginer's VLAN issue, network connection of the "switch" [SOLVED]

Hahah, Yes I will eat humble pie, I only looked at the example on the first page of the article........ Where it says to create the bridge and its very simple and notes add vlan-filtering=yes at the end. /interface bridge add name=bridge1 It later shows this setup as follows: /interface bridge set b...
by anav
Wed Mar 13, 2024 4:52 pm
Forum: Beginner Basics
Topic: Wired mesh network? [SOLVED]
Replies: 6
Views: 936

Re: Wired mesh network? [SOLVED]

The EERO lineup am familiar with as a family member just got some and they are rated at 6E. https://eero.com/shop/eero-pro-6e Yes they talk to each other over wifi if required or you can wire them directly but to take full advantage of their 6E speed, 2.5 gig ports are best. After reviewing these pr...
by anav
Wed Mar 13, 2024 4:39 pm
Forum: Beginner Basics
Topic: Redirect to external Public IP [SOLVED]
Replies: 19
Views: 1185

Re: Redirect to external Public IP [SOLVED]

Glad you understand MKX can you explain what is going on. It would appear that a. the Router has a public IP and is the DHCP server etc.. b. Op has a dyndns URL that he uses for identifying the router ( not using Ip cloud ) c. He wants to reach a server on the LAN d. The server requires port 8.8.8.8...
by anav
Wed Mar 13, 2024 4:35 pm
Forum: Beginner Basics
Topic: Mikrotik wAP und Chromebook
Replies: 6
Views: 400

Re: Mikrotik wAP und Chromebook

So the wifi setup works for two devices but not a third?
Can you elaborate on what type of wifi each device uses ........ n, a, ac, g etc..........
by anav
Wed Mar 13, 2024 4:33 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 282
Views: 43816

Re: v7.15beta [testing] is released!

Did people actually use name with spaces without quotes???
by anav
Wed Mar 13, 2024 4:29 pm
Forum: General
Topic: Wireguard tunnel local LAN
Replies: 16
Views: 823

Re: Wireguard tunnel local LAN

I prefer the routing table method as it provides more flexibility and functionality. I dont presume that all users must use tunnel 100% of the time. More often than nought, the admin will want to retain the ability for one IP (one of his) to be able to access the local WAN Then there is the scenario...
by anav
Wed Mar 13, 2024 4:22 pm
Forum: General
Topic: Upgrading -> Wireguard bug?
Replies: 1
Views: 133

Re: Upgrading -> Wireguard bug?

Read the 7.14 thread............... https://forum.mikrotik.com/viewtopic.php?t=205097 or do forum search for like issue......... https://forum.mikrotik.com/viewtopic.php?t=203123#p1061713 Lots of problems with wg and logging etc..... /system/logging/set 0 topics=info, ! wireguard action=memory
by anav
Wed Mar 13, 2024 4:17 pm
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 742

Re: NAT port forwarding does not work

Sorry but your explanations are more confusing then clarifying. I have no clue at all what you are doing or have attempted and I am getting tired of waiting for decent information. Let see if we can make sense of it. What make is router 2? ( assuming its in a separate location in the house and gets ...
by anav
Wed Mar 13, 2024 4:11 pm
Forum: General
Topic: Access Point on Trunk Port - no connection
Replies: 3
Views: 262

Re: Access Point on Trunk Port - no connection

AP/Switch approach: In terms of the switch, the main difference is a. only need to create and identify the management vlan on the switch b. only the management vlan is tagged to the bridge in /interface bridge vlans c. only need single MGMT interface list and the only member is the management vlan (...
by anav
Wed Mar 13, 2024 4:09 pm
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 1296

Re: Hex Lite and NTP client updates

Hi pe1chl
How will the source nat fix the problem....
If the router goes out to a website and the website sees port 12300 wont it just drop the traffic as its not the usual NTP port???
by anav
Wed Mar 13, 2024 4:04 pm
Forum: General
Topic: VLAN struggles (continued)
Replies: 7
Views: 628

Re: VLAN struggles (continued)

Not responding, may be in jail :-) In terms of the switch, the main difference is a. only need to create and identify the management vlan on the switch b. only the management vlan is tagged to the bridge in /interface bridge vlans c. only need single MGMT interface list and the only member is the ma...
by anav
Wed Mar 13, 2024 3:58 pm
Forum: General
Topic: Backup restoration, wrong interfaces
Replies: 12
Views: 533

Re: Backup restoration, wrong interfaces

MT Docs, first line: The RouterOS backup feature allows cloning a router configuration in binary format, which can then be re-applied on the same device.
https://help.mikrotik.com/docs/display/ROS/Backup
by anav
Wed Mar 13, 2024 3:55 pm
Forum: General
Topic: WireGuard Handshake
Replies: 4
Views: 247

Re: WireGuard Handshake

Suggestion: Fix your config.
by anav
Wed Mar 13, 2024 4:24 am
Forum: Wireless Networking
Topic: hAP ax3 + Realtek RTL8821CE 802.11ac = bad wifi speed [SOLVED]
Replies: 23
Views: 1236

Re: hAP ax3 + Realtek RTL8821CE 802.11ac = bad wifi speed [SOLVED]

Put the realtek in the real garbage.............
by anav
Wed Mar 13, 2024 4:22 am
Forum: Forwarding Protocols
Topic: CCR2004-1G-12S+2XS vs CCR1036-12G-4S
Replies: 4
Views: 399

Re: CCR2004-1G-12S+2XS vs CCR1036-12G-4S

Thats a downgrade..... going from a multi-core TILE with amazing throughput of 12gigs, which also easily handles your cumulative 7gigs of throughput. So you have to be clear on the reason for upgrade?? Must be due to the lack of 2.5,5,10 or more gig ports available........................ One move y...
by anav
Wed Mar 13, 2024 3:57 am
Forum: Beginner Basics
Topic: Stuck no internet on CRS326 behind RB4011 [SOLVED]
Replies: 10
Views: 1081

Re: Stuck no internet on CRS326 behind RB4011 [SOLVED]

Is there a general flush all DHCP leases setting??
by anav
Wed Mar 13, 2024 3:41 am
Forum: Beginner Basics
Topic: Redirect to external Public IP [SOLVED]
Replies: 19
Views: 1185

Re: Redirect to external Public IP [SOLVED]

Please draw a diagram of what you speak as what you wrote makes little sense to me.
Also try not to speak of any solution config ideas for the following:
a. identify all the users/devices requiring traffic flow
b. identify all the traffic flows each device/user needs.
by anav
Wed Mar 13, 2024 3:40 am
Forum: Beginner Basics
Topic: Another begginer's VLAN issue, network connection of the "switch" [SOLVED]
Replies: 8
Views: 793

Re: Another begginer's VLAN issue, network connection of the "switch" [SOLVED]

(1) Its perfectly valid to put the NTP server on each DHCP interface but its really not required if you have input chain rules in the format of add chain=input action=accept in-interface-list=LAN dst-port=53,123 protocol=udp comment="allow users to DNS/NTP services" add chain=input action=...
by anav
Wed Mar 13, 2024 12:19 am
Forum: Beginner Basics
Topic: Another begginer's VLAN issue, network connection of the "switch" [SOLVED]
Replies: 8
Views: 793

Re: Another begginer's VLAN issue, network connection of the "switch" [SOLVED]

MT is very forgiving in that it allows you to setup stuff in many ways, and not necessarily the optimal or right way. As for are reading you missed the fact that your entry is not in the reference. /interface bridge add f rame-types=admit-only-vlan-tagged name=bridge1 vlan-filtering=yes Dont need et...
by anav
Tue Mar 12, 2024 11:44 pm
Forum: General
Topic: Hairpin NAT using Local DNS
Replies: 9
Views: 457

Re: Hairpin NAT using Local DNS

Hairpin via dns.................. Not a clue what it does though, assuming 192.168.88.68 is the IP of the server..... 3. DNS METHOD - AVOID NAT – REDIRECT LAN REQUEST VIA DNS Create the following rule! /ip dns static add address=192.168.88.68 regexp="(^| www \\.) myserver \\. net \$" ttl=5m
by anav
Tue Mar 12, 2024 11:39 pm
Forum: General
Topic: Wireguard tunnel local LAN
Replies: 16
Views: 823

Re: Wireguard tunnel local LAN

The ineptitude of support thus far is to much to let go........... From: /interface wireguard peers add allowed-address=192.168.69. 10 /24 disabled =yes endpoint-address=xx.xx.xx.xx \ endpoint-port=51001 interface=wire-aws persistent-keepalive=25s \ public-key="osi1xxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
by anav
Tue Mar 12, 2024 11:03 pm
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 742

Re: NAT port forwarding does not work

The only thing i would consider adding is the following................... but should not make any difference.
/ip dns
set allow-remote-requests=yes servers=1.1.1.1


Can you confirm you are accessing the SPFPLUS WAN, and have you tried from your cellphone??
by anav
Tue Mar 12, 2024 10:59 pm
Forum: Beginner Basics
Topic: Another begginer's VLAN issue, network connection of the "switch" [SOLVED]
Replies: 8
Views: 793

Re: Another begginer's VLAN issue, network connection of the "switch" [SOLVED]

Please use this as a basis for setting up vlans on your router. https://forum.mikrotik.com/viewtopic.php?t=143620 The switch is similar but only need to identify the management vlan and its the only vlan tagged with the bridge on /interface bridge vlan settings! on both do not invoke any other rules...
by anav
Tue Mar 12, 2024 10:47 pm
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 742

Re: NAT port forwarding does not work

Then it should just work??
by anav
Tue Mar 12, 2024 9:58 pm
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 742

Re: NAT port forwarding does not work

Accessing the server from your other WAN connection is of course going to be problematic....... Think of the logic......... You come in WAN2 ( not the primary WAN ) lets say you reach the server, the response will go out WAN1 the primary WAN. The return will be coming from a different source address...
by anav
Tue Mar 12, 2024 9:40 pm
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 742

Re: NAT port forwarding does not work

Other than adding in-interface-list=LAN on the dstnat rule for completeness, there seems to be no reason at all for not reaching the server from the outside.
- Are you sure you have a publicly reachable IP address??
- Are you sure the server doesnt have its own firewall settings ( like if on a PC ).
by anav
Tue Mar 12, 2024 9:26 pm
Forum: Beginner Basics
Topic: Wrong Network while connected to cAP ax [SOLVED]
Replies: 7
Views: 780

Re: Wrong Network while connected to cAP ax [SOLVED]

Lot of rectal plucks here fellas, get facts before making stories. a. What device is the main router? ( is it MT or something else ) b. Where is the config for review of the cAPAX. c. network diagrams help d. detailing requirements for optimal design (i) identify all users/devices that require traff...
by anav
Tue Mar 12, 2024 9:23 pm
Forum: Beginner Basics
Topic: Failover Issue
Replies: 7
Views: 417

Re: Failover Issue

and how many times will you do this in your lifetime jacklaz, LOL............ Tis where a first post process simply works! @OP - a network diagram helps show which devices, which subnets, internet source and overall intentions. The config as noted shows us where you are at currently trying to implem...
by anav
Tue Mar 12, 2024 9:19 pm
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 742

Re: NAT port forwarding does not work

Do you mean, knowing the actual traffic flow requirements and perhaps a network diagram would help.............. gee....... where have I heard that before? Certainly not in th non-existent First Post Process LOL.
by anav
Tue Mar 12, 2024 4:16 pm
Forum: General
Topic: Use Mikrotik's HotSpot solution to unblock Wireguard???
Replies: 13
Views: 648

Re: Use Mikrotik's HotSpot solution to unblock Wireguard???

Two MT routers maybe......
by anav
Tue Mar 12, 2024 3:38 pm
Forum: Beginner Basics
Topic: 2WAN as Failover and Setup Wireguard KEY as Client [SOLVED]
Replies: 11
Views: 578

Re: 2WAN as Failover and Setup Wireguard KEY as Client [SOLVED]

(1) Need persistent keep alive in your Peer settings so........ /interface wireguard peers add allowed-address=0.0.0.0/0 endpoint-address=5.172.196.95 endpoint-port="proton-provided-port" interface=wireguard1 \ persistent-keep-alive=30s public-key="public_key_of_provider" /routin...
by anav
Tue Mar 12, 2024 3:13 pm
Forum: General
Topic: Use Mikrotik's HotSpot solution to unblock Wireguard???
Replies: 13
Views: 648

Re: Use Mikrotik's HotSpot solution to unblock Wireguard???

Methinks its not possible.
by anav
Mon Mar 11, 2024 11:09 pm
Forum: Beginner Basics
Topic: Firewall check
Replies: 7
Views: 484

Re: Firewall check

Correct. /ip firewall filter add action=fasttrack-connection chain=forward comment="fasttrack" connection-state=established,related add action=accept chain=forward comment="Allow established,related,untracked" connection-state=established,related,untracked add action=drop chain=f...
by anav
Mon Mar 11, 2024 10:38 pm
Forum: Beginner Basics
Topic: Help with config [SOLVED]
Replies: 6
Views: 823

Re: Help with config [SOLVED]

Yup thats a good video and is what most use, including myself.
by anav
Mon Mar 11, 2024 9:56 pm
Forum: Beginner Basics
Topic: VLAN interfaces assigned directly to the bridge verses a vlan to a port on the bridge?
Replies: 7
Views: 562

Re: VLAN interfaces assigned directly to the bridge verses a vlan to a port on the bridge?

Okay so basically it would appear that the MT is behind another device and getting a. private IP and associated subnet incoming on ethernet cable as untagged traffic ( assumption is this is the LANIP of the MT on the upstream router LAN and thus also the WANIP of the MT ) b. tagged vlan66 which is W...
by anav
Mon Mar 11, 2024 9:19 pm
Forum: Beginner Basics
Topic: Firewall check
Replies: 7
Views: 484

Re: Firewall check

Keep chains together and order is important overall. One should have a source originating traffic and an endpoint destination for that traffic. Traffic that is port forwarded should not normally be placed in forward chain but in dstnat chain. The fw forward chain only needs a general rule allowing p...
by anav
Mon Mar 11, 2024 9:03 pm
Forum: General
Topic: Use Mikrotik's HotSpot solution to unblock Wireguard???
Replies: 13
Views: 648

Re: Use Mikrotik's HotSpot solution to unblock Wireguard???

Never noticed that, anything L3 interfacish doesnt show up on interface list ( wg, ipip,gre etc...). Which limits your options...... perhaps two routers is the only way.
by anav
Mon Mar 11, 2024 8:14 pm
Forum: General
Topic: Wireguard tunnel local LAN
Replies: 16
Views: 823

Re: Wireguard tunnel local LAN

I see a plethora of issues but you are in good and soft hands with Holvoe. :-)
by anav
Mon Mar 11, 2024 7:50 pm
Forum: General
Topic: Not having wire speed transfer between same VLAN on CRS354!
Replies: 15
Views: 678

Re: Not having wire speed transfer between same VLAN on CRS354!

Yup, sounds more like cable or PC issues at this point.
by anav
Mon Mar 11, 2024 6:57 pm
Forum: Beginner Basics
Topic: WireGuard Subnets
Replies: 5
Views: 369

Re: WireGuard Subnets

I would only make changes one at a time and using the safe mode button.
Then repost.
by anav
Mon Mar 11, 2024 6:31 pm
Forum: General
Topic: WireGuard in action, experiences, not theory
Replies: 18
Views: 898

Re: WireGuard in action, experiences, not theory

I lean on others for many answers so consider it a team effort.
by anav
Mon Mar 11, 2024 6:07 pm
Forum: General
Topic: Failover and VPN using at the same time
Replies: 2
Views: 163

Re: Failover and VPN using at the same time

Is the VPN terminated on the MT router or on a server on the LAN? a. If the former then you need to ensure traffic coming in ISP2 goes out WAN2 when the router responds.......... b. If the latter you need to ensure traffic coming in ISP2 goes out WAN2 when the LAN device responds....... In either ca...
by anav
Mon Mar 11, 2024 5:31 pm
Forum: Beginner Basics
Topic: Need help with L3 VLAN [SOLVED]
Replies: 6
Views: 845

Re: Need help with L3 VLAN [SOLVED]

vlan1 is already used in the background, and not just by MT devices.
best to never use for vlans carrying traffic.
by anav
Mon Mar 11, 2024 5:28 pm
Forum: General
Topic: Firewall - Check - No Portforwarding
Replies: 6
Views: 336

Re: Firewall - Check - No Portforwarding

Well if you followed their guide, then there should be no issues, just make sure you copied it correctly. I personally would not implement any rules I didnt understand and thats another reason to start small, learn and then add if required. https://help.mikrotik.com/docs/display/ROS/First+Time+Confi...
by anav
Mon Mar 11, 2024 4:44 pm
Forum: Wireless Networking
Topic: WiFi Home Configuration Suggestions
Replies: 10
Views: 586

Re: WiFi Home Configuration Suggestions

Then I would start with two capaXs on the outer positions and see if that satisfies the requirements.
by anav
Mon Mar 11, 2024 4:40 pm
Forum: Beginner Basics
Topic: WireGuard Subnets
Replies: 5
Views: 369

Re: WireGuard Subnets

Can you not export the config and post here ( i use notepadd++)

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys, long dhcp lease lists etc.)
by anav
Mon Mar 11, 2024 4:20 pm
Forum: General
Topic: Wireguard tunnel local LAN
Replies: 16
Views: 823

Re: Wireguard tunnel local LAN

See Holvoe, a perfect example of a motivated first poster, that with a single training session, could produce a valid first post. There would be many one and dones........... My idea is both practical and feasible, for anybody who is not brain dead that is. :-) Some would take longer, but overall, y...
by anav
Mon Mar 11, 2024 4:11 pm
Forum: General
Topic: WireGuard in action, experiences, not theory
Replies: 18
Views: 898

Re: WireGuard in action, experiences, not theory

It will work just fine. You have A primary wg network where all are connected. In case R1 falls off line, you have a backup connection via R3 ( keeping r2,r3,r4 connected ) and any roadwarriors needing access. What I suggest you do is setup a firewall list callled Authorized . add address=10.3.2.11 ...
by anav
Mon Mar 11, 2024 3:45 pm
Forum: General
Topic: WireGuard in action, experiences, not theory
Replies: 18
Views: 898

Re: WireGuard in action, experiences, not theory

First setup is some fixes to primary setup and the second is for a backup. Primary Wireguard Interface R1 (Main Server Peer ) /interface wireguard peers add allowed address - 10.3.2.2/32,10.21.30.0/24 interface=WG_mikrotik_R1 comment="peer Router 2" public key="*******************&quo...
by anav
Mon Mar 11, 2024 3:57 am
Forum: Beginner Basics
Topic: Need help with L3 VLAN [SOLVED]
Replies: 6
Views: 845

Re: Need help with L3 VLAN [SOLVED]

As long as the port using the vlan is not on the bridge its a viable path. If you have the vlan on the bridge then you should use all vlans and the bridge does no DHCP etc... Do not use VLAN1 for anything carrying data.......... If your router gets a public IP, then your firewall rules are your bigg...
by anav
Sun Mar 10, 2024 9:26 pm
Forum: Wireless Networking
Topic: WiFi Home Configuration Suggestions
Replies: 10
Views: 586

Re: WiFi Home Configuration Suggestions

How is the signal from the middle X, to the O to the right of it/ (If you turn middle O off) I would start with one CAPAX in the current middle position and see if the service is adequate at all locations. If not, then consider moving the central one to the far right hand position and get a second c...
by anav
Sun Mar 10, 2024 9:04 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

Well I see it as an elegant way of simply stating: Ensure local traffic is not captured out the the tunnel by subsquent routing rules. When one starts having multiple subnets, this simplifies the config. While looking for linux stuff, found this WG QUICK script LOL - https://ro-che.info/articles/202...
by anav
Sun Mar 10, 2024 9:02 pm
Forum: General
Topic: Wireguard and IPSec help needed
Replies: 4
Views: 666

Re: Wireguard and IPSec help needed

ROUTER A (1) set detect internet to NONE. (2) private key NOT supposed to be on peer setting! (3) One should not access winbox (aka the router) directly from the WAN side, unless its connected to an upstream router and you need to access MT router from the upstream routers LAN. I see you have a red...
by anav
Sun Mar 10, 2024 6:46 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

flatbat is correct,
The name and function are rather bizarre and MUST have more explanation. The fact that you are almost incoherent trying to explain it speaks volumes. :-)
The integer ref is also confusing............how does this relate to for example IPV6 which is 128 bits long .................
by anav
Sun Mar 10, 2024 6:43 pm
Forum: General
Topic: Bridge Firewall Problem
Replies: 9
Views: 571

Re: Bridge Firewall Problem

Okay to confirm, you have no real knowledge of MT OS and how firewall rules work, and you are going by the assumption if a button exists I should use it.
Good to know. Hopefully others will chime in, as I will be assisting others
https://help.mikrotik.com/docs/display/ ... t+Firewall
by anav
Sun Mar 10, 2024 6:38 pm
Forum: General
Topic: Interface lists efficiency for firewall
Replies: 3
Views: 290

Re: Interface lists efficiency for firewall

My rules of thumb for traffic flow rules. a. For traffic to or from a single subnet USE: SRC or DST address x.x.x.0/24 b. For traffic to or from two or more whole subnets USE: interface lists c. For traffic to or from remote subnets (not known to the router) USE: firewall address lists d. For traffi...
by anav
Sun Mar 10, 2024 6:30 pm
Forum: General
Topic: Firewall - Check - No Portforwarding
Replies: 6
Views: 336

Re: Firewall - Check - No Portforwarding

Well if all those subnets are local, why are you creating firewall list? A. to identify single subnets in a config use src or dst address .0/24 B. to identify two or more subnets having similar traffic flow expectations use INTERFACE LISTS C. to identify two or more external subnets (not known to th...
by anav
Sun Mar 10, 2024 6:27 pm
Forum: General
Topic: Bridge VLAN prerouting
Replies: 8
Views: 679

Re: Bridge VLAN prerouting

by anav
Sun Mar 10, 2024 6:24 pm
Forum: Beginner Basics
Topic: Help with config [SOLVED]
Replies: 6
Views: 823

Re: Help with config [SOLVED]

Your firewall rules are where the most work is needed, its clear you got mixed up or at least didnt think through the logic. For example you have the office vlan accessing the training vlan and then you have the training vlan accessing the office vlan. But you dont use vlan subnets you actually use ...
by anav
Sun Mar 10, 2024 5:26 pm
Forum: General
Topic: Firewall - Check - No Portforwarding
Replies: 6
Views: 336

Re: Firewall - Check - No Portforwarding

No point in reading too far. Tells me all i need to know, if this is an internet facing device (gets public IP) then your setup is flawed for security reasons.
If you want to config the router, use VPN to access the router then use winbox.

add action=accept chain=input port=8291 protocol=tcp
by anav
Sun Mar 10, 2024 5:20 pm
Forum: Beginner Basics
Topic: Firewall check
Replies: 7
Views: 484

Re: Firewall check

Is this device connected to the internet directly or through another router?
Why did you remove all the defaults?
by anav
Sun Mar 10, 2024 5:15 pm
Forum: General
Topic: WireGuard in action, experiences, not theory
Replies: 18
Views: 898

Re: WireGuard in action, experiences, not theory

No point in looking at configs without first understanding the intent of your diagram. It would appear that the router on the left call it R1 is the Server Peer for handshake purposes ( with address 10.3.2.1) and the three routers on the right R2,R3,R4 are the PEER clients for handshake. Can you con...
by anav
Sun Mar 10, 2024 1:55 am
Forum: General
Topic: Mangle rules with FastTrack
Replies: 1
Views: 201

Re: Mangle rules with FastTrack

There are two approaches used...... (1) Identify the traffic prior to fastrack. add action=accept chain=forward connection-state=established,related,untracked in-interface=vlan101 out-interface=vlan102 add action=accept chain=forward connection-state=established,related,untracked in-interface=vlan10...
by anav
Sun Mar 10, 2024 1:48 am
Forum: General
Topic: WireGuard in action, experiences, not theory
Replies: 18
Views: 898

Re: WireGuard in action, experiences, not theory

What do I think...........
Not setup correctly is what I think but I am probably wrong seeing as you have so much experience.
by anav
Sat Mar 09, 2024 10:32 pm
Forum: General
Topic: WireGuard in action, experiences, not theory
Replies: 18
Views: 898

Re: WireGuard in action, experiences, not theory

You dont get mesh.... You get a mess. Its peer to peer, and you best know what you are doing in firewall rules and routes. Depends on any given scenario: For example, if you have three Routers then you should have B,C connect to A, and the backup best be on either C and B and a connection between th...
by anav
Sat Mar 09, 2024 9:57 pm
Forum: General
Topic: 2 wan setting
Replies: 2
Views: 209

Re: 2 wan setting

My advice, stick to basic default firewall rules and add very little and fix mangling its not correct.
by anav
Sat Mar 09, 2024 9:51 pm
Forum: General
Topic: Mikrotik 7.14 - wireguard [SOLVED]
Replies: 4
Views: 619

Re: Mikrotik 7.14 - wireguard [SOLVED]

You mean this one..... viewtopic.php?t=203123#p1061713
by anav
Sat Mar 09, 2024 9:48 pm
Forum: Beginner Basics
Topic: WireGuard Subnets
Replies: 5
Views: 369

Re: WireGuard Subnets

(1) Remove bridge filters is probably the most important change. (2) Add wireguard to list members. /interface list member add comment=defconf interface=ether1-WAN list=WAN add comment=defconf interface=bridge-LAN list=LAN add interface =wireguard1 list=LAN (3) Modify firewall rules.... Put input ch...
by anav
Sat Mar 09, 2024 9:39 pm
Forum: General
Topic: Mikrotik 7.14 - wireguard [SOLVED]
Replies: 4
Views: 619

Re: Mikrotik 7.14 - wireguard [SOLVED]

Yes, try reading the 7.14 thread in announcements.........
by anav
Sat Mar 09, 2024 6:01 pm
Forum: Wireless Networking
Topic: *request* 4x4 WiFi6 or 6e
Replies: 1
Views: 187

Re: *request* 4x4 WiFi6 or 6e

6 4x4............. not likely
6E - hopefully never
7 - hopefully soon
by anav
Sat Mar 09, 2024 5:57 pm
Forum: Beginner Basics
Topic: Port forwarding & PPPoE "Bridge"
Replies: 2
Views: 252

Re: Port forwarding & PPPoE "Bridge"

Why are you using a switch as a router???
Assuming your internet connection is like 200Mbps or less ??
by anav
Sat Mar 09, 2024 5:56 pm
Forum: Beginner Basics
Topic: CRS310-1G-5S-4S+IN I can’t manage to setup trunks on all sfp ports
Replies: 8
Views: 496

Re: CRS310-1G-5S-4S+IN I can’t manage to setup trunks on all sfp ports

As stated use the link I provided, then post your config, and I can show you where you went wrong or stick with swos.
by anav
Sat Mar 09, 2024 5:54 pm
Forum: General
Topic: Not having wire speed transfer between same VLAN on CRS354!
Replies: 15
Views: 678

Re: Not having wire speed stransfer between same VLAN!

1. Yes admit all includes both vlan tagged and untagged which, by the way, is a setting I would only use and is required for hybrid ports. If its a trunk port only vlan tagged is appproriate If its an access port, priority and untagged is appropriate. Up to you 2. Whether the changes or not affect p...
by anav
Sat Mar 09, 2024 4:52 pm
Forum: General
Topic: Wireguard between routers
Replies: 3
Views: 276

Re: Wireguard between routers

Incorrect! Only the peer that is acting as server for handshake has to have a reachable public IP in the standard wireguard setup. (Note: with new wg BTH functionality available on most MT routers, one need not have any reachable IPs). So the Remote Device should have allowed IPs like so. /interface...
by anav
Sat Mar 09, 2024 4:36 pm
Forum: Forwarding Protocols
Topic: v7.13.4 on hEX Sanity check
Replies: 2
Views: 555

Re: v7.13.4 on hEX Sanity check

Insanity is expecting assistance without

a. detailed requirements which point to the design of the config
b. network diagram to show how devices and which devices are communicating
c. complete confg, as MT functionality is integrated accross functionalities.
by anav
Sat Mar 09, 2024 4:30 pm
Forum: Forwarding Protocols
Topic: Advice on joning two private and separate LANs
Replies: 4
Views: 255

Re: Advice on joning two private and separate LANs

With the current setup ( assuming the MT is setup as a router ) and ensuring the masquerade rule on the Mikrotik router, any traffic heading out of the mikrotik is going to go to two locations. a. out the internet - one of your users wants to browse, email etc. b. or to a local subnet behind the anc...
by anav
Sat Mar 09, 2024 4:18 pm
Forum: Beginner Basics
Topic: Mikrotik Built-in VPN doesn't work with Mac OS 10.13 Catalina or iOS17 using L2TP connection
Replies: 1
Views: 177

Re: Mikrotik Built-in VPN doesn't work with Mac OS 10.13 Catalina or iOS17 using L2TP connection

Suggest you use Wireguard instead. Does your home router get a reachable public IP, or the upstream router if there is one ( and can you port forward on said upstream router)
by anav
Sat Mar 09, 2024 4:16 pm
Forum: General
Topic: Bridge Firewall Problem
Replies: 9
Views: 571

Re: Bridge Firewall Problem

What prompted you to use bridge filters vice standard filters? Unique requirement?
by anav
Sat Mar 09, 2024 3:48 pm
Forum: General
Topic: Not having wire speed transfer between same VLAN on CRS354!
Replies: 15
Views: 678

Re: Not having wire speed stransfer between same VLAN!

Guessing is for cats, sane animals work with facts! ;-PP Both PCs are behind the CRS354 Switch?? If so, yes there is something wrong with the config and likely on the switch. So lets start there....... (1) I dont like your name DISCOVERY ( meaningless) , should be more akin to BASE or better MGMT ( ...
by anav
Sat Mar 09, 2024 2:37 pm
Forum: General
Topic: Horrible connection through VPN connection.
Replies: 2
Views: 188

Re: Horrible connection through VPN connection.

Another great first post courtesy of Normis :-)

Besides the other questions, what firmware are you using.
What is on both ends of vpn connection.
by anav
Fri Mar 08, 2024 9:51 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

Okay just to be clear there is no such thing as $norules ???
by anav
Fri Mar 08, 2024 6:51 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

Now you have me confused??? I was talking about this you posted........ My uglier approach is: /routing rule { add action=lookup disabled=$norules dst-address=10.0.0.0/8 table=main add action=lookup disabled=$norules dst-address=172.16.0.0/12 table=main add action=lookup disabled=$norules dst-addres...
by anav
Fri Mar 08, 2024 6:33 pm
Forum: General
Topic: WireGuard help needed [SOLVED]
Replies: 3
Views: 528

Re: WireGuard help needed [SOLVED]

First would state a. check to ensure keys are setup correctly b. there is no firewall on the remote device blocking traffic 1. This indicates some sort of error... Which indeed is probably true as you never defined vlan100 so not sure what you are doing here??? You are no using bridge vlan filtering...
by anav
Fri Mar 08, 2024 6:25 pm
Forum: Beginner Basics
Topic: Site to site Wireguard with both Mikrotiks behind NAT. Can you do it? [SOLVED]
Replies: 21
Views: 5757

Re: Site to site Wireguard with both Mikrotiks behind NAT. Can you do it? [SOLVED]

Up to you.......
You can use different interfaces OR diff IP address nomenclature assigned to the same wireguard interface.........
In this way on both firewall rules and Allowed IPs, all users would be separated.
Depends on your security posture.
by anav
Fri Mar 08, 2024 6:16 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

You didnt comment on $norules ??
Please describe what this does and it was not in the MT docs by the way, so its more interesting to me :-)
by anav
Fri Mar 08, 2024 6:13 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

Okay so that is clear to understand. I have run across this already and solved it by ensuring the subnets were designed with this in mind before config. If you have all your subnets in 192.168.0.0 to 192.168.15.0 range, you could simply do /routing rule add dst-address=192.168.0.0/20 action=lookup-o...
by anav
Fri Mar 08, 2024 4:30 pm
Forum: Beginner Basics
Topic: Site to site Wireguard with both Mikrotiks behind NAT. Can you do it? [SOLVED]
Replies: 21
Views: 5757

Re: Site to site Wireguard with both Mikrotiks behind NAT. Can you do it? [SOLVED]

Really, you think keeping track of extra keys is FUN? You need a vacation LOL.
by anav
Fri Mar 08, 2024 4:14 pm
Forum: Wireless Networking
Topic: Wifi 7 - MikroTik when???
Replies: 70
Views: 13940

Re: Wifi 7 - MikroTik when???

Yup should be standard chip in every new wifi product. BULK purchase should get MT best price :-) I'm holding off waiting for the 5009 - WIFI 7 combo product.......... but Normis, why not add another 2.5 gig, as the Marvel chip allows up to 3 SerDes interfaces ( you only have a 10gig and 2.5g port)....
by anav
Fri Mar 08, 2024 4:03 pm
Forum: Beginner Basics
Topic: IP Cloud vs DuckDNS
Replies: 4
Views: 311

Re: IP Cloud vs DuckDNS

As an example I have a mikrotik that I reach at a remote location,
In my firewall address list I put the IP Cloud URL name=RemoteRouter

Then in rules I can use interface-list=RemoteRouter and my local router resolves that for me. Very handy
by anav
Fri Mar 08, 2024 4:01 pm
Forum: Beginner Basics
Topic: Site to site Wireguard with both Mikrotiks behind NAT. Can you do it? [SOLVED]
Replies: 21
Views: 5757

Re: Site to site Wireguard with both Mikrotiks behind NAT. Can you do it? [SOLVED]

Start your own thread, your scenario bares little to no resemblance to the original threads situation. State the traffic flow requirements and the design will fall out naturally, for example, there is probably no need to have a different wireguard per vlan approach. Post a a diagram of your intentio...
by anav
Fri Mar 08, 2024 3:55 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

Hi Ammo, you know I am a little slow, what are the practical effect of using $norules or "min-prefix=0.

What is it that they do in simple terms........
by anav
Fri Mar 08, 2024 2:49 pm
Forum: Beginner Basics
Topic: IP Cloud vs DuckDNS
Replies: 4
Views: 311

Re: IP Cloud vs DuckDNS

Rarely but it does happen where IP cloud is not available, in that case a backup is not a bad idea. But yes IP cloud is very handy.
by anav
Fri Mar 08, 2024 2:45 pm
Forum: General
Topic: wireguard problem with a v 7.14
Replies: 8
Views: 809

Re: wireguard problem with a v 7.14

The issue is not resolved, that is one approach to avoid the issue which shouldnt occur regardless. ( work around, but not a fix to the bug )
by anav
Fri Mar 08, 2024 2:44 pm
Forum: General
Topic: Logging Wireguard,info: handshake didn't complete
Replies: 4
Views: 295

Re: Logging Wireguard,info: handshake didn't complete

Lesson learned --> smart adapters wait for 7.XX.1 or 7.XX.2, they never jump on 7.XX.0
by anav
Fri Mar 08, 2024 2:40 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

I'm blushing!! In the meantime, you should help the dude in this thread, he has issues with fastrack and queues. https://forum.mikrotik.com/viewtopic.php?t=205474 Why dont you come up with a way to solve that issue. .. I mean it should just work without any need for additional steps............... N...
by anav
Fri Mar 08, 2024 12:41 pm
Forum: General
Topic: Logging Wireguard,info: handshake didn't complete
Replies: 4
Views: 295

Re: Logging Wireguard,info: handshake didn't complete

Known issues, read the thread on 7.14 in announcements.
by anav
Fri Mar 08, 2024 3:57 am
Forum: Beginner Basics
Topic: How to DST-NAT trhough 2 mikrotik and 2 ISP
Replies: 4
Views: 517

Re: How to DST-NAT trhough 2 mikrotik and 2 ISP

Single NAT Router 1 incoming on WAN port ---> dstnat to LAN server Double NAT Router1 incoming on WAN port ----> dstnat to LANIP of next router Router2 incoming on fixed IP WAN port ----> dstnat to LANIP of server TRIPLE NAT Router1 incoming on WAN port ----> dstnat to LANIP of next router Router2 ...
by anav
Fri Mar 08, 2024 3:52 am
Forum: Beginner Basics
Topic: VLAN interfaces assigned directly to the bridge verses a vlan to a port on the bridge?
Replies: 7
Views: 562

Re: VLAN interfaces assigned directly to the bridge verses a vlan to a port on the bridge?

What are the requirements for traffic flow that describes all users, devices, cherry picking a port is almost useless to give advice on,,,, configs are integrated animals.
A network diagram will help as well.
by anav
Fri Mar 08, 2024 3:49 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

I disagree, he inventing a problem thats not a problem. There are working solutions. Add to the list the million of suggestions to make life easier for users................. While you all mull it over obsessively, I will continue to help others and stop by once in a while, to refute anything stated...
by anav
Fri Mar 08, 2024 12:52 am
Forum: Beginner Basics
Topic: WireGuard Handshake issue protonvpn
Replies: 19
Views: 1802

Re: WireGuard Handshake issue protonvpn

Is it working now??
by anav
Fri Mar 08, 2024 12:49 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

Could improvements be made, sure! Can we implement working configs now, yes! +++++++++++++++++++++++++++++++++++++++++++++ Yep, that sounds about right! The whole exercise has currently resulted in two different issues: No they have not. There is nothing new in this discussion and the first item is ...
by anav
Thu Mar 07, 2024 2:42 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

Well its not a fix, its simply using the tools available properly (already posted in detail ) By the way in a three WAN scenario where 1 fails to 2, fails to 3. If the wireguard is set to look for WAN1 to establish an initial handshake connection, and does so, then WG will gracefully handle any comb...
by anav
Wed Mar 06, 2024 11:09 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

@ AMMO , I did not know you were a fiction writer. ;-P I think the issue is other side also knows about the 3 WANs – it's not a smartphone/desktop wanting VPN access. It's the far-end wants to steer some traffic down a particular WAN(s), that may not be the "primary"*. I don't think DDNS/...
by anav
Wed Mar 06, 2024 10:50 pm
Forum: General
Topic: What configuration is best in vlan-filtering??
Replies: 3
Views: 256

Re: What configuration is best in vlan-filtering??

I dont understand the diagrams but my short answer is YES.
by anav
Wed Mar 06, 2024 10:48 pm
Forum: General
Topic: Lan-Lan connection going out WAN [SOLVED]
Replies: 3
Views: 413

Re: Lan-Lan connection going out WAN [SOLVED]

Would love to but have no idea what your network looks like or what the problem is from your description. Perhaps a diagram will help.
by anav
Wed Mar 06, 2024 2:14 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

The WG crypto routing engine is not detailed in the flow diagrams. THere is no issue with dynamic IPs for WANs, as a persons dyndnsURL will keep the WANIP relevant if it changes and I believe the crypto routing process will keep the client peer in step with the new WANIP........... Also take a scena...
by anav
Wed Mar 06, 2024 4:55 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

The question is far to general. Could the sky be blue? Sure if its daytime and not obscured by clouds ???

There is no one size fits all approach.
Depends....... mostly on the DETAILED requirements for desired traffic flow for users/devices.
by anav
Wed Mar 06, 2024 4:11 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

Sorry WB, not a clue why you are showing logs of I dunno what. As for Larsa, If I connect to a WAN interface with distance 3, without any other rules setup, there will be no tunnel established. The only thing that using an improperly configured setup accomplishes is that the peer client will reach t...
by anav
Wed Mar 06, 2024 4:03 am
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 1296

Re: Hex Lite and NTP client updates

1. By the way, why do you have winbox exposed to the internet???

/ip firewall filter
add action=accept chain=input comment="Allow WinBox from WAN" dst-port=8291 \
protocol=tcp



2. The time sometimes doesnt sync right away.......???
by anav
Wed Mar 06, 2024 1:12 am
Forum: Beginner Basics
Topic: Router OS v7 Dual WAN
Replies: 2
Views: 507

Re: Router OS v7 Dual WAN

Just need two rules for sourcenat. Sourcenat is not a firewall function or a routing function!!! add action=masquerade chain=srcnat out-interface=ether2 add action=masquerade chain=srcnat out-interface=ether1 alternatively you could add action=masquerade chain=srcnat out-interface-list=WAN Where bot...
by anav
Wed Mar 06, 2024 1:07 am
Forum: General
Topic: WANGUARD DUAL WAN HA
Replies: 4
Views: 278

Re: WANGUARD DUAL WAN HA

Concur sounds like an OSPF+BDF exercise to detect drops and to direct traffic to remaining connection.
Not having used zerotier that may be much easier,,,,,albeit through third party technically.
by anav
Wed Mar 06, 2024 1:05 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

Yup, of course if its dynamic, extra work is required, but remember pppoe dynamic, a script is not normally required, pppoe-out1 suffices !!! The router is working as designed. Mangling ( marking connections and marking routes ) works just fine for Wireguard handshakes. Please join the borg! It woul...
by anav
Wed Mar 06, 2024 12:56 am
Forum: General
Topic: Require help/advice with Bridge and VLAN's [SOLVED]
Replies: 10
Views: 822

Re: Require help/advice with Bridge and VLAN's [SOLVED]

Concur with points above, as erlinded indicated once finished setting up all the vlan related settings go back to bridge and set vlan-filtering to YES. As far as /interface bridge vlan settings its much better to put in the untaggings and thus one can more easily distinguish if the OP understands th...
by anav
Wed Mar 06, 2024 12:50 am
Forum: General
Topic: HairPin NAT not working [SOLVED]
Replies: 10
Views: 645

Re: HairPin NAT not working [SOLVED]

Yes its your config, which we know nothing about and thus cannot comment on
by anav
Wed Mar 06, 2024 12:49 am
Forum: General
Topic: Wireguard and IPSec help needed
Replies: 4
Views: 666

Re: Wireguard and IPSec help needed

I had a long entry that somehow disappeared on me..........
When I get more energy will try to repost. :-(
by anav
Wed Mar 06, 2024 12:48 am
Forum: General
Topic: WireGuard and Queues? [SOLVED]
Replies: 8
Views: 570

Re: WireGuard and Queues? [SOLVED]

The only thing I can think of is accept that you have to manually divy up the subnets in your head. Treat the local WAN as one WAN with 2/3s of the available BW and the wirguard interface as a second WAN and give it 1/3 of the BW. This really sucks because the beauty of queues parent/child etc.........
by anav
Wed Mar 06, 2024 12:10 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

Wireguard handshake is a completely different animal, in this case the return traffic is NOT coming from LAN servers but from the router itself. However the same logic applies, if the WG initiates a handshake on WAN3, with WAN1 being primary.................then the handshake will fail. Again easily...
by anav
Wed Mar 06, 2024 12:09 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

Let me just start by stating, that in general, DSTNAT ( normal port forwarding), in your simple case works quite the opposite. Incoming traffic to a LAN server on WAN3, via DYNDNS URL (or Ip itself) where WAN1 is the primary WAN will fail. The return traffic will go out WAN1, the original sender wil...
by anav
Tue Mar 05, 2024 11:30 pm
Forum: General
Topic: WireGuard and Queues? [SOLVED]
Replies: 8
Views: 570

Re: WireGuard and Queues? [SOLVED]

Well not sure what you are trying to do. Typically queues are used so that not one user or not one subnet etc, uses all the available WAN bandwidth for its connections..................... So if you have subnets A,B going out WAN interface, and subnet C going out Wireguard interface ( but clearly th...
by anav
Tue Mar 05, 2024 11:26 pm
Forum: General
Topic: wireguard problem with a v 7.14
Replies: 8
Views: 809

Re: wireguard problem with a v 7.14

Probably a bug, the keys should not change once established!
I dont know how BTH works, but I suspect the keys do not change.
by anav
Tue Mar 05, 2024 2:16 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 282
Views: 43816

Re: v7.15beta [testing] is released!

So this is MT's excuse not to listen to opinions on this forum? I said quite the opposite. I said we listen to all users, not just the forum In what language? What you said was very clear, and you made no mention of listening to all users. In fact, it seemed to be, if anything, stating that home us...
by anav
Tue Mar 05, 2024 5:26 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

I guess I dont understand your point then, wish I could help but its beyond my knowledge scope.
by anav
Tue Mar 05, 2024 1:05 am
Forum: Beginner Basics
Topic: Have 2 sites, can VNC only one-way [SOLVED]
Replies: 8
Views: 512

Re: Have 2 sites, can VNC only one-way [SOLVED]

Glad its working for you.
by anav
Tue Mar 05, 2024 1:04 am
Forum: General
Topic: wireguard problem with a v 7.14
Replies: 8
Views: 809

Re: wireguard problem with a v 7.14

The private key that proton gives you to insert will create a different public key if you already have one generated by the router. This is normal. Much better is to hit the + symbol to generate your wireguard interface on the mikrotik and DONT hit apply. First enter in the private key that Proton g...
by anav
Tue Mar 05, 2024 1:01 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

Perhaps you should use more standard terminology vice the magical language you learn at Santa HQ. Your question has been answered, its only you that remains in the dark. I have no problems mangling to ensure Wireguard connections respond appropriately. As a matter of fact even in a failover situatio...
by anav
Mon Mar 04, 2024 10:57 pm
Forum: General
Topic: Bridge VLAN prerouting
Replies: 8
Views: 679

Re: Bridge VLAN prerouting

Its open season on orange tabbys :-)
by anav
Mon Mar 04, 2024 10:57 pm
Forum: General
Topic: HairPin NAT not working [SOLVED]
Replies: 10
Views: 645

Re: HairPin NAT not working [SOLVED]

out-interface=LAN is not required.
by anav
Mon Mar 04, 2024 10:53 pm
Forum: Beginner Basics
Topic: Have 2 sites, can VNC only one-way [SOLVED]
Replies: 8
Views: 512

Re: Have 2 sites, can VNC only one-way [SOLVED]

1. /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=lte1 list=WAN add interface=ether1 list=WAN Should be /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface =pppoe-out1 list=WAN 2. Why do you have two a...
by anav
Mon Mar 04, 2024 10:44 pm
Forum: General
Topic: Bridge VLAN prerouting
Replies: 8
Views: 679

Re: Bridge VLAN prerouting

No mkx, I demand that new posters continue to baffle us with minimalist approaches and lack of information. Why do you want to take the pain out of reading posts. Remember, this is Normis' personal torture chamber for supporters !!! /export file=anynameyouwish ( minus router serial number, any publi...
by anav
Mon Mar 04, 2024 10:41 pm
Forum: General
Topic: Require help/advice with Bridge and VLAN's [SOLVED]
Replies: 10
Views: 822

Re: Require help/advice with Bridge and VLAN's [SOLVED]

The question erlinden, is AFTER READING THE EXCELLENT article --> https://forum.mikrotik.com/viewtopic.php?t=143620 WHY DID THE OP THEN USE THIS CONFIG LINE?? /interface bridge add name=bridge-all pvid=100 vlan-filtering=no I would like the OP to go through his/her thinking as to the construction of...
by anav
Mon Mar 04, 2024 10:37 pm
Forum: General
Topic: Wireguard log messages
Replies: 5
Views: 354

Re: Wireguard log messages

Oh my bad I thought you were showing off your excellent logging. ( also there was no request, comment, question, I dont answer pictures ) If you download new software the first things you should do is read the thread on the new software as users will report issues there. Have a read, https://forum.m...
by anav
Mon Mar 04, 2024 10:35 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 79
Views: 3263

Re: WireGuard Multi-WAN Policy Routing

It is not clear what scenario you are talking about, no diagram?? no config ?? Seriously, what do you mean when a passive peer receives its initial handshake. What do you mean by passive? What do you mean by peer? The wireguard peer ( client for handshake) aggressivelyy sends out a wireguard handsha...
by anav
Mon Mar 04, 2024 2:42 pm
Forum: Beginner Basics
Topic: WireGuard Handshake issue protonvpn
Replies: 19
Views: 1802

Re: WireGuard Handshake issue protonvpn

Fixed! Thanks..........
by anav
Mon Mar 04, 2024 2:09 pm
Forum: General
Topic: Wireguard log messages
Replies: 5
Views: 354

Re: Wireguard log messages

You have really good logging!
by anav
Mon Mar 04, 2024 3:30 am
Forum: Announcements
Topic: v7.14.1 [stable] is released!
Replies: 419
Views: 68969

Re: v7.14 [stable] is released!

Nope, that simply means MT has to fix winbox.
by anav
Mon Mar 04, 2024 2:59 am
Forum: Beginner Basics
Topic: WireGuard Handshake issue protonvpn
Replies: 19
Views: 1802

Re: WireGuard Handshake issue protonvpn

Fixed all changes capture by bold or colour, except firewall rules were removed and proper ones added. /interface bridge add name=brd priority=0x9000 /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n country=italy disabled=no \ frequency=2452 mode=ap-bridge ssid=chateau12lte24ghz w...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 64