Community discussions

MikroTik App

Search found 22025 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 74
by anav
Tue Dec 10, 2024 1:19 am
Forum: General
Topic: Do AP's come with all router functions?
Replies: 12
Views: 476

Re: Do AP's come with all router functions?

My personal experience with wireguard between two routers both on same ISP network with 1gig connections was in the 300 range.
Also curious as to what others see.
by anav
Tue Dec 10, 2024 1:16 am
Forum: Beginner Basics
Topic: Network with external router and isolated bridge
Replies: 1
Views: 102

Re: Network with external router and isolated bridge

Okay so you want the Switch to act as a router and pass some off the LAN subnets from the router directly to local portson the switch (transparently) and then some local ports to get local DHCP etc........ This is how I would do it. Coming from main router. vlan10 - this translates to the subnet on ...
by anav
Tue Dec 10, 2024 12:29 am
Forum: General
Topic: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2
Replies: 8
Views: 652

Re: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2

You forgot to add the address of the device which is provided on the trusted vlan. I usually make this a static lease setting on the main router. Yes getting locked out doing vlan filtering is a problem thats why I came up with this solution years ago.... to avoid vlan filtering hiccups, and to conf...
by anav
Tue Dec 10, 2024 12:23 am
Forum: Beginner Basics
Topic: Secure communication via untrusted Ethernet connection
Replies: 3
Views: 261

Re: Secure communication via untrusted Ethernet connection

Talking to a birdie, yes its very much possible to establish a wireguard connection between two hex refreshes, even if one does not have an internet connection. When you said they have to talk to each other do you mean the subnets or at least one subnet on apartment B router has to be able to reach ...
by anav
Mon Dec 09, 2024 11:46 pm
Forum: General
Topic: No wan access using back to home
Replies: 6
Views: 284

Re: No wan access using back to home

Hmm, not 100% without more inspection.... But I think 192.168.216.0/24 needs to be in the "allowed_to_router" list.
That would be for remote user access to the config of the router, I thought he was asking for access to the LAN subnets......
by anav
Mon Dec 09, 2024 10:33 pm
Forum: General
Topic: No wan access using back to home
Replies: 6
Views: 284

Re: No wan access using back to home

Okay here is the way. On your router make a firewall address list like so /ip firewall address-list add 192.168.216.2 list=BTH-to-WAN add 192.168.216.3 list=BTH-to-WAN .... add 192.168.216.XX list=BTH-to-WAN /ip firewall add chain=forward action=accept src-address-list=BTH-to-WAN out-interface-list=...
by anav
Mon Dec 09, 2024 10:25 pm
Forum: Wireless Networking
Topic: Unifi AP running on MikroTik VLAN
Replies: 9
Views: 585

Re: Unifi AP running on MikroTik VLAN

Not clear what you are trying to accomplish with layer7 rules. I think it could be a total waste of time. I see some dstnat rules attempting to capture some traffic to send to a specific dns server on the LAN.g The users or devices being captured, are they in a specific subnet, or are they a group o...
by anav
Mon Dec 09, 2024 10:21 pm
Forum: Wireless Networking
Topic: Unifi AP running on MikroTik VLAN
Replies: 9
Views: 585

Re: Unifi AP running on MikroTik VLAN

Now moving to firewall rules...... 1. Dont understand your logic at all. For example why do you include the second rule when the first rule covers everybody already...... Who in the MGMT interface is not already in list VLAN........................ :-) Further, why do you want everybody besides thos...
by anav
Mon Dec 09, 2024 10:09 pm
Forum: Wireless Networking
Topic: Unifi AP running on MikroTik VLAN
Replies: 9
Views: 585

Re: Unifi AP running on MikroTik VLAN

A warning sign --> have a pretty good handle on VLAN routing, UH OH :-) 1. You should really upgrade to 7.16.2, if you upgrade manually you have to do it in two steps, first to 7.12.1 and then to 7.16.2 2. Why five pools when you only have four VLANS? Ahh I see why, you didnt read the reference give...
by anav
Mon Dec 09, 2024 9:44 pm
Forum: Wireless Networking
Topic: Struggling with HAP AX2 wifi config
Replies: 20
Views: 929

Re: Struggling with HAP AX2 wifi config

/interface bridge port add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=ether1 add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=16 add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-u...
by anav
Mon Dec 09, 2024 9:33 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

So your saying that I ping your public IP it will get to you?? In that case why are you even using BTH, I mean if you have a public IP?? So I can reach a server on your LAN easily then. Yes you will. Because BTH is a bit simpler to configure (via app) and should work even if my (IPIP6) tunnel is te...
by anav
Mon Dec 09, 2024 8:56 pm
Forum: Beginner Basics
Topic: Secure communication via untrusted Ethernet connection
Replies: 3
Views: 261

Re: Secure communication via untrusted Ethernet connection

Concur, wireguard is good for two endoints where both are connecting to the WWW, in your case its only one end that as www access.
Here is a decent vid on macsec --> https://www.youtube.com/watch?v=8A5pt39nFfM&t=760s
by anav
Mon Dec 09, 2024 8:54 pm
Forum: Beginner Basics
Topic: Unable to access internet when Wireguard is activated
Replies: 1
Views: 97

Re: Unable to access internet when Wireguard is activated

Hard to day without seeing what you are doing on your config.
/export file=anynameyouwish ( minus router serial number, any public WANIP information, vpn keys etc. )
by anav
Mon Dec 09, 2024 8:53 pm
Forum: RouterOS beta
Topic: Wireguard use Hostname in endpoint
Replies: 66
Views: 23483

Re: Wireguard use Hostname in endpoint

Hi all,
I came across this and noticed is it still not fixed using hostname as Endpoint.

Could someone direct me to where and how to resolve this please ?
No longer an issue...........
by anav
Mon Dec 09, 2024 8:47 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

So your saying that I ping your public IP it will get to you??
In that case why are you even using BTH, I mean if you have a public IP??
So I can reach a server on your LAN easily then.
by anav
Mon Dec 09, 2024 8:28 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

I am not aware of the address range used, so you are saying it starts the first one given to the admin on his smartphone as 192.168.216.2 and the next .3 and so forth. In that case yes, Just go straight to firewall rules. add chain=forward action=accept comment=BTH WAN" src-address-list=BTH-use...
by anav
Mon Dec 09, 2024 7:54 pm
Forum: General
Topic: Do AP's come with all router functions?
Replies: 12
Views: 476

Re: Do AP's come with all router functions?

Picky Picky Picky. ( we were talking aps, not switches )
If going to that extreme we should ensure we inform the op that antennas and sfp modules cannot run ROS.
by anav
Mon Dec 09, 2024 7:48 pm
Forum: General
Topic: ECMP doesn't work for Load balancing [SOLVED]
Replies: 28
Views: 1209

Re: ECMP doesn't work for Load balancing [SOLVED]

Interesting, ECMP sure is much less complex in terms of sharing the load in case one of the WANs is not available. In load balancing, it can turn into a huge nightmare of extra mangles and routes. I am not convinced your recursive is correct I would do it this way. dst-address=0.0.0.0/0 gateway=ca.n...
by anav
Mon Dec 09, 2024 7:38 pm
Forum: General
Topic: Wireguard not connected with Multiple WAN
Replies: 2
Views: 155

Re: Wireguard not connected with Multiple WAN

1. Which WAN will customers use to acccess your wireguard? 2. your firewall rules need work for example you have two rules that are redundant. --> add action=drop chain=input comment="WANs : protection DNS" dst-port=53 \ in-interface-list=Liste_WANs protocol=tcp add action=drop chain=input...
by anav
Mon Dec 09, 2024 7:22 pm
Forum: General
Topic: Wireguard not connected with Multiple WAN
Replies: 2
Views: 155

Re: Wireguard not connected with Multiple WAN

SUMMARY Wireguard is not the main problem!! 1. Why do you lie about the facts?? Quote: "On the router: 4 vlans with each a specific IP addressing. Bridges are not used . IP/SEC configuration IKE2 is not used." From config: /interface bridge add name=bridge_EURAFIBRE add name=bridge_FREE ad...
by anav
Mon Dec 09, 2024 7:19 pm
Forum: Wireless Networking
Topic: Struggling with HAP AX2 wifi config
Replies: 20
Views: 929

Re: Struggling with HAP AX2 wifi config

Why two bridges instead of one ?

...

If I wrote something wrong someone will correct me.
First line is not correct :lol:
Looks good to me! ;-PP
by anav
Mon Dec 09, 2024 4:11 pm
Forum: General
Topic: Do AP's come with all router functions?
Replies: 12
Views: 476

Re: Do AP's come with all router functions?

Every device runs ROS, so every device can act as a router if that is your question. I would not recommend any product until its clear what the requirements are. a. type of internet connections b. throughput of ISPs c. if WIFI is required, size of location, number of rooms etc... d. any other networ...
by anav
Mon Dec 09, 2024 4:09 pm
Forum: Wireless Networking
Topic: Struggling with HAP AX2 wifi config
Replies: 20
Views: 929

Re: Struggling with HAP AX2 wifi config

Listent to the experts who understand the config process and how they interrlate (vice copy and pasting). On each device use the off bridge process to conduct the vlan filtering configurations, saves one much grief. Update each device to 7.16.2, if you do it manually you need to go to 7.12.1 first t...
by anav
Mon Dec 09, 2024 4:05 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

No, I’m not using mangle for Wireguard but rather to get DDNS detection to recognize the static IPv4 instead of the one behind my provider’s CGNAT. The static IPv4 is not forwarded via NAT but routed through the IPIP6 tunnel. This has been working flawlessly in manual configuration for years. Yes, ...
by anav
Mon Dec 09, 2024 4:05 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

@Ammo: does this sound right. Challenge: Allow BTH users to go out internet and LAN. a. Establish BTH network with 5 users plus admin b. Do select NO for lan access initially --> I have a reason. :-) Go to /ip/firewall/address-list and copy down all the user Ip addresses. c. Unselect NO for lan acce...
by anav
Mon Dec 09, 2024 2:18 pm
Forum: Wireless Networking
Topic: Struggling with HAP AX2 wifi config
Replies: 20
Views: 929

Re: Struggling with HAP AX2 wifi config

So do you want to run the new device as a router or as an accesspoint/switch? In either case to avoid vlan filtering hiccups, and to config from a safe spot, recommend you take ether5 off the bridge . /interface ethernet set [ find default-name=ether5 ] name=OffBridge5 /ip address add address=192.16...
by anav
Mon Dec 09, 2024 2:14 pm
Forum: Beginner Basics
Topic: WireGuard setup for home server hosting
Replies: 9
Views: 863

Re: WireGuard setup for home server hosting

You are in good hands with Iwertugrul, moving on.
by anav
Mon Dec 09, 2024 2:10 pm
Forum: General
Topic: No wan access using back to home
Replies: 6
Views: 284

Re: No wan access using back to home

The only thing I can suggest is a shot in the dark but its the only idea I have. add a firewall address list manually /ip firewall address-list add IPaddress-peer1 list=back-to-home-lan-restricted-peers add IPaddress-peer2 list=back-to-home-lan-restricted-peers However I do not know what that looks ...
by anav
Mon Dec 09, 2024 4:53 am
Forum: General
Topic: Help/guidance on homelab network design
Replies: 4
Views: 306

Re: Help/guidance on homelab network design

The vlans for the wans are created on the router, but do not require any subnet information. They are terminated on either IPDHCP client settings, or pppoe settings or even straight address on the router. The nice thing about splitting the rest of the vlans on a different port is you dont have the m...
by anav
Mon Dec 09, 2024 2:42 am
Forum: General
Topic: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2
Replies: 8
Views: 652

Re: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2

IF there was no capsman it would be like so. This is the audience in ap/switch mode and will assume the vlan10 is the trusted vlan where the audience gets its IP address from. /ip interface add name=TRUSTED /ip interface member add interface=vlan10 list=TRUSTED /ip address add address=vlan10(assigne...
by anav
Mon Dec 09, 2024 12:02 am
Forum: Beginner Basics
Topic: UDP Port forwarding [SOLVED]
Replies: 6
Views: 749

Re: UDP Port forwarding [SOLVED]

Were you by chance having users in the same LAN trying to read the server by WAN IP dyndns URL???
This is alleviated by moving users or server to a different LAN
by anav
Sun Dec 08, 2024 11:49 pm
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works
Replies: 17
Views: 967

Re: Configured for dual wan, now cant access the router though internet works

Adjust mangles. ( in-interface not required on mark routing as its already captured in the mark connection! ) /ip firewall mangle { traffic to the router ) add action=mark-connection chain= input connection-mark=no-mark \ in-interface=ether1-ISPA new-connection-mark= incoming-isp 1 passthrough=yes a...
by anav
Sun Dec 08, 2024 11:41 pm
Forum: Beginner Basics
Topic: VLAN config help request for Mikrotik and Cisco
Replies: 5
Views: 688

Re: VLAN config help request for Mikrotik and Cisco

vlan 1 is the default pvid on EVERY port on EVERY managed switch.
It is removed for all access ports and hybrid ports but remains in the background as an untagged default vlan on trunk ports.
For management of all smart devices use a separate management vlan or a trusted vlan
by anav
Sun Dec 08, 2024 11:38 pm
Forum: General
Topic: [HELP] Mikrotik Multi WAN
Replies: 3
Views: 258

Re: [HELP] Mikrotik Multi WAN

Keeping with the routing rule theme sindy suggested.. It would look like no mangling and the following routing rules.... TRY THIS FIRST as its much easier. /routing rule add action=lookup-only-in-table min-prefix=0 table=main add action=lookup-only-in-table src-address=10.0.2.0/24 table=ISP1 add act...
by anav
Sun Dec 08, 2024 11:07 pm
Forum: General
Topic: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2
Replies: 8
Views: 652

Re: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2

For me the error was using capsman jajaajaja. I can do vlans very easily without capsman,,,,,,,,,,, somebody else will have to provide direction.
by anav
Sun Dec 08, 2024 8:54 pm
Forum: Beginner Basics
Topic: Help with setup issues on RB951
Replies: 16
Views: 928

Re: Help with setup issues on RB951

+1 ....
by anav
Sun Dec 08, 2024 8:52 pm
Forum: General
Topic: [HELP] Mikrotik Multi WAN
Replies: 3
Views: 258

Re: [HELP] Mikrotik Multi WAN

Very confusing nomenclature, There is no need to change etherport names, but if you must then at least have etherport3 name=LAN-3, and so forth. I would not have thought of using bridges for grouping traffic like you have. Now that its clear you are doing port forwarding, the mangle rules get more c...
by anav
Sun Dec 08, 2024 8:30 pm
Forum: General
Topic: Help/guidance on homelab network design
Replies: 4
Views: 306

Re: Help/guidance on homelab network design

Yup each WAN incoming to the switch1 (in room1 ) is an access port to a different vlan. Then trunk port carrying both vlans and any other vlans that need to go to room1, are added to this trunk heading to switch 2 At switch 2, trunk to the router carrying both WAN vlans, any vlans from Room1 and Any...
by anav
Sun Dec 08, 2024 8:26 pm
Forum: General
Topic: ECMP doesn't work for Load balancing [SOLVED]
Replies: 28
Views: 1209

Re: ECMP doesn't work for Load balancing [SOLVED]

Also its nice to tells us different requirements, but if you dont post the most update config, we have no idea where things are at. Thus everytime you make changes post the new config /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc..) Also state all t...
by anav
Sun Dec 08, 2024 8:22 pm
Forum: General
Topic: RouterOS cannot reach internet after PCC load balance two wan connection
Replies: 14
Views: 578

Re: RouterOS cannot reach internet after PCC load balance two wan connection

As requested
/export file=anynameyouwish ( remove router serial number, any public WANIP information, vpn keys etc.)

Should be quick to fix once seen.
by anav
Sun Dec 08, 2024 2:51 pm
Forum: General
Topic: Wi‑Fi 7 / 802.11be
Replies: 96
Views: 30589

Re: Wi‑Fi 7 / 802.11be

You may not see me anymore on the forums. With my wifi7 I will just be a blur if noticed at all.
by anav
Sun Dec 08, 2024 2:50 pm
Forum: General
Topic: ECMP doesn't work for Load balancing [SOLVED]
Replies: 28
Views: 1209

Re: ECMP doesn't work for Load balancing [SOLVED]

For anyone later that follows this thread;;;;;;; In this case since there is only one subnet and the prefix rule is basically doing the equivalent to: /routiing rule add action=lookup-only-in-table src-address=192.168.88.0/24 dst-address=192.168.88.0/24 table=main The value in using the min-prefix=0...
by anav
Sun Dec 08, 2024 1:48 am
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works
Replies: 17
Views: 967

Re: Configured for dual wan, now cant access the router though internet works

what does a print look like of ip routes or a screen shot of the table.
by anav
Sun Dec 08, 2024 1:46 am
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works
Replies: 17
Views: 967

Re: Configured for dual wan, now cant access the router though internet works

1. I see one change to be made here but since you were consistent it didnt cause any problems. /interface ethernet set [ find default-name=ether1 ] name=ether1-ISPA set [ find default-name=ether2 ] name= ether 1 -ISPB Should be: /interface ethernet set [ find default-name=ether1 ] name=ether1-ISPA s...
by anav
Sun Dec 08, 2024 1:33 am
Forum: General
Topic: Wi‑Fi 7 / 802.11be
Replies: 96
Views: 30589

Re: Wi‑Fi 7 / 802.11be

Spouse is getting iphone 16, it can handle wifi7. Guess who will be buying a tplink the first sale I see on their wifi7 products.......
by anav
Sun Dec 08, 2024 1:17 am
Forum: General
Topic: ECMP doesn't work for Load balancing [SOLVED]
Replies: 28
Views: 1209

Re: ECMP doesn't work for Load balancing [SOLVED]

publish latest config
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )

Full config not what you think we need to see............
by anav
Sun Dec 08, 2024 1:09 am
Forum: General
Topic: WireGuard Peer Handshake Established but No Traffic Passing
Replies: 3
Views: 252

Re: WireGuard Peer Handshake Established but No Traffic Passing

Think about the logic. One should understand the function of allowed addresses:. On inbound, it checks if the remote source address coming in is on the list! On outbound, it checks in order of the rules as they appear, a. does the destination exist. and b. assign it to the right peer. The first peer...
by anav
Sat Dec 07, 2024 7:51 pm
Forum: General
Topic: Wi‑Fi 7 / 802.11be
Replies: 96
Views: 30589

Re: Wi‑Fi 7 / 802.11be

Not applicable to the AP scenario, was speaking to its router suitability.
by anav
Sat Dec 07, 2024 7:38 pm
Forum: General
Topic: Wi‑Fi 7 / 802.11be
Replies: 96
Views: 30589

Re: Wi‑Fi 7 / 802.11be

Although with wan throughput effectively capped at about 1.1 gigs, the 2.5 has limited utility.
by anav
Sat Dec 07, 2024 7:11 pm
Forum: General
Topic: ECMP doesn't work for Load balancing [SOLVED]
Replies: 28
Views: 1209

Re: ECMP doesn't work for Load balancing [SOLVED]

No worries, if macvlan works and is appropriate for your ISP setup.

Fix the the routing rule and see what happens.
Post config again after changes.

Note the only change on routes is I added recursive but not necessary.
also no need to make main route have distance anything but the default of 1.
by anav
Sat Dec 07, 2024 6:53 pm
Forum: Beginner Basics
Topic: Help with setup issues on RB951
Replies: 16
Views: 928

Re: Help with setup issues on RB951

The router is a Mikrotik RouterBoard RB951Ui-2nD hAP. It is brand new.
So you bought a new betamax ???

I hope your ISP provides a throughput of less than 200Mbps............
by anav
Sat Dec 07, 2024 5:34 pm
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works
Replies: 17
Views: 967

Re: Configured for dual wan, now cant access the router though internet works

Also add this rule.
/ip neighbor discovery-settings
set discover-interface-list=LAN
by anav
Sat Dec 07, 2024 5:29 pm
Forum: Beginner Basics
Topic: Internet Failover on hex lite is possible?
Replies: 4
Views: 404

Re: Internet Failover on hex lite is possible?

Possible yes, a good idea probably not.
Why?
It only has 10/100 ports.

So it can at best serve your clients with 100mbps and of course can only handle 100Mpbs coming from any ISP.
We have no information as to the WAN connections available or to the expectation and uses of clients.
by anav
Sat Dec 07, 2024 5:24 pm
Forum: Beginner Basics
Topic: Help with setup issues on RB951
Replies: 16
Views: 928

Re: Help with setup issues on RB951

Orbi mesh WIFI? Doubt that will play nice with mikrotik wifi. My advice is to look at the new hex refresh router for the main router and use oRBi products as APs only. Its good for an ISP up to 500Mbps, but if you need or anticipate getting a 1 gig connection in the next five years. the suggestion o...
by anav
Sat Dec 07, 2024 5:12 pm
Forum: General
Topic: How to Configure a WireGuard VPN Connection to NordVPN on a Mikrotik Router Running ROS v7.x
Replies: 4
Views: 3518

Re: How to Configure a WireGuard VPN Connection to NordVPN on a Mikrotik Router Running ROS v7.x

The easiest way to provide access to a third party wireguard service is via WIFI. Simply make a virtual WLAN just for internet access to nord......... If you have the option one can dedicate a vlan and ensure those needing access at their desks, have a managed switch next to the PC ( old hexes are g...
by anav
Sat Dec 07, 2024 4:42 pm
Forum: General
Topic: ECMP doesn't work for Load balancing [SOLVED]
Replies: 28
Views: 1209

Re: ECMP doesn't work for Load balancing [SOLVED]

1. Your pool is add name=dhcp ranges=10.0.0. 150 -10.0.0. 240 Why is any device getting a LANIP of .130 ? ??? 2. Routes look messed u ( or maybe I dont understand how to apply ecmp ) Should be...... at least for Version 7. Assumes ecmp is the primary and a few need to go out pppoe8 ( Edit, now I rea...
by anav
Sat Dec 07, 2024 3:33 am
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works
Replies: 17
Views: 967

Re: Configured for dual wan, now cant access the router though internet works

If by IP you have to add the port, so 192.168.1.1 :winboxPort# Your routes are a mess ( also dont use same ip dns addresses in recursive routers so changed them) This is correct. /ip route add check-gateway=ping dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=12 comment="WAN 1"...
by anav
Sat Dec 07, 2024 3:31 am
Forum: Beginner Basics
Topic: Firewall - drop rule within input chain
Replies: 13
Views: 1191

Re: Firewall - drop rule within input chain

This rule is a simple default rule for the home user not making any changes etc.. Once you start making changes one of the first things I do is: From 14 ;;; defconf: drop all from WAN not DSTNATed chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN TO ad...
by anav
Fri Dec 06, 2024 8:24 pm
Forum: General
Topic: Wireguard over VRF
Replies: 4
Views: 433

Re: Wireguard over VRF

Another option is to create a second wireguard interface except this one is live all the time on wan2. Assuming you want a faster migration to a working VPN, then waiting for the router to tell the client hey my WANIP has changed use this one now.
by anav
Fri Dec 06, 2024 12:30 am
Forum: General
Topic: VLAN UDM Pro Mikrotik
Replies: 4
Views: 664

Re: VLAN UDM Pro Mikrotik

Well would have to see the MT config to comment constructively. Yes there should be no need to reach the config from the client network??? Why?? The management network is there for that purpose. The only other access is via ether8 direct on site. /export file=anynameyouwish (minus router serial numb...
by anav
Fri Dec 06, 2024 12:23 am
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 2647

Re: Dual Router Configuration Setup Assistance

No worries, do what you want, I will be assisting others that are more compliant. One can easily setup all the WIFI and SSIDs, without the vlans as the last step in the connecting the dots is done on /interface bridge port and /interface bridge vlan. However you wont have any traffic flowing but you...
by anav
Fri Dec 06, 2024 12:22 am
Forum: General
Topic: CloudFlare DNS Not Blocking XXX sites
Replies: 6
Views: 511

Re: CloudFlare DNS Not Blocking XXX sites

To ensure there are no other items on your config that may be contributing to the issue.
Basically to look at the evidence and facts, vice just heresay. :-)
by anav
Thu Dec 05, 2024 10:49 pm
Forum: General
Topic: CloudFlare DNS Not Blocking XXX sites
Replies: 6
Views: 511

Re: CloudFlare DNS Not Blocking XXX sites

/export file=anynameyouwish ( minus router serial number, public WANIP information, keys etc._
by anav
Thu Dec 05, 2024 10:47 pm
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 2647

Re: Dual Router Configuration Setup Assistance

No the 5009 need not have any wifi settings. It runs the vlans, on the wifi device we associate the wlans to the vlans via / interface bridge port/bridge vlan
by anav
Thu Dec 05, 2024 8:59 pm
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 2647

Re: Dual Router Configuration Setup Assistance

I would run the wapax as an AP/switch not a router. I would create and distribute all the vlans required from the RB5009
by anav
Thu Dec 05, 2024 7:49 pm
Forum: Beginner Basics
Topic: Secure Remote Access - QuickSet VPN
Replies: 16
Views: 1505

Re: Secure Remote Access - QuickSet VPN

So you have another mikrotik router at a different location that you are trying to connect to the unifi?
Like I said nothing is clear, no diagrams provided.
by anav
Thu Dec 05, 2024 7:16 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 29
Views: 2338

Re: HEX Lite for routing between subnets [SOLVED]

Yup, following, as per my post there, cannot grasp the logic yet......
by anav
Thu Dec 05, 2024 7:14 pm
Forum: Beginner Basics
Topic: Secure Remote Access - QuickSet VPN
Replies: 16
Views: 1505

Re: Secure Remote Access - QuickSet VPN

So I have gotten a public IP via DHCP from Starlink. Setup DDNS on the Unifi GW. Also have options for setting up Wireguard server or client on GW, have successfully connected phone and desktop First, I was not aware that starlink provided public IPs, can you confirm? Also, its getting messy regard...
by anav
Thu Dec 05, 2024 6:53 pm
Forum: Beginner Basics
Topic: Port based Routing to 2 identical IP
Replies: 10
Views: 787

Re: Port based Routing to 2 identical IP

Almost caught up. Just trying to follow the traffic flow starting at the controller. My logic is missing something in these steps. :-( 1. How does the controller know to look for a machine at 192.168.200 or 192.168.201. 2. Assuming it knows for some reason, following the bouncing ball........... Sin...
by anav
Thu Dec 05, 2024 6:28 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 29
Views: 2338

Re: HEX Lite for routing between subnets [SOLVED]

Sweet pic, nice !!!
by anav
Thu Dec 05, 2024 2:06 pm
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 2647

Re: Dual Router Configuration Setup Assistance

Most of us simply connect via mac address, just click on the mac address and done.
if you want to use IP address ensure you also put in the port number for winbox. If let to default not required, but I never use the default LOL
by anav
Thu Dec 05, 2024 4:33 am
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 2647

Re: Dual Router Configuration Setup Assistance

I will look at the entire config only, a working config is the sum of its parts, only showing a section is not conducive to success.

/export file=anynameyouwish ( minus router serial number, any publicWANIP information, vpn keys etc. )
by anav
Thu Dec 05, 2024 2:02 am
Forum: Wireless Networking
Topic: Advice please hardware/Wifi/Wireless/CapsMan/VLAN confusion
Replies: 17
Views: 2008

Re: Advice please hardware/Wifi/Wireless/CapsMan/VLAN confusion

neki is bang on. it you wanted to give the 2011 a fixed IP address, then simply use IP address with interface vlan64 and not use IP DHCP client. Assuming Ether1 is the trunk port, and dont setup ports for people to access if not desired ( for example lets say only ether2 is used for home ! Also on s...
by anav
Wed Dec 04, 2024 10:40 pm
Forum: General
Topic: VPN Site to site ?
Replies: 11
Views: 678

Re: VPN Site to site ?

edit, no l onger requred
by anav
Wed Dec 04, 2024 8:30 pm
Forum: Wireless Networking
Topic: Which is fastest wifi device
Replies: 33
Views: 1958

Re: Which is fastest wifi device

Wifi 7 devices.
by anav
Wed Dec 04, 2024 5:26 pm
Forum: General
Topic: Access web server trough WireGuard Site2Site setup
Replies: 5
Views: 391

Re: Access web server trough WireGuard Site2Site setup

Step back one. Remember port forwarding is based upon a destination port. So I use the public IP of the connection as the destination address and the dst port/protocol. When that arrives at the main router, the router looks at the NAT rules and sees a corresponding dstnat (port forwarding) rule, the...
by anav
Wed Dec 04, 2024 5:12 pm
Forum: General
Topic: Access web server trough WireGuard Site2Site setup
Replies: 5
Views: 391

Re: Access web server trough WireGuard Site2Site setup

Good news. Public IP on main router allows many things. a. remote road warrior or you as admin to access Main router via wireguard b. remote machine behind private IP can reach wireguard (using LTE as wireguard client router) +++++++++++++++++++++ via the main router c. admin while remote can reach ...
by anav
Wed Dec 04, 2024 5:02 pm
Forum: General
Topic: VPN Site to site ?
Replies: 11
Views: 678

Re: VPN Site to site ?

Hola, That is a very good plan. I often suggest the same, as its very easy for users to decide which country they want to access internet from ( or remote LAN devices ) by use of SSID ( different wlans ). Very easy to setup!, once you get the device setup in spain, I can assist via skype/discord/tea...
by anav
Wed Dec 04, 2024 4:32 pm
Forum: General
Topic: Dual WAN Failover no connection from VLANs
Replies: 4
Views: 416

Re: Dual WAN Failover no connection from VLANs

1. remove router serial number from initial post of config 2. need firewall rules 3. probably should upgrade to 7.16.2 latest firmware 4. probably should use vlans (https://forum.mikrotik.com/viewtopic.php?p=1111667#p1111667) 5. use normal pool setups Summary your vlan and pools and setup is a colos...
by anav
Wed Dec 04, 2024 4:11 pm
Forum: General
Topic: Dual Wan link to some isp router
Replies: 9
Views: 528

Re: Dual Wan link to some isp router

Understood, your parents are getting ripped off. They should provide a router with 2.5gb output on a single port. The only thing to do here is use three of the four output ports on the ISP router as three WAN inputs ether1,2,3 on the 5009 Load balance them as three different inputs and you will have...
by anav
Wed Dec 04, 2024 4:00 pm
Forum: General
Topic: VPN Site to site ?
Replies: 11
Views: 678

Re: VPN Site to site ?

AX3 is much better value IMHO, but of course its your budget. Both are capable of hosting wireguard. Since you require the opposite from normal, need internet out of client peer router, what I would do is create two wireguard tunnels. ONE JUST for the internet, for users on spain LAN to go out inter...
by anav
Wed Dec 04, 2024 3:55 pm
Forum: General
Topic: Secure Remote Access to Home Network Behind Carrier-Grade NAT [SOLVED]
Replies: 4
Views: 408

Re: Secure Remote Access to Home Network Behind Carrier-Grade NAT [SOLVED]

Correct, the way BTH works in a nutshell. Concept. Mikrotik provides relay servers that both the router and devices reach out too. The relay server connects them. DONE. Doesnt matter if your behind an ISP router or CGNAT or starlink etc......... a. On the hex refresh router, enable IP cloud and enab...
by anav
Wed Dec 04, 2024 3:47 pm
Forum: General
Topic: Wireguard is blocked by ISP any other solution
Replies: 19
Views: 1142

Re: Wireguard is blocked by ISP any other solution

MISSING!! Besides the disabled=yes error, where is the interface? designated on that rule. Try /ip firewall mangle add action=change-mss chain=forward comment="Clamp MSS to PMTU for Outgoing packets" new-mss=clamp-to-pmtu out-interface=wireguard1 passthrough=yes protocol=tcp tcp-flags=syn...
by anav
Wed Dec 04, 2024 3:41 pm
Forum: General
Topic: VPN Site to site ?
Replies: 11
Views: 678

Re: VPN Site to site ?

What model of mikrotik routers do you have in Venezuela and Espana?
by anav
Wed Dec 04, 2024 3:39 pm
Forum: General
Topic: Wireguard s [SOLVED]
Replies: 9
Views: 1090

Re: Wireguard s [SOLVED]

Basically a typo. From this: /interface list add name=VPN-WG /interface wireguard add listen-port=13232 mtu=1420 name=wireguard1 /interface list member add interface=wireguard1 list=VPN-WG /ip firewall address-list add address=10.19.99.0/24 list= WG-VPN TO /interface list add name=VPN-WG /interface ...
by anav
Wed Dec 04, 2024 2:54 am
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 20
Views: 2911

Re: Issue with Wireguard - Connected but no traffic

The wireguard settings look correct to me. The extra routing rules to find the non local subnet are bang on. The firewall rules allow traffic from one subnet to another. Mystery at this point. You do have weird DHCP settings, that I have never seen and you have all kinds of funky DNS settings that I...
by anav
Wed Dec 04, 2024 2:52 am
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 20
Views: 2911

Re: Issue with Wireguard - Connected but no traffic

HOME ROuter - again I dont see any issue here other than rearranging order of forward chain rules. see if that helps at all. Other than that, since I despise capsman will blame it LOL. /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked"...
by anav
Wed Dec 04, 2024 2:45 am
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 20
Views: 2911

Re: Issue with Wireguard - Connected but no traffic

Could not find any major on PERSTORP Firewall forward chain rules have to be moved in the order, and remove the old ones!!! /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked /ip firewall ...
by anav
Wed Dec 04, 2024 1:47 am
Forum: General
Topic: Dual Wan link to some isp router
Replies: 9
Views: 528

Re: Dual Wan link to some isp router

Many assumptions and questions from an inadequate initial explanation. Assuming that the ISP is not putting out 2.5ghz to either the ONT/modem or the ISP Router after the ONT `is based on the OP assuming the ports on the Router are only gigabit capable. We dont have a model # / Make and the OP may h...
by anav
Tue Dec 03, 2024 10:49 pm
Forum: General
Topic: BTH problem with Starlink
Replies: 1
Views: 201

Re: BTH problem with Starlink

How are you keeping the client devices endpoint address updated - aka what is it pointed at???
by anav
Tue Dec 03, 2024 10:46 pm
Forum: General
Topic: Secure Remote Access to Home Network Behind Carrier-Grade NAT [SOLVED]
Replies: 4
Views: 408

Re: Secure Remote Access to Home Network Behind Carrier-Grade NAT [SOLVED]

I would suggest wireguard BTH but that is not possible with your old and discontinued router. Suggest the new HEX refresh with ARM processor, is an excellent low cost device, that will handle your router needs and can conduct BTH wireguard, which is designed to use mikrotik relay servers so that you...
by anav
Tue Dec 03, 2024 10:42 pm
Forum: General
Topic: Two ports bridged and the rest in a second bridge. No internet second bridge [SOLVED]
Replies: 9
Views: 631

Re: Two ports bridged and the rest in a second bridge. No internet second bridge [SOLVED]

Based on your input, you want the L1009 to act as a router on the company network. The first thing is to ask your IT department if this is permitted as normally personal devices on a company network are not permitted. If you are in the IT department then I suppose its a request for some separate LAN...
by anav
Tue Dec 03, 2024 5:21 pm
Forum: Wireless Networking
Topic: WiFi 6 security configuration [SOLVED]
Replies: 7
Views: 622

Re: WiFi 6 security configuration [SOLVED]

Its a phuckng PILE of CWAP........ The new config for wifi reminds me of 10 years ago getting tools for kids from china, where the written instructions in english are so bad its comedy material.
The MT wifi config is NOT intuitive and borders on stewpid, and is no laughing matter.
by anav
Tue Dec 03, 2024 5:19 pm
Forum: Wireless Networking
Topic: Advice please hardware/Wifi/Wireless/CapsMan/VLAN confusion
Replies: 17
Views: 2008

Re: Advice please hardware/Wifi/Wireless/CapsMan/VLAN confusion

Great, network diagram so we know the topology, and both configs.......
/export file=anynameyouwish ( minus router serial number, any public WANIP information, vpn keys etc.)

Use code blocks around export ( black square with white square brackets on same line as Bold and Underline ).
by anav
Tue Dec 03, 2024 5:12 pm
Forum: Beginner Basics
Topic: rb5009 sfp altibox fiber
Replies: 12
Views: 1200

Re: rb5009 sfp altibox fiber

In over my head......but where is vlan102 in IP DHCP client settings???

/ip dhcp-client
add add-default-route=special-classless default-route-distance=100 \
dhcp-options=vendor-class-identifier interface=vlan-altibox-voip \
use-peer-dns=no use-peer-ntp=no
by anav
Tue Dec 03, 2024 5:09 pm
Forum: Beginner Basics
Topic: How do setup as wired extender with hap ac2
Replies: 4
Views: 400

Re: How do setup as wired extender with hap ac2

Recommend moving to 7.16.2.

Do you simply mean that the second device is connected to the first device by ethernet cable and you want to us the second device as an AP/switch ??
by anav
Tue Dec 03, 2024 5:03 pm
Forum: General
Topic: Mainland China VPN Hong Kong via MikroTik and Wireguard
Replies: 2
Views: 558

Re: Mainland China VPN Hong Kong via MikroTik and Wireguard

What is the purpose of this thread??
Links to unknown sites are not recommended
by anav
Tue Dec 03, 2024 2:25 pm
Forum: General
Topic: Any Mikrotik tech in Cambodia, Sihanoukville ?
Replies: 4
Views: 455

Re: Any Mikrotik tech in Cambodia, Sihanoukville ?

Closest looks like Thailand or Vietnam
by anav
Tue Dec 03, 2024 2:22 pm
Forum: General
Topic: Forward multiple WANs inside LAN with VLANs [SOLVED]
Replies: 9
Views: 664

Re: Forward multiple WANs inside LAN with VLANs [SOLVED]

Impossible to define requirements.......and thus OP should a. identify all users/devices ( internal/externals and admin) b. identify all traffic they require without referring to any config speak. Also details on your wans separately How many. Public or private IP, static or dynamic, Detail which wa...
by anav
Tue Dec 03, 2024 4:11 am
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 2647

Re: Dual Router Configuration Setup Assistance

A plan is a great start, ensure you capture all the traffic requirements such as vlan to vlan, shared printer etc, ( external incoming, any port forwarding or vpns --> at least wireguard so you as admin can remote in to the router ) You need either a trusted vlan ( home ) or create one specific just...
by anav
Tue Dec 03, 2024 2:36 am
Forum: General
Topic: VLAN UDM Pro Mikrotik
Replies: 4
Views: 664

Re: VLAN UDM Pro Mikrotik

What I do when configuring vlans is take one port off the bridge!! /interface ethernet set [ find default-name=eth8 ] name=OffBridge8 /ip address add address=192.168.77.1/30 interface=OffBridge8 network=192.168.77.0 /interface list member { only need one interface list on this device } add interface...
by anav
Mon Dec 02, 2024 10:57 pm
Forum: Beginner Basics
Topic: firewall drop connection
Replies: 6
Views: 531

Re: firewall drop connection

Strange ask but I guess you dont want anyone with access to be able to manually set 1-24 Assuming your IP address is set to 192.168.88.254 interface=bridge network=192.168.88.0 I would create a firewall address list of 192.168.88.25-192.168.88.253 list=ALLOWED /ip firewall filter add action=accept c...
by anav
Mon Dec 02, 2024 5:33 pm
Forum: General
Topic: how to block youtube shorts?
Replies: 12
Views: 1230

Re: how to block youtube shorts?

If you have level enterprise control over the browser, then that is possible. My experience at the enterprise level is that the whole YOUTUBE is just not accessible. :-)
by anav
Mon Dec 02, 2024 5:31 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 9022

Re: WireGuard Multi-WAN Policy Routing

Nothing prevents you from going to a different vendor, or using a different VPN then wireguard. Just suggestions.......... Or, Mikrotik fixes their implementation to work like the rest of RouterOS. That is my first choice too! Why wireguard is allowed to deviate from standard Mangle practices is be...
by anav
Mon Dec 02, 2024 5:30 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 3172

Re: am i using SOHO Firewall or not?

the config
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc.)
by anav
Mon Dec 02, 2024 5:28 pm
Forum: General
Topic: Hex REFRESH
Replies: 11
Views: 648

Re: Hex REFRESH

The point being is that 7.16 has most of the vers7 bugs worked out and has all the latest security improvements and most access to newest features. Its the way to go for sure at this point. If one has a business or provides services to businesses, the recommendation always is to test new firmware in...
by anav
Mon Dec 02, 2024 5:26 pm
Forum: General
Topic: Forward multiple WANs inside LAN with VLANs [SOLVED]
Replies: 9
Views: 664

Re: Forward multiple WANs inside LAN with VLANs [SOLVED]

Concur, confusing explanation is an understatement.......... Need a least a detailed diagram to sort out context.
Impossible to define requirements.......and thus OP should
a. identify all users/devices ( internal/externals and admin)
b. identify all traffic they require
by anav
Mon Dec 02, 2024 4:52 pm
Forum: Wireless Networking
Topic: how to add virtual wifi?
Replies: 4
Views: 405

Re: how to add virtual wifi?

Unless solving really means overcome brain fart..............
by anav
Mon Dec 02, 2024 4:14 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 9022

Re: WireGuard Multi-WAN Policy Routing

Nothing prevents you from going to a different vendor, or using a different VPN then wireguard. Just suggestions..........
Perhaps other vendors handle wireguard differently so that its not a problem for the more complex routing subnets?
by anav
Mon Dec 02, 2024 4:12 pm
Forum: General
Topic: Hex REFRESH
Replies: 11
Views: 648

Re: Hex REFRESH

Why the question asking the question?
Typically the LTS is acutally the most stable version available, who doesnt want that (rhetorical question)!
However, I have moved off vers6 on my main router recently to ver 7.16, as an LTS for ver7 seems unlikely. :-)
by anav
Mon Dec 02, 2024 2:04 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1144

Re: Access LAN B from LAN A, but not LAN A from LAN B

Hi Jaclaz, so the switch and LANA would be on the same private LAN subnet ( provided by the isp modem router) as the HEX? If this is the case then all users on LANB will be able to reach LANA. With sourcenat outgoing, all LANB user traffic would appear to come from router itself, so return traffic i...
by anav
Mon Dec 02, 2024 2:29 am
Forum: Beginner Basics
Topic: UDP Port forwarding [SOLVED]
Replies: 6
Views: 749

Re: UDP Port forwarding [SOLVED]

That has nothing to do with the router!
The router does not change ports on outbound, and thus its your server that is doing that ( changing the destination port when leaving the server )
by anav
Mon Dec 02, 2024 2:22 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 9022

Re: WireGuard Multi-WAN Policy Routing

niche in the sense that its for experts only doing more complex configs and they are not trivial nor a small number of cases.
As for a broken config, that is the reason for the hack!!
If the hack doesnt work for a more complex case, then stop being lazy and come up with a better hack.
by anav
Sun Dec 01, 2024 11:50 pm
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 2647

Re: Dual Router Configuration Setup Assistance

Dont forget to install at least the common firewall rules on the 5009, probably have to do it manually. /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked add action=accept chain=input com...
by anav
Sun Dec 01, 2024 11:41 pm
Forum: General
Topic: RB4011 gradually stops accepting traffic on LAN Gateway bridge
Replies: 5
Views: 899

Re: RB4011 gradually stops accepting traffic on LAN Gateway bridge

How many bridges do you have............ I know some have used the fact of two chips on the unit to allow two bridges ports 1-A and B-Last port.
But other than that you should only use one bridge normally.
by anav
Sun Dec 01, 2024 11:37 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 9022

Re: WireGuard Multi-WAN Policy Routing

And the horse you rode in on AMMO. I never said that other than multiwan setups on the main routing tables was trivial.............. There is a need for multiple approaches for the very basic through to BGB/OSPF VRP etc.......... Nor did I say that Mikrotik focussing on either home users or advanced...
by anav
Sun Dec 01, 2024 10:14 pm
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 2647

Re: Dual Router Configuration Setup Assistance

Nope........... Be it a two port or multiport device,

Take the extra port off bridge and do all your configuration from there safely.
give the port an ip address, use the ipv4 settings on laptop to access port and router.
by anav
Sun Dec 01, 2024 10:11 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 9022

Re: WireGuard Multi-WAN Policy Routing

Sorry your trivial case nonsense is pure BS. Many folks that come here for assistance have normal multi-wan setups, not all can have specialized, niche vpn WAN only setups.
by anav
Sun Dec 01, 2024 8:37 pm
Forum: General
Topic: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]
Replies: 11
Views: 697

Re: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]

No worries, there are many here with more patience! Ur in good hands on the forum.
by anav
Sun Dec 01, 2024 8:13 pm
Forum: Wireless Networking
Topic: Frequency control
Replies: 3
Views: 339

Re: Frequency control

and here I thought holvoe was answering an incontinence question. ;-)
by anav
Sun Dec 01, 2024 8:11 pm
Forum: General
Topic: Wireguard is blocked by ISP any other solution
Replies: 19
Views: 1142

Re: Wireguard is blocked by ISP any other solution

If the ISP is blocking wireguard, the fact that you have tried numerous ports tells me that they are checking DPI, into the weeds to see the type of traffic. Therefore suggesting BTH is fruitless. However, if the lack of connection is either a. operator config error b. no access to public IP Then BT...
by anav
Sun Dec 01, 2024 8:09 pm
Forum: General
Topic: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]
Replies: 11
Views: 697

Re: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]

No worries, you came for help, I asked for the information to make that possible and then you decide magically you know where the problem is (or isnt) and thus I have to question why did you come for help in the first place. I have limited time and your wasting it.
by anav
Sun Dec 01, 2024 8:03 pm
Forum: Beginner Basics
Topic: help with DHCP on VLAN
Replies: 5
Views: 498

Re: help with DHCP on VLAN

1. The mistake is putting the WAN vlan on the bridge................. 2. You only have three ports active, 3 and two on the bridge 8, and sfp, so what in tarnation is ether6 doing in your config for example or ether4 for example 3. Forgot to tag bridge......... 4. Wrong address EDIT: my mistake crap...
by anav
Sun Dec 01, 2024 7:42 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1144

Re: Access LAN B from LAN A, but not LAN A from LAN B

VLANS are not required, although much more flexible and recommended if you run out of ports and need to send multiple subnets out a port to a switch or access point etc.. IP address assign subnetA to ether2 assign subnetB to ether3 assign both to interface list=LAN Then in forward chain firewall rul...
by anav
Sun Dec 01, 2024 7:38 pm
Forum: Beginner Basics
Topic: Firewall - drop rule within input chain
Replies: 13
Views: 1191

Re: Firewall - drop rule within input chain

But then that rule (or a similar one) should go in chain forward. Quick recap: 1. chain input=connection to the router 2. chain forward=connection through the router Well stated except that similar rule is also bogus in forward chain as we drop all there as well!! add action=fasttrack-connection ch...
by anav
Sun Dec 01, 2024 7:29 pm
Forum: General
Topic: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]
Replies: 11
Views: 697

Re: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]

1. Assuming your mikrotik has a public IP and is the SERVER peer for handshake for your devices that need to connect remotely, then this is all that one should see. For some reason you have peer side noise in allowed Ips, which makes me think this was created by using BTH vice manual. Nothing wrong ...
by anav
Sun Dec 01, 2024 7:04 pm
Forum: General
Topic: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]
Replies: 11
Views: 697

Re: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]

Thanks for the config and continual understanding of the requirements both very helpful Before I delve into the config, output chain is not required to do what you need. One simply needs a firewall rule and routing mechanism to do so, while not conflicting with other traffic. Linking to other sites ...
by anav
Sun Dec 01, 2024 6:58 pm
Forum: General
Topic: Wireguard tunnel extremely slow, barely working (Winbox not working), possible reasons?
Replies: 2
Views: 412

Re: Wireguard tunnel extremely slow, barely working (Winbox not working), possible reasons?

I really can't see anything When you provide nothing, nothing can be seen. So lets get some clarity. What is the home mikrotik router? model and I assume you have no public IP. Confirm you also have a CHR in the cloud that you use as the wireguard server for handshake. The idea being you as a remot...
by anav
Sun Dec 01, 2024 5:12 pm
Forum: General
Topic: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]
Replies: 11
Views: 697

Re: Wireguard + ProtonVPN Issue - Mobile clients won't connect [SOLVED]

First a diagram as I have no idea what you mean about remote servers............ Right now I am assuming you have cloud servers behind a CHR. Second With a full config nothing really useful can be provided, I prefer not to guess. /export file=anynameyouwish (minus router serial number, any public WA...
by anav
Sun Dec 01, 2024 4:26 pm
Forum: Wireless Networking
Topic: Advice please hardware/Wifi/Wireless/CapsMan/VLAN confusion
Replies: 17
Views: 2008

Re: Advice please hardware/Wifi/Wireless/CapsMan/VLAN confusion

Lets start with the main router ONLY, it will handle vlans, dhcp and its own local wifi. Capsman will NOT be used............ starts singing Celebrate good times, come on (Let's celebrate) Follow the guidance document as suggested --> https://forum.mikrotik.com/viewtopic.php?t=143620 Create all the ...
by anav
Sun Dec 01, 2024 4:16 pm
Forum: Beginner Basics
Topic: Firewall - drop rule within input chain
Replies: 13
Views: 1191

Re: Firewall - drop rule within input chain

No you get rid of it, not required. Its also wasteful, in that all good traffic has to go through that rule before the rest of the rules not efficient. That traffic already captured by the last rule....... Since you didnt answer the question --> what are you afraid of??? You can do want you want, op...
by anav
Sun Dec 01, 2024 4:12 pm
Forum: Beginner Basics
Topic: Difference between two Interface Lists
Replies: 19
Views: 1798

Re: Difference between two Interface Lists

This topic has gotten off the rails. 1. For the OP, most of us dont worry about blocking intervlan traffic because that is just a continuation of the default safe setup MT provides for newbies. Most of use, first thing, is turn the concept of block a few known bad things and allow everything else, T...
by anav
Sun Dec 01, 2024 3:59 pm
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 2647

Re: Dual Router Configuration Setup Assistance

The 5009 should be connected to the MODEM The HAP should be connected to the 5009 The HAP should be ideally or most simply setup as an AP/Switch with no dhcp responsibilites ( done on 5009 ) your best tutorial on this is: https://forum.mikrotik.com/viewtopic.php?t=143620 when planning the network en...
by anav
Sun Dec 01, 2024 3:57 pm
Forum: Beginner Basics
Topic: help with DHCP on VLAN
Replies: 5
Views: 498

Re: help with DHCP on VLAN

As was stated, dont start the config until a. you have a plan for the network ( a network diagram helps ) b. you have identified -- all the users/devices on you network (both external/internal and admin) -- have described the traffic they require to accomplish. Sorry a config cannnot be made in part...
by anav
Sun Dec 01, 2024 3:53 pm
Forum: Beginner Basics
Topic: VLAN config help request for Mikrotik and Cisco
Replies: 5
Views: 688

Re: VLAN config help request for Mikrotik and Cisco

Just to add to that, the managment or trusted vlan is where all attached smart devices should get their LANIP from. So in addition to the data vlans ensure the management vlan also goes through the trunk to the CISCO. Surprized you dont use vlans already by the way. If this is the first time, then e...
by anav
Sun Dec 01, 2024 3:47 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1622

Re: Wireguard routing

Nice, its good to start once you have plan on paper as its much easier to see where things fit together on a config. There should be no issues to the VLANID you use at either router, just MAKE SURE that no two subnets are the same. However we never ask for PCUNITES view of the world for configuratio...
by anav
Sun Dec 01, 2024 3:41 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 3172

Re: am i using SOHO Firewall or not?

@anav
In the OP's current config the DNS server Is on another device, 192.168.1.9.
Hi Jaclaz, my intention was generic, thanks for pointing that out, in which case the OP only needs to allow local/vpn admin associated IPs to the input chain from the LAN side.
by anav
Sat Nov 30, 2024 10:33 pm
Forum: Beginner Basics
Topic: Firewall - drop rule within input chain
Replies: 13
Views: 1191

Re: Firewall - drop rule within input chain

Yeah I /ip firewall address-list add address=192.168.77.X list= Authorized comment="admin desktop" add address=192.168.77.Y list=Authorized comment="admin laptop" add address=192.168.77.Y list=Authorized comment="admin smartphone" /ip firewall filter add action=accept c...
by anav
Sat Nov 30, 2024 10:21 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 3172

Re: am i using SOHO Firewall or not?

These two rules are almost the same: add action=accept chain=input src-address-list=allowed_to_router add action=accept chain=input in-interface-list=LAN Is an excellent start if the src-address-list is comprised of your LOCAL admin IPs ( wired/wifi/vpn if any) aka only those devices that need acces...
by anav
Sat Nov 30, 2024 6:01 pm
Forum: Beginner Basics
Topic: Firewall - drop rule within input chain
Replies: 13
Views: 1191

Re: Firewall - drop rule within input chain

Nice try............. Not the complete config.

Also didnt answer the questioWhat is your intention with this rule.
block WAN access To the router
OR
bloc WAN access to your subnets/LANn.....

What are you afraid of??
by anav
Sat Nov 30, 2024 5:57 pm
Forum: General
Topic: Passthrough WAN inside LAN in separate VLAN
Replies: 7
Views: 582

Re: Passthrough WAN inside LAN in separate VLAN

I am confused by your explanation, do you mean you have separate WAN connections to the VMIs, and TVs?? I dont see those connections on the diagram Okay I get it now, you think NAT is the mechanism to provide internet to users,,,,,, its actually firewall rules that do so. So to be clear do you mean ...
by anav
Sat Nov 30, 2024 4:58 pm
Forum: Beginner Basics
Topic: WireGuard only to ether5 [SOLVED]
Replies: 5
Views: 794

Re: WireGuard only to ether5 [SOLVED]

Reading your first post. Want anyone using ethernet 5, to go out proton wireguard for internet. 1. Wireguarg does not get an IP pool. It simply an interface with a subnet ( it carries traffic from other wireguard address, typically incoming or outgoing and also, router to router it carries subnets)....
by anav
Sat Nov 30, 2024 4:02 pm
Forum: Beginner Basics
Topic: VLAN not handing out Internet
Replies: 5
Views: 573

Re: VLAN not handing out Internet

{rant on} It amazes me that we are asked to make a definitive call on a question on someones config, and they have the audacity to only show firewall rules. The config is a connected piece of work and thus a partial view is next to useless. {rant off} If your USER rules on input chain never get any ...
by anav
Sat Nov 30, 2024 3:55 pm
Forum: Beginner Basics
Topic: Firewall - drop rule within input chain
Replies: 13
Views: 1191

Re: Firewall - drop rule within input chain

Do you understand how the firewall chains work in Router OS. Asking about a single rule, is not going to solve the issue of not understanding how to apply them properly/safely. What is your intention with this rule. block WAN access To the router OR bloc WAN access to your subnets/LAN I think you sh...
by anav
Sat Nov 30, 2024 3:51 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 3172

Re: am i using SOHO Firewall or not?

Ignore the bad advice above to modify the existing configuration.

The router should not be connected to the internet so remove.
1. use netinstall to upgrade to latest firmware, to be sure you have a non-compromised firmware on the router,
2. Then should have a decent starting point firewall.
by anav
Sat Nov 30, 2024 3:42 pm
Forum: General
Topic: Help with Extending WAN Physically with VLAN's.
Replies: 11
Views: 794

Re: Help with Extending WAN Physically with VLAN's.

The point is you dont have to create a subnet for the WAN traffic, just create a vlan, which will carry the data to the 5009. Untagged port at the switch on the port to the ISP modem, added to the trunk port going to the other switch, added to the trunk port on second switch coming from first switch...
by anav
Sat Nov 30, 2024 12:11 am
Forum: Beginner Basics
Topic: WireGuard only to ether5 [SOLVED]
Replies: 5
Views: 794

Re: WireGuard only to ether5 [SOLVED]

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
by anav
Sat Nov 30, 2024 12:09 am
Forum: General
Topic: Help with Extending WAN Physically with VLAN's.
Replies: 11
Views: 794

Re: Help with Extending WAN Physically with VLAN's.

You've misunderstood me so I must have not expressed myself clearly............... Other way round! In the old hookup there were two connections coming to the 5009 ( one from ISP modem ) and one from closest switch In the new hookup, there is only one connection available to the 5009 and that is si...
by anav
Fri Nov 29, 2024 11:17 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1622

Re: Wireguard routing

The only example I can think of is if there is some need for a 0.0.0.0/0 allowed IP on the server router, and thus any other needs would require a separate wg interface
by anav
Fri Nov 29, 2024 11:03 pm
Forum: General
Topic: Alarm.com and VLANs on my Mikrotik network
Replies: 2
Views: 342

Re: Alarm.com and VLANs on my Mikrotik network

It sounds like their equipment may be expecting a specific subnet? 192.168.0.1 or 192.168.1.1 ???
Can you plug one into a pc directly to test?
by anav
Fri Nov 29, 2024 9:17 pm
Forum: General
Topic: Bug in version in winbox and in routerboard
Replies: 11
Views: 749

Re: Bug in version in winbox and in routerboard

I think the OP has a bug in his brain!, but to be accurate its a worm.

To upgrade Routerboard, use System --> RouterBOARD that updates
by anav
Fri Nov 29, 2024 8:48 pm
Forum: Beginner Basics
Topic: VLAN not handing out Internet
Replies: 5
Views: 573

Re: VLAN not handing out Internet

1. Typically UNIFI requires the management or trusted vlan UNTAGGED, and the rest of the data vlans tagged. What is not clear to me is your trusted subnet, is it vlan10 production or vlan20 home.......... Since you have unifi untagged on 10 will assume its production. 2. All your /interface bridge p...
by anav
Fri Nov 29, 2024 8:30 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1622

Re: Wireguard routing

Actually AMMO, you can use a single wireguard interface, and just use a different IP address schema for the road warriors, if you need some granularity over firewall rules.....
by anav
Fri Nov 29, 2024 4:21 pm
Forum: Beginner Basics
Topic: Help: Can't figure out why VLANs aren't working
Replies: 3
Views: 501

Re: Help: Can't figure out why VLANs aren't working

You have four vlans but 5 pools is one clue. What was the first tip in my post above!!!
You only have two IP addresses???

Its clear to me you made NO effort to read the vlan link article.
Come back when you put an honest days work into the config.
by anav
Fri Nov 29, 2024 6:18 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 9022

Re: WireGuard Multi-WAN Policy Routing

MT knows, they have not put it high on their priority list to fix I guess? The fix........ one still needs to mangle but add a dst nat rule. - https://forum.mikrotik.com/viewtopic.php?p=1092192&hilit=wireguard+WAN2+dstnat+fix#p1092255 The thread is this one.. https://forum.mikrotik.com/viewtopic...
by anav
Fri Nov 29, 2024 6:16 am
Forum: Beginner Basics
Topic: Firewall rule can't match packet by interface
Replies: 6
Views: 593

Re: Firewall rule can't match packet by interface

Regardless, not the config.
by anav
Fri Nov 29, 2024 12:13 am
Forum: Beginner Basics
Topic: Firewall rule can't match packet by interface
Replies: 6
Views: 593

Re: Firewall rule can't match packet by interface

jpegs mean little to me, also hard on my old eyes LOL.
by anav
Thu Nov 28, 2024 11:58 pm
Forum: Beginner Basics
Topic: Firewall rule can't match packet by interface
Replies: 6
Views: 593

Re: Firewall rule can't match packet by interface

No idea without seeing the config.

/export file=anynameyouwish ( minus router serial number, any public WANIP information, VPN keys etc.)
by anav
Thu Nov 28, 2024 9:55 pm
Forum: Beginner Basics
Topic: Best way to setup backup route
Replies: 11
Views: 883

Re: Best way to setup backup route

haha, not pissed, I just speak plainly/factually ;-) You will know for sure if displeased. Consider the config is like the human body, you cannot talk about muscles without discussing nerves that actually trigger muscle movement, you cannot talk about muscles without talking about their food supply ...
by anav
Thu Nov 28, 2024 8:33 pm
Forum: General
Topic: Wireguard stops handshaking out of sudden - Change of port (only) solves it for weeks
Replies: 31
Views: 4951

Re: Wireguard stops handshaking out of sudden - Change of port (only) solves it for weeks

I note on beta 7.17.rc - this line......

*) bth - improved stability on system time change;

Has anyone with this problem used the latest beta to see if this change fixes it???
I am 100% convinced these slew of WG bugs were introduced with BTH changes...........just a theory.
by anav
Thu Nov 28, 2024 8:01 pm
Forum: Beginner Basics
Topic: Only one direction PING possible
Replies: 6
Views: 939

Re: Only one direction PING possible

You need to decide what is the purpose of AX2 devices. The Ax3 will be your MAIN router terminating the ISP connection( you get a public IP) and create private subnets behind the router. If you use the AX2 devices you will end up with double triple NAT etc, and unless needed for a specific reason sh...
by anav
Thu Nov 28, 2024 7:44 pm
Forum: Beginner Basics
Topic: VLANs leaking behind a switch? [SOLVED]
Replies: 8
Views: 882

Re: VLANs leaking behind a switch? [SOLVED]

Beyond my scope of knowledge sorry! Hopefully someone else will chime in.
by anav
Thu Nov 28, 2024 7:10 pm
Forum: Forwarding Protocols
Topic: Wireguard issues with OSPF [SOLVED]
Replies: 9
Views: 1443

Re: Wireguard issues with OSPF [SOLVED]

I purchased an online course that includes a Failover and Load Balancing script. The first two rules prevent packets entering through WAN1 from returning via WAN2. Not sure how those two points are related...... but one can pay through the nose for these rules. ;-) https://forum.mikrotik.com/viewto...
by anav
Thu Nov 28, 2024 6:50 pm
Forum: General
Topic: fingerprinting
Replies: 8
Views: 1024

Re: fingerprinting

EAP? One unique fingerprint per device. Yay!
I hope I get at least 20 tries before getting locked out ( counting my toe prints) ;-)
by anav
Thu Nov 28, 2024 6:47 pm
Forum: Beginner Basics
Topic: VLANs leaking behind a switch? [SOLVED]
Replies: 8
Views: 882

Re: VLANs leaking behind a switch? [SOLVED]

ASSUMING VLAN10 is the trusted VLAN where all managed devices should get their IP address from!! On Router 1. MINOR From: /interface bridge port add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=10 add bridge=bridge frame-types=admit-only-untagged-and-priori...
by anav
Thu Nov 28, 2024 6:35 pm
Forum: Beginner Basics
Topic: Best way to setup backup route
Replies: 11
Views: 883

Re: Best way to setup backup route

You can source nat both WANS or use Sourcenat on WAN interface list. No mention of port forwarding before>>> This is what I call scope creep. I am not interested in chasing. If you have a network plan, then provide a network diagram. then list the requirements. a. identify all the users/devices incl...
by anav
Thu Nov 28, 2024 4:52 pm
Forum: Beginner Basics
Topic: multple vlans same dhcp subnet
Replies: 4
Views: 513

Re: multple vlans same dhcp subnet

Instead of a supout for people to view, use the export function in CLI commands in winbox menu entry NEW TERMINAL.

/export file=anynameyouwish ( minus router serial number, any public WANIP information, vpn keys )
by anav
Thu Nov 28, 2024 4:50 pm
Forum: Beginner Basics
Topic: im begginer and i have hex refresh
Replies: 5
Views: 498

Re: im begginer and i have hex refresh

Just to be clear you get a block of WANIPs from your ISP provider which is connected/terminated on ether1, using one of the WANIPs.
You wish to use the remainder of WANIPs to pass on to clients on ether 2,3,4 ???
by anav
Thu Nov 28, 2024 4:38 pm
Forum: General
Topic: Ticket not being responded to
Replies: 9
Views: 808

Re: Ticket not being responded to

If not interested in forum help,,,,,,,,, there is always --> https://mikrotik.com/consultants
by anav
Thu Nov 28, 2024 4:36 pm
Forum: General
Topic: How to block webpages by URL?
Replies: 5
Views: 592

Re: How to block webpages by URL?

Stand by computer user, when viewing unwanted information, place blindfold on computer user. No need for expensive routers. :)
by anav
Thu Nov 28, 2024 4:22 am
Forum: Beginner Basics
Topic: Proxy to my home services
Replies: 6
Views: 715

Re: Proxy to my home services

Therefore I was wondering the best way to expose these service ports in a secure way. This leads me to thinking you may want to try Zerotier, which basically joins participants as if they were in a layer 2 network ( my simpleton view ). Another thought is cloudflare zero trust, which is a way to ha...
by anav
Thu Nov 28, 2024 4:19 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 302
Views: 494843

Re: Using RouterOS to VLAN your network

Concur Holvoe........ The post made is nonsensical, based on the experience on this forum I have seen all manner of setups and none of the threads examples seem out of place compared to that of which one is exposed to here. The intent of the article is to help users navigate through implementing vla...
by anav
Thu Nov 28, 2024 12:54 am
Forum: Beginner Basics
Topic: Help: Can't figure out why VLANs aren't working
Replies: 3
Views: 501

Re: Help: Can't figure out why VLANs aren't working

Good time to learn. Tips --> once you use vlans, take bridge off any dhcp etc.. and take the home LAN and make it another vlan. get rid of vlan interface list group, not required, and add a TRUSTED interface list. If you do have a spare port or can spare one during the bulk of the configuration, hig...
by anav
Wed Nov 27, 2024 11:33 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

I want to know more about this line............ In case of going through relay, speed could be limited. Clearly we have limits on client end for ISP, and limits at Router end from its associated ISP connection and then there are losses due using VPN. So are they saying on top of that there may be ad...
by anav
Wed Nov 27, 2024 10:54 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

So in summary, its transparent to the end user, and hence why both apps can be used.
by anav
Wed Nov 27, 2024 8:27 pm
Forum: Wireless Networking
Topic: cAP or hAPax3?
Replies: 8
Views: 623

Re: cAP or hAPax3?

I like the suggestion of powerline, especially for the two bedrooms.......
https://www.tp-link.com/ca/home-network ... a7517-kit/

What I would personally use --> https://www.devolo.global/magic-2-wifi-6
by anav
Wed Nov 27, 2024 8:15 pm
Forum: Forwarding Protocols
Topic: Wireguard issues with OSPF [SOLVED]
Replies: 9
Views: 1443

Re: Wireguard issues with OSPF [SOLVED]

jajajajaja, I will stick to any errors that pop from the most basic of settings!!

For all those wireguards coming in on ISP1 and ISP2, where be the mangling required to ensure handshakes go back out correct WAN??
Cool one can bypass that with OSPF, I may have to learn it after all.
by anav
Wed Nov 27, 2024 8:06 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

Because the destination and source addresses are kept up to date by Wireguard ROS at either end, so MT ensures that if there is a direct connection that the client uses the direct dst IP address instead of the DDNS one. I am assuming that in the traffic back to the client, the BTH connection sends t...
by anav
Wed Nov 27, 2024 6:28 pm
Forum: Beginner Basics
Topic: Best way to setup backup route
Replies: 11
Views: 883

Re: Best way to setup backup route

All is possible. You can a. have all traffic go over ether1, and when that fails switch to ether3 b. load balance traffic between the two connections c. have some users or subnets go out ether1 and some users or subnets go out ether3 For basic failover ( primary and backup ) /ip route add check-gate...
by anav
Wed Nov 27, 2024 6:01 pm
Forum: Beginner Basics
Topic: VLANs: Which network does RouterOS use?
Replies: 5
Views: 421

Re: VLANs: Which network does RouterOS use?

Think of it as the native vlan, should not be used for data and should not be used as trusted or management. Its transparent in the background.
by anav
Wed Nov 27, 2024 5:58 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

As AMMO stated, the magic is the DDNS part of the BTH user config ( allowed IPs ). I am assuming this sends the user to the MT server. The server keeps track if the Mikrotik Router has a direct type of connection and then rejigs the destination/source address type information such that the BTH Users...
by anav
Wed Nov 27, 2024 5:53 pm
Forum: General
Topic: wireguard vpn + hotspot captive portal issue
Replies: 6
Views: 512

Re: wireguard vpn + hotspot captive portal issue

1. Only need one bridge. Using multiple bridges may seem like an easy go to but its not recommended. Use VLANs and vlan-filtering. 2. Add a safe port to continue config for vlans from a port NOT connected to the bridge. We give it an IP address 192.168.55.1/30. Plug your PC into port 5, give your PC...
by anav
Wed Nov 27, 2024 4:51 pm
Forum: General
Topic: Subnet-to-subnet only works in one direction
Replies: 2
Views: 334

Re: Subnet-to-subnet only works in one direction

network diagram would help as well.
by anav
Wed Nov 27, 2024 4:49 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

I am working on that bit ( improving docs ) and is why I am being nitpicky in my understanding.
I forget, where do the firewall rules show up that allow a USER to access the WAN and possibly the LAN???
by anav
Wed Nov 27, 2024 4:27 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

Okay so its just a convenience APP for the users second to infinity. The only critical use of the BTH app is for the first user ( admin ) as that account on that phone is the only one where the APP has MANAGE shares capability. The PRIMARY config loaded! You know its very annoying that your right ;-)
by anav
Wed Nov 27, 2024 2:28 pm
Forum: General
Topic: Complaints from v7.17rc [testing]
Replies: 45
Views: 3193

Re: v7.17rc [testing] is released!

There is never a perfect world. But for certain device types, cloud provisioning these days is leading the way. There also needs to be local management. If we cloud provision, the device info and network/device password would be saved at an administrative level. We copy password and use it to acces...
by anav
Wed Nov 27, 2024 6:21 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

Okay to be clear, it seems what you are saying is that you can take a wireguard config generated by the admin on the admins smartphone, for another user, using the Manage Shares approach, and it can be applied to any normal WIREGUARD APP, aka on smartphone or PC etc. ( stating that the BTH app is NO...
by anav
Wed Nov 27, 2024 5:43 am
Forum: General
Topic: Block Quic Protocol
Replies: 8
Views: 5220

Re: Block Quic Protocol

Stuffing a wet noodle up a straw request.
by anav
Wed Nov 27, 2024 5:41 am
Forum: Wireless Networking
Topic: cAP or hAPax3?
Replies: 8
Views: 623

Re: cAP or hAPax3?

IF all your allowed is one device, then why place it right away inside four walls. If anything I suspect a ceiling mount would be better (guessing)
However, you should really have posted in the wifi forum as keen wifi folks hang out there ......
...

Screenshot 2024-11-26 233758.jpg
by anav
Wed Nov 27, 2024 5:03 am
Forum: Beginner Basics
Topic: Best way to setup backup route
Replies: 11
Views: 883

Re: Best way to setup backup route

Not sure what you mean. Data flow is two way. If you mean can you have a dual WAN setup. Two modems, lets say cable from rogers, and fibre from bell, the answer is yes. Typically one uses the etherport for the WAN client, 3 common options. 1. pppoe setup 2. Dynamic public IP 3. Static public or priv...
by anav
Wed Nov 27, 2024 4:41 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

Not sure what you mean. If a user (not admin) uses the BTH app to setup a BTH tunnel after receiving the QR code, or URL link or export config file generated on the admins smartphone, then the user access is done through the BTH app, not the standard wireguard app. Now what has not been explained at...
by anav
Wed Nov 27, 2024 1:09 am
Forum: General
Topic: wireguard vpn + hotspot captive portal issue
Replies: 6
Views: 512

Re: wireguard vpn + hotspot captive portal issue

Got it, you host a bunch of users that you would like to push out the internet at some other location via Wireguard. Are these hotspot users on their own subnet? Can you separate your home or private use on a different subnet or would like to Do you want the ability to use wireguard to reach your ro...
by anav
Wed Nov 27, 2024 1:05 am
Forum: General
Topic: Peer DNS on ether1-wan when wireguard tunnel goes down with a script? [SOLVED]
Replies: 5
Views: 1228

Re: Peer DNS on ether1-wan when wireguard tunnel goes down with a script? [SOLVED]

Not clear it sounds like only one subnet is going through wireguard??
Do you have control over the other end??

need config!!
by anav
Tue Nov 26, 2024 11:47 pm
Forum: General
Topic: Peer DNS on ether1-wan when wireguard tunnel goes down with a script? [SOLVED]
Replies: 5
Views: 1228

Re: Peer DNS on ether1-wan when wireguard tunnel goes down with a script? [SOLVED]

So to be clear you want to use the far router for DNS when the wireguard tunnel is up and to allow local WAN access and local DNS when the tunnel is down. Is this for a single subnet, all subnets, some users??? Will need to see full config /export file=anynameyouwish (minus router serial number, any...
by anav
Tue Nov 26, 2024 10:19 pm
Forum: Beginner Basics
Topic: Issue with Wireguard - Connected but no traffic
Replies: 20
Views: 2911

Re: Issue with Wireguard - Connected but no traffic

Post both latest configs for review
by anav
Tue Nov 26, 2024 9:01 pm
Forum: Beginner Basics
Topic: Why can I not use static ip_
Replies: 13
Views: 927

Re: Why can I not use static ip_

Did the ISP provided you with a static WANIP with its associated gateway? If so then simply add this as an address entry ( and disable the ip dhcp client entry ) /ip address add address=ISP_provided_IP/24 gateway=ISP_provided_gateway-IP network=ISP_provided_network ( typically if IP is 192.168.55.1/...
by anav
Tue Nov 26, 2024 8:41 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

It's WG, so all are peers. The app and /ip/cloud just always create ONE peer upon enabling it. If you need more, you need the "managed shared" (or /ip/cloud/back-to-home-users). On the "shared" ones, there is the additional option to allow-lan= so that the only difference AFAIK....
by anav
Tue Nov 26, 2024 7:29 pm
Forum: General
Topic: Roast my config
Replies: 8
Views: 721

Re: Roast my config

You are in charge, not the MT device LOL. You decide based upon requirements. What I see is a two vlan requirement spanning 5009 to HAPAX3 (setup as an AP/switch) It is the logical choice. The only reason I would make the hapax3 as a router is if I wanted to use it for wireguard and not the 5009
by anav
Tue Nov 26, 2024 7:26 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 29
Views: 2338

Re: HEX Lite for routing between subnets [SOLVED]

++1
by anav
Tue Nov 26, 2024 7:22 pm
Forum: Beginner Basics
Topic: bridge has stopped working, all ports marked as not running
Replies: 12
Views: 768

Re: bridge has stopped working, all ports marked as not running

Post your own thread instead of hijacking this one! ;-PPP
by anav
Tue Nov 26, 2024 7:21 pm
Forum: Beginner Basics
Topic: Proxy to my home services
Replies: 6
Views: 715

Re: Proxy to my home services

First off, well done, the safest way to access home servers is coming in on VPN and then accessing the server from behind the router. Second, if your request was to do something similar using standard port forwarding, a proxy server would not be required. For example, if you wanted users to come in ...
by anav
Tue Nov 26, 2024 7:10 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

Wont say you are wrong, I would rather use obtuse! ;-) First though, I would agree that the associated MT router probably receives the new peer information UPON creation on the admin's smartphone. My assumption was that the router gets populated upon first hookup attempt. However after reading your ...
by anav
Tue Nov 26, 2024 6:58 pm
Forum: General
Topic: VPN Type / PC with x Users
Replies: 17
Views: 821

Re: VPN Type / PC with x Users

I quite agree with you that native windows VPN app is very limited but as well as Mikrotik has some limitations to achieve this scenario. Not at all. MT as per normal wireguard protocol assigns a unique IP address to each peer. Further it has firewall rules to assign permissions as required for eac...
by anav
Tue Nov 26, 2024 5:27 pm
Forum: Beginner Basics
Topic: bridge has stopped working, all ports marked as not running
Replies: 12
Views: 768

Re: bridge has stopped working, all ports marked as not running

Sorry, but ASSUME is not in my vocabulary............................
I have one size HAMMER............... it works 95% of time................ the other 5%, is when you and mkx get lucky first, on the whackamole game you like to play.
by anav
Tue Nov 26, 2024 5:24 pm
Forum: Beginner Basics
Topic: Problem with WAX204 (AP mode) in VLAN setup and security questions [SOLVED]
Replies: 4
Views: 400

Re: Problem with WAX204 (AP mode) in VLAN setup and security questions [SOLVED]

If you provide jpegs of all vlan setting pages on TP link switch ( at least two, maybe three if pvid is a separate setting page ) Full config of hex. /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc.) It should be fairly quick to straighten out. ++++++...
by anav
Tue Nov 26, 2024 5:21 pm
Forum: Beginner Basics
Topic: bridge has stopped working, all ports marked as not running
Replies: 12
Views: 768

Re: bridge has stopped working, all ports marked as not running

While my two esteemed colleagues, okay they are professionals, Im just the floor washer in their office, jump around like frogs, please provide the config. /export file=anynameyouwish (minus router serial number, any public WANIP info, keys etc.. ) Also if you are wireguarding to another device, als...
by anav
Tue Nov 26, 2024 5:18 pm
Forum: General
Topic: wireguard vpn + hotspot captive portal issue
Replies: 6
Views: 512

Re: wireguard vpn + hotspot captive portal issue

To be clear.
What is the purpose of wireguard in this setup.

For you as admin to reach the router while away from the main site?
Something else??
by anav
Tue Nov 26, 2024 5:13 pm
Forum: General
Topic: Hairpin NAT - acces to my web site on local server [SOLVED]
Replies: 3
Views: 446

Re: Hairpin NAT - acces to my web site on local server [SOLVED]

I just use LANIP ;-P
Another option is to use DNS settings to point all internal users, aiming at webserver be redirected to LANIP.
by anav
Tue Nov 26, 2024 5:12 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 29
Views: 2338

Re: HEX Lite for routing between subnets [SOLVED]

Wow, such trick phuckery. I also need to see the final config, as to try and understand, the magical fairy wizard dust Sindy contrived. :-)
Basically, will help better solidfy ones understanding of some basic stuff, power of ip address, dst-nat and source-nat.
by anav
Tue Nov 26, 2024 5:09 pm
Forum: General
Topic: Roast my config
Replies: 8
Views: 721

Re: Roast my config

Here is the problem, you want the hapax to be a simple AP switch, but then you try to add a second network behind the router. This is not possible be it assigning a subnet to a WLAN, creating a second bridge etc.............. The fact of the matter is you only have one subnet reaching the hapax3.......
by anav
Tue Nov 26, 2024 4:53 pm
Forum: General
Topic: VPN Type / PC with x Users
Replies: 17
Views: 821

Re: VPN Type / PC with x Users

Not necessarily. Lets say each user has to login into the PC. Lets say each user has their own wireguard APP on the PC. Lets say each user gets a different wireguard IP address on the MT ROuter wireguard subnet (in fact we will actually make the subnet different for each user but attached to same wi...
by anav
Tue Nov 26, 2024 4:31 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

anav:1 ammo:0 ( but whose counting) - by the way it looks my advice after inauguration day will cost 25% more jajajaja ( ps dont worry only applies to USA, rest of the world, same free advice, quality not guaranteed until reviewed by mkx/sob and a few others.......... ) Edit................... Damn ...
by anav
Tue Nov 26, 2024 4:28 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

Hi Normis, Understood, the One Time user available on the ROUTER itself, is for the ADMIN, to use. I presume this is meant to be put on the admins phone and from there he can easily generate additional qr codes or configs to send to as many clients as he/she,it,they,them etc desires. I also understa...
by anav
Tue Nov 26, 2024 2:33 am
Forum: General
Topic: Any advice for further debugging handshaking failed on wireguard roadwarrior setup?
Replies: 13
Views: 1374

Re: Any advice for further debugging handshaking failed on wireguard roadwarrior setup?

Diagram please detailing the wans etc.... It could be a well known wireguard routing issue but a diagram will help orient me to your network.
by anav
Tue Nov 26, 2024 12:01 am
Forum: General
Topic: Roast my config
Replies: 8
Views: 721

Re: Roast my config

1. Is this router BEHIND the RB5009, in double NAT, or acting as a switch/AP OR Is this router in front of the Rb5009 and public IP facing. 2. Why is this error showing?? /interface bridge port add bridge=bridge comment=defconf interface=*6 internal-path-cost=10 path-cost=10 3. Why do you have two b...
by anav
Mon Nov 25, 2024 7:57 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

okay hopefully NORMIS will provide his usual clarity. :-) :-)
by anav
Mon Nov 25, 2024 7:41 pm
Forum: General
Topic: WAN interface Passes more data than the LAN interface
Replies: 13
Views: 800

Re: WAN interface Passes more data than the LAN interface

Belgian chocolate makes one smarter, apparently. Screenshots are hard on my eyes so I try to avoid them.
by anav
Mon Nov 25, 2024 7:11 pm
Forum: General
Topic: Understanding Back to Home VPN (Wireguard) mysterious peer
Replies: 5
Views: 502

Re: Understanding Back to Home VPN (Wireguard) mysterious peer

Thank you emarj, I misunderstood your question and gave you a duff answer, now I understand that additional BTH config, and will be able to assist others more accurately down the line. Thanks to @Normis, for clearing that up................... Suggest you add it to the MT document section on BTH so ...
by anav
Mon Nov 25, 2024 7:04 pm
Forum: General
Topic: WAN interface Passes more data than the LAN interface
Replies: 13
Views: 800

Re: WAN interface Passes more data than the LAN interface

Your firewall rules are over the top complex and simplifying them will enable troubleshooting to some extent. However far more worrisome.......... if assuming 8295,8296 are something to do with accessing winbox and your router is public facing, you are asking to be hacked . Also without seeing the F...
by anav
Mon Nov 25, 2024 6:56 pm
Forum: Beginner Basics
Topic: VLAN setup problem
Replies: 2
Views: 580

Re: VLAN setup problem

Just to be clear, ether1 and ether2 are WAN links Ether 3 reserved ---> what I would do NOW, is to make this an OFF BRIDGE access for doing all the vlan configuring, much safer , trust me !! /interface ethernet set [ find default-name=ether3] name=OffBridge3 Ether4-10 would be on the bridge. Create ...
by anav
Mon Nov 25, 2024 6:34 pm
Forum: Beginner Basics
Topic: WireGuard setup for home server hosting
Replies: 9
Views: 863

Re: WireGuard setup for home server hosting

Okay my bad, I read so many posts, I can easily get confused........ may also be an old brain thing :-) So you have you own private VPN server hosted in the cloud. That is super so assuming you want to use it for a myriad of things a. users to come in and access your game servers b. for you to remot...
by anav
Mon Nov 25, 2024 6:18 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

Read the docs y.......... Connect to router Enable DDNS Cloud service: `/ip/cloud/set ddns-enabled=yes` Enable Back To Home: `/ip/cloud/set back-to-home-vpn=enabled` Print tunnel configuration: `/ip/cloud/print` Scan QR Code (`vpn-wireguard-client-config-qrcode`) or Copy config (`vpn-wireguard-clien...
by anav
Mon Nov 25, 2024 5:56 am
Forum: Beginner Basics
Topic: WireGuard setup for home server hosting
Replies: 9
Views: 863

Re: WireGuard setup for home server hosting

No understood. Here is the point If you have public IP then you dont need nordvpn wireguard Be advised NordVPN is NOT for people coming to you. Its strictly outgoing traffic from your side, usually to avoid local WANIP restrictions etc... As noted your best bet is a. Rent a cloud server, get a CHR l...
by anav
Mon Nov 25, 2024 4:05 am
Forum: General
Topic: Dynamic WireGuard endpoint traffic routed outbound to a specific interface.
Replies: 4
Views: 611

Re: Dynamic WireGuard endpoint traffic routed outbound to a specific interface.

So on this HAP device, a. you have a public WANIP ?? and b. you have nordguard vpn............ WHY you can access your router as admin or guests or another router via Wireguard without nordvpn. c. Perhaps you want users to go out a different internet public IP then your own and that is the reason? d...
by anav
Mon Nov 25, 2024 3:49 am
Forum: General
Topic: Any advice for further debugging handshaking failed on wireguard roadwarrior setup?
Replies: 13
Views: 1374

Re: Any advice for further debugging handshaking failed on wireguard roadwarrior setup?

You know the drill Post the config of the MT router ( assuming its acting as peer Server for handshake )? Since you have a public IP this should be fairly easy to fix. If you have multiple WANs, then provide a detailed diagram for clarity as well as config. /export file=anynameyouwish (minus router ...
by anav
Mon Nov 25, 2024 1:14 am
Forum: General
Topic: Blocking Video and Music Downloads on MikroTik
Replies: 4
Views: 421

Re: Blocking Video and Music Downloads on MikroTik

You cannot do it with a mikrotik device,
You need an $$router with a $$subscription service.
Your School IT staff would know this,,,,,,,

If this is a single school with little resources, not much you can do.
However, students shouldnt be on their cell phones in the classroom anyway.
by anav
Mon Nov 25, 2024 1:13 am
Forum: General
Topic: Minimum requirement to be a official Mikrotik consultant
Replies: 14
Views: 949

Re: Minimum requirement to be a official Mikrotik consultant

I think @ToTheFull refers to the requirement that one has to be "active" on the forum in order to maintain their official consultant status. But the particular kind of activity is not specified. I guess it would be complicated to verify conformance to a more specific requirement, like &qu...
by anav
Mon Nov 25, 2024 1:11 am
Forum: Beginner Basics
Topic: WireGuard setup for home server hosting
Replies: 9
Views: 863

Re: WireGuard setup for home server hosting

No problem at all. You haven't stated what kind of VPN service, do you mean a third party VPN provider or something else? By the way, if the third party Cloud is hosting it, it cant be as per your title is HOME SERVER Hosting LOL Im assuming two things forcing you to a VPN provider. a. no public IP ...
by anav
Sun Nov 24, 2024 10:56 pm
Forum: Beginner Basics
Topic: PCC dual wan
Replies: 8
Views: 1016

Re: PCC dual wan

Screw MT, what is important is that you are feeling better!!!
by anav
Sun Nov 24, 2024 10:53 pm
Forum: General
Topic: AWS Wireguard Slow
Replies: 21
Views: 1375

Re: AWS Wireguard Slow

You get what you measure...

Hi Ammo, cant recall did it long ago but on a 1gig connection on either end same city same provider, rb4011 to RB450G maybe,????? while ago....
I got around 300Mbps or so........... Sorry havent tested in a while.
Perhaps I should test with holvoe sometime.
by anav
Sun Nov 24, 2024 10:51 pm
Forum: General
Topic: How setup own VPN app creat and import WG tunnel automatically
Replies: 3
Views: 380

Re: How setup own VPN app creat and import WG tunnel automatically

Well the instructions are not difficult.
Open BTH app on smartphone and import QR code.
It will be up to you to make easy follow instructions for users.
Suggest you try it a couple of times to figure out how best to describe it to users
by anav
Sun Nov 24, 2024 10:49 pm
Forum: General
Topic: Comments and other Enquiry
Replies: 1
Views: 296

Re: Comments and other Enquiry

Well here is the scoop to use wireguard NORMAL, manual config, or port forwarding for that matter you need a. a public IP address OR b. an upstream router/modem, usually the iSP one, with a public IP AND the ability to forward ports. If you have the above then you dont need to use BTH. +++++++++++++...
by anav
Sun Nov 24, 2024 8:38 pm
Forum: General
Topic: AWS Wireguard Slow
Replies: 21
Views: 1375

Re: AWS Wireguard Slow

IPSec has its place in the enterprise world, but here in home soho user land, wireguard is easier to setup and reasonably fast and secure. Sure it takes a hit but looking at IPSEC stats on the MT routers, its not a shining star either. I trust mozerd, who deals with a wide variety of NON enterprise,...
by anav
Sun Nov 24, 2024 8:15 pm
Forum: Beginner Basics
Topic: NAT Setup Question
Replies: 3
Views: 407

Re: NAT Setup Question

I still don't understand your setup. Typically the Router has a public WANIP, either static or dynamic. OR if not a Private IP from an upstream router for example. Behind the router is a DIFFERENT private subnet, so not sure what you are doing or what kind of network you have. It would appear you ne...
by anav
Sun Nov 24, 2024 8:01 pm
Forum: Beginner Basics
Topic: Wireguard show-client-config generates ListenPort value when not set
Replies: 1
Views: 275

Re: Wireguard show-client-config generates ListenPort value when not set

The listen port is a horrible name I will agree. It only pertains to a wireguard router that is server for handshake. In the case of a client that port (typically identified under Wireguard Interface) is simply the outgoing port the initial connection uses to reach the Server etc......... So in a cl...
by anav
Sun Nov 24, 2024 3:20 pm
Forum: Beginner Basics
Topic: NAT Setup Question
Replies: 3
Views: 407

Re: NAT Setup Question

Draw a detailed network diagram as your explanation is NOT understandable
by anav
Sun Nov 24, 2024 3:17 pm
Forum: Beginner Basics
Topic: Could anyone audit my setup?
Replies: 2
Views: 403

Re: Could anyone audit my setup?

1. You forgot to include your 5ghz wifi WLAN in /interface bridge port settings /interface bridge port add bridge=Bridge-LAN interface=ether2-LAN add bridge=Bridge-LAN interface=ether3-LAN add bridge=Bridge-LAN interface=ether4-LAN add bridge=Bridge-LAN interface=ether5-LAN add bridge=Bridge-LAN int...
by anav
Sun Nov 24, 2024 2:55 pm
Forum: General
Topic: Wireguard between two mikrotik
Replies: 8
Views: 5909

Re: Wireguard between two mikrotik

@Mesquite - remember Your kind words the next time you ask for help at a car repair shop, or at a birthday present, or when painting your room...
Your post makes no sense, suspect language barrier, try google translate next time.
by anav
Sun Nov 24, 2024 1:09 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

Hi Ammo reading the docs there is only one qr/code one can generate from the router itself, the rest if I read this right, is that you can easily create and manage additional Qr codes and send them all from the admin smartphone.
by anav
Sun Nov 24, 2024 1:04 am
Forum: General
Topic: Minimum requirement to be a official Mikrotik consultant
Replies: 14
Views: 949

Re: Minimum requirement to be a official Mikrotik consultant

As per https://mikrotik.com/consultants . Additionally, as a consultant we expect you to participate in the MikroTik Forum and attend the MUM events in your country as a presenter conducting RouterOS case studies or workshops. @muaazteladia - Wow, one post in DEC 2022 and now a few posts today out ...
by anav
Sat Nov 23, 2024 8:31 pm
Forum: General
Topic: Understanding Back to Home VPN (Wireguard) mysterious peer
Replies: 5
Views: 502

Re: Understanding Back to Home VPN (Wireguard) odd peer

From my understanding, one uses your smartphone to create an initial tunnel while behind the router. Then one can use the smartphone BTH app ( under MANAGED SHARES) to generate qr codes or config files for other smart phones/laptops etc...... (laptops use the wireguard app itself). THe router is cap...
by anav
Sat Nov 23, 2024 8:28 pm
Forum: General
Topic: How setup own VPN app creat and import WG tunnel automatically
Replies: 3
Views: 380

Re: How Playstore app creat and import WG tunnel

The MT router can provide 1 QR codes or config file for that special client that is remote. I believe but not certain, the way to create multiple accounts ( Qr codes or config files) is from the BTH app on your smart phone. Step1: Create a BTH tunnel on your smartphone while behind the MT router aka...
by anav
Sat Nov 23, 2024 8:25 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 402
Views: 366956

Re: NEW FEATURE: Back to Home VPN

Trying to understand BTH some more. It would appear that it does not function as I thought. One cannot create QR codes for all remote users and send them each their own QR code, at which time the BTH app on android or Iphone could then simply use to setup their end. It would appear this can only be ...
by anav
Sat Nov 23, 2024 5:25 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1622

Re: Wireguard routing

Okay I added a bunch more questions above,,,,,,that need answering. You only need one wireguard network now that I know your wireguard requirements but only when two things happen. a. you fix your guest VPN and bridge setup. recommend create vlan for bridge subnet, put both vlans on same bridge as p...
by anav
Sat Nov 23, 2024 4:58 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1622

Re: Wireguard routing

Okay will see what I can figure out, just confused why you have two different WIREGUARD NETWORKS??? Can you provide network diagrams for each side, its very confusing due to all the extra subnets showing that are not complete subnets. For Example. Router A has a Bridge network of 192.168.88.0/24 But...
by anav
Sat Nov 23, 2024 3:47 pm
Forum: General
Topic: VLAN Trunk - DHCP issue
Replies: 12
Views: 848

Re: VLAN Trunk - DHCP issue

1. Remove serial number from post. 2. DO NOT USE bridge firewall rules, this is an advanced setting for specific cases, use normal firewall rules for most needs. 3. Clean up pools 4. Fixed up /interface bridge port and bridge vlan 5. Wireguard settings are incorrect. It would appear that the MT is a...
by anav
Sat Nov 23, 2024 2:28 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1622

Re: Wireguard routing

I asked for config at both ends? Which Router is supposed to be the Server for wireguard handshake?? Missing the wireguard address in allowed addresses ( depends upon if server or client for handshake what it should be). Why do you limite wg to /30 at least make it /29 so you can as admin remotely c...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 74