Community discussions

MikroTik App

Search found 40 matches

by ros44
Tue Feb 11, 2020 11:24 am
Forum: General
Topic: login failure only from Winbox
Replies: 2
Views: 493

login failure only from Winbox

Something super odd is happening to me. The device is hAP ac2 running 6.46.2. My last successful login was 3 days ago. Since then I didn't do anything. Now when I try to login via Winbox I am getting a login failure. I thought I messed up the credentials after trying a 100 times but I just decided t...
by ros44
Mon Feb 03, 2020 9:55 pm
Forum: Wireless Networking
Topic: CAPSMAN V2 - timeout manipulation possible?
Replies: 3
Views: 1042

Re: CAPSMAN V2 - timeout manipulation possible?

Hello,

Googling "capsman timeout" brought me to your post. Did you manage to find an answer?

Thank you!
by ros44
Wed Jan 15, 2020 11:46 am
Forum: Beginner Basics
Topic: Quick Set Guest WiFi vs. separate bridge
Replies: 1
Views: 508

Quick Set Guest WiFi vs. separate bridge

Hi there, When setting a Guest WiFi I prefer to have the guest WiFi interfaces (2.4 and 5GHz) attached to a separate (new) bridge and then make sure I have the right firewall rules so that the guest network has access only to Internet. I recently used the Quick Set option for Guest Wifi and I notice...
by ros44
Sat Aug 10, 2019 6:40 pm
Forum: General
Topic: Drawing network diagram with layers
Replies: 1
Views: 540

Drawing network diagram with layers

I found a few posts about this topic, but they are a bit old or left behind. What do you use to draw your network diagrams except for Visio. Are there MikroTik stencils for other software solutions? What do they use in MikroTik documents? What would you recommend that supports layers and is fast of ...
by ros44
Sat Aug 10, 2019 1:48 pm
Forum: Beginner Basics
Topic: Trying to get started with CAP and Vlan
Replies: 2
Views: 616

Re: Trying to get started with CAP and Vlan

It would help if you tell us your setup goal. I assume you want to have different SSID clients into different VLANs. The easiest way for me is to reset the config of the CAP and select CAP mode. Then from the CAPsMAN menu in the datapath section for the specific SSID select local forwarding = yes, u...
by ros44
Sun Aug 04, 2019 10:11 pm
Forum: Beginner Basics
Topic: Two VLANs in a bridge or two bridges
Replies: 2
Views: 606

Re: Two VLANs in a bridge or two bridges

Thank you, Metod. This is my 3rd weekend reading the wiki and the forum + watching MUM videos. I want to deep dive. I still cannot overview hat is the difference between configuring VLAN in the bridge or doing it via the switch menu? My OCD kicks in and I am trying to figure out when to use what. 1....
by ros44
Sun Aug 04, 2019 9:37 pm
Forum: Beginner Basics
Topic: Can I setup a hAP ac2 strictly as a WAP?
Replies: 8
Views: 1092

Re: Can I setup a hAP ac2 strictly as a WAP?

The lamest way to do it is to use the quick-set menu, select the "Home AP Dual" template, and then in the template: - configure a static LAN IP address of your router, that is free in your network. - and remove the check from the DHCP server option. This way eth1 will still be your WAN interface mea...
by ros44
Sun Aug 04, 2019 9:26 pm
Forum: Beginner Basics
Topic: default wan
Replies: 7
Views: 987

Re: default wan

I would use the code display option in the forum instead of attaching a file. It seems to be easier for the readers.
by ros44
Sun Aug 04, 2019 9:22 pm
Forum: Beginner Basics
Topic: Block winbox throughout public IP and only access from VPN
Replies: 1
Views: 559

Re: Block winbox throughout public IP and only access from VPN

First, you may want to change the winbox port to a custom port number. Second, if you update your router to the latest stable version and then reset the configuration and configure it again, you will end up having the default firewall rules configured out of the box. These rules provide sufficient s...
by ros44
Sun Aug 04, 2019 9:01 pm
Forum: Wireless Networking
Topic: CAPsMAN Access Point Question
Replies: 3
Views: 880

Re: CAPsMAN Access Point Question

It is not clear if you are using your first router as an access point only or you are using it as a router as well. It makes a difference if you will be using more SSIDs and you want them to be in separate VLANs. Here are a few ideas from me: - at the beginning focus on only one SSID and enable loca...
by ros44
Sun Aug 04, 2019 2:58 pm
Forum: Beginner Basics
Topic: VPN and IP Telephone connection problems [SOLVED]
Replies: 2
Views: 587

Re: VPN and IP Telephone connection problems [SOLVED]

Check this, please: viewtopic.php?t=132823
If this is what you need, please, mark the topic as solved.
by ros44
Sun Aug 04, 2019 2:52 pm
Forum: Beginner Basics
Topic: firewall filter doesnt work with in-interface-list
Replies: 2
Views: 710

Re: firewall filter doesnt work with in-interface-list

I read your config two times and I cannot figure out a problem. The only thing for you to correct in your post is that in the beginning, you wrote "eth1 # WLAN" and it should be WAN. It looks like you did an upgrade from a version before 6.41 and the configuration was upgraded from "the master-slave...
by ros44
Sun Aug 04, 2019 2:34 pm
Forum: Beginner Basics
Topic: Firewall ICMP rule to use VPN server
Replies: 1
Views: 338

Re: Firewall ICMP rule to use VPN server

Does your L2TP server have a public IP address? Why do you want Speedtest to show your VPN server address? Do you do the speed tests from the VPN clients?
Provide all extra information possible so that it is possible for people to answer your question.
by ros44
Sun Aug 04, 2019 2:11 pm
Forum: Beginner Basics
Topic: Help with port forwarding
Replies: 1
Views: 348

Re: Help with port forwarding

Can you please provide a simple topology diagram with the IP addresses and the name of the interfaces.
by ros44
Sat Aug 03, 2019 5:48 pm
Forum: Beginner Basics
Topic: Where is openvpn ?
Replies: 4
Views: 666

Re: Where is openvpn ?

How come? What MikroTik are you referring to? What is its RouterOS version?
by ros44
Sat Aug 03, 2019 3:42 pm
Forum: Beginner Basics
Topic: Access DSL modem in "bridge mode" behind Mikrotik [SOLVED]
Replies: 12
Views: 1778

Re: Access DSL modem in "bridge mode" behind Mikrotik [SOLVED]

It seems that the issue is routing-related or source/masquerade-related. Can you post again in a separate code your current /ip firewall nat of the MikroTIk and also the routing tables of both the PfSense and the MikroTik.
by ros44
Sat Aug 03, 2019 3:33 pm
Forum: Beginner Basics
Topic: Not showing IP on connected devices [SOLVED]
Replies: 13
Views: 1369

Re: Not showing IP on connected devices [SOLVED]

As @sob said you need that rule. Do not disable it. You need to change it.
What you need to do is log in with winbox, go to IP -> Firewall -> NAT, then click on that rule, go to the General tab and in the Out. Interface from the drop down menu select the WAN interface your router is using.
by ros44
Sat Aug 03, 2019 1:29 pm
Forum: Beginner Basics
Topic: Not showing IP on connected devices [SOLVED]
Replies: 13
Views: 1369

Re: Not showing IP on connected devices [SOLVED]

The first rule in your /ip firewall nat configuration is the following: /ip firewall nat add action=masquerade chain=srcnat It seems to me that it doesn't have any interface specified, meaning that it will source nat everything going out from all interfaces. Can you specify the outgoing interface in...
by ros44
Sat Aug 03, 2019 1:01 pm
Forum: Beginner Basics
Topic: Not showing IP on connected devices [SOLVED]
Replies: 13
Views: 1369

Re: Not showing IP on connected devices [SOLVED]

Can you please post the output of the following command
/ip firewall nat export
and then again post the output of the same command but with extra parameters
/ip firewall nat export verbose terse
by ros44
Sat Aug 03, 2019 12:57 pm
Forum: Beginner Basics
Topic: Not showing IP on connected devices [SOLVED]
Replies: 13
Views: 1369

Re: Not showing IP on connected devices [SOLVED]

Enabling port forwarding of port 22 from the Internet to your NAS will, obviously, expose it to the wild. I assume many bots are trying to connect to it using default username/passwords. That is why you have so many login failure attempts. But one thing is very strange: all these attempts are coming...
by ros44
Sat Aug 03, 2019 12:48 pm
Forum: Beginner Basics
Topic: Not showing IP on connected devices [SOLVED]
Replies: 13
Views: 1369

Re: Not showing IP on connected devices [SOLVED]

I just saw the signature of one guru member in the forum. it says "People who quote full posts should be spanked with an ethernet cable. Some exceptions for multi-topic threads may apply." These images, you just posted, makes me understand that you have enabled port forwarding from port 22 (TCP) of ...
by ros44
Sat Aug 03, 2019 12:32 pm
Forum: Beginner Basics
Topic: Access DSL modem in "bridge mode" behind Mikrotik [SOLVED]
Replies: 12
Views: 1778

Re: Access DSL modem in "bridge mode" behind Mikrotik [SOLVED]

Can you ping the modem's IP from the MikroTik's command prompt? If not do you, at least, see a line with the MAC address of the modem in the /ip arp menu?
by ros44
Sat Aug 03, 2019 12:22 pm
Forum: Beginner Basics
Topic: Not showing IP on connected devices [SOLVED]
Replies: 13
Views: 1369

Re: Not showing IP on connected devices [SOLVED]

I assume that in order for you to get an answer you need to clarify what do you mean with
where IP is not showing from PC that is trying to connect to it, but only mikrotiks 192.168.0.1
This doesn't make sense to me. Say what you wanted in the first place.
by ros44
Sat Aug 03, 2019 12:17 pm
Forum: Beginner Basics
Topic: Two VLANs in a bridge or two bridges
Replies: 2
Views: 606

Two VLANs in a bridge or two bridges

My router is hAP ac2 and I might change it with RB4011. Should I set up two bridges (WAN_BRIGE: port 1+2) and (LAN_BRIGE: port 3+4+5+wlan1+wlan2) or should I go for one bridge with two VLANs? I have this question for a while. Also in the post Using RouterOS to VLAN your network ( https://forum.mikro...
by ros44
Sat Aug 03, 2019 9:49 am
Forum: Beginner Basics
Topic: Port Forward/Passthrough
Replies: 5
Views: 767

Re: Port Forward/Passthrough

I am relatively new in the forum but I deal with networking for a long time. Port forwarding should be very simple but your post has a lot of things that are not clear, at least to me. Try to be more specific and post part of your config, especially the lines from /ip firewall filter, /ip firewall n...
by ros44
Thu Jul 25, 2019 1:05 pm
Forum: Scripting
Topic: Notification for new DHCP leases [SOLVED]
Replies: 2
Views: 1224

Re: Notification for new DHCP leases [SOLVED]

Thank you! It seems so clear and obvious. Best of luck! Edit: a simple script for anyone reading this post. :if ($leaseActIP = "192.168.1.130") do={ :log info "IP: $leaseActIP, MAC: $leaseActMAC, Host: $"lease-hostname"" :tool e-mail send to=email@example.com subject="Violation alert!!! New DHCP cli...
by ros44
Thu Jul 25, 2019 12:53 pm
Forum: Scripting
Topic: Notification for new DHCP leases [SOLVED]
Replies: 2
Views: 1224

Notification for new DHCP leases [SOLVED]

Hello guys, I found only one similar question in the forum, but without any replies of it. All my devices in the network have statically assigned DHCP leases. Still, there is a pool of 5 addresses available if new devices connect to the network accidentally. Is there any mechanism I can configure so...
by ros44
Mon Jul 22, 2019 11:03 pm
Forum: RouterBOARD hardware
Topic: Gigabit PoE injector and Gigabit Ethernet Surge Protector
Replies: 0
Views: 718

Gigabit PoE injector and Gigabit Ethernet Surge Protector

In the brochure of the new RBGESP ( https://i.mt.lv/cdn/rb_files/GESP-190528133701.pdf ) it is said PoE support: Yes, IEEE 802af/at How about protecting a device that is powered with passive PoE using RBGPOE ( https://mikrotik.com/product/RBGPOE )? I want to achive this: RB3011 ---> PoE injector ===...
by ros44
Sun Sep 09, 2018 11:08 pm
Forum: General
Topic: OVPN WITH 3 SITES
Replies: 1
Views: 311

Re: OVPN WITH 3 SITES

SInce Head Office <-> Branch 1 and Head Office <-> Branch 2 are working fine I assume the following: - you need to add routing at Branch 1 for Branch 2 via the VPN - you need to add routing at Branch 2 for Branch 1 via the VPN. That is all. And yes, it is better if you connect Branch 1 and Branch 2 ...
by ros44
Thu Sep 06, 2018 11:50 am
Forum: General
Topic: OpenVPN client IP spoofing - it is possible. What are the mitigations? [SOLVED]
Replies: 4
Views: 780

Re: OpenVPN client IP spoofing - it is possible. What are the mitigations? [SOLVED]

@sindy, thank you for confirming what I've discovered and was worrying me: a legitimate VPN user to start messing around. A guy from the scripting section of the forum pointed me out that in every ppp profile there are many options to be used so that the ppp interface is dynamically added to an inte...
by ros44
Thu Sep 06, 2018 11:40 am
Forum: General
Topic: Using OVPN with MS certificate store
Replies: 4
Views: 487

Re: Using OVPN with MS certificate store

Adrian , yes, it is not a RouterOS topic, but I also became interested so thank you.

In your reply, do you mean that you installed a the personal cert in the certification store, but the CA is still in a file and you pointed that file in the ovpn config?
by ros44
Thu Sep 06, 2018 11:14 am
Forum: Scripting
Topic: Does find command distinguish small and capital letters [SOLVED]
Replies: 8
Views: 764

Re: Does find command distinguish small and capital letters [SOLVED]

I feel so lame. I spent hours on debugging a script to add/remove interfaces from a list your last post made me flash for a moment. It could have been so simple. Thank you. Another way to do it was given to my by the support: On-up: :local interfaceName [/interface get $interface name] /interface li...
by ros44
Thu Sep 06, 2018 11:04 am
Forum: Scripting
Topic: In /ppp profile on-up script the $interface variable is with small letters [SOLVED]
Replies: 3
Views: 1288

Re: In /ppp profile on-up script the $interface variable is with small letters [SOLVED]

It turns out that the difference in the naming (small, capital letters) is known thing. In order for ppp on-down script to work well the support offered me this idea: toid $interface I tested it and works great. I would prefer not to explain it because I have only an assumption how it works. For me ...
by ros44
Mon Sep 03, 2018 11:44 am
Forum: Scripting
Topic: Does find command distinguish small and capital letters [SOLVED]
Replies: 8
Views: 764

Re: Does find command distinguish small and capital letters [SOLVED]

Do you have any ppp interfaces? Can you add manually via winbox an interface to a test list. Then disconnect the interface and show a /interface list member print.
by ros44
Mon Sep 03, 2018 11:30 am
Forum: General
Topic: OpenVPN client IP spoofing - it is possible. What are the mitigations? [SOLVED]
Replies: 4
Views: 780

Re: OpenVPN client IP spoofing - is it possible and what are the mitigations [SOLVED]

I did the test below and I can confirm that spoofing is possible and works very well. (Please, correct me if "spoofing" is not the right term for this.) 1. From a Win10 PC with an OpenVPN client I connected to my VPN router. I got the address 10.11.12.101 (the one statically assigned for username001...
by ros44
Sun Sep 02, 2018 12:15 am
Forum: Scripting
Topic: In /ppp profile on-up script the $interface variable is with small letters [SOLVED]
Replies: 3
Views: 1288

Re: In /ppp profile on-up script the $interface variable is with small letters [SOLVED]

The code you offered me I am already using it. The $interface variable (when used in ppp-up or ppp-down script) returns the interface id starting with small letter -> *f00001 But when I print an interface lists members then the interface ids are shown starting with capital letter -> *F00001 To me th...
by ros44
Sun Sep 02, 2018 12:12 am
Forum: Scripting
Topic: Does find command distinguish small and capital letters [SOLVED]
Replies: 8
Views: 764

Re: Does find command distinguish small and capital letters [SOLVED]

Thank you for taking time to reply to my question.

I am talking about interface id. When used in terminal command find works well no matter if the interface id starts with capital or small letter. When used in a script it requires only capital letters. This is my problem.
by ros44
Sat Sep 01, 2018 3:19 pm
Forum: Scripting
Topic: Does find command distinguish small and capital letters [SOLVED]
Replies: 8
Views: 764

Does find command distinguish small and capital letters [SOLVED]

Am I doing something wrong with the find command or this is how it works? Example 1: Here the find command works as expected. It removes an interface from an interface list, based on interface id /interface list member remove [ find interface=*f00020 ] * the interface id starts with a small letter) ...
by ros44
Sat Sep 01, 2018 2:59 pm
Forum: Scripting
Topic: In /ppp profile on-up script the $interface variable is with small letters [SOLVED]
Replies: 3
Views: 1288

In /ppp profile on-up script the $interface variable is with small letters [SOLVED]

Should this be reported as a bug: The $interface variable in /ppp profile on-up|on-down scripts has values like this: *f00001, *f00002, *f00003 ... *f00019, *f0001a, *f0001b (Small Letters) If an interface with one of the interface ids from above is added in an interface list and I print the members...
by ros44
Sat Sep 01, 2018 9:10 am
Forum: General
Topic: OpenVPN client IP spoofing - it is possible. What are the mitigations? [SOLVED]
Replies: 4
Views: 780

OpenVPN client IP spoofing - it is possible. What are the mitigations? [SOLVED]

Hello guys, My firewall rules are designed to grant/deny access to the VPN users based on their statically assigned IP addresses. Example: /ppp secret add local-address=10.11.12.1 name=username001 password=abcabcabc profile=PROFILE_PPP_OPENVPN remote-address=10.11.12.101 service=ovpn Address 10.11.1...