Community discussions

MikroTik App

Search found 105 matches

by jerryroy1
Fri Apr 03, 2020 7:53 am
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 44
Views: 10036

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

OK, the Long and winding road. LOL, It is finally working. I had to create all new certs on the 1100 with all the settings all over again to get this to work. I finally have Windows 10 clients connecting with IKEv2 to the Mikrotik 1100AHx2. It still displays erratic behavior. Maybe just because I ha...
by jerryroy1
Fri Mar 27, 2020 5:11 am
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 44
Views: 10036

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

Back in office. I am having issue importing certs exported from working system. BTW, passphrase does not accept spaces! I generated the certs with a Pass Phrase! not a password :( The certs imported but do not have same values, for Example, the CA cert only shows Authority and Trusted. It is missing...
by jerryroy1
Fri Mar 27, 2020 4:37 am
Forum: General
Topic: Migrating self signed CA
Replies: 10
Views: 2405

Re: Migrating self signed CA

Please clarify this step. - on new: - verify you have a connectivity to old router (ping, traceroute..) - import certificates with passphrase - reload openvpn (or sstp..) Why connectivity to old router? Do you mean open a browser to WAN old router? How are you connecting and importing on new router?
by jerryroy1
Wed Mar 25, 2020 12:24 am
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 44
Views: 10036

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

Set the modconf back to just the LAN subnet of the MT and was not able to ping in both directions for a bit, then it started to work again. At the moment, Win7 environment. When I get to go back to office, I will have access to all Win10 systems. No chances to test and I delete dups until I do. Than...
by jerryroy1
Tue Mar 24, 2020 10:32 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 44
Views: 10036

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

Walked away for an hour or so and now traffic is passing in both directions and the route is in the routing table for the lan of the MT. Not sure what changed, but it is working. Going to see if I can duplicate the configuration on the original RB1100AHx2. Can I move CA certs and others between syst...
by jerryroy1
Tue Mar 24, 2020 8:49 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 44
Views: 10036

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

Under mode config, If I place a split of 0.0.0.0/0 I get traffic encrypted and decrypted and can ping from the LAN side of MT to Road Warrior = (RW) IP and get a response. The pings do not get a response from the RW side to the MT LAN because they are using default route instead of tunnel path. Any ...
by jerryroy1
Tue Mar 24, 2020 8:17 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 44
Views: 10036

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

OK, doing what you suggested, I get traffic in one direction, I can see the bytes increasing from the 172.24.x.x (workstation on LAN of MT) to the 10.0.88.10 (Road Warrior IP) while pinging but still no response since it is not returning. Firewalls on windows systems both sides are completely disabl...
by jerryroy1
Tue Mar 24, 2020 7:25 am
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 44
Views: 10036

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

Sorry for the long delay in responding. Corona Virus be damned! ;) A Complete "Do OVER" I think the issue on Windows 10 is it does not install the Certificate in the correct Store. I need someone to validate this. In Any case, I have redone it completely on a different Mikrotik and now I can get the...
by jerryroy1
Mon Mar 16, 2020 10:02 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 44
Views: 10036

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

20:19:51 ipsec matched proposal:
20:19:51 ipsec adding payload: CERTREQ


CERTREQ is there

Second, please post the output of /certificate print detail where name~"jroy"

See Attached>
by jerryroy1
Fri Mar 13, 2020 11:44 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 44
Views: 10036

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

So double-check your settings at Windows. The certificate for Windows must be imported as a machine one, not a user one. It was imported as a machine one. The Windows Certificate was generate using the process from this tutorial https://www.youtube.com/watch?v=fQokeBcrjdc ALL Cert generation starts...
by jerryroy1
Fri Mar 13, 2020 3:24 am
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 44
Views: 10036

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

IKE2-fail.png
Do I have something wrong in one of my certs?

So are both my ID and Remote ID set to Auto?
by jerryroy1
Fri Mar 13, 2020 12:38 am
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 44
Views: 10036

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

IKE2.png
Changed but still same message about Identity not found for peer and it shows my private IP assigned via my AP on network
by jerryroy1
Thu Mar 12, 2020 10:50 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 44
Views: 10036

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

Is this not it? It is in the file I uploaded. /ip ipsec identity add auth-method=digital-signature certificate=vpn.corp.company.net \ generate-policy=port-strict match-by=certificate mode-config=\ modeconfig.vpn.corp.company.net peer="peer my.ip.add.r" \ policy-template-group="group vpn.corp.company...
by jerryroy1
Thu Mar 12, 2020 9:43 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 44
Views: 10036

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

Hi Sindy, See attached.

Thanks for looking!
cert-names.png
by jerryroy1
Thu Mar 12, 2020 8:23 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 44
Views: 10036

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

I keep getting "identity not found for peer: ADDR4: 192.168.86.26" The IP here is the ip assigned to me thru my AP at home. Any ideas?
by jerryroy1
Thu Mar 12, 2020 7:51 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 44
Views: 10036

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

Thanks, I had all the chain of trust of the CA in both the client and server. The client certificate had its key too. I am really surprised not to find any information how to get a better error log on the windows vpn client... That would point me into the right direction instead of playing half bli...
by jerryroy1
Sat Feb 29, 2020 8:59 pm
Forum: Beginner Basics
Topic: How to block traffic between vlans?
Replies: 16
Views: 17423

Re: How to block traffic between vlans?

Who can share rules that would drop traffic between ports without having vlans?
by jerryroy1
Sat Feb 22, 2020 9:23 pm
Forum: General
Topic: Allow traffic between isolated subnets? [SOLVED]
Replies: 10
Views: 1848

Re: Allow traffic between isolated subnets? [SOLVED]

Is this all you have in "/ip firewall filter"? The usual way is to use stateful firewall, i.e. start with: /ip firewall filter add chain=forward connection-state=established,related add action=drop chain=forward connection-state=invalid and then follow with other rules (I prefer to end everything w...
by jerryroy1
Thu Feb 06, 2020 10:21 pm
Forum: General
Topic: Upgrade to MS-CHAPv2 RADIUS for >6.43
Replies: 7
Views: 1579

Re: Upgrade to MS-CHAPv2 RADIUS for >6.43

I am using Active directory RADIUS server and mAP lite as the radius client and it works fine with AD/Radius Authentication (MS-CHAPv2).
Can you export your radius config portions?
by jerryroy1
Thu Feb 06, 2020 10:06 pm
Forum: General
Topic: Upgrade to MS-CHAPv2 RADIUS for >6.43
Replies: 7
Views: 1579

Re: Upgrade to MS-CHAPv2 RADIUS for >6.43

Can you export your config so we can see what you have set?
by jerryroy1
Tue Nov 19, 2019 7:13 am
Forum: RouterBOARD hardware
Topic: Untangle Firewall
Replies: 5
Views: 3165

Re: Untangle Firewall

I wish the Mikrotik supported it. It is a Linux Derivative.
by jerryroy1
Fri Nov 01, 2019 8:27 pm
Forum: Wireless Networking
Topic: Mikrotik RBLHGG-60adkit vs AirFiber AF-24
Replies: 2
Views: 1331

Mikrotik RBLHGG-60adkit vs AirFiber AF-24

Hello all, I have a customer looking at 6 Ubiquiti AF-24 units vs. 3 Mikrotik RBLHGG-60adkit (Kits). The Price is radically different but his argument is they have a Network Controller? Is that a centralized management interface like a Cisco WLAN controller and what can I recommend for a Management ...
by jerryroy1
Wed Jul 31, 2019 8:32 am
Forum: Wireless Networking
Topic: ptmp with Metal5 and 3 GrooveA-52
Replies: 0
Views: 459

ptmp with Metal5 and 3 GrooveA-52

Hello, I have 4 Mikrotiks. 3 x Groove A-52HPn r2 1 x Metal 5SHPn I want to create a ptmp connection. I will use 1 groove as the base station and the three remaining Mikrotiks as stations. Do I set the base station as AP bridge and the three other Mikrotiks as station-bridge or as station wds? Which ...
by jerryroy1
Wed Sep 05, 2018 12:25 am
Forum: Wireless Networking
Topic: W60G wireless-wire
Replies: 1
Views: 552

W60G wireless-wire

Can a wireless-wire kit act as both a bridge and AP? What mode would each side be configured to if so?
by jerryroy1
Tue Aug 07, 2018 10:53 pm
Forum: General
Topic: SCRIPT: Dual WAN Load Balancing with Fail-over
Replies: 27
Views: 96479

Re: SCRIPT: Dual WAN Load Balancing with Fail-over

Can someone please post a "complete" Dual broadband config (Both WAN are dhcp) that uses mangle rules?
by jerryroy1
Wed Aug 01, 2018 10:33 pm
Forum: General
Topic: ipsec policy not being applied correctly
Replies: 2
Views: 448

Re: ipsec policy not being applied correctly

No routing protocols, just IPsec settings. I create the file for a site with the necessary fields (IP's, etc...) by pulling the fields in brackets from a database. This is what's in my template. /ip ipsec policy add action=encrypt disabled=no dst-address=216.231.x.x/29 dst-port=any ipsec-protocols=e...
by jerryroy1
Sat Jul 28, 2018 2:33 am
Forum: General
Topic: ipsec policy not being applied correctly
Replies: 2
Views: 448

ipsec policy not being applied correctly

Hello, We deploy the Mikrotik hEX (GR3) to many customers. We have run into something and I believe it is a bug. I wanted to know if anyone has experienced this 1st hand? When applying the ipsec policy, the template has sa-src-address set as all zero’s, example sa-src-address=0.0.0.0 But after the t...
by jerryroy1
Wed Jul 18, 2018 9:52 pm
Forum: Scripting
Topic: Scheduler not working
Replies: 4
Views: 2545

Re: Scheduler not working

What I have found to work is to duplicate the script (use the copy command when you open original) and name it something different. Then point your scheduler or a new scheduler at the new script. For some reason it does not like to run against the original name. This only happens sometimes as we hav...
by jerryroy1
Wed May 30, 2018 7:35 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 86945

Re: VPNfilter official statement

Hi Normis,

I still do not have a reply regarding 5.26 on R750GL, can you comment?

Best regards.
by jerryroy1
Tue May 29, 2018 8:50 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 86945

Re: VPNfilter official statement

Can we confirm the RouterOS versions please?

We have 5.26 on hundreds of 750GL's. Is it a firmware issue or an RouterOS issue? It does not seem clear from this thread.

Also, what about GR2 and GR3/Hex? What versions are invulnerable?

Thanks,

Jerry
by jerryroy1
Wed Feb 28, 2018 6:43 pm
Forum: Wireless Networking
Topic: Connect a wAPac to a RBwAPG-60ad NO Internet
Replies: 9
Views: 960

Re: Connect a wAPac to a RBwAPG-60ad NO Internet

Why even have a forum MikroTik if you are not going to respond clearly?
by jerryroy1
Wed Feb 28, 2018 7:38 am
Forum: Wireless Networking
Topic: Connect a wAPac to a RBwAPG-60ad NO Internet
Replies: 9
Views: 960

Re: Connect a wAPac to a RBwAPG-60ad NO Internet

The above poster is correct. You need to reconfigure the wAPac unit first. The default config has the ethernet port configured as DHCP client, so by default, it is exptected you will plug the ethernet into your ISP/switch, not as in your diagram.
How do I reconfigure? What should I now do?
by jerryroy1
Tue Feb 27, 2018 9:45 am
Forum: Wireless Networking
Topic: Connect a wAPac to a RBwAPG-60ad NO Internet
Replies: 9
Views: 960

Re: Connect a wAPac to a RBwAPG-60ad NO Internet

Corrected flow, added RB260GS Switch

The flow is Internet <-->.Serverroom <---> RBwAPG-60ad SLAVE <---> RBwAPG-60ad MASTER <---> RB260GS Switch <---> wAP AC
by jerryroy1
Tue Feb 27, 2018 1:43 am
Forum: Wireless Networking
Topic: Connect a wAPac to a RBwAPG-60ad NO Internet
Replies: 9
Views: 960

Re: Connect a wAPac to a RBwAPG-60ad NO Internet

I don't understand, do I set bridge interface or ethernet interface as dhcp-client? I have the ethernet interface of wAPac plugged into the RB260 switch, not directly into the RBWAPG-60AD.
by jerryroy1
Mon Feb 26, 2018 8:47 am
Forum: Wireless Networking
Topic: Connect a wAPac to a RBwAPG-60ad NO Internet
Replies: 9
Views: 960

Re: Connect a wAPac to a RBwAPG-60ad NO Internet

You are talking about the wAP AC unit? It has a bridge interface with dhcp-client enabled
by jerryroy1
Sun Feb 25, 2018 9:16 am
Forum: Wireless Networking
Topic: Connect a wAPac to a RBwAPG-60ad NO Internet
Replies: 9
Views: 960

Re: Connect a wAPac to a RBwAPG-60ad NO Internet

Does the settings on the RBwAPG-60ad Master and Slave look correct?

Master set as Bridge
https://photos.app.goo.gl/QjdYRCx0OmVMvNxo1

Slave set as Station Bridge
https://photos.app.goo.gl/UzuHPijZkCmoWSAj1
by jerryroy1
Sun Feb 25, 2018 8:38 am
Forum: Wireless Networking
Topic: Connect a wAPac to a RBwAPG-60ad NO Internet
Replies: 9
Views: 960

Re: Connect a wAPac to a RBwAPG-60ad NO Internet

6.41.1 Firmware was applied and the AP rebooted and it came up in CAP mode? This happened with 3 out of 7 units. How in the world can that happen? After upgrading to 6.41.2 they are all back. I was even able to connect to the wAP unit connected to the RBwAPG-60ad and to the internet. It worked for a...
by jerryroy1
Sun Feb 25, 2018 3:32 am
Forum: Wireless Networking
Topic: Connect a wAPac to a RBwAPG-60ad NO Internet
Replies: 9
Views: 960

Connect a wAPac to a RBwAPG-60ad NO Internet

All, I have a RBwAPG-60ad (WirelessWire) bridge between two buildings. I can reach both sides from my server room with ping and winbox so I know link is up. The slave is setup on the server room building and the master is setup on the building across an alley. I plug in ether1 from RBwAPG-60ad Maste...
by jerryroy1
Thu Feb 22, 2018 9:50 pm
Forum: Scripting
Topic: Scheduler not working
Replies: 4
Views: 2545

Re: Scheduler not working

I have a simple ping script used to initiate IPsec tunnel from a dynamic IP site that is not working in 6.40.5. Did you ever receive a solution?
by jerryroy1
Fri Jan 05, 2018 11:05 pm
Forum: General
Topic: ipsec vpn between mikrotik router and pfsense router
Replies: 5
Views: 3476

Re: ipsec vpn between mikrotik router and pfsense router

Please send presentation to to jroy at pomeroy dot com

Thanks Very Much for your help :)
by jerryroy1
Mon Aug 07, 2017 9:42 am
Forum: General
Topic: CCR and Two Switches
Replies: 1
Views: 414

CCR and Two Switches

Hello, I have a CCR1009-7G-1C-1S+ and have connected its port 3 to a Dell 3324 switch on its gigabit port 1 (trunking). I have another Dell 3324 and have connected from its gigabit port 1 to port 4 on the CCR (should also be trunking). I have created 10 vlans and want all 10 vlans to be available on...
by jerryroy1
Sat Jul 29, 2017 6:04 pm
Forum: Beginner Basics
Topic: Trunking between CCR1009 and Cloud Router Switch
Replies: 4
Views: 1664

Re: Trunking between CCR1009 and Cloud Router Switch

I have a CCR1009-7G-1C-1S+ so no switch chip. I have deleted the bridge and added the following and still no trunking to the CRS. Does my CRS config listed above look correct? /interface vlan add interface=ether2 name=ether2.vlan2 vlan-id=2 add interface=ether2 name=ether2.vlan3 vlan-id=3 add interf...
by jerryroy1
Fri Jul 28, 2017 7:41 pm
Forum: Beginner Basics
Topic: Trunking between CCR1009 and Cloud Router Switch
Replies: 4
Views: 1664

Re: Trunking between CCR1009 and Cloud Router Switch

Hi Pe1chi,

I have a bridge because I have 45 vlan's and only so many ports. So Ip assigned to vlan and vlan assigned to bridge then trunk the bridge interface to the CRS.

Do you have a config example you can share?
by jerryroy1
Fri Jul 28, 2017 7:19 am
Forum: Beginner Basics
Topic: Trunking between CCR1009 and Cloud Router Switch
Replies: 4
Views: 1664

Trunking between CCR1009 and Cloud Router Switch

I am driving myself crazy, this should be simple, what am I doing wrong? I want to trunk between a Cloud Core Router on ethernet4 (Bridge2) and a Cloud Core Switch Ethernet1. On the CCR I did the following: /interface vlan add interface=bridge2-Trunk name=vlan2 vlan-id=2 add interface=bridge2-Trunk ...
by jerryroy1
Thu Jan 26, 2017 9:10 pm
Forum: Wireless Networking
Topic: wAP AC
Replies: 1
Views: 701

wAP AC

All, I have a bunch of wAP AC units. I configured one manually with all parameters required for the location I am deploying. I have 2 questions: 1) I have backed up the config (In Winbox -> "files, backup") that I want installed on all wAP AC units. I just make slight changes to the config. I drag a...
by jerryroy1
Sun Aug 21, 2016 3:38 am
Forum: Beginner Basics
Topic: [SOLVED] CAPsMAN2 for wAP-ac (Help!)
Replies: 11
Views: 5807

Re: [SOLVED] CAPsMAN2 for wAP-ac (Help!)

I am really lost since you added the Vlan 200. Why did you do this? I have a RB2011 with builtin 2ghz AP and a wAP ac with both 2ghz and 5ghz radios. I want to manage with capman in the same single vlan1. I can manage the 2ghz on the 2011 and the 2ghz on the wAP ac but never the 5 ghz.
by jerryroy1
Tue May 17, 2016 1:57 am
Forum: General
Topic: IPsec Tunnels drop and have to be manually flushed
Replies: 2
Views: 602

IPsec Tunnels drop and have to be manually flushed

We have a 150 locations that all have recently added and additional tunnel to a Cisco. The IPsec tunnel comes up and we can pass traffic but after an unknown length of time (lifetime?) the tunnels drop and will not renegotiate until we login to the Mikrotik and flush the SA's. Any Ideas?
by jerryroy1
Wed Apr 20, 2016 8:53 pm
Forum: General
Topic: System OID for Routerboard 750GL?
Replies: 1
Views: 487

Re: System OID for Routerboard 750GL?

I Did a snmp walk and this is what they needed in Red

OID=.1.3.6.1.2.1.1.1.0, Type=OctetString, Value=RouterOS RB750GL
OID=.1.3.6.1.2.1.1.2.0, Type=OID, Value=1.3.6.1.4.1.14988.1
by jerryroy1
Tue Apr 19, 2016 12:58 am
Forum: General
Topic: System OID for Routerboard 750GL?
Replies: 1
Views: 487

System OID for Routerboard 750GL?

OID_Example.jpg We are working with HP on their Network Automation Product and they are creating a driver for us. Can anyone tell us what the "System OID" is for the 750 running 5.26 firmware? HP keeps saying we are providing the wrong OID but all we can find is this "system.sysDescr(.1.3.6.1.2.1.1...
by jerryroy1
Fri Feb 20, 2015 10:54 pm
Forum: Beginner Basics
Topic: how to configuration multiple ISP in MikroTik router(750 GL)
Replies: 2
Views: 1539

Re: how to configuration multiple ISP in MikroTik router(750 GL)

This link does not follow standard practices here in the US. http://www.wirelessinfo.be/index.php/mi ... s/overflow

It shows a dhcp client setup for both ISP1 and ISP2 but it sets static routes??? How do we make this work with dhcp client where the GW is assigned by the ISP?
by jerryroy1
Tue Jul 22, 2014 7:57 am
Forum: General
Topic: No quick vpn for Mikrotik RB2011UAS-2HnD?
Replies: 3
Views: 1501

No quick vpn for Mikrotik RB2011UAS-2HnD?

I have 6.17 installed on a RB2011UAS-2HnD and there is no choice in quickset for Home VPN? Am I missing a package?
by jerryroy1
Fri Jun 20, 2014 5:04 am
Forum: Scripting
Topic: Move a firewall rule to the end (V4.5)
Replies: 11
Views: 7091

Re: Move a firewall rule to the end (V4.5)

How do I just insert rules between others? /ip firewall filter add action=accept chain=input comment="Netgear Switch access" disabled=no src-address-list="Netgear Switch Access" add action=accept chain=input comment="default configuration" disabled=no dst-port=123 protocol=udp add action=accept chai...
by jerryroy1
Fri Jun 06, 2014 11:20 pm
Forum: Forwarding Protocols
Topic: dst nat rule gives syn sent
Replies: 5
Views: 4518

Re: dst nat rule gives syn sent

How do you unNAT? or force to go thru? What would this rule look like?
by jerryroy1
Fri Nov 08, 2013 8:04 pm
Forum: General
Topic: Mikrotik Hotspot and IOS7 CNA problems
Replies: 30
Views: 27429

Re: Mikrotik Hotspot and IOS7 CNA problems

I think we should mount a joint effort to get Apple IOS fixed. Why is it that Cisco, Mikrotik and other all need to change their code when it is Apple who screwed it up?
by jerryroy1
Tue May 07, 2013 1:34 am
Forum: General
Topic: [Solved] Trunk ports and vlan routing
Replies: 9
Views: 26971

Re: Trunk ports and vlan routing

OK, So how do I enable the 750 to use the switch chip? I have a Cisco 1811 router that has Fa2 trunked to a MT750. The Vlan interfaces are assigned on the 1811 and Phy interfaces on the MT750 are assigned to the correct vlan. I can't pass any tagged traffic from traffic between the 750 and 1811. Any...
by jerryroy1
Thu Feb 14, 2013 9:04 pm
Forum: General
Topic: QOS for IPSec Tunnel
Replies: 1
Views: 1926

Re: QOS for IPSec Tunnel

Did you ever get this worked out?

Have you tried to do GRE inside IPSec? I do it with Cisco all day long. You would have an interface to use for the tunnel.
by jerryroy1
Tue Jan 22, 2013 10:24 pm
Forum: General
Topic: FlashFig for updating boards from 5.11 to 5.21
Replies: 3
Views: 1761

Re: FlashFig for updating boards from 5.11 to 5.21

Ya, This is absolutely the worst process I have ever seen for mass provisioning. It is a shame that they don't get it. I have hit and miss luck with this. They fail also to document that you must be connected port one on a 750GL for this to work. Why wouldn't it attempt to do the update from any por...
by jerryroy1
Wed Dec 19, 2012 5:18 am
Forum: General
Topic: Help with Queues -
Replies: 0
Views: 454

Help with Queues -

Hello all. I am in need of you Guru's to review and let me know if these are done correctly. I have a 750GL with two Aruba rap105 connected on the lan side via dhcp. One is for voice and the other is data. I want to apply these queues to allow voip traffic (port 6061) and Non-isakmp (Nat-T 4500) tra...
by jerryroy1
Thu Dec 06, 2012 6:40 am
Forum: General
Topic: Best method for mass production
Replies: 11
Views: 2329

Re: Best method for mass production

The Mikrotik has the absolute lamest way ever to set a config. The most frustrating design ever. I can't believe that I can't just generate a text file and upload and reload. It seems the unit would have had the smarts on reload of a file to 1) wipe config 2) parse and order file 3) load with ALL pa...
by jerryroy1
Fri Nov 09, 2012 10:01 pm
Forum: General
Topic: Best method for mass production
Replies: 11
Views: 2329

Re: Best method for mass production

Ok, Port 1 worked. Whoever has access to the documents on the wiki should note that :) Only problem is it still does not get entire config. I export a file called fullconfig.rsc that has all my settings and then I reset router back to what it came with from "factory" (Lan 192.168.88.0/24, Nat and dh...
by jerryroy1
Fri Nov 09, 2012 12:46 am
Forum: General
Topic: Best method for mass production
Replies: 11
Views: 2329

Re: Best method for mass production

I also tried this process and I am directly connected on port 5 to the 750. Trieds from two different laptops (firewall and antivirus disabled) http://wiki.mikrotik.com/wiki/Manual:Flashfig Does NOT work. Pretty frustrating that just uploading a text file with a complete config can be unsupported by...
by jerryroy1
Thu Oct 25, 2012 2:22 am
Forum: General
Topic: Best method for mass production
Replies: 11
Views: 2329

Re: Best method for mass production

They are kidding right? From the link you sent: "Note that it is impossible to import the whole router configuration using this feature. It can only be used to import a part of configuration (for example, firewall rules) in order to spare you some typing. " This makes no sense, almost every device i...
by jerryroy1
Wed Oct 24, 2012 10:59 pm
Forum: General
Topic: Best method for mass production
Replies: 11
Views: 2329

Best method for mass production

Hi All, We are deploying hundreds of RB 750's. We have a database that stores all the WAN, LAN and miscellaneous settings for the customers location (Broadband type settings such as pppoe ,dhcp or static, serial# of 750 etc...). We run a web interface that just requires us to enter the serial of the...
by jerryroy1
Wed Oct 24, 2012 8:45 pm
Forum: General
Topic: Feature Request - Add coded TCP ASAP
Replies: 1
Views: 473

Feature Request - Add coded TCP ASAP

New and faster Wi-Fi and LTE is coming to the masses soon with creative methods - Gonna Rock!

http://hardware.slashdot.org/story/12/1 ... th-algebra

http://arxiv.org/pdf/0809.5022.pdf

http://www.code-on.org/
by jerryroy1
Wed Oct 24, 2012 3:34 am
Forum: General
Topic: IPSec hub and spoke design SA issue
Replies: 0
Views: 533

IPSec hub and spoke design SA issue

All, We have an IPSec hub and spoke design. I have a 750GL (spoke) that is connected via IPsec back to a Juniper (Hub). I initiate the connection from the 750 and it creates a tunnel (2 SA's) and then I can ping to a device sitting behind the Juniper. If I try and ping back from the device behind th...
by jerryroy1
Wed Oct 03, 2012 12:56 am
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD-IN Questions Topic
Replies: 215
Views: 94488

Re: RB2011UAS-2HnD-IN Questions Topic

I would like to buy one. Anyone have stock here in the US?
by jerryroy1
Thu Sep 06, 2012 3:24 am
Forum: General
Topic: CipherLab 8370 hangs with MikroTik
Replies: 8
Views: 1668

Re: CipherLab 8370 hangs with MikroTik

Try a MAC bypass and see if this will stay connected. Enable mac address authentication in your hotspot server profile.

/ip hotspot ip-binding
add mac-address=xx:xx:xx:xx:xx:xx type=bypassed
by jerryroy1
Tue Aug 28, 2012 10:43 pm
Forum: General
Topic: CipherLab 8370 hangs with MikroTik
Replies: 8
Views: 1668

Re: CipherLab 8370 hangs with MikroTik

What is the CipherLab unit supposed to help you accomplish? If other devices connect correctly and don't drop, its the CipherLab box. I would find their competitor and see if its box also drops.
by jerryroy1
Fri Aug 24, 2012 6:40 pm
Forum: General
Topic: MikroTik IPsec tunnel problem
Replies: 8
Views: 2432

Re: MikroTik IPsec tunnel problem

Sounds like it was a broadband circuit issue or another device had the same IP assigned (if it actually has been resolved). FYI, you can setup logging for ipsec by going to System > Logging > and hit the plus sign. Then under topic choose ipsec and click ok. Now go back and select log in your winbox...
by jerryroy1
Wed Aug 22, 2012 7:01 pm
Forum: General
Topic: MikroTik IPsec tunnel problem
Replies: 8
Views: 2432

Re: MikroTik IPsec tunnel problem

Run a port scanner to the wan of the box. Does 8291 show open? Did you try the web interface or ssh?
by jerryroy1
Wed Aug 22, 2012 1:01 am
Forum: General
Topic: Urgent! Basic Hotspot Advertising Setup
Replies: 3
Views: 1945

Re: Urgent! Basic Hotspot Advertising Setup

Go under walled garden in Hotspot. Does the IP or URL show the Letter "D" for dynamic?
by jerryroy1
Tue Aug 21, 2012 11:27 pm
Forum: General
Topic: Urgent! Basic Hotspot Advertising Setup
Replies: 3
Views: 1945

Re: Urgent! Basic Hotspot Advertising Setup

By default if you use the "Hotspot Setup" under Hotspot, you should get a default landing page. Have you tried it?
by jerryroy1
Tue Aug 21, 2012 11:25 pm
Forum: General
Topic: CipherLab 8370 hangs with MikroTik
Replies: 8
Views: 1668

Re: CipherLab 8370 hangs with MikroTik

Disable WPA and test again. Does it stay connected?
by jerryroy1
Tue Aug 21, 2012 11:21 pm
Forum: General
Topic: LINK RouterOS tips and tricks thread
Replies: 2
Views: 1509

Re: LINK RouterOS tips and tricks thread

Check it for what?
by jerryroy1
Tue Aug 21, 2012 10:35 pm
Forum: General
Topic: Outgoing ports
Replies: 4
Views: 1288

Re: Outgoing ports

Yes, you are able to block all outbound but what would be the purpose? You would have no connectivity. If you want to see open ports, plug a device into the wans subnet and run a port scanner - http://www.radmin.com/products/previous ... canner.php
by jerryroy1
Tue Aug 21, 2012 10:29 pm
Forum: General
Topic: MikroTik IPsec tunnel problem
Replies: 8
Views: 2432

Re: MikroTik IPsec tunnel problem

Confirm your FW rules. Can you ping public IP?
by jerryroy1
Tue Aug 21, 2012 10:02 pm
Forum: General
Topic: How to use vlan like cisco ?
Replies: 1
Views: 483

Re: How to use vlan like cisco ?

This should be simple

Go to bridge and create new bridge1
Go to ports and add ports to bridge1
Add vlan interface and add bridge1 to vlan
assign IP to vlan interface

Remember a "bridge" can create a bridge between physical ports and a logical interface :)
by jerryroy1
Tue Aug 21, 2012 6:10 am
Forum: General
Topic: How to access Loopback address at end of Ipsec Tunnel
Replies: 0
Views: 735

How to access Loopback address at end of Ipsec Tunnel

I have a "hub and spoke" Ipsec VPN network. On the hub side is Juniper router. We have 900 Cisco 881 routers on the spoke side all with standard broadband links (pppoe, dhcp and static w/dsl, cable or wireless) connecting back to it. We have a loopback address assigned on each cisco that is the ipse...
by jerryroy1
Thu Jun 28, 2012 9:12 am
Forum: General
Topic: PPPoE and Nat w/masquerade
Replies: 0
Views: 479

PPPoE and Nat w/masquerade

Hello, I have 750g that acts as pppoe server and assigns public IP's when a user authenticates. Now I want dhcp users to obtain private IP on of Lan side from dhcp server and masquerade and nat to the ether1-gateway interface IP which is the "public" IP for pppoe server. Can this be done? As soon as...
by jerryroy1
Wed Jun 27, 2012 8:47 am
Forum: General
Topic: IPv6, PPPoE Server, bug?
Replies: 7
Views: 2357

Re: IPv6, PPPoE Server, bug?

I have 5.18 on 1100AHx2 and it is all effed up. Unable to create a simple dhcp server with wizard or manually. I reset to factory and port 12 on the case is now "ethernet1" interface with the 192.168.88.1 IP??? I was using NeighborViewer to see which port to connect to and they all said 0.0.0.0 unti...
by jerryroy1
Sat Apr 14, 2012 3:43 am
Forum: General
Topic: Mikrotik to Juniper 5200
Replies: 0
Views: 944

Mikrotik to Juniper 5200

All, Having a difficult time getting RB750 to pass traffic thru to Juniper 5200 with IPsec tunnel aggressive mode. Can someone take a look and see what I did wrong? I believe I am having a Nat/Routing issue now but cannot figure out. I don't completely understand the masquerading and IP chains. The ...
by jerryroy1
Thu Apr 12, 2012 1:58 am
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 99017

Re: Feature Request: OpenVPN [ovpn] udp tunnels

So... Based on this thread. Does OpenVpn and Mikrotik work? And if so, is it only between Mikrotik and Mikrotik? If this is the case, does Mikrotik have a VMWare appliance I can run? Then I can have the MT to MT scenario with their version of openvpn
by jerryroy1
Sat Apr 07, 2012 2:37 am
Forum: General
Topic: IPv6 and SixXS (6to4)
Replies: 16
Views: 7406

Re: IPv6 and SixXS (6to4)

Can someone please clear up this doc. What a mess. http://wiki.mikrotik.com/wiki/Setting_up_an_IPv6_tunnel_via_a_tunnel_broker THIS DOES NOT work on 5.14 /ipv6 route add dst-address=2000::/3 gateway=::216.66.80.26 THIS works on 5.14 /ipv6 route add dst-address=2000::/3 gateway=::209.197.5.66%sixbone
by jerryroy1
Wed Feb 01, 2012 11:21 pm
Forum: General
Topic: Interface on 532 keeps shutting down
Replies: 0
Views: 301

Interface on 532 keeps shutting down

I have two MT 532's with newly upgraded 5.12 code. Each has an ethernet connection to a wireless radio and seem to pass traffic ok until we transfer a large file. The file starts out transferring and gets about half way or so and then the connection drops. I have noticed the "R" next to the ethernet...
by jerryroy1
Fri Dec 09, 2011 2:18 am
Forum: General
Topic: IPSec tunnel to a Juniper SSG not coming up
Replies: 9
Views: 5837

Re: IPSec tunnel to a Juniper SSG not coming up

Can you shared config? I have same scenario and no worky. I keep getting Hash Mismatch and I know they are correct.
by jerryroy1
Wed Apr 20, 2011 3:49 am
Forum: General
Topic: Rb750G act as a layer 2 firewall like a netscreen or ASA?
Replies: 6
Views: 2351

Re: Rb750G act as a layer 2 firewall like a netscreen or ASA

Can someone tell me what I did wrong with these filter rules? I want to allow only IPsec-esp, ssh, isakmp 500 and 4500. But I am unable to BLOCK ssh as a test. 0 chain=forward out-interface=ether2-local-master action=accept in-interface=ether1-gateway mac-protocol=ip src-address=0.0.0.0/0 dst-addres...
by jerryroy1
Sat Mar 26, 2011 3:06 am
Forum: General
Topic: Rb750G act as a layer 2 firewall like a netscreen or ASA?
Replies: 6
Views: 2351

Re: Rb750G act as a layer 2 firewall like a netscreen or ASA

Can you tell me what I have wrong here? I want to allow only IPsec-esp, ssh, isakmp 500 and 4500. But I am unable to BLOCK ssh as a test. [admin@MikroTik] > interface print Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE MTU L2MTU 0 R ether1-gateway ether 1500 1526 1 R ether2-lo...
by jerryroy1
Fri Mar 25, 2011 7:16 pm
Forum: General
Topic: Rb750G act as a layer 2 firewall like a netscreen or ASA?
Replies: 6
Views: 2351

Re: Rb750G act as a layer 2 firewall like a netscreen or ASA

Yes. You can either turn on IP firewall filters for bridged traffic (under "/interface bridge"), or you can use bridge filters directly. On a 750G you will have to turn off the switch chip for that to work - that traffic isn't processed by the CPU. You'll have to software bridge things (which doesn...
by jerryroy1
Fri Mar 25, 2011 6:55 pm
Forum: General
Topic: Rb750G act as a layer 2 firewall like a netscreen or ASA?
Replies: 6
Views: 2351

Rb750G act as a layer 2 firewall like a netscreen or ASA?

Can a RB750G switch act as a layer 2 firewall where I can just drop into a network transparently?
by jerryroy1
Tue Apr 13, 2010 12:24 am
Forum: General
Topic: Where can I find winbox files?
Replies: 2
Views: 1774

Re: Where can I find winbox files?

My files are addresses.wbx and it will not recognize the file. Is there a way to convert the file so it can be recognized?
by jerryroy1
Sun Apr 11, 2010 9:00 pm
Forum: General
Topic: Where can I find winbox files?
Replies: 2
Views: 1774

Where can I find winbox files?

I installed windows 7. I have old drive attached and wanted to find the file that has all the original IP's, passwords Etc... that inbox had previously displayed. I can run the original winbox.exe from the original drive location but when it comes up all my routerboard IP's are gone. Where and what ...
by jerryroy1
Sat Feb 27, 2010 8:07 pm
Forum: Beginner Basics
Topic: Access to one Vlan from all others?
Replies: 0
Views: 376

Access to one Vlan from all others?

I have a RB493AH that has a LOT of VLANs (one Vlan w/24 subnet per office). I want all Vlans to be able to get to a Vlan with a shared scheduling application so offices can schedule time in our shared conference room. All offices can get to internet with no issues. I would assume they could get to o...
by jerryroy1
Sun Feb 21, 2010 7:26 pm
Forum: RouterBOARD hardware
Topic: Bruteforce login prevention
Replies: 11
Views: 35681

Re: Bruteforce login prevention

So Can I just copy and paste this? Are there additional notes. I am remote and I do not want to deny myself. I don't see any lines that suggest I won't be denied as well.

Thanks,

JR
by jerryroy1
Mon Feb 08, 2010 7:12 am
Forum: General
Topic: VRRP on WAN? Can I have two rb450g point at 1 Virtual IP?
Replies: 2
Views: 804

Re: VRRP on WAN? Can I have two rb450g point at 1 Virtual IP?

Thanks for the response. It really shouldn't matter, consider it all in the same office but I have two office buildings. New Building is on the right. I only have 4 cat5e cables between the two offices (the guy failed to run more or even install fiber and I have no way of adding more). These two pep...
by jerryroy1
Sat Feb 06, 2010 8:51 pm
Forum: General
Topic: VRRP on WAN? Can I have two rb450g point at 1 Virtual IP?
Replies: 2
Views: 804

VRRP on WAN? Can I have two rb450g point at 1 Virtual IP?

I have two peplink internet sharing routers that do vrrp and supply a virtual IP to a single rb450g. I want to add a second 450g for redundancy but I want to know what IP should I assign to WAN of the rb450G on the bottom left? Will this work? I also want to set the 2 450g's in vrrp on the lan side ...
by jerryroy1
Wed Dec 30, 2009 11:54 pm
Forum: Beginner Basics
Topic: Adding vlan tags
Replies: 4
Views: 1147

Re: Adding vlan tags

How do I add multiple ports to the same vlan?
by jerryroy1
Mon Aug 17, 2009 1:41 am
Forum: The Dude
Topic: Can the Dude be configured to monitor PPTP locations?
Replies: 3
Views: 977

Re: Can the Dude be configured to monitor PPTP locations?

Ok, I got it to connect but can I do this?

Can it connect to one site via pptp, ping a bunch of devices, email if pings don't work, hang up pptp connection and repeat for site # 2? devices on #2 site might be different (more or less IP's to monitor)?

TIA for any support
by jerryroy1
Fri Aug 14, 2009 7:31 am
Forum: The Dude
Topic: Can the Dude be configured to monitor PPTP locations?
Replies: 3
Views: 977

Re: Can the Dude be configured to monitor PPTP locations?

I have all static IP's but I am a little confused o how to implement. Can you offer more details?

Thanks!
by jerryroy1
Thu Jan 29, 2009 5:30 am
Forum: Wireless Networking
Topic: MESH with MikroTik
Replies: 38
Views: 30023

Re: MESH with MikroTik

Can someone send over the link to the Dallas MUM Mesh presentations? Hi Uldis, Whats the Latest and greatest secrets about Mikrotik mesh? Any more work being done here?
by jerryroy1
Mon Oct 08, 2007 10:30 pm
Forum: RouterBOARD hardware
Topic: RouterBoard 230 - FATAL: IDE drive not found
Replies: 7
Views: 2049

Re: RouterBoard 230 - FATAL: IDE drive not found

Yup, IDE gone bad on Board. Kind sucks since it was only 2 years old.
by jerryroy1
Mon Oct 08, 2007 10:27 pm
Forum: General
Topic: RouterOS and Dell 2450 with U160 Scsi supported?
Replies: 1
Views: 456

RouterOS and Dell 2450 with U160 Scsi supported?

Are there any SCSI drivers I can use to get RouterOS 2.9.46 or 3.0.6 to boot on a Dell 2450 that has only U160 SCSI controllers? I have tried to boot both version and it keeps giving a "Fatal Error" No Harddrives found. I boot Fedora Live and it finds drives without a problem.
by jerryroy1
Mon May 07, 2007 6:53 am
Forum: General
Topic: Really, really odd problem with RouterOS 2.9.40
Replies: 10
Views: 1734

Re: it's still there

mneumark: Like you suggested, I upgraded to .42. Also added some firewall rules through the winbox web interface (enabled both protect router and protect customer). I also changed the Public interface to use the DLink card. Things were fine for a few days. Now the same problem is back, although sli...
by jerryroy1
Mon May 07, 2007 6:40 am
Forum: General
Topic: RB112 and RB133 winbox disconnects?
Replies: 2
Views: 782

RB112 and RB133 winbox disconnects?

All, Deploying a new Hotspot with a RB133. I keep getting disconnected when using winbox. When it does connect it is up for up to 5 minutes and is extremely slow showing any details such as license or IP’s inside of winbox before the disconnect. I upgraded to 2.9.42 and I still have the same issue. ...
by jerryroy1
Sat Mar 17, 2007 4:59 am
Forum: RouterBOARD hardware
Topic: RouterBoard 230 - FATAL: IDE drive not found
Replies: 7
Views: 2049

RouterBoard 230 - FATAL: IDE drive not found

Anyone know if I can recover from the following message?

RouterBIOS v1.2.7 MikroTik (tm) 2003-2004

RouterBOARD 230 (CPU revision B1)
CPU frequency: 266 MHz
Memory size: 64 MB

Press any key within 1 second to enter setup..

FATAL: IDE drive not found