Community discussions

MikroTik App

Search found 270 matches

by rbuserdl
Mon Dec 18, 2023 2:49 pm
Forum: Beginner Basics
Topic: How to check IP tunnel is working [SOLVED]
Replies: 5
Views: 3406

Re: How to check IP tunnel is working [SOLVED]

Ok, thanks!!
by rbuserdl
Thu Dec 14, 2023 10:13 pm
Forum: Beginner Basics
Topic: How to check IP tunnel is working [SOLVED]
Replies: 5
Views: 3406

Re: How to check IP tunnel is working [SOLVED]

Hello!!
Thanks for your response, Kentzo,
Is there a way to diagnose an specific IPsec VPN when I have more than one?

Thanks in advance.
Regards,
Damián
by rbuserdl
Thu Dec 14, 2023 2:57 pm
Forum: Beginner Basics
Topic: How to check IP tunnel is working [SOLVED]
Replies: 5
Views: 3406

Re: How to check IP tunnel is working [SOLVED]

Hello,
Is there any command to diagnose or troubleshoot ipsec VPN?

Regards,
Damián
by rbuserdl
Thu Nov 30, 2023 12:43 am
Forum: Beginner Basics
Topic: VPN configuration L2TP/IKEv2 problem [SOLVED]
Replies: 2
Views: 1984

Re: VPN configuration L2TP/IKEv2 problem [SOLVED]

Hello republicx!!! Did you configured the VPN server in the Mikrotik and client on remote machines which should connect through Internet? If I did understand, you have a private IP in the Mikrotik, but you need to use a public IP in remote devices to reach the Mikrotik. So the public IP should be in...
by rbuserdl
Thu Nov 30, 2023 12:15 am
Forum: Beginner Basics
Topic: Teltonika - Mikrotik VPN
Replies: 5
Views: 1694

Re: Teltonika - Mikrotik VPN

Hello!! Are you sure the VPN is up? Which router is the L2TP server? The default rules on Mikrotik only drops packets from WAN and L2TP interfaces are not WAN. Maybe you could see if the L2TP interface is in the interface list "wan" IMHO, this is too few information to know what is happeni...
by rbuserdl
Wed Nov 29, 2023 11:05 pm
Forum: Beginner Basics
Topic: Additional logs for system failures
Replies: 0
Views: 2001

Additional logs for system failures

Hi team!!! Maybe this is a basic question, but I didnt find this anywhere. Recently, a Mikrotik failed, users had no internet access, and after restarting the Mikrotik, users could reach internet again. Who restarted the Mikrotik had no Mikrotik knowledge to access and find out what there is happeni...
by rbuserdl
Fri Oct 27, 2023 4:45 pm
Forum: Beginner Basics
Topic: Dynamic interface list members added automatically [SOLVED]
Replies: 4
Views: 1792

Re: Dynamic interface list members added automatically [SOLVED]

Thank you mkx!!!!
I just set all items to "none"! Will see

Regards,
Damián
by rbuserdl
Fri Oct 27, 2023 3:48 pm
Forum: Beginner Basics
Topic: Dynamic interface list members added automatically [SOLVED]
Replies: 4
Views: 1792

Re: Dynamic interface list members added automatically [SOLVED]

Hello team!!! Thanks for your answer mkx!!! I didnt know "Detect internet" I couldnt figure this out how to disable this feature, I just turned all to static: /interface detect-internet set detect-interface-list=static internet-interface-list=static lan-interface-list=static wan-interface-...
by rbuserdl
Thu Oct 26, 2023 11:10 pm
Forum: Beginner Basics
Topic: Dynamic interface list members added automatically [SOLVED]
Replies: 4
Views: 1792

Dynamic interface list members added automatically [SOLVED]

Hello team!!!

I just see, in a Mikrotik, LAN interfaces are being added dynamically in the interface list called "WAN".
What could be the setting that add these interface list members?

Thanks in advance.
Regards,
Damián
by rbuserdl
Thu Oct 26, 2023 5:35 pm
Forum: General
Topic: to the router via OpenVPN and from the route via IPSec
Replies: 7
Views: 992

Re: to the router via OpenVPN and from the route via IPSec

Ok,
Your OpenVPN clients get IPs in the same main office LAN?
If yes, I dont know how to manage this
If no, I think you need to add ipsec policies in every Mikrotik (One for each site in the main office and one in each office)

Not sure, my knowledge about ipsec is poor

Regards,
Damián
by rbuserdl
Thu Oct 26, 2023 5:06 pm
Forum: Beginner Basics
Topic: Problem with wireless bridge
Replies: 6
Views: 1469

Re: Problem with wireless bridge

Hmmm, not sure about the behavior I just tested in a Mikrotik, If I do a ping to a LAN IP, using another interface, I get timeout If you have a computer in the bridge, try to do the following and share the output: * View the IP address of the computer * In the Mikrotik open a new terminal and write:...
by rbuserdl
Wed Oct 25, 2023 10:42 pm
Forum: General
Topic: to the router via OpenVPN and from the route via IPSec
Replies: 7
Views: 992

Re: to the router via OpenVPN and from the route via IPSec

You still didnt say how openVPN is connected, I assume that every office is connected to C1 You need routes to reach each office in every Mikrotik For example: C1 LAN: 192.168.0.0/24 Office1 LAN: 192.168.1.0/24 Office2 LAN: 192.168.2.0/24 If Office1 and Office2 are connected to C1 but they are not c...
by rbuserdl
Wed Oct 25, 2023 8:33 pm
Forum: Beginner Basics
Topic: cAP Lite - access webfig via WAN
Replies: 1
Views: 990

Re: cAP Lite - access webfig via WAN

Hello!! If the AP is in "bridge mode" you probably will have no rules in "/ip firewall filter" If you reach the AP IP address from where you want to access, you need just know the service port (/ip service), ensure the service in enabled in the same place, and ensure you have no ...
by rbuserdl
Wed Oct 25, 2023 8:24 pm
Forum: Beginner Basics
Topic: Problem with wireless bridge
Replies: 6
Views: 1469

Re: Problem with wireless bridge

Please, from the Mikrotik itself, run a ping to the following places and tell me about the outputs:
* 192.168.1.1
* 8.8.8.8
* google.com
by rbuserdl
Wed Oct 25, 2023 6:46 pm
Forum: General
Topic: to the router via OpenVPN and from the route via IPSec
Replies: 7
Views: 992

Re: to the router via OpenVPN and from the route via IPSec

Hello!! I am not sure if I understood well. Please tell me if this is correct: * You have in the Mikrotik, an OpenVPN Server and IPsec tunnels with other offices * You have clients connected to the Mikrotik, which are reaching IPs in other offices through IPsec tunnels * The same IPs in other office...
by rbuserdl
Wed Oct 25, 2023 5:53 pm
Forum: Beginner Basics
Topic: Problem with wireless bridge
Replies: 6
Views: 1469

Re: Problem with wireless bridge

Hello, It seems this is configured as router for wireless clients. (I usually call "configured as router" when it is natting and assigning IP addresses to clients) What do you have connected in ether2? Is it getting IP address in ehter2? If this is a private IP, please run "ip dhcp-cl...
by rbuserdl
Wed Oct 25, 2023 5:22 pm
Forum: Beginner Basics
Topic: Limiting download/upload per Access Point
Replies: 12
Views: 2073

Re: Limiting download/upload per Access Point

Sorry, I missed the notification It is not so easy, this could help to start: https://help.mikrotik.com/docs/display/ROS/VLAN You should do the following: In the Router/Firewall: * Configure a VLAN for each AP, each one with different VLAN ID, each one in the interface where the AP is connected * Co...
by rbuserdl
Wed Oct 18, 2023 3:52 pm
Forum: Beginner Basics
Topic: Limiting download/upload per Access Point
Replies: 12
Views: 2073

Re: Limiting download/upload per Access Point

Hello, It seems you added the queues in the APs side, I allways add the queues in the router, I dont know this should work as IMHO your APs are like switches connecting together wired and wireless clients (When I say "client", I mean workstations, mobile phones, tablets, etc) The APs are n...
by rbuserdl
Wed Oct 18, 2023 7:27 am
Forum: Beginner Basics
Topic: Limiting download/upload per Access Point
Replies: 12
Views: 2073

Re: Limiting download/upload per Access Point

Hmmmm, It is weird to me that you have a public IP in your client devices. I think I will need more information Please try to give us an export of the router and an export of any AP To upload the complete config, you could do the following: * Connect to the Mikrotik from Winbox (it can be downloaded...
by rbuserdl
Wed Oct 18, 2023 5:51 am
Forum: Beginner Basics
Topic: Limiting download/upload per Access Point
Replies: 12
Views: 2073

Re: Limiting download/upload per Access Point

Sorry, maybe I did not explain it well
I asked for the IPs of devices connected to the APs, not about the AP addresses, I did read the first note.
For example, if you connect a computer with wireless to one of these APs, which IP address do you get in the computer?

Regards,
Damián
by rbuserdl
Tue Oct 17, 2023 10:47 pm
Forum: Beginner Basics
Topic: Limiting download/upload per Access Point
Replies: 12
Views: 2073

Re: Limiting download/upload per Access Point

Hello, just to be sure Your APs are natting? If not, all devices are getting different IPs and the queue will not apply to this traffic (If I understand well) Regards, Damián Hello excuse me but i am fairly new to this since i did not do the installation of those. I have full access to the interfac...
by rbuserdl
Tue Oct 17, 2023 10:05 pm
Forum: Beginner Basics
Topic: Internet works fine but downloads fail
Replies: 2
Views: 1281

Re: Internet works fine but downloads fail

Hello!!! To upload the complete config, you could do the following: * Connect to the Mikrotik from Winbox * Open a new terminal and write "export file=mikrotiksettings.rsc" * Go to "Files" section (In winbox) * Search the file "mikrotiksettings.rsc", and drag and drop t...
by rbuserdl
Tue Oct 17, 2023 9:52 pm
Forum: Beginner Basics
Topic: Allow devices on one network to reach a different network
Replies: 1
Views: 1157

Re: Allow devices on one network to reach a different network

Hello, Maybe will need an export to view the settings on the Mikrotik. 1) On 192.168.111.1 do you have Internet access? If not, maybe you missed to configure the default gateway on the device 2) Is the mikrotik natting anything between these 2 networks? Check this in ip/firewall/nat 3) If 1 and 2 di...
by rbuserdl
Tue Oct 17, 2023 9:38 pm
Forum: Beginner Basics
Topic: Limiting download/upload per Access Point
Replies: 12
Views: 2073

Re: Limiting download/upload per Access Point

Hello, just to be sure
Your APs are natting? If not, all devices are getting different IPs and the queue will not apply to this traffic (If I understand well)
Regards,
Damián
by rbuserdl
Fri Oct 06, 2023 5:49 pm
Forum: Beginner Basics
Topic: How to check IP tunnel is working [SOLVED]
Replies: 5
Views: 3406

How to check IP tunnel is working [SOLVED]

Hello team!!! Just a basic question I know to check if an IPsec tunnel is working I can ping something in the another side, but besides that, how can I check in the Mikrotik if an IPsec plain tunnel is working? An item on "Active peers" with "Stablished" as state is enough or the...
by rbuserdl
Wed Jun 14, 2023 10:07 pm
Forum: General
Topic: IPsec VPN is established but does not send packet [SOLVED]
Replies: 9
Views: 1209

Re: IPsec VPN is established but does not send packet [SOLVED]

Finally, this started to work.
We added the option
ipsec-policy=out,none
to the src-nat rule

Regards,
Damián
by rbuserdl
Wed Jun 14, 2023 4:39 pm
Forum: General
Topic: IPsec VPN is established but does not send packet [SOLVED]
Replies: 9
Views: 1209

Re: IPsec VPN is established but does not send packet [SOLVED]

Hello team! It seems it is something with the Mikrotik, in local computers (Mikrotik side), doing a traceroute to a remote computer (PFsense side), does not appear any IP: C:\>tracert -d 10.10.10.2 Traza a 10.10.10.2 sobre caminos de 30 saltos como máximo. 1 * * * Tiempo de espera agotado para esta ...
by rbuserdl
Wed Jun 14, 2023 3:23 pm
Forum: General
Topic: IPsec VPN is established but does not send packet [SOLVED]
Replies: 9
Views: 1209

Re: IPsec VPN is established but does not send packet [SOLVED]

I read many times your link and I could not figured out what you mean.
Any sugestion?

Regards,
Damián
by rbuserdl
Wed Jun 14, 2023 3:52 am
Forum: General
Topic: IPsec VPN is established but does not send packet [SOLVED]
Replies: 9
Views: 1209

Re: IPsec VPN is established but does not send packet [SOLVED]

Hello! Thanks for your answer, Kentzo. Local LAN is 192.168.5.0/24 and remote LAN is 10.10.10.0/24, I think this is ok. About the firewall, this is almost the basic rules, with a little modifications to allow ipsec incomming, I think. Export: /ip firewall filter add action=accept chain=input comment...
by rbuserdl
Wed Jun 14, 2023 12:09 am
Forum: General
Topic: IPsec VPN is established but does not send packet [SOLVED]
Replies: 9
Views: 1209

IPsec VPN is established but does not send packet [SOLVED]

Hello team!! We replaced yesterday a Fortigate with a RB1100AHx4, we had configured in the fortigate, an IPsec VPN with a remote PFSense wich we do not manage. We copied the settings We could make the policy to show "established" in "PH2 State" The only one "Active Peer"...
by rbuserdl
Tue May 23, 2023 10:40 pm
Forum: Beginner Basics
Topic: IPSec tunnel
Replies: 2
Views: 734

Re: IPSec tunnel

Hello Chouby!! I think you should have an IPsec policy in 1st Mikrotik, something like this: /ip ipsec policy add dst-address=192.168.1.110/32 peer=your_peer proposal=your proposal src-address=192.168.10.0/24 tunnel=yes And the following in your 2nd Mikrotik: /ip ipsec policy add dst-address=192.168...
by rbuserdl
Tue May 23, 2023 10:23 pm
Forum: Beginner Basics
Topic: manage map lite access point through LAN port
Replies: 5
Views: 682

Re: manage map lite access point through LAN port

Hello MikroJonathan!!! Not sure I understand well. I have many questions You can access to your router from vlan2 but you can not access to your router from vlan3? What is there in the LAN Network? The router has a ip address in the same network 172.20.0.0/24? Which IP are you trying to reach from y...
by rbuserdl
Wed Feb 15, 2023 8:55 pm
Forum: General
Topic: Proxy access list synchronization between multiple devices
Replies: 1
Views: 409

Proxy access list synchronization between multiple devices

Hello team!! We have many mikrotik routers, one in each site (About 10 sites). I need to keep the same proxy access list in all the Mikrotik routers * Or keeping the settings in some central place (If this is possible) * Or synchronizing the proxy settings between all the routers (Maybe synchronizin...
by rbuserdl
Thu Jan 19, 2023 7:42 pm
Forum: General
Topic: System,e-mail,error Error sending e-mail <Prueba>: error connecting to server
Replies: 10
Views: 1899

Re: System,e-mail,error Error sending e-mail <Prueba>: error connecting to server

Thanks for your answer k6ccc,
I will try!

Regards,
Damián
by rbuserdl
Thu Jan 19, 2023 3:44 pm
Forum: General
Topic: System,e-mail,error Error sending e-mail <Prueba>: error connecting to server
Replies: 10
Views: 1899

Re: System,e-mail,error Error sending e-mail <Prueba>: error connecting to server

Sorry, I didnt clarify this because I thought that with other Mikrotiks working with the same settings were enough to know that the app password has been created. If I dont create an app password, the account will not work in any Mikrotik. Anyway, my fault. About using another account password, I di...
by rbuserdl
Thu Jan 19, 2023 3:14 pm
Forum: General
Topic: System,e-mail,error Error sending e-mail <Prueba>: error connecting to server
Replies: 10
Views: 1899

Re: System,e-mail,error Error sending e-mail <Prueba>: error connecting to server

Thanks for your answer holvoetn, I believe you, I needed to add an app password to make it work in other routers. If I don't add an app password, the account won't work in any other Mikrotik, but I repeat: the same account with the same settings is working in another Mikrotiks. Thanks in advance Reg...
by rbuserdl
Thu Jan 19, 2023 2:37 pm
Forum: General
Topic: System,e-mail,error Error sending e-mail <Prueba>: error connecting to server
Replies: 10
Views: 1899

Re: System,e-mail,error Error sending e-mail <Prueba>: error connecting to server

Hello team!! Thanks for your answers @BartoszP, when I look for "gmail+problem", I cant get anyone with my problem I just found one old topic which was not solved @holvoetn, This is not the issue, the same account with the same settings is working in other 5 mikrotiks Anyone? Regards, Damián
by rbuserdl
Wed Jan 18, 2023 11:06 pm
Forum: General
Topic: System,e-mail,error Error sending e-mail <Prueba>: error connecting to server
Replies: 10
Views: 1899

System,e-mail,error Error sending e-mail <Prueba>: error connecting to server

Hello team! We configured tool/email settings in many routers with the same gmail free account. I can send test emails in all but one, exatly the same settings in all Mikrotiks The error is the same that in the title of this post. Here the settings: /tool e-mail set address=smtp.gmail.com from=addre...
by rbuserdl
Thu Nov 17, 2022 2:41 pm
Forum: General
Topic: IPsec behind NAT [SOLVED]
Replies: 5
Views: 2914

Re: IPsec behind NAT [SOLVED]

Thanks a lot to both!!!
I just see that the rule I wrote before has no sense because this does not have any address
What you both said makes sense to me, I will try soon

Regards,
Damián
by rbuserdl
Wed Nov 16, 2022 2:31 pm
Forum: General
Topic: IPsec behind NAT [SOLVED]
Replies: 5
Views: 2914

Re: IPsec behind NAT [SOLVED]

Is it a bare IPsec with a policy? If so, bear in mind that the src-nat (in your case, the netmap action in srcnat chain) comes first, and then comes the policy matching. So a packet from 192.168.3.x must get src-nated to, say, 10.168.3.x, and the policy's src-address must be 10.168.3.x at your side...
by rbuserdl
Wed Nov 16, 2022 2:11 pm
Forum: Beginner Basics
Topic: Configure 2 separate networks on single routerboard
Replies: 8
Views: 3812

Re: Configure 2 separate networks on single routerboard

Hello Broderick!
I dont think so, I think you will change the source IP but this does not force the route to going out, just changing the IP where it can go back. Just my thinking, I did not test this.

Regards,
Damián
by rbuserdl
Fri Nov 11, 2022 3:32 pm
Forum: Beginner Basics
Topic: Configure 2 separate networks on single routerboard
Replies: 8
Views: 3812

Re: Configure 2 separate networks on single routerboard

Hello Max!! You wont need to create vlans if you have enought interfaces. I think you cannot manage this with bridges including WAN interfaces because LAN and WAN has different settings I think we will need to use mangle rules This is my suggestion: * A bridge between ether2 and ether5 with an IP on...
by rbuserdl
Fri Nov 11, 2022 3:12 pm
Forum: General
Topic: IPsec behind NAT [SOLVED]
Replies: 5
Views: 2914

IPsec behind NAT [SOLVED]

Hello team!!! I need to create an IPsec VPN between my Mikrotik and another router/firewall which I can not manage (I only can manage the Mikrotik side) My LAN is 192.168.3.0/24, but this segment is in use in the remote network, so they asked me to change my lan or do a kind of nat. I know how to cr...
by rbuserdl
Wed Oct 19, 2022 11:50 pm
Forum: General
Topic: DHCP Server is assigning the same IP in different interfaces
Replies: 10
Views: 1216

Re: DHCP Server is assigning the same IP in different interfaces

Hmmm,
I will test what happen with another devices

Thanks.
Regards,
Damián
by rbuserdl
Wed Oct 19, 2022 11:44 pm
Forum: General
Topic: DHCP Server is assigning the same IP in different interfaces
Replies: 10
Views: 1216

Re: DHCP Server is assigning the same IP in different interfaces

If someone has the same issue before, maybe could give me a tip, if not, nevermind, forget the topic.
by rbuserdl
Wed Oct 19, 2022 11:38 pm
Forum: General
Topic: DHCP Server is assigning the same IP in different interfaces
Replies: 10
Views: 1216

Re: DHCP Server is assigning the same IP in different interfaces

Thanks for your answer If I plug another computer in the same port, it obtains a different IP The isse seems like DHCP is giving reserved addressess for specified macs, even, when this mac is in another network For example, suppose this: We have 192.168.1.1/24 in ehter1 We have 192.168.10.1/24 in et...
by rbuserdl
Wed Oct 19, 2022 11:24 pm
Forum: General
Topic: DHCP Server is assigning the same IP in different interfaces
Replies: 10
Views: 1216

Re: DHCP Server is assigning the same IP in different interfaces

All the settings are more than 1200 lines, it will take too long time to modify enterprise name, site names, public IPs, Passwords and other confidential info, even using "replace all" feature in notepad This MKT has VPNs with 6 different routers, and for both wans Believe me, there are to...
by rbuserdl
Tue Oct 18, 2022 8:23 pm
Forum: General
Topic: DHCP Server is assigning the same IP in different interfaces
Replies: 10
Views: 1216

DHCP Server is assigning the same IP in different interfaces

Hello team!! I have a Mikrotik router, which have 2 different subnets in 2 different interfaces All is working fine I just "Make static" a lease in 192.168.1.0/24 and after this, when I connect the same device in the other subnet, it still got the same IP, when I should get an IP in 192.16...
by rbuserdl
Wed Oct 12, 2022 8:56 pm
Forum: General
Topic: GRE over IPsec between Fortigate and Mikrotik [SOLVED]
Replies: 1
Views: 1068

Re: GRE over IPsec between Fortigate and Mikrotik [SOLVED]

Hello team, I could solve the issue by myself, thanks anyway! The issue was that I had created a policy in the FGT, from GRE interface to GRE interface, but this rules was not needed, FGT needed a policy from IPsec interface to IPsec interface, changing interfaces in the rule starting working Regard...
by rbuserdl
Wed Oct 12, 2022 3:50 pm
Forum: General
Topic: GRE over IPsec between Fortigate and Mikrotik [SOLVED]
Replies: 1
Views: 1068

GRE over IPsec between Fortigate and Mikrotik [SOLVED]

Hello Team!!! I recently created a GRE VPN over IPsec between a Fortigate and a Mikrotik, following this: https://www.linkedin.com/pulse/configuring-ipsec-gre-tunnel-between-fortios-645-routeros-denys It never worked, I get the following error: Mikrotik side: 09:19:32 ipsec,error phase1 negotiation ...
by rbuserdl
Fri Sep 02, 2022 6:51 pm
Forum: Beginner Basics
Topic: Make Bridge from ISP PPPOE Modem to my Mikrotik [SOLVED]
Replies: 13
Views: 5252

Re: Make Bridge from ISP PPPOE Modem to my Mikrotik [SOLVED]

Hello, Where do you need to access from outside? To Mikrotik or a client in the lan side? IMHO, you have 2 options: 1) Change ISP modem to bridge mode (Will be the best option) 2) Create the port forwarding in the ISP modem and in the mikrotik router To be able to connect from outside, you will need...
by rbuserdl
Tue Jul 26, 2022 5:42 pm
Forum: Beginner Basics
Topic: Connect WAP LR8 kit to the Internet using WiFi.
Replies: 3
Views: 707

Re: Connect WAP LR8 kit to the Internet using WiFi.

Hello!

I cant understand you.
When you say "gateway", what device are you referring to?
I dont know the infrastructure of your home network
How do you plan to test the wifi connectivity?

Regards,
Damián
by rbuserdl
Tue Jul 26, 2022 2:24 am
Forum: Beginner Basics
Topic: Connect WAP LR8 kit to the Internet using WiFi.
Replies: 3
Views: 707

Re: Connect WAP LR8 kit to the Internet using WiFi.

Hello! As I understand you want to setup this Mikrotik temporarily as a repeater (Maybe with other SSID and password). If I understand well, I think you will need 2 antennas to do this (I dont know if it is possible to accomplish this with only one antenna), so you can set up an antenna as "sta...
by rbuserdl
Tue Jul 26, 2022 2:01 am
Forum: Beginner Basics
Topic: performance and configuration of hex rb750gr3
Replies: 1
Views: 569

Re: performance and configuration of hex rb750gr3

Hello! I dont have experience with settop box and openwrt and I dont know why you need a public IP on both but I will assume you can assign a static IP as in most network devices. Maybe you should do the following: * Create on Mikrotik a new bridge * Add modem port, openwrt port and settop box port ...
by rbuserdl
Tue Jul 26, 2022 1:34 am
Forum: Beginner Basics
Topic: VPN client can't reach main network
Replies: 1
Views: 365

Re: VPN client can't reach main network

Hello! I think you will need the following: * Add the route to 192.168.1.0/24 in the VPN client config files * Add a route in the Mikrotik router for 192.168.1.0/24 (192.168.1.0/24 as destination, 172.16.100.1 as gateway). I undestand you already had this * Add a route in the Core switch to reach th...
by rbuserdl
Mon Jul 18, 2022 3:26 pm
Forum: Beginner Basics
Topic: Need to access LAN via L2TP VPN - please help
Replies: 5
Views: 4212

Re: Need to access LAN via L2TP VPN - please help

Nice!!
This kind of issues are difficult to see from here!

Regards!
Damián
by rbuserdl
Sun Jul 17, 2022 1:17 am
Forum: Beginner Basics
Topic: Need to access LAN via L2TP VPN - please help
Replies: 5
Views: 4212

Re: Need to access LAN via L2TP VPN - please help

Hello Thanpolas, I can not tell which is the problem yet. Maybe you could try to keep running a ping to some IP in 192.168.2.0/24 network from a computer with the VPN client connected. So in a new terminal, you could run "tool sniffer quick ip-protocol=icmp ip-address=192.168.2.2" Change 1...
by rbuserdl
Tue Jul 12, 2022 11:51 pm
Forum: Beginner Basics
Topic: Need to access LAN via L2TP VPN - please help
Replies: 5
Views: 4212

Re: Need to access LAN via L2TP VPN - please help

Hello Thanpolas! How did you configured the client? I dont remember in Linux, but if your Client is Windows, if you disable the option to use the remote gateway you should need to add a route for remote subnets. First you could check if there is a route for your remote networks ("route print&qu...
by rbuserdl
Mon Jul 11, 2022 3:56 pm
Forum: Beginner Basics
Topic: Script cloud-backup notification [SOLVED]
Replies: 17
Views: 2415

Re: Script cloud-backup notification [SOLVED]

Hello guys!!
I used the Jotne script and worked fine!!
Thanks a lot!
by rbuserdl
Sat Jul 09, 2022 3:40 am
Forum: Beginner Basics
Topic: Script cloud-backup notification [SOLVED]
Replies: 17
Views: 2415

Re: Script cloud-backup notification [SOLVED]

Thanks K6ccc,
I will test this next monday!

Regards,
Damián
by rbuserdl
Sat Jul 09, 2022 1:33 am
Forum: Beginner Basics
Topic: Script cloud-backup notification [SOLVED]
Replies: 17
Views: 2415

Re: Script cloud-backup notification [SOLVED]

Thanks for your answer! For example, without reading all: Without password permission, how the script can make backup? (backup containing also passwords) Without write permission, how can save the file? (sended later on email) I just added the password permission and write permission to the script, ...
by rbuserdl
Sat Jul 09, 2022 12:16 am
Forum: Beginner Basics
Topic: Script cloud-backup notification [SOLVED]
Replies: 17
Views: 2415

Re: Script cloud-backup notification [SOLVED]

Sorry, I though maybe someone had the same problem I didnt think the issue was with the script because it does run correctly without the schedulled task (running from terminal) Here the script: /system script add dont-require-permissions=no name=BackupToEmail owner=soporte policy=ftp,read,policy,tes...
by rbuserdl
Fri Jul 08, 2022 10:34 pm
Forum: Beginner Basics
Topic: Script cloud-backup notification [SOLVED]
Replies: 17
Views: 2415

Re: Script cloud-backup notification [SOLVED]

Hello people!!! I have now the following issue, if I execute the script from the terminal, it does work fine, I get the email correctly but when I schedulle to run the script automatically, I see in the logs the initial log write but nothing else, and I dont get the email. Any suggestion? Thanks in ...
by rbuserdl
Wed Jul 06, 2022 11:16 pm
Forum: Beginner Basics
Topic: Script cloud-backup notification [SOLVED]
Replies: 17
Views: 2415

Re: Script cloud-backup notification [SOLVED]

Thanks Zacharias!
I will try soon and I will update this post.

Regards,
Damián
by rbuserdl
Wed Jul 06, 2022 11:14 pm
Forum: Beginner Basics
Topic: unable to ping out v7.2.3
Replies: 2
Views: 375

Re: unable to ping out v7.2.3

Hello!

The command is still the same in 7.3.1 and it is working for me.
Do you have any rule with chain "output"?
The issue is to any IPv4 address on Internet?
What happen if you ping a private address in any private network connected to the Mikrotik?

Regards!
by rbuserdl
Wed Jul 06, 2022 11:04 pm
Forum: Beginner Basics
Topic: Script cloud-backup notification [SOLVED]
Replies: 17
Views: 2415

Re: Script cloud-backup notification [SOLVED]

Hello people!
Any sugestion to make a backup or export file and upload it somewhere out of the Mikrotik automatically?

Thanks.
Regards,
Damián
by rbuserdl
Tue Jul 05, 2022 3:47 pm
Forum: Beginner Basics
Topic: Script cloud-backup notification [SOLVED]
Replies: 17
Views: 2415

Re: Script cloud-backup notification [SOLVED]

Zacharias, thanks for your answer The last time, I reverted the MACs to the originals, so both will work for me. I just need a way to keep all the configuration updated outside the hardware without depending on humans If the best option is to do this cloud-backup, I will need the "secret-downlo...
by rbuserdl
Tue Jul 05, 2022 12:08 am
Forum: Beginner Basics
Topic: Script cloud-backup notification [SOLVED]
Replies: 17
Views: 2415

Re: Script cloud-backup notification [SOLVED]

One is RB1100Dx4 and the other is RB1100Dx4 Dude Edition.
I recently did a backup and I could restore this in the another manually, I had no problem
Just thinking to have a current backup if some day the first Mikrotik die

Regards,
Damián
by rbuserdl
Mon Jul 04, 2022 7:47 pm
Forum: Beginner Basics
Topic: Script cloud-backup notification [SOLVED]
Replies: 17
Views: 2415

Script cloud-backup notification [SOLVED]

Hello Team!!! I would like to make a script to execute a cloud backup The idea is, if the hardware die, I will need to download the backup to another router (Same hardware) Have seen he following script: https://git.eworm.de/cgit/routeros-scripts/about/doc/backup-cloud.md I did not find where to cha...
by rbuserdl
Sat Jun 11, 2022 5:17 am
Forum: Beginner Basics
Topic: Question about moving certificates to another mikrotik [SOLVED]
Replies: 5
Views: 2083

Re: Question about moving certificates to another mikrotik [SOLVED]

Thanks, I already did this.
Just I did not know the "[find]" part, I had to write all interface names xD

Regards,
Damián
by rbuserdl
Fri Jun 10, 2022 8:51 pm
Forum: Beginner Basics
Topic: Question about moving certificates to another mikrotik [SOLVED]
Replies: 5
Views: 2083

Re: Question about moving certificates to another mikrotik [SOLVED]

Thanks a lot to both!!!!

The second Mikrotik is RB1100x4 the first Mikrotik is RB1100x4 Dude edition
I dont know why I had used export without trying backup
Just tried backup and worked, at least everything is like in first Mikrotik (I cant test the VPN yet)

Regards,
Damián
by rbuserdl
Fri Jun 10, 2022 6:43 pm
Forum: Beginner Basics
Topic: Question about moving certificates to another mikrotik [SOLVED]
Replies: 5
Views: 2083

Question about moving certificates to another mikrotik [SOLVED]

Hello team! I have a SSTP VPN with CA and Server certificates working in a Mikrotik I need to transfer certificates to another hardware which will be a backup (So both sould work) Have exported both certificates in the first mikrotik using password Copied the files to the second mikrotik Imported bo...
by rbuserdl
Tue May 31, 2022 4:04 pm
Forum: Beginner Basics
Topic: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6
Replies: 14
Views: 2273

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Hello may be will be better to Anav to respond because he know much more than me. But IMHO, when you started a session through WAN2, it remains using the same interface until the session finnish or the interface is not available, for example. I think this describes the behavior you mentioned. Regard...
by rbuserdl
Mon May 30, 2022 10:16 pm
Forum: Beginner Basics
Topic: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6
Replies: 14
Views: 2273

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Sorry my questions, just to be on the same page
When you tested the ISP modem in a PC, did you set the IP address statically like in the settings?
What happen if you ping the default gateway from the Mikrotik?

Regards
Damián
by rbuserdl
Mon May 30, 2022 5:30 pm
Forum: Beginner Basics
Topic: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6
Replies: 14
Views: 2273

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Hello,

It seems that wan1 is not working, it does not seem an issue with the load balancing
Did you test wan1 connection with a PC?

Regards,
Damián
by rbuserdl
Mon May 30, 2022 3:55 pm
Forum: Beginner Basics
Topic: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6
Replies: 14
Views: 2273

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Hello, I think I had an issue previosly with dst-address-type=!local Try using dst-address or dst-address-list instead of dst-address-type, something like dst-address=!192.168.0.0/24 After a while, check in "ip->firewall->connections", in gui, if most traffic is with connection-mark Regard...
by rbuserdl
Fri May 13, 2022 10:31 pm
Forum: Beginner Basics
Topic: subdomain
Replies: 1
Views: 861

Re: subdomain

Hello Moron! I am not sure I could understand you well. Do you want to create a port fordward? Do you need that some connection origined outside could reach the VM? In this case, if you have a VM with an IP in the same subnet than your router, you just need to create a dst-nat as follows: * Through ...
by rbuserdl
Fri May 13, 2022 10:08 pm
Forum: Scripting
Topic: Apply queue to mobile devices
Replies: 1
Views: 738

Re: Apply queue to mobile devices

Anything?
by rbuserdl
Thu May 12, 2022 11:53 pm
Forum: Beginner Basics
Topic: Subnets and IPSEC
Replies: 1
Views: 494

Re: Subnets and IPSEC

Hello Sergio, 172.16.0.0/24 and 172.16.1.0/25 subnets are both connected to phisical interfaces in the CCR? In this case, if you configured an IP in each subnet in CCR, you should have a "Connected" route to each subnet, so you should not need any additional route By default, all filter ru...
by rbuserdl
Thu May 12, 2022 12:29 am
Forum: Scripting
Topic: Apply queue to mobile devices
Replies: 1
Views: 738

Apply queue to mobile devices

Hello team, I need to set a bandwith limit for mobile devices. Currently we have any device connected to the same SSID and subnet What are we doing now is create a reservation for computers in an specific range, and marking as "Mobiles" any other IP, but we want to stop using reservations ...
by rbuserdl
Tue Jan 18, 2022 6:08 pm
Forum: General
Topic: Logging to disk when any vpn user is connecting or disconnecting
Replies: 2
Views: 2506

Re: Logging to disk when any vpn user is connecting or disconnecting

Thanks bpwl for your response, When I tried this before, does not work but it does this time I added the following rule: /system logging add action=VPN topics=l2tp,ppp,info When only used the "l2tp" topic, I got more events (I dont need so much), so I had to use the 3 topics I dont know wh...
by rbuserdl
Tue Jan 18, 2022 5:44 pm
Forum: General
Topic: Logging to disk when any vpn user is connecting or disconnecting
Replies: 2
Views: 2506

Logging to disk when any vpn user is connecting or disconnecting

Hello Team, I would like to log to disk when a l2tp user is connecting or disconnecting to the Mikrotik VPN server Currently, with the default settings, I can see something like this: 12:26:42 l2tp,ppp,info <l2tp-user>: connected 12:26:46 l2tp,ppp,info <l2tp-user>: disconnected I need more lines for...
by rbuserdl
Wed Jan 12, 2022 9:46 pm
Forum: General
Topic: Many L2TP/IPsec VPN failing since power outage
Replies: 3
Views: 1619

Re: Many L2TP/IPsec VPN failing since power outage

Sorry, you are right
I searched in google, not here and I did not found this
By uninstalling this update KB5009543 in Windows 10, started to work again.

Thanks
Regards,
Damián
by rbuserdl
Wed Jan 12, 2022 9:18 pm
Forum: General
Topic: Many L2TP/IPsec VPN failing since power outage
Replies: 3
Views: 1619

Many L2TP/IPsec VPN failing since power outage

Hello team!!! Happy new year for all of you! Yesterday, in several cities in Argentina (My Country) there were a power outage. Since then I have the following issue I have several VPN clients configured in my PC, one or two for each customer, now, when I try to connect to some VPNs (Not all), I get ...
by rbuserdl
Fri Jul 02, 2021 5:39 pm
Forum: Beginner Basics
Topic: Bridge with DHCP server
Replies: 3
Views: 1367

Re: Bridge with DHCP server

You are wellcome
What happened?
by rbuserdl
Thu Jun 24, 2021 12:07 am
Forum: Beginner Basics
Topic: Bridge with DHCP server
Replies: 3
Views: 1367

Re: Bridge with DHCP server

Hello, Why you cannot create a DHCP in a bridge 1 in building 1? I think you should: Building1: * Create a bridge with all the wireless and ether1 interfaces * Create an static IP address for this bridge * Create a DHCP Server for this bridge (First the pool if you prefer to do not use wizard) Build...
by rbuserdl
Tue Jun 22, 2021 3:09 pm
Forum: Beginner Basics
Topic: Slow navigation/browsing speeds [SOLVED]
Replies: 15
Views: 10915

Re: Slow navigation/browsing speeds [SOLVED]

Hello,
Glad to know you could solve the issue. I really never suspected on the Mikrotik router.
This kind of discussions with the ISP first line support is very common in my country (Argentina), you should take a sedative before call them, hehehehehehehe
Regards,
Damián
by rbuserdl
Sun Jun 20, 2021 1:50 am
Forum: Beginner Basics
Topic: VPN
Replies: 1
Views: 627

Re: VPN

Hello

Which kind of VPN you need to set up?
What is the VPN Server?
Your should explain something

Regards
by rbuserdl
Sun Jun 20, 2021 1:26 am
Forum: Beginner Basics
Topic: Slow navigation/browsing speeds [SOLVED]
Replies: 15
Views: 10915

Re: Slow navigation/browsing speeds [SOLVED]

Wow, the link went donw twice in 2 minutes witout being moved? weird Yes, this is an issue with something between the modem and the Mikrotik router (Modem, Cable or Mikrotik Router) I believe this is something with your modem, would be weird that the cable behavior like this with the cable not being...
by rbuserdl
Mon Jun 14, 2021 4:12 am
Forum: Beginner Basics
Topic: Slow navigation/browsing speeds [SOLVED]
Replies: 15
Views: 10915

Re: Slow navigation/browsing speeds [SOLVED]

Hello, IMHO this does not seems an issue related to the mikrotik router I have 2 doubts about your config /ip firewall mangle add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=ether1 passthrough=yes protocol=tcp tcp-flags=syn add action=mark-packet chain=postrouting new-packet-...
by rbuserdl
Mon Jun 14, 2021 3:33 am
Forum: Wireless Networking
Topic: Spectral History to a file
Replies: 2
Views: 1269

Re: Spectral History to a file

Any help will be apreciated
Thanks

Regards,
Damián
by rbuserdl
Fri Jun 04, 2021 4:08 pm
Forum: Wireless Networking
Topic: Spectral History to a file
Replies: 2
Views: 1269

Spectral History to a file

Hello people!!! I suspect that in an specific place there are intermittent noise interfering with the 2GHz band, just connected a Mikrotik to try to identify if my suspicion is true. The problem is that maybe the noise doesnt appear when I am looking the spectral-history output I would like to know ...
by rbuserdl
Mon Feb 08, 2021 5:54 pm
Forum: General
Topic: Wireless - spectral history to a file
Replies: 2
Views: 505

Re: Wireless - spectral history to a file

Hello Maybe I didnt explain it very well. sorry APold is connected to LAN with wire and it is not connected to any other wireless network, I set it as station mode just to have the wireless card enabled and not delivering WiFi. My question was related to how to make a readable file with information ...
by rbuserdl
Mon Feb 08, 2021 4:38 pm
Forum: General
Topic: Wireless - spectral history to a file
Replies: 2
Views: 505

Wireless - spectral history to a file

Hello people!!! I have a site with many APs, recently I disabled WiFi on one of them, we can name it as "AP old", and added another AP (Also Mikrotik) close to the another. we can call it as "AP new" So, actually set wireless card in "AP old" to station mode and added &...
by rbuserdl
Mon Jan 18, 2021 6:03 pm
Forum: Beginner Basics
Topic: WiFi limitations
Replies: 16
Views: 4753

Re: WiFi limitations

Well, today someone told me that WiFi was working awful again. So, I find out further, and again the same AP than before, stoped working. When users was trying to connect to this, they got: "No es posible conectarse a esta red", thing this is something like "Could not connect to this ...
by rbuserdl
Thu Jan 14, 2021 11:12 pm
Forum: Beginner Basics
Topic: WiFi limitations
Replies: 16
Views: 4753

Re: WiFi limitations

Thanks a lot!!! I just went to the place for first time and came back to my home. There are 4 APs in different places, ussing channels 1, 6 and 11. Each AP has a different SSID I changed to use only N and will see, I could not determine if the issue is solved because there were few people there, I w...
by rbuserdl
Thu Jan 14, 2021 2:30 pm
Forum: Beginner Basics
Topic: WiFi limitations
Replies: 16
Views: 4753

Re: WiFi limitations

Thanks again There are less devices connected now I dont have any option to attach files I had tested some options in "/interface wireless registration-table print" but I didnt see the "stats" parameter. Here are the results: # jan/14/2021 9:12:43 by RouterOS 6.41.2 # software id...
by rbuserdl
Wed Jan 13, 2021 8:31 pm
Forum: Beginner Basics
Topic: WiFi limitations
Replies: 16
Views: 4753

Re: WiFi limitations

Hello, Thank you so much for all the explanatons. I never paid attention to "Tx rate" and "Rx rate" because I dont know what means: "1S", "2S" and "SGI", also every item has a rate in Mbps and some items has a "20 MHz" after this, other ite...
by rbuserdl
Wed Jan 13, 2021 4:55 pm
Forum: Beginner Basics
Topic: WiFi limitations
Replies: 16
Views: 4753

WiFi limitations

Hello people!!! I have seen in a Mikrotik document (that I cannot find now), that the ammount of devices connected to an AP could be more than 50 (If my memory is working fine, which probably isnt) I have a RB951Ui-2HnD, which has about 16-18 devices connected throuhg Wireless, I had changed the fre...
by rbuserdl
Thu Dec 03, 2020 9:27 pm
Forum: Beginner Basics
Topic: PCQ queue is better than without any queue?
Replies: 5
Views: 2568

Re: PCQ queue is better than without any queue?

Hello,

I was just wondering if it will be better to implement an only queue (type PCQ) in all the routers where I have not any queue to be more fair with the bandwith distribution
Thanks for all your responses and for the video, although I should watch this later.

Regards,
Damián
by rbuserdl
Thu Dec 03, 2020 6:15 pm
Forum: Beginner Basics
Topic: PCQ queue is better than without any queue?
Replies: 5
Views: 2568

PCQ queue is better than without any queue?

Hello people!! As I understand from: https://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ I think that when there are many users connected, using the same ISP, which is saturating, the PCQ queue does more equitatable the use of the bandwith, does that anyone can use at least something the Internet con...
by rbuserdl
Thu Oct 15, 2020 6:09 pm
Forum: General
Topic: OpenVpn connected but no lan neither internet [SOLVED]
Replies: 9
Views: 3037

Re: OpenVpn connected but no lan neither internet [SOLVED]

Hello

You have included the 192.168.89.255 in the pool, I think this is the problem
I suggest you to change it to 253 (I have problem recently adding the 254 too)

Regards,
Damián
by rbuserdl
Wed Oct 14, 2020 10:38 pm
Forum: General
Topic: OVPN can not connect
Replies: 4
Views: 2723

Re: OVPN can not connect

I just see again the client logs and realice that it pointed to 192.168.16.254, it seems that although the profile is configured with "192.168.16.1" as local address, there is a kind of conflict with the last IP of the pool I just changed my pool from [192.168.16.250 - 192.168.16.254] to [...
by rbuserdl
Wed Oct 14, 2020 10:37 pm
Forum: General
Topic: Windows OpenVPN Client with OvpnServer RB1000 v4.3
Replies: 6
Views: 12523

Re: Windows OpenVPN Client with OvpnServer RB1000 v4.3

I just see again the client logs and realice that it pointed to 192.168.16.254, it seems that although the profile is configured with 192.168.16.1as local address, there is a kind of conflict with the last IP of the pool I just changed my pool from [192.168.16.250 - 192.168.16.254] to [192.168.16.24...
by rbuserdl
Wed Oct 14, 2020 8:44 pm
Forum: General
Topic: OVPN can not connect
Replies: 4
Views: 2723

Re: OVPN can not connect

Hello,

In /system logging, I just added the ovpn topic, is there something else to add to get the error with more details?
I also checked that the connections is going out ussing the same interface where it entered.
Any clue?

Thanks in advance.
Regards,
Damián
by rbuserdl
Tue Oct 13, 2020 5:16 pm
Forum: General
Topic: OVPN can not connect
Replies: 4
Views: 2723

OVPN can not connect

Hello everyone! I just created an OVPN Server in a Mikrotik router, then tried to connect from a Windows outside and get the following log in Mikrotik: # oct/13/2020 10:57:59 by RouterOS 6.47.1 # software id = 6Q79-08JT # 10:56:43 ovpn,info TCP connection established from externalIP 10:56:43 ovpn,de...
by rbuserdl
Fri Oct 09, 2020 5:22 pm
Forum: Beginner Basics
Topic: Dead hardware?
Replies: 2
Views: 973

Re: Dead hardware?

Thanks Moba,
I will try
by rbuserdl
Thu Oct 08, 2020 11:57 pm
Forum: Beginner Basics
Topic: Dead hardware?
Replies: 2
Views: 973

Dead hardware?

Hello people!! I have a CloudCore CCR-1036 Router which was working fine for many years Recently it stoped working, now it shows a lot of blinking lights and make a weird sound, like an stucked fan As soon as I connect the router only with power cable, happen the following: - Ether5 to ether8, are w...
by rbuserdl
Mon Sep 21, 2020 11:38 pm
Forum: General
Topic: Mangle rules with unexpected behavior [SOLVED]
Replies: 7
Views: 2361

Re: Mangle rules with unexpected behavior [SOLVED]

Sindy, you are awesome!! You are right. I should take care of this or I will need to start to use code to configure mangle rules instead of GUI. So, with the "passthrough" option disabled in the 6th rule, the router was putting the connection mark "ISP1_conn" in the first packet,...
by rbuserdl
Mon Sep 21, 2020 9:54 pm
Forum: General
Topic: Mangle rules with unexpected behavior [SOLVED]
Replies: 7
Views: 2361

Re: Mangle rules with unexpected behavior [SOLVED]

Hello Sindy, thanks a lot 1. does the 14th rule (action=mark-routing chain=prerouting connection-mark=ISP1_con dst-address=!192.168.1.0/24 new-routing-mark=to_ISP1 passthrough=no src-address=192.168.1.0/24) count as well? Yes, but this has a lot of packets, because the mikrotik is in production, so ...
by rbuserdl
Mon Sep 21, 2020 5:30 pm
Forum: General
Topic: Mangle rules with unexpected behavior [SOLVED]
Replies: 7
Views: 2361

Mangle rules with unexpected behavior [SOLVED]

Hello people!!! In a RB11000AHx4 (RouterOS and Firmware v6.47.1) with 2 WAN interfaces, I did some marks trying to accomplish the following: - Which is incomming from WAN1, goes out through WAN1, the same for WAN2 - Some random local IPs goes out through WAN1, and other through WAN2 - There are few ...
by rbuserdl
Mon Sep 14, 2020 3:28 pm
Forum: General
Topic: L2TP+IPsec VPN with drops
Replies: 6
Views: 2587

Re: L2TP+IPsec VPN with drops

Thanks for your answers, The issue is not every 7 hours, the issue happen in random time, a couple of minutes (usually less then half hour) I configured a SSTP VPN and it seems to be working fine Anyone knows why SSTP is more stable than L2TP+IPsec? Is there any workaround in the mikrotik side? Rega...
by rbuserdl
Thu Sep 10, 2020 8:40 pm
Forum: Beginner Basics
Topic: Packet lost in NAT
Replies: 6
Views: 990

Re: Packet lost in NAT

Hello olegon, I still dont understand you very well. I create VPN and interface vpn created with address 10.121.241.126 Is this the public IP wich VPN clients use to connect to? I connect PC directly to Mikrotik PC - 192.168.88.70 Directly how? Ethernet cable? Which kind of VPN are you using? Now, I...
by rbuserdl
Thu Sep 10, 2020 3:36 pm
Forum: General
Topic: L2TP+IPsec VPN with drops
Replies: 6
Views: 2587

Re: L2TP+IPsec VPN with drops

It is not really a remedy for your problem. But I have had it with some users and was able to assign it mainly to their internet connection. It was mainly DS-Light connections that were affected by the problem. I assume that you have a Windows client. I also activated the SSTP VPN in the router and...
by rbuserdl
Thu Sep 10, 2020 2:46 am
Forum: Beginner Basics
Topic: Wireless / Interface ACL
Replies: 3
Views: 835

Re: Wireless / Interface ACL

Sorry, I forget that is not posible to use slave interfaces (members of a bridge) in filter rules In Winbox gui, when creating a new rule, in advanced tab, there are two matching options called: "in-bridge-port" and "out-bridge-port", this is an option, you should need to enable ...
by rbuserdl
Thu Sep 10, 2020 12:51 am
Forum: Beginner Basics
Topic: Wireless / Interface ACL
Replies: 3
Views: 835

Re: Wireless / Interface ACL

Hello,
I would like to restrict traffic and apply an acl on two interfaces
ACL should be something like some interfaces/IP/users can access some other interfaces?
This seems to me like 2 firewall filter rules

Regards,
Damián
by rbuserdl
Thu Sep 10, 2020 12:28 am
Forum: Beginner Basics
Topic: Packet lost in NAT
Replies: 6
Views: 990

Re: Packet lost in NAT

Hi Olegon,
I cannot understand you very well.
You connect a PC to a Mikrotik through VPN through Internet?
Which kind of VPN do you have?
Which IP are you using to ping?
Maybe you could do an "Export" to show us your settings, hidding sensitive information.

Regards,
Damián
by rbuserdl
Wed Sep 09, 2020 11:42 pm
Forum: Beginner Basics
Topic: RBwsAP-5Hac2nD can not ping lan ethernet camera, but can everything else using nv2 ap bridge - station bridge [SOLVED]
Replies: 3
Views: 946

Re: RBwsAP-5Hac2nD can not ping lan ethernet camera, but can everything else using nv2 ap bridge - station bridge [SOLVED]

Hello, I think the nv2 bridge is not playing here but I am not sure that I understand very well your issue. When you ping from one PC (192.168.0.50) to 192.168.0.110 (Camera) you get an answer But when you ping from 192.168.0.11 (Router) you dont get an answer This ethernet camera, the router and th...
by rbuserdl
Wed Sep 09, 2020 11:09 pm
Forum: General
Topic: L2TP+IPsec VPN with drops
Replies: 6
Views: 2587

Re: L2TP+IPsec VPN with drops

Any idea?
by rbuserdl
Tue Sep 08, 2020 5:30 pm
Forum: General
Topic: L2TP+IPsec VPN with drops
Replies: 6
Views: 2587

L2TP+IPsec VPN with drops

Hello team, I have the following issue: There is one place with 2 WAN connections, I had previously a PPTP VPN in a Windows Server which was removed, then I created a L2TP+IPsec in the border router (RB1100Dx4) Since the users stopped connecting to PPTP Server and started to connect to L2TP+IPsec VP...
by rbuserdl
Thu Jul 30, 2020 10:51 pm
Forum: General
Topic: IPsec VPN between Mikrotik and Fortigate
Replies: 8
Views: 11443

Re: IPsec VPN between Mikrotik and Fortigate

Thanks Sindy, I didnt know that I should activate the debug log level. While you wrote your response I was watching an youtube tutorial in spanish and this worked to me: https://www.youtube.com/watch?v=1V7h8kJLvH0 This uses only des, maybe I will try later with another security and will upload the s...
by rbuserdl
Thu Jul 30, 2020 9:48 pm
Forum: General
Topic: IPsec VPN between Mikrotik and Fortigate
Replies: 8
Views: 11443

Re: IPsec VPN between Mikrotik and Fortigate

Hello, Thank you Sindy, PFS-group in Phase 2 proposal do match the dh-group in Phase 1 profile, both are modp1536 Mikrotik is set to respond only (passive=yes) and I get all the time the same error in log: 15:36:24 ipsec,error FGpublicIP failed to pre-process ph2 packet. Which means nothing to me, I...
by rbuserdl
Thu Jul 30, 2020 6:28 pm
Forum: General
Topic: IPsec VPN between Mikrotik and Fortigate
Replies: 8
Views: 11443

Re: IPsec VPN between Mikrotik and Fortigate

Hello, thanks for your response. In the Mikrotik, "active peer" tab, "side" column, it appears as "responder", I changed the auto-negotiate option to disabled in the fortigate, which I think is to trigger the tunnel from the Mikrotik. I am not sure but maybe the "r...
by rbuserdl
Thu Jul 30, 2020 4:34 pm
Forum: General
Topic: IPsec VPN between Mikrotik and Fortigate
Replies: 8
Views: 11443

Re: IPsec VPN between Mikrotik and Fortigate

Hello, thanks for your response. I have no way to do this so far. I passed the "No policy" message but I get the following: 6353: notify msg received: NO-PROPOSAL-CHOSEN I have a proposal created and this is selected in the policy Now the tunnel is down in the fortigate but I see 2 active ...
by rbuserdl
Thu Jul 30, 2020 3:47 pm
Forum: General
Topic: Easy way to log proxy bloked urls
Replies: 6
Views: 1853

Re: Easy way to log proxy bloked urls

Ok, thanks anyway

Regards,
Damián
by rbuserdl
Wed Jul 29, 2020 11:52 pm
Forum: General
Topic: IPsec VPN between Mikrotik and Fortigate
Replies: 8
Views: 11443

IPsec VPN between Mikrotik and Fortigate

Hello, I tried to create for first time a VPN between a Fortigate 60E (v5.6.0) and a Mikrotik CCR1009-7G-1C-1S+ (v6.45.7) but with issues Used the following "guide": https://www.fastbit.ro/en/ipsec-site-to-site-vpn-between-fortigate-and-mikrotik/#:~:text=On%20the%20Action%20TAB%20fill,crea...
by rbuserdl
Wed Jul 29, 2020 11:24 pm
Forum: General
Topic: Easy way to log proxy bloked urls
Replies: 6
Views: 1853

Re: Easy way to log proxy bloked urls

Hello and thanks. I have many webproxy access rules to allow many sites and the last one is a rule that deny all, it is like a "white list" When I disable the rule to deny all, this start to work. This issue started happening about 3 weeks ago, before, this worked fine for about 1 year or ...
by rbuserdl
Wed Jul 29, 2020 11:00 pm
Forum: General
Topic: Easy way to log proxy bloked urls
Replies: 6
Views: 1853

Re: Easy way to log proxy bloked urls

Hello, Thanks for your response. However I think this is a proxy issue, because, when I allow everything in the proxy, Outlook start working. - Outlook works fine some days - Some day Outlook stop getting connection - Outlook does not work never - I allow everything in the proxy server - Outlook sta...
by rbuserdl
Wed Jul 29, 2020 7:06 pm
Forum: General
Topic: Easy way to log proxy bloked urls
Replies: 6
Views: 1853

Easy way to log proxy bloked urls

Hello, Office 365 mail in Outlook sometimes stop working, if I allow all in webproxy, the mail work again for some time but after a time the issue happen again. So I just want to know what is blocking the proxy when the mail is not working If I create a logging rule for all "webproxy" topi...
by rbuserdl
Mon May 11, 2020 4:35 pm
Forum: Beginner Basics
Topic: vpn l2tp ipsec server on hAP ac2 problem
Replies: 1
Views: 902

Re: vpn l2tp ipsec server on hAP ac2 problem

Hello,

How do you reach the router? Ping?
Using which IP? Public IP, LAN IP or VPN IP?
Did you check the filter rules? Your drop forward rules are droping all from WAN or everything?

Regards
Damián
by rbuserdl
Tue May 05, 2020 8:02 pm
Forum: General
Topic: Failover not working [SOLVED]
Replies: 19
Views: 8377

Re: Failover not working [SOLVED]

Perfect as allways!!
Thanks Sindy!!!
by rbuserdl
Tue May 05, 2020 6:16 pm
Forum: General
Topic: Failover not working [SOLVED]
Replies: 19
Views: 8377

Re: Failover not working [SOLVED]

Hello Sindy, Some time before, I needed to set up marks in a router with dinamyc IPs, then you sugested me to add the following script in the dhcp-client: { :local routeId [/ip route find distance=1 dst-address~"0.0.0.0/0" routing-mark=to_WAN1] if (($bound=1) and ([ip route get $routeId ga...
by rbuserdl
Mon May 04, 2020 9:50 pm
Forum: General
Topic: Failover not working [SOLVED]
Replies: 19
Views: 8377

Re: Failover not working [SOLVED]

It's not a good idea to ping the DNS servers provided by the ISP as a check that the ISP's own connections to internet work. They may respond to pings although they've lost access to the internet themselves. Yeah, thanks, I have realliced this after my post In those cases failover wont work Regards
by rbuserdl
Mon May 04, 2020 4:43 pm
Forum: General
Topic: Failover not working [SOLVED]
Replies: 19
Views: 8377

Re: Failover not working [SOLVED]

Sorry, I needed to take care about other issues.
Ok, I will test first with only 1 router (Which has marks) but each ISP provided us 2 DNS servers, so maybe I can use those DNS for the failover purpose and 8.8.8.8 as DNS Server
I will let you know the results.

Regards,
Damián
by rbuserdl
Mon Apr 27, 2020 10:03 pm
Forum: General
Topic: Failover not working [SOLVED]
Replies: 19
Views: 8377

Re: Failover not working [SOLVED]

I think it should be mentioned, in case your recursive failover uses some known DNS Servers like 8.8.8.8 then if that DNS is used by your Router as well it won't work... So make sure you use DNS Servers on your Router more than the ones that are used on your recursive failover as well... Sorry Zach...
by rbuserdl
Mon Apr 27, 2020 8:55 pm
Forum: General
Topic: Failover not working [SOLVED]
Replies: 19
Views: 8377

Re: Failover not working [SOLVED]

Thank you both, Sindy, you were right, I recently added the ip-address to the sniffer and tested, I got the following: INTERFACE TIME NUM DI SRC-MAC DST-MAC VLAN ether11 76.146 1 <- 10:1B:54:BB:25:2B 6C:3B:6B:08:75:DE 4 vlan4-vlan-wan1 76.146 2 <- 10:1B:54:BB:25:2B 6C:3B:6B:08:75:DE vlan5-vlan-wan2 ...
by rbuserdl
Mon Apr 27, 2020 7:06 pm
Forum: General
Topic: Failover not working [SOLVED]
Replies: 19
Views: 8377

Re: Failover not working [SOLVED]

Hello!!!! Sindy, you are the best!!! Great tutorial, I will try to apply the 2º method in all our Mikrotik routers. Do you know if this will work in routers with routing marks? I think I need to create the sames routes twice, once for the right routing mark and once without marks "/tool sniffer...
by rbuserdl
Mon Apr 27, 2020 4:37 pm
Forum: General
Topic: Failover not working [SOLVED]
Replies: 19
Views: 8377

Failover not working [SOLVED]

Hello team!!! I have seen recently the following scenario: * Mikrotik router with 2 WAN connections * When all the connecitons work I can connect from Winbox and I can ping through any WAN with no need to create mangle rules (No routing marks currently) * Once, the main ISP failed (The one with the ...
by rbuserdl
Fri Apr 17, 2020 12:02 am
Forum: Beginner Basics
Topic: Port forward problem
Replies: 1
Views: 1451

Re: Port forward problem

Hello, I saw that you wrote port 433 in the forum but the code is for port 443, I will asume that you want to nat the https port to this IP address. The code seems to be all right I never have used the "to_addresses" with 0.0.0.0 in the masquerade rule, I dont know if this works. /ip firew...
by rbuserdl
Thu Apr 16, 2020 8:31 pm
Forum: General
Topic: Basic question about L2TP + IPsec VPN
Replies: 13
Views: 5012

Re: Basic question about L2TP + IPsec VPN

Ok, thanks
I understand this, I dont know if I will need this in the future but it is a great idea!

Regards,
Damián
by rbuserdl
Thu Apr 16, 2020 6:38 pm
Forum: General
Topic: Basic question about L2TP + IPsec VPN
Replies: 13
Views: 5012

Re: Basic question about L2TP + IPsec VPN

Srcnat rule is fix for this (when you have different subnets for LAN and VPN,uncheck remote gateway, but don't add manual route): If I uncheck the "Use the remote gateway" options in the client side I cannot reach the LAN through the VPN I mostly create VPN Tunnels with the VPN subnet bei...
by rbuserdl
Thu Apr 16, 2020 12:07 am
Forum: General
Topic: Basic question about L2TP + IPsec VPN
Replies: 13
Views: 5012

Re: Basic question about L2TP + IPsec VPN

I just posted this for Windows in another thread. Here's how to add a VPN tunnel in Windows 10. We push this out via group policy so it is available when users are off the network. Add-VpnConnection -Name "SLHV CNE" -ServerAddress "<URL or IP>" -AllUserConnection:$true -Authenti...
by rbuserdl
Fri Mar 20, 2020 2:41 pm
Forum: General
Topic: Basic question about L2TP + IPsec VPN
Replies: 13
Views: 5012

Re: Basic question about L2TP + IPsec VPN

Thank you Sob, Really good explanation!!! Until now, I though that the split tunnel option is something in the VPN server settings but I do understand what you said and understand that it depends on this "Use default gateway in the remote network" Windows option. I never tested this behavi...
by rbuserdl
Thu Mar 19, 2020 2:46 pm
Forum: General
Topic: Basic question about L2TP + IPsec VPN
Replies: 13
Views: 5012

Re: Basic question about L2TP + IPsec VPN

Hello, This is my config: /ip pool add name=poolL2TP ranges=192.168.6.10-192.168.6.254 /ip firewall filter add action=accept chain=input dst-port=500,1701,4500 protocol=udp add action=accept chain=input protocol=ipsec-esp add action=accept chain=input protocol=ipsec-ah /ip ipsec mode-config add addr...
by rbuserdl
Wed Mar 18, 2020 8:24 pm
Forum: General
Topic: Basic question about L2TP + IPsec VPN
Replies: 13
Views: 5012

Re: Basic question about L2TP + IPsec VPN

Hello people, Adding the following: I find: https://forum.mikrotik.com/viewtopic.php?t=135700 In this thread, Sob suggested to uncheck the option to use the remote gateway in the client side and add a route for the remote network. As there are a lot of users and many use any connection whereever the...
by rbuserdl
Wed Mar 18, 2020 7:51 pm
Forum: General
Topic: Basic question about L2TP + IPsec VPN
Replies: 13
Views: 5012

Basic question about L2TP + IPsec VPN

Hello people, I just created many L2TP VPNs in many Mikrotiks, you know why, just creating a pool (Outside the local nework), many ip ipsec settings, ppp settings and adding the rules to allow the connection. The VPNs are working fine I just realliced that when I connect to one of these VPNs, I use ...
by rbuserdl
Tue Mar 17, 2020 7:58 pm
Forum: General
Topic: L2TP/IPsec VPN issues
Replies: 1
Views: 1140

Re: L2TP/IPsec VPN issues

Sorry, I found the issue I have connection and routing marks in "/ip firewall mangle", that were triggering the issue Just added a rule to do not mark anything going to 192.168.5.0/24 /ip firewall mangle add action=accept chain=prerouting dst-address=192.168.5.0/24 Works fine. Regards, Dam...
by rbuserdl
Tue Mar 17, 2020 6:08 pm
Forum: General
Topic: L2TP/IPsec VPN issues
Replies: 1
Views: 1140

L2TP/IPsec VPN issues

Hello, I just created a L2TP/IPsec VPN with the following settings: /ip pool add name="Pool L2TP" ranges=192.168.5.10-192.168.5.254 /ip ipsec mode-config add address-pool="Pool L2TP" name=l2tp_config system-dns=no /ip ipsec profile set [ find default=yes ] dh-group=modp1024 enc-a...
by rbuserdl
Mon Mar 02, 2020 4:17 pm
Forum: General
Topic: GRE VPNs weird behavior
Replies: 5
Views: 2549

Re: GRE VPNs weird behavior

Hmmm, could be nice
Anyway, now it is working, I wont change it so far :D

Regards
by rbuserdl
Mon Mar 02, 2020 3:14 pm
Forum: General
Topic: GRE VPNs weird behavior
Replies: 5
Views: 2549

Re: GRE VPNs weird behavior

Thank you all for your responses I just created the redundant VPN and now I can enable this filter rule. I dont know why but with the second VPN, this rules does not drop the traffic between both sites Also I make a ping and checked that icmp was using the main GRE (Which was already created at the ...
by rbuserdl
Wed Feb 26, 2020 9:49 pm
Forum: General
Topic: GRE VPNs weird behavior
Replies: 5
Views: 2549

GRE VPNs weird behavior

Hello, I have many GRE VPNs between many sites, I have the following issue just with one VPN. In all the sites we have 2 WAN and we make 2 VPNs for each needed, example Site1 WAN1 <-> Site2 WAN1 and Site1 WAN2 <-> Site2 WAN2 When I create the VPN, I allways do the following: - Create the VPN as in t...
by rbuserdl
Fri Jan 31, 2020 11:58 pm
Forum: Beginner Basics
Topic: URL address conversion
Replies: 13
Views: 78379

Re: URL address conversion

I am not sure about this:
Your old Internet radio is inside your LAN and all the connetions are originated outside?
What device is your internet radio?

Regards
Damián
by rbuserdl
Thu Jan 30, 2020 11:00 pm
Forum: Beginner Basics
Topic: URL address conversion
Replies: 13
Views: 78379

Re: URL address conversion

What happen if the site has http and https?
by rbuserdl
Thu Jan 30, 2020 10:44 pm
Forum: Beginner Basics
Topic: URL address conversion
Replies: 13
Views: 78379

Re: URL address conversion

Maybe creating a dst-nat, only changing the port, from 443 to 80, but I am not sure if this will work. That can't work. Browser expects to talk HTTP over SSL when URL entered starts with https:// and the remote port number is of the least concern here. Port 443 is merely default port for that parti...
by rbuserdl
Thu Jan 30, 2020 9:48 pm
Forum: General
Topic: Too much traffic with gre protocol
Replies: 1
Views: 845

Re: Too much traffic with gre protocol

Any idea?
by rbuserdl
Thu Jan 30, 2020 6:09 pm
Forum: Beginner Basics
Topic: URL address conversion
Replies: 13
Views: 78379

Re: URL address conversion

Hello ManOLCZ! I am not sure about what do you need. Do you need that when a user inside your LAN, write this url (outside your LAN, somewhere in Internet), they will be redirected in port 80 instead 443? Maybe creating a dst-nat, only changing the port, from 443 to 80, but I am not sure if this wil...
by rbuserdl
Thu Jan 30, 2020 5:37 pm
Forum: Beginner Basics
Topic: 2-WAN basic help needed
Replies: 11
Views: 2677

Re: 2-WAN basic help needed

Sorry, I could not continue with this yesterday and I think I won't have enough time today, should be tomorrow. What happened with the internet connections? Could you test them in the Mikrotik? If the current router is making failover and load balance, you can disconnect only one ISP and connect it ...
by rbuserdl
Wed Jan 29, 2020 9:09 pm
Forum: Beginner Basics
Topic: 2-WAN basic help needed
Replies: 11
Views: 2677

Re: 2-WAN basic help needed

Sorry, my mistake I didn't reallice that the private IP was in ether2 Anyway, I think this router is not in production, right? If it stop working, you allways can reset it. Try to make a backup often, you can do this by clicking in "file", you can copy the file to your computer, I think yo...
by rbuserdl
Wed Jan 29, 2020 4:02 pm
Forum: Beginner Basics
Topic: 2-WAN basic help needed
Replies: 11
Views: 2677

Re: 2-WAN basic help needed

No problem, Ok, first work to make 2 wans working. First step is remove ether2 from the bridge (to use ether1 and ether2 as WAN, you can use another interfaces) In the graphic interface, go to bridge -> "ports" tab -> remove ether2 from there ether1 has a dhcp-client, so you can use it for...
by rbuserdl
Tue Jan 28, 2020 11:15 pm
Forum: Beginner Basics
Topic: 2-WAN basic help needed
Replies: 11
Views: 2677

Re: 2-WAN basic help needed

Hello Stormy, First, I recommend to you to use winbox, this is a free tool which you can download from https://mikrotik.com/download There is not a kind of guide to set up it all in one step (As I know), you can do almost everything you can do with other routers, but you should configure it step by ...
by rbuserdl
Tue Jan 28, 2020 12:55 am
Forum: Beginner Basics
Topic: bandwidth limit
Replies: 4
Views: 1969

Re: bandwidth limit

Hello, I think, that will be better to create 2 packet marks (at the end of the mangle rules) * One with dst-interface = WAN1 (Upload) * One with dst-interface = LAN (Download) I think this should work although I cannot test at in my home and I never have enought time at my work office. Also you sho...
by rbuserdl
Mon Jan 27, 2020 11:00 pm
Forum: General
Topic: Too much traffic with gre protocol
Replies: 1
Views: 845

Too much traffic with gre protocol

Hello, I just realliced that I have too much traffic through the only WAN interface on this site, this is a very slow connection, about 5 Mbps simetric. When I opened "ip -> firewall -> connections" and I sorted by "Orig/Repl. Rate", I realliced that the connection with the most ...
by rbuserdl
Mon Jan 27, 2020 8:24 pm
Forum: Beginner Basics
Topic: bandwidth limit
Replies: 4
Views: 1969

Re: bandwidth limit

Hello, I will think this better when I return to my home. So far, I think you only need to add a packet mark at the end, to all packet with "WAN1_conn" connection mark, matching the IP you want with src_address (src_address-list if there are many IPs) You should reserve these IPs (Prevent ...
by rbuserdl
Mon Jan 27, 2020 8:10 pm
Forum: General
Topic: RoMON only showing some devices
Replies: 5
Views: 2094

Re: RoMON only showing some devices

Sorry, AP3 and AP5 had disabled the RoMON, maybe when I checked, I only see AP4. Now RoMON is working with AP1, AP2, AP3 and AP5. RoMON with AP4 is still not working, I tested by disabling RoMON in AP4 and enabling this again with no luck. I added a secret also (The same in all devices), still canno...
by rbuserdl
Mon Jan 27, 2020 7:46 pm
Forum: General
Topic: RoMON only showing some devices
Replies: 5
Views: 2094

Re: RoMON only showing some devices

Hello, Thanks for your responses. I am not using any secret in any device (Is it recommended to set a secret?) There are 1 edge router (CCR1009-7G-1C-1S+) and 5 APs (all Mikrotiks, different models) RoMON is only working with AP1 and AP2 In "/ip neighbors" I can see: From Router: all the A...
by rbuserdl
Fri Jan 24, 2020 5:39 pm
Forum: Beginner Basics
Topic: bandwidth limit
Replies: 4
Views: 1969

Re: bandwidth limit

Hello Rajput88, Do you have already created a load balancing? Can you attach the result of /ip firewall mangle export ? (You can change any sensible information with generic values, as "WAN1_IP") To limit a bandwith you should use queues (I think this is the only way), maybe you shoud mark...
by rbuserdl
Fri Jan 24, 2020 5:25 pm
Forum: Beginner Basics
Topic: mangle pcc mthode
Replies: 1
Views: 1108

Re: mangle pcc mthode

Hello, As I understand, these are the first 2 rules in mangle in pcc manual These rules the only pourpose they have is to dont mark any traffic going to your ISPs networks When your PCC is working, any connection can be made from any ISP on the PCC, but sometimes, the ISP network only is reached fro...
by rbuserdl
Fri Jan 24, 2020 4:47 pm
Forum: General
Topic: RoMON only showing some devices
Replies: 5
Views: 2094

Re: RoMON only showing some devices

Any idea?
Regards
by rbuserdl
Thu Jan 23, 2020 6:06 pm
Forum: General
Topic: RoMON only showing some devices
Replies: 5
Views: 2094

RoMON only showing some devices

Hello! I have seen this issue previosly with other devices but it never matters to me until now. I have 1 router Mikrotik with 2 wan connections, it has romon enabled for all LAN interfaces (WAN interfaces are forbiden) I have many APs Mikrotik inside different VLANs, all with RoMON enabled for all ...
by rbuserdl
Thu Dec 12, 2019 8:44 pm
Forum: General
Topic: Doubt about connection tracking for GRE+IPsec VPN
Replies: 11
Views: 2570

Re: Doubt about connection tracking for GRE+IPsec VPN

Ahhhh, ok,
This sounds more normal to me :)
I haven't any EoIP VPN, so I don't know about the behavior

Regards!!!
Damián
by rbuserdl
Thu Dec 12, 2019 4:57 pm
Forum: General
Topic: Doubt about connection tracking for GRE+IPsec VPN
Replies: 11
Views: 2570

Re: Doubt about connection tracking for GRE+IPsec VPN

Hello, Sindy, thanks to you!!! I only told you what Arturs said. (And you helped me a lot of times) So you have 6 GRE and there is just 1 GRE connections? Weird All GRE have the same src-address and dst-address? I have 1 connection for every GRE, if I have 6 GRE, I have 6 connections (ip -> Firewall...
by rbuserdl
Wed Dec 11, 2019 10:29 pm
Forum: General
Topic: Doubt about connection tracking for GRE+IPsec VPN
Replies: 11
Views: 2570

Re: Doubt about connection tracking for GRE+IPsec VPN

Hello,

I am not using PPTP, just GRE VPNs, PPTP server is disabled in all my routers.
But I could check many times that when I enable the PPTP helper, the GRE connections appears, and when I disable this, the GRE connections disappears.

Regards,
Damián
by rbuserdl
Wed Dec 11, 2019 9:03 pm
Forum: General
Topic: Doubt about connection tracking for GRE+IPsec VPN
Replies: 11
Views: 2570

Re: Doubt about connection tracking for GRE+IPsec VPN

Hello, It is because of the disabled PPTP helper under the firewall service-port section. If you will enable it back, GRE connections should appear in the connection tracking table. Best regards, Artūrs C. This was the response, and it is true, I just enabled the pptp service under "Firewall -...
by rbuserdl
Mon Dec 09, 2019 9:46 pm
Forum: General
Topic: Doubt about connection tracking for GRE+IPsec VPN
Replies: 11
Views: 2570

Re: Doubt about connection tracking for GRE+IPsec VPN

Sorry Sindy, I didn't
MikroTik support #[SUP-3320]
It is the number of my ticket.

Regards.
Damián
by rbuserdl
Mon Dec 09, 2019 5:09 pm
Forum: General
Topic: Doubt about connection tracking for GRE+IPsec VPN
Replies: 11
Views: 2570

Re: Doubt about connection tracking for GRE+IPsec VPN

Thanks Sindy, I did not know about the supout.rif file, just got the file on an affected router and sent this to support. I also just realliced that the GRE not showing in /ip firewall connection are those which does not have IPsec secret, but neither appears as gre. If I filter the "remote add...
by rbuserdl
Fri Dec 06, 2019 11:33 pm
Forum: General
Topic: Doubt about connection tracking for GRE+IPsec VPN
Replies: 11
Views: 2570

Doubt about connection tracking for GRE+IPsec VPN

Hello, The question is about multiple gre between 2 sites. Supouse the following scenario without IPsec: 1 VPN between Site1 Wan1 and Site2 Wan1 1 VPN between Site1 Wan2 and Site2 Wan2 I usually do the following: 1) Create the VPN according to: https://wiki.mikrotik.com/wiki/Manual:Interface/Gre 2) ...
by rbuserdl
Fri Dec 06, 2019 10:50 pm
Forum: General
Topic: Route not working using interface as gateway
Replies: 8
Views: 4312

Re: Route not working using interface as gateway

Hello Sindy, What I mean is that the default gateway, so far, is the same than before. Maybe the DG will change in the future. So, I cannot see that your solution is fine, until the DG change, but I believe that this solution will work because were you who gave me this ;) Thanks again. Regards, Damián
by rbuserdl
Wed Dec 04, 2019 10:18 pm
Forum: Beginner Basics
Topic: Point TO multi point over Wan
Replies: 1
Views: 760

Re: Point TO multi point over Wan

Hello! I am not sure because I have never used an AD (or whatever) authentication through a VPN, but I think L2TP will work If you only need to reach the HQ from the branches, I think you won't need to use DDNS because you dont need to set the clients IP anywhere, you just need to configure the L2TP...
by rbuserdl
Wed Dec 04, 2019 9:27 pm
Forum: General
Topic: Route not working using interface as gateway
Replies: 8
Views: 4312

Re: Route not working using interface as gateway

Yes, thank you Sindy,
I did not tell you but I had realliced about the underscore.
I have created the DHCP client with the correction and this changed the route
The IP addess is still the same than before but I trust you ;)

Thanks a lot!
by rbuserdl
Mon Nov 25, 2019 10:42 pm
Forum: General
Topic: Route not working using interface as gateway
Replies: 8
Views: 4312

Re: Route not working using interface as gateway

Ahhh, sorry, I didnt reallice.
Thanks again!!!
I will test and will let you know.

Regards!
Damián
by rbuserdl
Mon Nov 25, 2019 8:00 pm
Forum: General
Topic: Route not working using interface as gateway
Replies: 8
Views: 4312

Re: Route not working using interface as gateway

Sindy, thanks a lot!!! I didn't know that, but it make sense. I just remembered that sometimes I had used the route with the interface as gateway, but surely that was with a GRE tunnel. We usually try to avoid scripts to make it easier for everyone (I have co-workers with less knowledge about mikrot...
by rbuserdl
Mon Nov 25, 2019 6:17 pm
Forum: General
Topic: Route not working using interface as gateway
Replies: 8
Views: 4312

Route not working using interface as gateway

Hello, I recently created some mangle rules because I never could access from outside using the secondary Internet connections I have one ISP in WAN1 interface and the other in WAN5 interface If I create the rute, using the default gateway as default gateway it works, but if I set directly WAN5 (the...
by rbuserdl
Thu Oct 31, 2019 3:19 pm
Forum: Wireless Networking
Topic: Few questions about wireless
Replies: 6
Views: 3782

Re: Few questions about wireless

Thank you very much, This help me a lot. One more question: If I have some devices connected with 1 Mbps, what happen if I uncheck 1 Mbps in data rates tab in the wireless interface? I guess they will try to connect with better speed and if it is not possible, they won't connect. Am I right? Thanks ...
by rbuserdl
Wed Oct 30, 2019 7:41 pm
Forum: Wireless Networking
Topic: Few questions about wireless
Replies: 6
Views: 3782

Re: Few questions about wireless

Thank you Zacharias, I see that the value en "Tx rate" and "Rx rate" columns are almost stable, does not change a lot. I guess this is the max speed for this device, right? That speed is given for the quality of the wireless connection? I mean signal/noise, interference, anthena ...
by rbuserdl
Tue Oct 29, 2019 10:15 pm
Forum: Wireless Networking
Topic: Few questions about wireless
Replies: 6
Views: 3782

Few questions about wireless

Hello, If I go in winbox to wireless -> Registration, I see different "tx rate" and "rx rate", about this: - What does this value means? - Is better to have not clients with low rates? Why? About "tx/rx frames" vs "tx/rx hw frames", I see many Clients in many ...
by rbuserdl
Tue Oct 15, 2019 5:59 pm
Forum: Wireless Networking
Topic: Best practices for "guest" wireless networks
Replies: 3
Views: 2100

Re: Best practices for "guest" wireless networks

Any Idea?
Regards
by rbuserdl
Wed Aug 28, 2019 10:04 pm
Forum: Wireless Networking
Topic: Best practices for "guest" wireless networks
Replies: 3
Views: 2100

Best practices for "guest" wireless networks

Hello, This is not exactly a common guest wireless network, I need to create separate networks, one of them should access Internet without limitations, and the other network (maybe another ssid) should access Internet with some proxy limitations. I know a lot of ways to deploy this requirement, I ju...
by rbuserdl
Tue Aug 06, 2019 4:36 pm
Forum: Beginner Basics
Topic: Basic questions about Queues [SOLVED]
Replies: 5
Views: 2553

Re: Basic questions about Queues [SOLVED]

Thanks Sebastia!!! This is the article which I was looking for, before I posted Anyway, all examples in this article has 1 parent and all queues depends on this parent queue (Queue01 on the examples) I think I will test this with the current settings, just setting CIR instead of MIR, if this does no...
by rbuserdl
Fri Aug 02, 2019 6:01 pm
Forum: Beginner Basics
Topic: Basic questions about Queues [SOLVED]
Replies: 5
Views: 2553

Re: Basic questions about Queues [SOLVED]

Thank you Sebastia!!! What do you mean with "At any given time, the bandwidth should not fall below this committed rate" ? For example, if I set 1 Mbps to voip traffic, what happen when the total bandwidth consuming of voip is about 50 Kbps (25 Kbps from one IP and the other half from anot...
by rbuserdl
Thu Aug 01, 2019 12:02 am
Forum: Beginner Basics
Topic: Basic questions about Queues [SOLVED]
Replies: 5
Views: 2553

Basic questions about Queues [SOLVED]

Hello, I have the following settings in queue tree: /queue tree add max-limit=9500k name=Level1_dw parent=vlan2-voip queue=default add name=VoIP_dw packet-mark=VoIP parent=Level1_dw priority=1 add max-limit=9500k name=Level1_up parent=wan1 add name=VoIP_up packet-mark=VoIP parent=Level1_up priority=...
by rbuserdl
Tue Jul 02, 2019 6:17 pm
Forum: General
Topic: 2 networks in the same bridge
Replies: 1
Views: 806

2 networks in the same bridge

Hello, I need to create a hotspot pointing to a bridge with 2 interfaces, but I need both interfaces in different networks, for example: Set 192.168.201.1/24 to ether2 Set 192.168.202.1/24 to ether3 Make a bridge between ether2 and ether3. I connect many devices to ether2 (with a phisical switch) an...
by rbuserdl
Mon May 27, 2019 5:09 pm
Forum: General
Topic: Some questions about hotspot
Replies: 2
Views: 887

Re: Some questions about hotspot

Hello, does anyone knows?
The most important to me is the first point: generic users

Thanks in advance.
Regards
by rbuserdl
Thu May 23, 2019 2:51 pm
Forum: Beginner Basics
Topic: hAP ac - How to configure?
Replies: 15
Views: 4452

Re: hAP ac - How to configure?

Hello,
I am not an expert but as far as I know there is not any limitation of bandwidth in the default settings
Did you try connecting the PC with cable? (I hate Wireless)

Regards
by rbuserdl
Tue May 21, 2019 11:20 pm
Forum: General
Topic: Some questions about hotspot
Replies: 2
Views: 887

Re: Some questions about hotspot

Was I clear?
Is it undestood?
by rbuserdl
Mon May 20, 2019 5:14 pm
Forum: General
Topic: Some questions about hotspot
Replies: 2
Views: 887

Some questions about hotspot

Hello, I am starting to deploy hotspot, I could set up different users, user profiles, bindings, portal, etc. The following questions appeared: 1) Is there a way to create generic users? I could add a user and I could config it to get many devices connected, but if I set "Limit Uptime" to ...
by rbuserdl
Wed May 15, 2019 11:22 pm
Forum: General
Topic: Load balancing not working properly [SOLVED]
Replies: 3
Views: 1233

Re: Load balancing not working properly [SOLVED]

Aaaaaand, you did it again!!! hehehehehe Thanks a lot Sindy, I should give you a part of my salary xD I still could not read your other post, I will read it tomorrow morning. But the fasttrack rule is now disabled and Load Balancing is working fine. CPU is about 5%, no problem Everything is working ...
by rbuserdl
Wed May 15, 2019 5:05 pm
Forum: General
Topic: Load balancing not working properly [SOLVED]
Replies: 3
Views: 1233

Re: Load balancing not working properly [SOLVED]

Both routes with marks are disabled now because of the issue
by rbuserdl
Wed May 15, 2019 5:01 pm
Forum: General
Topic: Load balancing not working properly [SOLVED]
Replies: 3
Views: 1233

Load balancing not working properly [SOLVED]

Hello, I am trying to setup a load balancing to accomplish the following: - PCs in 192.168.0.8 - 192.168.0.191 range -> Go out through ISP2 (Claro) - PCs in 192.168.0.192 - 192.168.0.254 range -> Go out through ISP1 (Fibertel) At the end I will attach the code I have 4 default routes (2 considering ...
by rbuserdl
Tue May 07, 2019 4:22 pm
Forum: General
Topic: L2TP + IPSec -> policy not found [SOLVED]
Replies: 5
Views: 5139

Re: L2TP + IPSec -> policy not found [SOLVED]

Thanks to all for your help.
Sindy, you allways save me, thanks a lot!!!
It is working now, I dont know why it is not working in my W10 but I dont need it here, this problem in my machine only makes me waste time.

Regards!
by rbuserdl
Tue May 07, 2019 12:09 am
Forum: General
Topic: L2TP + IPSec -> policy not found [SOLVED]
Replies: 5
Views: 5139

L2TP + IPSec -> policy not found [SOLVED]

Hello, Once before, I configured a L2TP + IPSec tunnel to connect to it from different OSs, it is working fine. Now I have configured the same VPN in another Mikrotik (Totally different place) Got the following error: 17:41:00 ipsec LOG-IPSEC: searching for policy for selector: PUBLIC_IP:1701 ip-pro...
by rbuserdl
Wed Apr 10, 2019 3:04 pm
Forum: Beginner Basics
Topic: L2TP NAT LAN
Replies: 12
Views: 3391

Re: L2TP NAT LAN

Hello, I think maybe you speak in spanish, because the word "foto" is in spanish, I do I have not so much knowledge about l2tp, but this does not seems to me an issue related to l2tp, because ping and other staff worked as you said. When the client are in the same network, the connection w...
by rbuserdl
Tue Apr 09, 2019 6:35 pm
Forum: Beginner Basics
Topic: L2TP NAT LAN
Replies: 12
Views: 3391

Re: L2TP NAT LAN

Sorry, I just see the filter rules. It seems you have allowed for "192.168.1.145 -> 192.168.5.0/24" ports 1433 and 993 But for "192.168.5.0/24 -> 192.168.1.145" you dont have allowed the port 993 As I can see in the photo, there are connections on with the port 993, with 192.168....
by rbuserdl
Tue Apr 09, 2019 3:06 pm
Forum: Beginner Basics
Topic: L2TP NAT LAN
Replies: 12
Views: 3391

Re: L2TP NAT LAN

You are wellcome! I wanted to see if "Reply src. Address" is the same than "Destination address" and "Reply dst. Address" is the same than "Source Address" You can add these columns, with a right click on any ítem on the list -> Show columns -> Reply dst. Addr...
by rbuserdl
Tue Apr 09, 2019 12:38 am
Forum: Beginner Basics
Topic: L2TP NAT LAN
Replies: 12
Views: 3391

Re: L2TP NAT LAN

Hello, The kind of NAT most used is to Access Internet from internal computer (For example), I Will try to explain you why is it: Supose the following: -A machine in your network is trying to access to www.facebook.com -The machine got the IP address of www.facebook.com from its DNS servers or cache...
by rbuserdl
Mon Apr 08, 2019 10:02 pm
Forum: Beginner Basics
Topic: RB941-2ND-TC, newbie e connection as AP for IOT devices
Replies: 4
Views: 1448

Re: RB941-2ND-TC, newbie e connection as AP for IOT devices

Quick set is not recommended and sometimes it does not work so good, but you could try to use quickset and select "bridge" mode in configuration Previous backup, which is in "/files" Otherwise, to make it work as AP you could try to configure it manually: - Make sure you have a b...
by rbuserdl
Mon Apr 08, 2019 4:08 pm
Forum: Beginner Basics
Topic: RB941-2ND-TC, newbie e connection as AP for IOT devices
Replies: 4
Views: 1448

Re: RB941-2ND-TC, newbie e connection as AP for IOT devices

Hello Sorry, what are you trying to accomplish with the mikrotik? Do you need just to connect with Wireless some devices? You can configure it to get all devices in the same network or in different networks Do you have a DHCP Server and DNS Server in your network? If you want to get everything on th...
by rbuserdl
Mon Apr 08, 2019 3:13 pm
Forum: General
Topic: Issues with routes with package/routing marks
Replies: 19
Views: 4388

Re: Issues with routes with package/routing marks

Hello I dont know what happened but it seems it is working now I changed the routes to get everything going out through WAN1 and disabled the mangle rule which avoid mark anything on port 8001, worked I set again less distance to WAN2 and leave this mangle rule disabled, continue working I dont know...
by rbuserdl
Wed Apr 03, 2019 10:21 pm
Forum: General
Topic: Issues with routes with package/routing marks
Replies: 19
Views: 4388

Re: Issues with routes with package/routing marks

Hello, I finally could talk with the person who installed the NVR, he said that the only port involved is the 8001, which is configured in NVR and APP, but he added that the video is sending using the port 554 or 1024 However I saw different behavior: Now I am not marking anything to the port 8001 I...
by rbuserdl
Fri Mar 22, 2019 4:12 pm
Forum: General
Topic: Issues with routes with package/routing marks
Replies: 19
Views: 4388

Re: Issues with routes with package/routing marks

Thanks Sebastia, As I think, if you have a connection with the "to_ISP1" routing mark, and you dont have any route considering this mark (in my case, the only route considering this mark is disabled), then this connection will use the default routing table, in which is going to use the def...
by rbuserdl
Fri Mar 22, 2019 2:26 pm
Forum: General
Topic: Issues with routes with package/routing marks
Replies: 19
Views: 4388

Re: Issues with routes with package/routing marks

This is the route:
add check-gateway=ping distance=1 gateway=ISP1_Default_Gateway routing-mark=to_ISP1
If I only disable this route, I can view the cameras using any WAN public IP
Thanks
by rbuserdl
Fri Mar 22, 2019 1:51 pm
Forum: General
Topic: Issues with routes with package/routing marks
Replies: 19
Views: 4388

Re: Issues with routes with package/routing marks

That is right, I dont have any VRF, I dont have any routing rule I really dont know how the NVR comunícate with clients but I could find out I understand what you say, I agree with this.but what really surprise me is: Why does it work only by disabling the only route with the ISP1 mark? If the issue...
by rbuserdl
Thu Mar 21, 2019 9:31 pm
Forum: General
Topic: Issues with routes with package/routing marks
Replies: 19
Views: 4388

Re: Issues with routes with package/routing marks

Hello
This address-list has all the networks in all the sites (connected to the affected one, through VPN) and the networks of VPNs IPs
For example: 192.168.1.0/24, 192.168.10.0/24, 192.168.20.0/24, 172.16.1.0/30...... and so

Thanks in advance
by rbuserdl
Thu Mar 21, 2019 4:55 pm
Forum: General
Topic: Issues with routes with package/routing marks
Replies: 19
Views: 4388

Re: Issues with routes with package/routing marks

Ok,
Do you think the issue is related with this?
I dont think so, maybe this is not necessary but it should not cause the issue
What do you think?
by rbuserdl
Tue Mar 19, 2019 2:10 pm
Forum: General
Topic: Issues with routes with package/routing marks
Replies: 19
Views: 4388

Re: Issues with routes with package/routing marks

Thanks Sebastia, How I see, this Mikrotik is routing even inside the network, because devices with an IP in 192.168.1.0/24 does not know how to reach devices in 192.168.10.0/24, so they go to their default Gateway, which is the Mikrotik, so the Mikrotik decide what to do. These connections, as I see...
by rbuserdl
Mon Mar 18, 2019 2:37 pm
Forum: General
Topic: Issues with routes with package/routing marks
Replies: 19
Views: 4388

Re: Issues with routes with package/routing marks

Thanks both, Anav, there is not any route rule. I know both public IPs, so I know which ISP to come in on, we give to the users both public IPs or names pointing to these IPs so they have a choice when some link is down (This is happening often, Internet service is not good in those places). I marke...
by rbuserdl
Fri Mar 15, 2019 6:10 pm
Forum: General
Topic: Issues with routes with package/routing marks
Replies: 19
Views: 4388

Re: Issues with routes with package/routing marks

Also:
telnet works with the port 8001 in any interface
I published 3389 port to rdp to a machine with IP address: 192.168.10.X, for test purpose, and it worked thought any ISP
by rbuserdl
Fri Mar 15, 2019 6:05 pm
Forum: General
Topic: Issues with routes with package/routing marks
Replies: 19
Views: 4388

Issues with routes with package/routing marks

Hello, I have a Mikrotik router with Routeros and Firmware v6.44, which has 2 internet connections (2 different ISPs) and 2 different internal networks: 192.168.1.0/24 and 192.168.10.0/24 I configured a time ago, the router to set marks to get 192.168.10.0/24 devices, to use ISP1 for Internet access...
by rbuserdl
Wed Oct 31, 2018 7:39 pm
Forum: General
Topic: Only work 1 of 2 GRE VPNs [SOLVED]
Replies: 32
Views: 7039

Re: Only work 1 of 2 GRE VPNs [SOLVED]

Ahh, ok, I got it,
I need to think how to handle it with the routing marks in one site, but you don't care about it
Thanks a lot, you are a genius

Regards,
Damián
by rbuserdl
Wed Oct 31, 2018 1:54 pm
Forum: General
Topic: Only work 1 of 2 GRE VPNs [SOLVED]
Replies: 32
Views: 7039

Re: Only work 1 of 2 GRE VPNs [SOLVED]

Sorry Sindy, I am not sure if it could solve the issue. As I think (not sure), the first command mark a route and the second modify the preiously created route to use only marked routes. If the WAN2 link goes down again, which is the difference with the previous settings? This route with dst-address...
by rbuserdl
Tue Oct 30, 2018 8:57 pm
Forum: General
Topic: Only work 1 of 2 GRE VPNs [SOLVED]
Replies: 32
Views: 7039

Re: Only work 1 of 2 GRE VPNs [SOLVED]

Sindy, like allways, you saved me
I forgot about the route rules.
I will create one route rule for each VPN in each site
So far, after disabling the GRE interface for more than 5 minutes and re-enable it, worked fine.

Thanks a lot for all your help
Regards
Damián
by rbuserdl
Tue Oct 30, 2018 4:52 pm
Forum: General
Topic: Only work 1 of 2 GRE VPNs [SOLVED]
Replies: 32
Views: 7039

Re: Only work 1 of 2 GRE VPNs [SOLVED]

Sindy, sorry because I did not explain, I know all what you said in your last post and I did undestand why is the blackhole route I just tried to avoid to create the blackhole route, just in case, someone in Site4 maybe is using S1W2Address without the VPN (Accessing directly through a dst-nat on Si...
by rbuserdl
Tue Oct 30, 2018 2:42 pm
Forum: General
Topic: Only work 1 of 2 GRE VPNs [SOLVED]
Replies: 32
Views: 7039

Re: Only work 1 of 2 GRE VPNs [SOLVED]

Thanks Sindy, I never pay atention to the route type, allways created unicast routes, should read about it, I will About the masquerade, there is just one rule for both WAN interfaces: /ip firewall nat add action=masquerade chain=srcnat comment="Masquerade General" out-interface-list=WAN D...
by rbuserdl
Mon Oct 29, 2018 10:42 pm
Forum: General
Topic: Only work 1 of 2 GRE VPNs [SOLVED]
Replies: 32
Views: 7039

Re: Only work 1 of 2 GRE VPNs [SOLVED]

I just see, all ítems on Site 4 has as reply-dst-address: "S4W1Address", even the ítems which have "S4W2Address" as src-address
This means that everything is going out through WAN1, right?
Should I need to use mangle?

Thanks in advance.
Regards
Damián
by rbuserdl
Mon Oct 29, 2018 10:30 pm
Forum: General
Topic: Only work 1 of 2 GRE VPNs [SOLVED]
Replies: 32
Views: 7039

Re: Only work 1 of 2 GRE VPNs [SOLVED]

Site 1: Flags: E - expected, S - seen-reply, A - assured, C - confirmed, D - dying, F - fasttrack, s - srcnat, d - dstnat 0 S C protocol=gre src-address=S1W1Address dst-address=S3W1Address reply-src-address=S3W1Address reply-dst-address=S1W1Address gre-key=0 timeout=9m56s connection-mark="Wan1_...
by rbuserdl
Mon Oct 29, 2018 3:59 pm
Forum: General
Topic: Only work 1 of 2 GRE VPNs [SOLVED]
Replies: 32
Views: 7039

Re: Only work 1 of 2 GRE VPNs [SOLVED]

Hello Forum. sorry for re-open this post, 1 of all VPNs stopped working and I cannot find why I left 8 VPNs working: S of Site - W of WAN: S1W1 - S2W1 S1W2 - S2W2 S2W1 - S3W1 S2W2 - S3W2 S3W1 - S4W1 S3W2 - S4W2 S4W1 - S1W1 S4W2 - S1W2 Previously I had VPNs among 3 sites, working only 3 of 6, the con...
by rbuserdl
Fri Oct 26, 2018 10:52 pm
Forum: Wireless Networking
Topic: Wireless problems
Replies: 2
Views: 1272

Re: Wireless problems

Thanks Joe,
I will try to test first the 2ghz-onlyn band, then I will try to get an AP that work on the 5Mghz

Regards
by rbuserdl
Wed Oct 24, 2018 8:50 pm
Forum: Wireless Networking
Topic: Wireless problems
Replies: 2
Views: 1272

Wireless problems

Hello forum, My knowledge about Wireless is poor I have the following issue: A Enterprise has a floor in a high building in a place with a lot of signals of everything (WiFis of another enterprises for example) In this place, everyones have problem with the Wireless, it disconnect sometimes, sometim...
by rbuserdl
Thu Oct 11, 2018 9:00 pm
Forum: General
Topic: VPN with IPSec security are disconnecting
Replies: 13
Views: 7958

Re: VPN with IPSec security are disconnecting

Hi Sindy, I understood,
Thanks, regards!!
by rbuserdl
Thu Oct 11, 2018 5:01 pm
Forum: General
Topic: VPN with IPSec security are disconnecting
Replies: 13
Views: 7958

Re: VPN with IPSec security are disconnecting

Sorry, I want to ask one more question related to this. In another Enterprise there are many GRE tunnels with ipsec (The only ipsec settings modified is the "ipsec secret" in the gre interface settings) How can I flush an specific SA in there? I have dinamyc policies that I can not disable...
by rbuserdl
Wed Oct 03, 2018 10:46 pm
Forum: General
Topic: VPN with IPSec security are disconnecting
Replies: 13
Views: 7958

Re: VPN with IPSec security are disconnecting

Thanks again Sindy,

All tunnels are working fine since I post this topic, I think I will not change anything else.

Regards
by rbuserdl
Wed Oct 03, 2018 10:40 pm
Forum: General
Topic: Only work 1 of 2 GRE VPNs [SOLVED]
Replies: 32
Views: 7039

Re: Only work 1 of 2 GRE VPNs [SOLVED]

Hi, Sorry about the delay. I see the last week that those tunnels were all up, and those are still up, without changing anything Now I have the 8 tunnels working, using a specific interface for each tunnel, using the routes of Sindy, using local and remote address in the interface properties and kee...
by rbuserdl
Tue Sep 25, 2018 11:05 pm
Forum: General
Topic: Only work 1 of 2 GRE VPNs [SOLVED]
Replies: 32
Views: 7039

Re: Only work 1 of 2 GRE VPNs [SOLVED]

I would not say that I dont know how routing works, I know the basic, I just didn't know that setting up the local address in the tunnel is not enought Also, GRE manual does not say anything about this route, just about route to the remote network: https://wiki.mikrotik.com/wiki/Manual:Interface/Gre...
by rbuserdl
Tue Sep 25, 2018 8:40 pm
Forum: General
Topic: Only work 1 of 2 GRE VPNs [SOLVED]
Replies: 32
Views: 7039

Re: Only work 1 of 2 GRE VPNs [SOLVED]

Sorry, my mistake /ip route add dst-address=site.2.wan.1/32 gateway=site.1.gw.1 pref-src=site.1.wan.1 add dst-address=site.2.wan.2/32 gateway=site.1.gw.2 pref-src=site.1.wan.2 This is what I added, the Sindy's routes I think masquerade outgoing packets generated from the router does not have any sen...
by rbuserdl
Tue Sep 25, 2018 6:18 pm
Forum: General
Topic: Only work 1 of 2 GRE VPNs [SOLVED]
Replies: 32
Views: 7039

Re: Only work 1 of 2 GRE VPNs [SOLVED]

Just to be clear, The GRE interfaces were configured well, with local and remote address correctly Both tunnels started to work at the same time when I added the static route as Sindy sugested: /ip route rule add src-address=<wan1address> table=<wan1table> add src-address=<wan2address> table=<wan2ta...
by rbuserdl
Mon Sep 24, 2018 5:40 pm
Forum: General
Topic: Only work 1 of 2 GRE VPNs [SOLVED]
Replies: 32
Views: 7039

Re: Only work 1 of 2 GRE VPNs [SOLVED]

Sindy,
You did a shot into the darkness and you got the target.
You are right, this is the problem. Now both tunnels are working.

You are awesome!!
Thanks a lot
Regards!
by rbuserdl
Fri Sep 21, 2018 10:02 pm
Forum: General
Topic: Only work 1 of 2 GRE VPNs [SOLVED]
Replies: 32
Views: 7039

Only work 1 of 2 GRE VPNs [SOLVED]

Hello forum, I did not want to create another topic because I have some topics pending, but I need to solve this before the others I allways have issues with VPNs This time I have the following issue: - 4 RB in 4 different sites - All 4 sites with 2 WAN interfaces working - Site 4 is new, before the...
by rbuserdl
Wed Sep 19, 2018 8:47 pm
Forum: General
Topic: VPN with IPSec security are disconnecting
Replies: 13
Views: 7958

Re: VPN with IPSec security are disconnecting

Thanks a lot Sindy, you are a genius!
I need more time and will update you
by rbuserdl
Wed Sep 19, 2018 5:45 pm
Forum: General
Topic: VPN with IPSec security are disconnecting
Replies: 13
Views: 7958

Re: VPN with IPSec security are disconnecting

Hello, I forgot to mention the following, I configured a time ago, in other company, some GRE tunnels between the headcuarters and many different sites, I had the same problem in all of them and finally left the tunnels without IPSEC working fine. I dont know whether it is related to - The Argentini...
by rbuserdl
Tue Sep 18, 2018 11:27 pm
Forum: General
Topic: VPN with IPSec security are disconnecting
Replies: 13
Views: 7958

Re: VPN with IPSec security are disconnecting

Look yet another time - at the central site, there are two dynamically created policies, one per each client (user), exactly as it should be. As the two differ from each other in sa-dst-address, there is no conflict and your issue doesn't come from such conflict. I know, I tried to explain that I f...
by rbuserdl
Tue Sep 18, 2018 4:12 pm
Forum: General
Topic: VPN with IPSec security are disconnecting
Replies: 13
Views: 7958

Re: VPN with IPSec security are disconnecting

Sindy, thanks for your response. Yes, this is the case, I used the default settings of IPSec, I thought this will work. Is it better to use allways Exchange-mode=ike2? Sorry, I see again and found 1 policy for each connected device I will copy the export below There are 3 sites, which I will call Si...
by rbuserdl
Mon Sep 17, 2018 5:14 pm
Forum: General
Topic: VPN with IPSec security are disconnecting
Replies: 13
Views: 7958

Re: VPN with IPSec security are disconnecting

Thanks Sindy, Not sure about the Exchange-mode, in /ip ipsec peer, the only peer I have appears grayed out as "main L2TP" Could be solved upgrading Routeros? Current version in Server is 6.42.6 About the policies, I have just 1 policy for both users, if I disable and re-enable it I think b...
by rbuserdl
Thu Sep 13, 2018 11:08 pm
Forum: General
Topic: VPN with IPSec security are disconnecting
Replies: 13
Views: 7958

VPN with IPSec security are disconnecting

Hello forum, I have created 1 GRE tunnel with IPSec between 2 sites (through Internet), one day it stoped showing the "R" letter at the left of the interface (in both sites) and stopped working the VPN at all, I didnt know what to do, so I disabled the VPN interface in both routers (mikrot...
by rbuserdl
Tue Jul 31, 2018 9:59 pm
Forum: General
Topic: Proxy issues
Replies: 2
Views: 807

Re: Proxy issues

Anyone?
No body understand what I said or no body knows?
by rbuserdl
Mon Jul 23, 2018 11:22 pm
Forum: General
Topic: Proxy issues
Replies: 2
Views: 807

Re: Proxy issues

Just to be clear, I Will call proxy client to the settings on the PC Proxy server enabled and proxy client disabled -> does not work Proxy server enabled and proxy client enabled -> does work Proxy server disabled and proxy client disabled -> does work Proxy server disabled and proxy client enabled ...
by rbuserdl
Mon Jul 23, 2018 6:56 pm
Forum: General
Topic: Proxy issues
Replies: 2
Views: 807

Proxy issues

Hello people, I am with a very old issue In any computer I cannot Access to a specific site on internet, it take some seconds and appear "The page cannot be displayed" Proxy server is enabled on the router and this site is allowed in the proxy Access list If I turn on the proxy on a specif...
by rbuserdl
Mon Jul 23, 2018 6:45 pm
Forum: General
Topic: GRE Tunnel with IPSec
Replies: 2
Views: 1498

Re: GRE Tunnel with IPSec

Thanks Sindy,
I need some time to make tests.
I Will let you know later, I need to take care another issue right now.
Regards
by rbuserdl
Wed Jul 18, 2018 3:17 pm
Forum: General
Topic: GRE Tunnel with IPSec
Replies: 2
Views: 1498

GRE Tunnel with IPSec

Hello, I have a problem, I have created 5 GRE tunnels with IPSec, them worked before but some day stopped working When I disable IPSec start working again I tried to enable IPSec again and restart all routers, no changes I set IPSec in the GRE interface settings, in the "IPSec Secret" opti...
by rbuserdl
Thu Jun 28, 2018 11:17 pm
Forum: Beginner Basics
Topic: Storage questions and graphing questions
Replies: 3
Views: 1405

Re: Storage questions and graphing questions

Thanks,
This does not answer all my questions but helped a lot xD
Regards,
by rbuserdl
Thu Jun 28, 2018 7:20 pm
Forum: Beginner Basics
Topic: Storage questions and graphing questions
Replies: 3
Views: 1405

Storage questions and graphing questions

Hello people, I am starting with "Graphing" and many basic questions came (I didnt find the answer in Mikrotik wiki) The first question is not about graphing itself, it is about something more basic: If I go to system->disk, nothing appear, but when I go to system->resources appear "t...