Community discussions

Search found 20 matches

by algisr
Thu Oct 03, 2019 12:25 pm
Forum: The Dude
Topic: Change Slacks Webhook to Microsoft Teams Webhook on Dude [SOLVED]
Replies: 1
Views: 340

Re: Change Slacks Webhook to Microsoft Teams Webhook on Dude [SOLVED]

Solution was to change execution to this: SLACK UP-TO-DOWN: /tool fetch mode=https url="https://outlook.office.com/webhook/AAA/IncomingWebhook/BBB/XXX" http-method=post http-data="{\"@context\": \"https://schema.org/extensions\",\"@type\": \"MessageCard\",\"summary\": \"This is the summary property\...
by algisr
Thu Oct 03, 2019 8:29 am
Forum: The Dude
Topic: Change Slacks Webhook to Microsoft Teams Webhook on Dude [SOLVED]
Replies: 1
Views: 340

Change Slacks Webhook to Microsoft Teams Webhook on Dude [SOLVED]

Currently we use Dude to monitor +150 different devices and/or connections (SIte-to-Site VPN, EoIP connection, External Devices, IPsec PH2 loopback IP on other side monitoring and etc.). Recently our CEO announced that we will be migrating from Slack to Teams. Quick looking at Microsoft Teams Connec...
by algisr
Wed Mar 06, 2019 10:08 pm
Forum: General
Topic: IPSec VPN Stops Working - Ready To Send
Replies: 5
Views: 1314

Re: IPSec VPN Stops Working - Ready To Send

Create Netwatch and ping other side gateway IP or any other LoopBack-IP which never changes. If you get a time out (HOST DOWN section): run what Sarel0092 suggested. This should refresh IPSEC VPN. Main Problem is that if your MikroTik isn't very expensive it will take like 10-20 seconds to create ne...
by algisr
Wed Mar 06, 2019 10:01 pm
Forum: General
Topic: problem with DHCP
Replies: 2
Views: 163

Re: problem with DHCP

Port1 is usually set for WAN by default on RB750. If broadcast works I guess you put Port1 in Bridge (so now Bridge has eth1-eth5 ports) or you set your DHCP server with delayed response? If you want to assign IP addresses yourself block DHCP traffic on ISP port and create DHCP server on your bridge.
by algisr
Wed Mar 06, 2019 9:54 pm
Forum: General
Topic: QoS and Limit bandwidth
Replies: 3
Views: 350

Re: QoS and Limit bandwidth

In Prerouting: Mark priority traffic new Connections only with mangle and pass to next rule. You can Mangle by IP, Port, Protocol and etc. You can check if connections are mangled correctly in IP -> Firewall -> Connections In Prerouting: next rule Mark every packet of previously Marked Connections. ...
by algisr
Wed Mar 06, 2019 9:33 pm
Forum: General
Topic: WAN1 and WAN2 connection mark mangle problem [SOLVED]
Replies: 1
Views: 423

Re: WAN1 and WAN2 connection mark mangle problem [SOLVED]

Solution was suggested by support:
Change Masquerade +WAN_ETH_LIST rule with separate src_nat+out_Interface rules whiose change source ip to WAN IP.
by algisr
Wed Mar 06, 2019 9:26 pm
Forum: General
Topic: Backup WAN allow WInbox connection always
Replies: 1
Views: 123

Backup WAN allow WInbox connection always

Setup is simple: /ip route 0.0.0.0/0 GW_MAIN distance=2 0.0.0.0/0 GW_BACKUP distance=3 When main gateway is unreachable all traffic goes via Backup gateway. When main gateway is reachable MikroTik switches from Backup to Main gateway – everything works. Now I want to allow to connect to backup WAN a...
by algisr
Wed Feb 13, 2019 11:19 pm
Forum: General
Topic: WAN static IP
Replies: 3
Views: 542

Re: WAN static IP

no route = does not know where to send traffic.
Try to change "/ip route add gateway=192.168.0.1" to "/ip route add dst-address=0.0.0.0/0 gateway=192.168.0.1"
by algisr
Wed Feb 13, 2019 11:10 pm
Forum: General
Topic: ERROR: bad HTTP response while trying to update
Replies: 5
Views: 843

Re: ERROR: bad HTTP response while trying to update

If you're after update only then why not download update manually and add downloaded package to files via Winbox and reboot MikroTik?
by algisr
Wed Feb 13, 2019 10:53 pm
Forum: General
Topic: [Lost Interface] IP->Routes
Replies: 8
Views: 854

Re: [Lost Interface] IP->Routes

You problem is that you set manual route via dynamic Interface. It gets unknown if VPN interface gets unknown for some reason. Solution is simple: A.) Create routing protocol if you doing some crazy +3 Site-to-Site VPN solution. Or B.) If we assume that you want to reach 172.16.10.0/24 in this examp...
by algisr
Wed Feb 13, 2019 3:20 pm
Forum: General
Topic: WAN1 and WAN2 connection mark mangle problem [SOLVED]
Replies: 1
Views: 423

WAN1 and WAN2 connection mark mangle problem [SOLVED]

Hello, MikroTik has two WANs (primary and backup). MikroTik has Connection Mangle rules for QoS (Queque tree). Idea is this: all traffic goes via Main WAN if it is down then All traffic goes via BACKUP WAN. Problem arrises when MikroTik goes from PRIMARY to BACKUP WANs (I suspect the problem is othe...
by algisr
Thu Jan 31, 2019 11:14 pm
Forum: Scripting
Topic: ovpn client down .... ether disable/enable
Replies: 1
Views: 516

Re: ovpn client down .... ether disable/enable

This Monday I wrote a script at work for one customer (his VPN tunnel periodically stuck – I believe it's due bad ISP hardware, but because it's stuck on random times and kinda rarely we have no proof). Problem is that VPN is stuck not down so it takes random times for MikroTik to drop bad VPN conne...
by algisr
Mon Jul 16, 2018 6:01 pm
Forum: Scripting
Topic: Pass port number to send email from script variable
Replies: 0
Views: 277

Pass port number to send email from script variable

I'm trying to pass port variable to function "/tool e-mail send" from a script however for some reason I cannot pass it from variable. If I type number directly then it works: /tool e-mail send start-tls=yes to=$"rcpMail" from=$"sndMail" server=[:resolve $sndSmtp] port=587 user=$"sndMail" pass=$"snd...
by algisr
Thu Jun 28, 2018 3:09 pm
Forum: General
Topic: DHCP Relay over IPSec (with several VLANs)
Replies: 4
Views: 750

Re: DHCP Relay over IPSec (with several VLANs)

Unfortunately in the end of this complex scenario we couldn't pass DHCP relay data packets from different VLANs which are a part of the same bridge and we had to move away from Mikrotik solution to more expensive ones.
by algisr
Thu Jun 28, 2018 3:07 pm
Forum: Virtualization
Topic: Forwarding problem: CHR-BRIDGE = L2TP/PPTP + EOIP + VLAN problem
Replies: 0
Views: 642

Forwarding problem: CHR-BRIDGE = L2TP/PPTP + EOIP + VLAN problem

Hello, We have a problem with our virtualized production CHR. We cannot create new EoIP tunnels with VLANs ports in Bridge on CHR. I‘ll try to describe where is the problem/how we can simulate this problem and what I mean by “we cannot create”: We create L2TP/PPTP connection between physical Mikroti...
by algisr
Thu May 10, 2018 1:48 am
Forum: General
Topic: IPSEC to CheckPOint
Replies: 11
Views: 2603

Re: IPSEC to CheckPOint

I can tell you from the 6.42.1 perspective: /ip ipsec proposal add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=1d name=Fortigate_proposal pfs-group=ecp384 /ip ipsec peer add address=2.2.2.2/32 comment="****************." dh-group=ecp384 enc-algorithm=aes-256 hash-algorithm=sha256 \ no...
by algisr
Tue May 08, 2018 2:51 pm
Forum: Virtualization
Topic: CHR starts periodically to be unavailable through the network interfaces after update to 6.42.1
Replies: 6
Views: 1321

Re: CHR starts periodically to be unavailable through the network interfaces after update to 6.42.1

We're experiencing same issue. Loging to console and rebooting through ALT+CTRL+DEL (everything reboots perfectly – no freezes or problems) fixes problem temporary.
Also check same problem on different thread:
viewtopic.php?t=133716
by algisr
Sun May 06, 2018 7:29 pm
Forum: Beginner Basics
Topic: Filtering IPSEC site-to-site connection
Replies: 3
Views: 404

Re: Filtering IPSEC site-to-site connection

Try this (not sure it will work):
Srcnat not only by IP but by ports also. This way traffic should pass from remote site to yours by IPSec however when your LAN clients try reply to it the traffic won”t match srcnat and never pass IPSec tunnel.
by algisr
Thu May 03, 2018 4:31 am
Forum: General
Topic: DHCP Relay over IPSec (with several VLANs)
Replies: 4
Views: 750

DHCP Relay over IPSec (with several VLANs)

Hello, Maybe someone can help me because I lack experience in these things... Long story short: I try to to make DHCP-Relay to work over IPSec tunnel. And it actually works (from client to the DHCP-Relay), but the data from the DHCP-Relay does not get passed into IPSec tunnel (DHCP-Relay request get...