Community discussions

MikroTik App

Search found 27 matches

by algisr
Fri Jan 03, 2020 11:29 pm
Forum: General
Topic: Feature requests
Replies: 1216
Views: 262265

Re: Feature requests

Well then, maybe, I won't follow your suggestion which maybe you have already followed yourself.
Maybe I'll keep my fingers crossed and this feature will be enabled by MikroTik in the future.
For now, maybe, I'll rewrite script when I'll have the time to workaround this issue.
by algisr
Fri Jan 03, 2020 11:24 pm
Forum: Beginner Basics
Topic: Site to Site Tunnels
Replies: 12
Views: 1980

Re: Site to Site Tunnels

Did you follow example and added EoIP interface to the Bridge with LAN interface? https://wiki.mikrotik.com/wiki/Manual:Interface/EoIP Anyways... L2 – EoIP. L3 – varriety of other VPN solutions: IPsec, L2TP, PPTP, SSTP, OVPN. If you want L3 Create either Pure IPsec (needs some knowledge) or use one ...
by algisr
Fri Jan 03, 2020 3:40 pm
Forum: General
Topic: Feature requests
Replies: 1216
Views: 262265

Re: Feature requests

@algisr It sounds like you want to use the demo mode as a free DDNS tool. If that's what you are looking for there are already plenty of sites which offer free DDNS We specifically need public IP (DDNS and NTP is also OK, but not required). We have +100 devices and the one we're talking about is TH...
by algisr
Fri Jan 03, 2020 3:09 pm
Forum: General
Topic: IP Cloud
Replies: 41
Views: 18655

Re: IP Cloud

Hey,
Any way we can get 2 DDNS for dual WANs?

Also, does MikroTik plans to add DDNS functionality for CHR free edition?
by algisr
Sat Dec 21, 2019 9:34 pm
Forum: General
Topic: Feature requests
Replies: 1216
Views: 262265

Re: Feature requests

Allow for MikroTikCHR free licence VM to use IP CLOUD feature "public-address" portion and, maybe, "Update time" features, Restrict only backup upload feature.

For now fetch command sometimes fails to pull required information from internet.
by algisr
Fri Dec 20, 2019 11:32 pm
Forum: General
Topic: /tool e-mail send start-tls seems insecurable, need advice.
Replies: 4
Views: 1006

Re: /tool e-mail send start-tls seems insecurable, need advice.

Can anyone tell me if this fixed?
by algisr
Fri Dec 06, 2019 3:10 am
Forum: The Dude
Topic: Dude Telegram notification example
Replies: 62
Views: 41526

Re: Dude Telegram notification example

Can anyone post a VIBER fetch command?

Got working Slack fetch command, got working Microsoft Teams command, read that it's easy with telegram and WhatsApp... To bad that I need one for the Viber but cannot crack that one out.
by algisr
Thu Oct 03, 2019 12:25 pm
Forum: The Dude
Topic: Change Slacks Webhook to Microsoft Teams Webhook on Dude [SOLVED]
Replies: 1
Views: 2328

Re: Change Slacks Webhook to Microsoft Teams Webhook on Dude [SOLVED]

Solution was to change execution to this: SLACK UP-TO-DOWN: /tool fetch mode=https url="https://outlook.office.com/webhook/AAA/IncomingWebhook/BBB/XXX" http-method=post http-data="{\"@context\": \"https://schema.org/extensions\",\"@type\": \"MessageCard\",\"summary\": \"This is the summary property\...
by algisr
Thu Oct 03, 2019 8:29 am
Forum: The Dude
Topic: Change Slacks Webhook to Microsoft Teams Webhook on Dude [SOLVED]
Replies: 1
Views: 2328

Change Slacks Webhook to Microsoft Teams Webhook on Dude [SOLVED]

Currently we use Dude to monitor +150 different devices and/or connections (SIte-to-Site VPN, EoIP connection, External Devices, IPsec PH2 loopback IP on other side monitoring and etc.). Recently our CEO announced that we will be migrating from Slack to Teams. Quick looking at Microsoft Teams Connec...
by algisr
Wed Mar 06, 2019 10:08 pm
Forum: General
Topic: IPSec VPN Stops Working - Ready To Send
Replies: 5
Views: 2526

Re: IPSec VPN Stops Working - Ready To Send

Create Netwatch and ping other side gateway IP or any other LoopBack-IP which never changes. If you get a time out (HOST DOWN section): run what Sarel0092 suggested. This should refresh IPSEC VPN. Main Problem is that if your MikroTik isn't very expensive it will take like 10-20 seconds to create ne...
by algisr
Wed Mar 06, 2019 10:01 pm
Forum: General
Topic: problem with DHCP
Replies: 2
Views: 307

Re: problem with DHCP

Port1 is usually set for WAN by default on RB750. If broadcast works I guess you put Port1 in Bridge (so now Bridge has eth1-eth5 ports) or you set your DHCP server with delayed response? If you want to assign IP addresses yourself block DHCP traffic on ISP port and create DHCP server on your bridge.
by algisr
Wed Mar 06, 2019 9:54 pm
Forum: General
Topic: QoS and Limit bandwidth
Replies: 3
Views: 602

Re: QoS and Limit bandwidth

In Prerouting: Mark priority traffic new Connections only with mangle and pass to next rule. You can Mangle by IP, Port, Protocol and etc. You can check if connections are mangled correctly in IP -> Firewall -> Connections In Prerouting: next rule Mark every packet of previously Marked Connections. ...
by algisr
Wed Mar 06, 2019 9:33 pm
Forum: General
Topic: WAN1 and WAN2 connection mark mangle problem [SOLVED]
Replies: 1
Views: 553

Re: WAN1 and WAN2 connection mark mangle problem [SOLVED]

Solution was suggested by support:
Change Masquerade +WAN_ETH_LIST rule with separate src_nat+out_Interface rules whiose change source ip to WAN IP.
by algisr
Wed Mar 06, 2019 9:26 pm
Forum: General
Topic: Backup WAN allow WInbox connection always
Replies: 1
Views: 250

Backup WAN allow WInbox connection always

Setup is simple: /ip route 0.0.0.0/0 GW_MAIN distance=2 0.0.0.0/0 GW_BACKUP distance=3 When main gateway is unreachable all traffic goes via Backup gateway. When main gateway is reachable MikroTik switches from Backup to Main gateway – everything works. Now I want to allow to connect to backup WAN a...
by algisr
Wed Feb 13, 2019 11:19 pm
Forum: General
Topic: WAN static IP
Replies: 3
Views: 1100

Re: WAN static IP

no route = does not know where to send traffic.
Try to change "/ip route add gateway=192.168.0.1" to "/ip route add dst-address=0.0.0.0/0 gateway=192.168.0.1"
by algisr
Wed Feb 13, 2019 11:10 pm
Forum: General
Topic: ERROR: bad HTTP response while trying to update
Replies: 5
Views: 1634

Re: ERROR: bad HTTP response while trying to update

If you're after update only then why not download update manually and add downloaded package to files via Winbox and reboot MikroTik?
by algisr
Wed Feb 13, 2019 10:53 pm
Forum: General
Topic: [Lost Interface] IP->Routes
Replies: 8
Views: 1241

Re: [Lost Interface] IP->Routes

You problem is that you set manual route via dynamic Interface. It gets unknown if VPN interface gets unknown for some reason. Solution is simple: A.) Create routing protocol if you doing some crazy +3 Site-to-Site VPN solution. Or B.) If we assume that you want to reach 172.16.10.0/24 in this examp...
by algisr
Wed Feb 13, 2019 3:20 pm
Forum: General
Topic: WAN1 and WAN2 connection mark mangle problem [SOLVED]
Replies: 1
Views: 553

WAN1 and WAN2 connection mark mangle problem [SOLVED]

Hello, MikroTik has two WANs (primary and backup). MikroTik has Connection Mangle rules for QoS (Queque tree). Idea is this: all traffic goes via Main WAN if it is down then All traffic goes via BACKUP WAN. Problem arrises when MikroTik goes from PRIMARY to BACKUP WANs (I suspect the problem is othe...
by algisr
Thu Jan 31, 2019 11:14 pm
Forum: Scripting
Topic: ovpn client down .... ether disable/enable
Replies: 1
Views: 979

Re: ovpn client down .... ether disable/enable

This Monday I wrote a script at work for one customer (his VPN tunnel periodically stuck – I believe it's due bad ISP hardware, but because it's stuck on random times and kinda rarely we have no proof). Problem is that VPN is stuck not down so it takes random times for MikroTik to drop bad VPN conne...
by algisr
Mon Jul 16, 2018 6:01 pm
Forum: Scripting
Topic: Pass port number to send email from script variable
Replies: 0
Views: 404

Pass port number to send email from script variable

I'm trying to pass port variable to function "/tool e-mail send" from a script however for some reason I cannot pass it from variable. If I type number directly then it works: /tool e-mail send start-tls=yes to=$"rcpMail" from=$"sndMail" server=[:resolve $sndSmtp] port=587 user=$"sndMail" pass=$"snd...
by algisr
Thu Jun 28, 2018 3:09 pm
Forum: General
Topic: DHCP Relay over IPSec (with several VLANs)
Replies: 4
Views: 1132

Re: DHCP Relay over IPSec (with several VLANs)

Unfortunately in the end of this complex scenario we couldn't pass DHCP relay data packets from different VLANs which are a part of the same bridge and we had to move away from Mikrotik solution to more expensive ones.
by algisr
Thu Jun 28, 2018 3:07 pm
Forum: Virtualization
Topic: Forwarding problem: CHR-BRIDGE = L2TP/PPTP + EOIP + VLAN problem
Replies: 0
Views: 1892

Forwarding problem: CHR-BRIDGE = L2TP/PPTP + EOIP + VLAN problem

Hello, We have a problem with our virtualized production CHR. We cannot create new EoIP tunnels with VLANs ports in Bridge on CHR. I‘ll try to describe where is the problem/how we can simulate this problem and what I mean by “we cannot create”: We create L2TP/PPTP connection between physical Mikroti...
by algisr
Thu May 10, 2018 1:48 am
Forum: General
Topic: IPSEC to CheckPOint
Replies: 11
Views: 3789

Re: IPSEC to CheckPOint

I can tell you from the 6.42.1 perspective: /ip ipsec proposal add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=1d name=Fortigate_proposal pfs-group=ecp384 /ip ipsec peer add address=2.2.2.2/32 comment="****************." dh-group=ecp384 enc-algorithm=aes-256 hash-algorithm=sha256 \ no...
by algisr
Tue May 08, 2018 2:51 pm
Forum: Virtualization
Topic: CHR starts periodically to be unavailable through the network interfaces after update to 6.42.1
Replies: 6
Views: 2728

Re: CHR starts periodically to be unavailable through the network interfaces after update to 6.42.1

We're experiencing same issue. Loging to console and rebooting through ALT+CTRL+DEL (everything reboots perfectly – no freezes or problems) fixes problem temporary.
Also check same problem on different thread:
viewtopic.php?t=133716
by algisr
Sun May 06, 2018 7:29 pm
Forum: Beginner Basics
Topic: Filtering IPSEC site-to-site connection
Replies: 3
Views: 533

Re: Filtering IPSEC site-to-site connection

Try this (not sure it will work):
Srcnat not only by IP but by ports also. This way traffic should pass from remote site to yours by IPSec however when your LAN clients try reply to it the traffic won”t match srcnat and never pass IPSec tunnel.
by algisr
Thu May 03, 2018 4:31 am
Forum: General
Topic: DHCP Relay over IPSec (with several VLANs)
Replies: 4
Views: 1132

DHCP Relay over IPSec (with several VLANs)

Hello, Maybe someone can help me because I lack experience in these things... Long story short: I try to to make DHCP-Relay to work over IPSec tunnel. And it actually works (from client to the DHCP-Relay), but the data from the DHCP-Relay does not get passed into IPSec tunnel (DHCP-Relay request get...