MikroTik

r0berts

@normis
Normund, sakiet lūdzu vai es varētu ar jums sazināties pa tiešo kādā ar Mikrotik saistītā personiskā jautājumā?

Paldies,
Roberts

r0berts

Great, thanks a lot sindy. More understanding is really useful. By the way - if router's IP X.X.X.X port is forwarded (dstnat) from say 3333 to 22, address and port rewriting happens in prerouting chain at the very end. If I wanted to put in a rule that disables that by dropping packets going to X.X...

r0berts

Thanks krafg, I know I am behind CGNAT, that is why I got the L2TP connection. From the l2tp-aa interface there is one hop to that address.and the same to the other end of the tunnel. This way dstnat works through l2tp tunnel, but setting up routing was tricky due to lack of experience and many movi...

r0berts

Hi sindy, Many thanks this briliiantly explains where I was mistaken. 5 minutes before reading your very helpful reply I also was able to connect by replacing the routing-mark rule with one that was simply based on the 'souce address = my debian server address on LAN with source port 22' - which is ...

r0berts

Thanks sindy,

I worked quite a bit on that, but I am bogged down a little in mysterious connection not happening scenarios. I wrote it up here and added my config as well. If you could take a look, that would be much appreciated. viewtopic.php?p=1010537#p1010537

r0berts

Thanks, p3rad0x, My rules are a bit different. I have a setup where I am behind carrier grade NAT and need to SSH into my debian server. This is an illustration. My static IP is 100.100.100.100/32 and it has a L2TP connection on l2tp client interface l2tp-aa which has 100.100.50.50 as a gateway. For...

r0berts

Hey, did you manage to solve your problem? I am stuck on something very similar

r0berts

Hi engel, did you manage to solve your problem? I have a pretty similar one (without Ipsec) and I am getting stuck.

r0berts

This is exactly my problem as well. I hope someone will help solve it. I understand that there is complexity because routing through lte1 interface is necessary to establish the L2TP tunnel, but then traffic (or at least some of it) needs to be routed via l2tp client interface. But that is proving d...

r0berts

Thanks wiseroute and tdw! I think I did get seriously stuck. The goal seems so close, but yet I misunderstand something. Connection can be seen for a few seconds in the connection table marked with connection mark L2TP_CONN with state "syn-received" for a few seconds, then it disappears as...

r0berts

Sorry, I got stuck, could not quite understand the examples as I am not experienced and they are somewhat different to my scenario. So the questions that I have (ROS v 7.10 stable) 1. I have to mark new connection coming in through l2tp connection. Mangle rule on input chain with In-Interface l2tp s...

r0berts

Great, that makes sense, just what I needed. I will read during the day and try in the evening. I will write results up more properly

r0berts

Thanks @wiseroute, could you please have a look at the post https://forum.mikrotik.com/viewtopic.php?t=197388 I have nearly got the setup working, but I have a problem with how the ssh server connects back to the ssh client. My default route is through the regular lte interface and I am coming up sh...

r0berts

Hi all, I need to ssh into my home debian server (IP 192.168.89.200) that is behind a Mikrotik Chateau lte router. I have successfully set up a L2TP client connection to an ISP giving me an interface lt2tp-client with address (let's refer to it as) X.Y.Z.Z. This L2TP tunnel is needed so that I can h...

r0berts

Thanks, this is very helpful. I am at the stage where I have managed to achieve a client connection. But then I do not quite know how to make sure the connection is usable - i.e. when I try to ping from the router using the interface I get destination unreachable from the server (IP) I have connecte...

r0berts

Sorry to bother, but I still did not quite understand the difference. I understand that both l2tp-server and t2tp-client are used to establish a l2tp tunnel with a server (and I understand that this tunnel may not be encrypted). If I understand correctly, then l2tp-server establishes a connection an...

r0berts

Thanks @wiseroute, I think I will better verify it for sure with them (AA). My understanding was that they would provide me with just an external IP address (static IP) and when I connect to that address, it would be tunnelled to my router and it would appear as if my router's l2tp-client-interface ...

r0berts

I am trying to solve a seemingly simple problem. Can I use L2TP connection in parallel to my main ISP connection? So that only inbound SSH uses L2TP but traffic from LAN goes its normal way as before. Let me explain. I have an ISP that has multiple NAT in front of me (CGNAT, I think). At home I have...

r0berts

Thanks Optio and Rextended, If I understand correctly, then the router makes a https request and as long the line for connection to api says so, it is safe /tool fetch address=api.dynu.com src-path=$str mode=https dst-path=("/Dynu.".$ddnshost) The $str variable contains the sensitive infor...

r0berts

Query on security:

Could someone explain to me please, why it is safe to send username and password as GET parameters?

?username=$ddnsuser&password=$ddnspass&hostname=$ddnshost&myip=$currentIP

Many thanks,

Roberts

r0berts

Hi Stuart, It is not very obvious, but sometimes there may be an issue with APN settings - I had it with vodafone (but not with 3 - mobile). If you leave checked "Use Network APN" there can be a problem that you do not have internet - cellular connects, but IP setup is just not done - you ...

r0berts

Thanks SiB, Your replies were very helpful. I researched cell tower proximity, did a little wardriving and changed the network provider. M-ANT50 omnidirectional was giving quite good reception as well with rssi: -65dBm rsrp: -96dBm rsrq: -11dB sinr: 2dB But then I attached Poynting directional anten...

r0berts

Thanks, this is what I also thought.

But how to choose an antenna? Or is there a recommended model for a situation like that.

Best wishes,

Roberts

r0berts

I have a Chateau router bought in Latvia; it works well. I moved to an area in London that has patchy coverage for 3(IDnetwork) and LTE speed is on the low side. My question is: is there a Mikrotik LTE antenna(s) that could help me get a better signal instead of MANT-50 that I am using at the moment...

r0berts

Thank you both guys, I will do that Poe 19V. Using the 12 V automotive could be a good thing too, but it is potentially more fiddly as I need to move the system and power up at various places. So having PoE power from either battery or wall plug works best for me - if I moved the system where I want...

r0berts

I have WAP-LTE kit and works flawlessly in UK. I know the supplied power block provides 24V to the device through the supplied PoE injector. I have a quite powerful Li battery that can supply 5, 12, 16 or 19 V DC to power a laptop. The way I use the kit I want to connect the battery to PoE injector ...

r0berts

Thanks very much, this just works and it is very simple. It is great to have an additional wifi station and have all hosts on the same network. In my opinion this is a very strong side for MikroTik - I now have a fully fledged router on my home network that I can learn and play with. I thought mysel...

r0berts

Hi I wonder if you can help. I have hAP-lite. My home DSL router provides one access point (not particularly stable) and I have several computers connected with ethernet cables too. One of them is a raspberry-PI that runs DNSMASQ - so provides DHCP and DNS for the local network. What I want is to ha...

r0berts

This is good to know dc2. Did you have any difficulty at all installing CAT6 modem? And which one did you use?

Thanks,

Rob

r0berts

When we dump router configuration via export are the commands arranged in some internally logical hierarchy or are they arranged in order of sequence of entry? I ask because I imagine it would be easier to read config if it followed some defined structure. Maybe there is a way of changing this sort ...

r0berts

How did it go? I am working on something similar

r0berts

Thanks, good to know!

r0berts

Thanks, this is great!

r0berts

Hi, I really like the hAP lite RB941-2nD router that I have. I also like the fact I can power it from my laptop via micro USB power socket. Is there something similarly portable by MikroTik where I could get internet connection from mobile networks? I understand there was a similar product which had...

r0berts

A good point

r0berts

Out of interest - what would be use for VLANs on a home network? Except of course specifically learning about the technology, but otherwise at home network I have yet to find use for VLANs therefore I am happy to have avoided the complication so far.

r0berts

Nexar, out of interest - did your hAP lite have a plastic tab in front of the usb port? Mine has a plastic tab - and I do not know if there is a real usb port behind it and right next to it there is a button called "MODE" - I do not quite know what that does. Model id RB941-2nD

r0berts

Thanks, that is great. Yes, I definitely can edit the login page. All that remains to be resolved is how to convince android and ios users that internet is OK, when they connect to the portal, if I do not have working internet on the side of ether1 (e.g. as it might be after a lecture in a different...

r0berts

Thank you, this absolutely makes sense. So if I understand right, wlan1 in my setup should not be part of LAN or WAN lists. You have been very helpful. Could you possibly have a look at my inital query and maybe you would have a suggestion for it? https://forum.mikrotik.com/viewtopic.php?f=13&t=...

r0berts

Thanks, that did not come to my mind. So Interface List defines which interfaces are in which firewall rule group? It seems that for the hotspot pinging started working after I logged in via browser, which would make sense. After I have logged in, then the firewall rules change and I can browse anyt...

r0berts

I added wlan1 back to the bridge. What I got after a while was that wifi laptop could get properly configured via DHCP and was able to ping and browse internet. However the strange problem with the other laptop that connects vie ethernet remains - it cannot connect to the network. Maybe there is int...

r0berts

I can see that I have not deleted the pool wi-pool which is the same as dhcp-pool2 but I wouldn't think that should matter; wi-pool I am not using at all at the moment. Strange that on DHCP server leases list I can see the wireless laptop has connected (but does not ping) and the wired laptop connec...

r0berts

Thanks, this is my config: min@MikroTik] > export hide-sensitive # aug/01/2018 11:54:28 by RouterOS 6.42.6 # software id = UNBA-EG2A # # model = RouterBOARD 941-2nD # serial number = 8B1008CFA497 /interface bridge add admin-mac=CC:2D:E0:7C:6B:31 auto-mac=no comment=defconf name=bridge /interface wir...

r0berts

Thanks. In NAT section of firewall I have these rules: [admin@MikroTik] > ip firewall nat print Flags: X - disabled, I - invalid, D - dynamic 0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client 1 D chain=hotspot action=jump jump-target=pre-hotspot 2 D chain=hotspot action=redirect t...

r0berts

I am a bit stuck. I am configuring hAPL - reset it twice already. I removed wlan1 port from bridge in order to be able to set up a dhcp server with different ip address pool on wlan1. My test client (linux laptop) can connect to the AP and get the correct IP address, however cannot ping anything but...

r0berts

Thanks for the encouragement. Are there ways how to smoothly get around connection detectors on android and ios? Can I perhaps put relevant links on my webserver and if so - how?

r0berts

Thank you, that was a breeze; very helpful, it is up and running. So with this image I get the same routerOS and I can work with it in the same way - SSH or web based or WinBox too?

r0berts

Hi, I am setting up my hAP that I bought from amazon and I am trying to learn the MkroTik system. My aim is to set up a local data collection system of walled garden type that can be used in teaching, patient feedback etc. The system components would be a linux server on laptop and a hAPL router; wh...

r0berts

Hi there, I am fairly experienced with Linux, but less so with routing and routerOS. I bought hAPl and I do need some advice. http://i63.tinypic.com/2mmftp1.png . I want to set up a system that reliably provides access to a survey served from a laptop to anyone who connects to the WiFi provided by h...

Search found 49 matches