Community discussions

MikroTik App

Search found 36 matches

by gnro
Wed Aug 09, 2023 3:36 pm
Forum: Virtualization
Topic: Mikrotik CHR P1 Licence - packet loss [FIXED]
Replies: 19
Views: 10461

Re: Mikrotik CHR P1 Licence - packet loss [FIXED]

@karwos or @normis
Please edit topic and remove "[FIXED]" it is not fixed, the problem is reproductible even on P10 trial license and a new trial unlimited license solves the pachet loss problem on 6.49.8 version.
We can't use v7 yet as is lacking some features...
by gnro
Mon Jul 31, 2023 6:23 pm
Forum: Virtualization
Topic: Mikrotik CHR P1 Licence - packet loss [FIXED]
Replies: 19
Views: 10461

Re: Mikrotik CHR P1 Licence - packet loss [FIXED]

We are using CHR P10 license with ROS v6.49.8 (latest stable as of today 2023-07-31) and with 400-500mbit traffic we have a loss of 4-5% and maximum traffic does not pass 1Gbit ever. With a trial unlimited license all problems and traffic loss are gone and we easily go past 2Gbit up/down trafic with...
by gnro
Thu Jan 14, 2021 7:53 pm
Forum: Wireless Networking
Topic: Wireless FAQ
Replies: 90
Views: 193053

Re: Wireless FAQ

Max range should be at max power, but this is true only for line of sight between devices. This is not true if you are indoor.
by gnro
Sun Dec 20, 2020 12:01 pm
Forum: General
Topic: Feature Request: zerotier vpn
Replies: 32
Views: 17372

Re: Feature Request: zerotier vpn

+1, ZeroTier would be nice and very useful on small sites.
by gnro
Sat Oct 10, 2020 9:05 am
Forum: General
Topic: SMB access problem from two different ip classes
Replies: 11
Views: 8651

Re: SMB access problem from two different ip classes

It may help to put other router config, but first, please, modify the masquerade rule and check to see if you reach the destination lan (192.168.15.x) with internal lan (192.168.0.x).
If it's hard to use tcpdump, try a torch from the other router on a interface connected to the 192.168.0.0/24 network.
by gnro
Fri Oct 09, 2020 10:52 pm
Forum: Beginner Basics
Topic: New HAP ac2 as ATT Bridge (slow, sites not loading)
Replies: 25
Views: 4175

Re: New HAP ac2 as ATT Bridge (slow, sites not loading)

At a quick look the problem seems to be that you are using lan ip 192.168.88.1 on two interfaces. To make it work correctly you at least should remove/disable the ether1 ip, exactly this: add address=192.168.88.1/24 interface=ether1 network=192.168.88.0 Other spotted: one to many dhcp pool, one dhcp...
by gnro
Fri Oct 09, 2020 10:40 pm
Forum: Wireless Networking
Topic: Wireless FAQ
Replies: 90
Views: 193053

Re: Wireless FAQ

Found the limits by entering wrong values: /caps-man channel> add band=2ghz-g/n control-channel-width=20mhz extension-channel=XX frequency=2462 name=Canal-2G reselect-interval=1h tx-power=90 value of tx-power out of range (-30..40) But I still do not understand in what units tx-power is expressed. O...
by gnro
Fri Oct 09, 2020 10:29 pm
Forum: General
Topic: SMB access problem from two different ip classes
Replies: 11
Views: 8651

Re: SMB access problem from two different ip classes

I'm not sure, but you may be reaching the 192.168.15.x subnet being masqueraded and samba does not always work masqueraded. I suggest to use a more specific masquerade rule: /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=pppoe-out2 dst-addre...
by gnro
Fri Oct 09, 2020 10:09 pm
Forum: Beginner Basics
Topic: Can't access hosts via certain ports from a computer connected to an hEX-S
Replies: 23
Views: 2982

Re: Can't access hosts via certain ports from a computer connected to an hEX-S

It's almost like a hairpin nat. The forward rule matches packets going to ports 2200 or 10000 even going "out" from LAN to internet. It's a "wrong" config as presented in one of the MUM events. I have "used" this approach until I learned this is not the best and more sp...
by gnro
Fri Oct 09, 2020 9:31 pm
Forum: Beginner Basics
Topic: Can't access hosts via certain ports from a computer connected to an hEX-S
Replies: 23
Views: 2982

Re: Can't access hosts via certain ports from a computer connected to an hEX-S

Modify the lines: /ip firewall nat add action=dst-nat chain=dstnat comment="RBG-Server: SSH" dst-port=2200 \ protocol=tcp to-addresses=192.168.1.100 to-ports=2200 add action=dst-nat chain=dstnat comment="RBG-Server: Webmin" dst-port=10000 \ protocol=tcp to-addresses=192.168.1.100...
by gnro
Fri Oct 09, 2020 9:07 pm
Forum: Forwarding Protocols
Topic: Routing Advices
Replies: 7
Views: 1813

Re: Routing Advices

What you need is to "bridge" the two lans together.
You can use Mikrotik own tunnel https://wiki.mikrotik.com/wiki/Manual:Interface/EoIP
See this presentation also: https://mum.mikrotik.com/presentations/ ... 240964.pdf
by gnro
Fri Oct 09, 2020 9:04 pm
Forum: General
Topic: SMB access problem from two different ip classes
Replies: 11
Views: 8651

Re: SMB access problem from two different ip classes

Can you post your configuration?

Run in terminal:
/export hide-sensitive
by gnro
Fri Oct 09, 2020 9:00 pm
Forum: Useful user articles
Topic: Bypassing AT&T Residential Gateways with MikroTik
Replies: 236
Views: 109978

Re: Bypassing AT&T Residential Gateways with MikroTik

I got the script to work, but now about half my sites dont load and several are very slow. I can ping 8.8.8.8 I can ping facebook.com but if i go to facebook.com it wont open.. Check your MTU settings. See https://wiki.mikrotik.com/wiki/Manual:Troubleshooting_tools and https://wiki.mikrotik.com/wik...
by gnro
Fri Oct 09, 2020 8:44 pm
Forum: General
Topic: SMB access problem from two different ip classes
Replies: 11
Views: 8651

Re: SMB access problem from two different ip classes

Check the firewall from the Mikrotik router. Maybe it blocks some samba ports. See https://www.samba.org/~tpot/articles/firewall.html
by gnro
Fri Oct 09, 2020 4:44 pm
Forum: Wireless Networking
Topic: WISP Outdoor Wireless AP
Replies: 2
Views: 695

Re: WISP Outdoor Wireless AP

You should give an available budget...

I think you should look after a GrooveA 52 or after an OmniTiK.

You can browse Mikrotik wireless products here: https://mikrotik.com/products/group/wireless-systems
by gnro
Fri Oct 09, 2020 4:25 pm
Forum: Wireless Networking
Topic: Wireless FAQ
Replies: 90
Views: 193053

Re: Wireless FAQ

Hi, Could anyone explain in what units (and what are the limits) for tx-power from channel config in CAPsMAN? ex.: /caps-man channel add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=XXXX frequency=5240 name=Canal-5G reselect-interval=1h skip-dfs-channels=yes tx-power=20 add band=2g...
by gnro
Wed Aug 26, 2020 4:18 pm
Forum: Beginner Basics
Topic: Requests sent to my public ip from local network [SOLVED]
Replies: 7
Views: 1624

Re: Requests sent to my public ip from local network [SOLVED]

@jurgis
Will my file server work then? Can i still mount drives to my PC without additional nat rules?
yes, but your PC's must accept route redirects.
by gnro
Thu Aug 20, 2020 5:53 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM vs hEX S RB760iGS
Replies: 4
Views: 1493

Re: CRS328-24P-4S+RM vs hEX S RB760iGS

I think the CRS328 should do the job. We have one CRS354-48p running for a few months with a 1Gbps connection, but without any VPN and is working just fine. And CRS354 is having only 64Mb of ram and a slower CPU at twice the port number.
by gnro
Tue Aug 18, 2020 9:35 pm
Forum: Beginner Basics
Topic: Basic home network setup with multiple APs; some issues with cAPsMan [SOLVED]
Replies: 21
Views: 6859

Re: Basic home network setup with multiple APs; some issues with cAPsMan [SOLVED]

You need a config for every wlan interface at least.
by gnro
Tue Aug 18, 2020 8:30 am
Forum: Beginner Basics
Topic: CAPsMAN
Replies: 13
Views: 2272

Re: CAPsMAN

...and all ports from cap ac should be part of the bridge.
by gnro
Sat Dec 28, 2019 4:07 pm
Forum: Wireless Networking
Topic: CAP AC WiFi throughput
Replies: 3
Views: 3773

Re: CAP AC WiFi throughput

Check your laptop wireless card drivers and settings too.
by gnro
Sat Dec 28, 2019 12:09 am
Forum: Wireless Networking
Topic: Type of equipments (AP) needed for hotspot over 1000 users?
Replies: 11
Views: 8876

Re: Type of equipments (AP) needed for hotspot over 1000 users?

As @haik01 said the bandwidth used in average must be known in advance. - Best is to start with the map of the area (to see obstacles/buildings) and use cable connection to as many wireless points as you can. - Also overlapping "cells" at 15% as @DanielJB proposed - For more control and fa...
by gnro
Fri Dec 27, 2019 11:51 pm
Forum: Wireless Networking
Topic: How many concurrent wireless users can support?
Replies: 22
Views: 39999

Re: How many concurrent wireless users can support?

We are calculating around 30 wireless clients for wifi device for best results. We are also using Capsman with very good results. In your specific case I can recommend 3 or max 4, cap ac (RBcAPGi-5acD2nD) used with capsman from your router. This way you'll use 2.4G for 90% of your users now and 5G w...
by gnro
Thu Dec 19, 2019 4:04 pm
Forum: General
Topic: How to filter "ip firewall address-list"
Replies: 6
Views: 3294

Re: How to filter "ip firewall address-list"

Or using filter by address and not by address list name:
/ip firewall address-list print where address ~"46"

/ip firewall address-list print where address ~"192.168.1.[8]"

/ip firewall address-list print where address ~"55.[1]"
by gnro
Thu Dec 19, 2019 3:58 pm
Forum: General
Topic: How to filter "ip firewall address-list"
Replies: 6
Views: 3294

Re: How to filter "ip firewall address-list"

Hi,

I know it's an old topic, but the answer is simple using the list name:
/ip firewall address-list print where list="list_name"
by gnro
Mon Dec 09, 2019 11:25 pm
Forum: General
Topic: Problem with CCR1036-8G-2S+
Replies: 1
Views: 859

Re: Problem with CCR1036-8G-2S+

Try to downgrade to 6.45.7 or what version you had before upgrading to 6.46, talk to your distributor and if is not solved, open up a support ticket with Mikrotik.
by gnro
Mon Dec 09, 2019 11:14 am
Forum: Scripting
Topic: Script to Clean Firewall->Connections after public IP Changes
Replies: 4
Views: 5957

Re: Script to Clean Firewall->Connections after public IP Changes

In the script from http://www.farlock.org/mikrotik/mikroti ... itization/ you'll find some rules to clear connections. Maybe you can use it.
by gnro
Sun Dec 08, 2019 12:46 pm
Forum: Wireless Networking
Topic: HAP ac RB962UiGS-5HacT2HnT - client1<->AP<->client2 no more 150Mbit speed iperf3
Replies: 8
Views: 3372

Re: HAP ac RB962UiGS-5HacT2HnT - client1<->AP<->client2 no more 150Mbit speed iperf3

I think you have 2 problems with your setup: - You test the hap ac2 with 2 connected wireless, which splits your bandwidth, so 150Mbit is in fact 150Mbit IN and 150Mbit OUT from hap ac2 all on same channel - all wireless devices located so close together are making a lot more noise = lost bandwidth....
by gnro
Sun Dec 08, 2019 12:12 pm
Forum: General
Topic: [SOLVED] Where does TTL decrement happen?
Replies: 6
Views: 2280

Re: Where does TTL decrement happen?

So to answer with words, the TTL decrement is just after the routing decision, but before the mangle forward chain, that's why you had matches on both forward and postrouting chains, because the postrouting chain is after the forward chain.
by gnro
Sun Dec 08, 2019 12:02 pm
Forum: Beginner Basics
Topic: mikrotik routing between two dhcp servers [SOLVED]
Replies: 19
Views: 6940

Re: mikrotik routing between two dhcp servers [SOLVED]

The Home PC must be connected to one of the ether3, 4, 5, or to a switch connected on these ports. The Work PC must be connected to one of the ether17, 18 or to a switch connected on these ports. You must add: /ip route rule add dst-address=192.168.0.0/16 src-address=192.168.0.0/16 table=main place-...
by gnro
Sun Dec 08, 2019 11:42 am
Forum: General
Topic: CCR 1016 always reboot
Replies: 8
Views: 2092

Re: CCR 1016 always reboot

Can you please add more detail?

What's the output of:
/system health print
Did you look over the logs? Maybe it's not properly cooling, or has some other problem.
by gnro
Sun Dec 08, 2019 11:34 am
Forum: General
Topic: Dual ISP with no balancing but with forwarding some ports to lan
Replies: 3
Views: 1556

Re: Dual ISP with no balancing but with forwarding some ports to lan

For now, until I'll understand what's wrong with mangle/nat setup from above, I've added one more subnet on the Mikrotik, 10.0.0.0/24 on the same bridge as the 192.168.0.0/24. Same on the servers. I've doubled the nat rules for the servers this time specifying the external ip and added a new rule in...
by gnro
Sun Dec 08, 2019 10:15 am
Forum: General
Topic: Dual ISP with no balancing but with forwarding some ports to lan
Replies: 3
Views: 1556

Re: Dual ISP with no balancing but with forwarding some ports to lan

If your secondary ISP is for backup only, then why use PCC ? Why don't you just failover those two lines? If your ISP uses tunnels, most common PPPoE, simply add distance 1 to your primary and 2 to your secondary... If you are given static IPs, recursive failover is the way to go...* If you are beh...
by gnro
Sat Dec 07, 2019 11:16 pm
Forum: General
Topic: Dual ISP with no balancing but with forwarding some ports to lan
Replies: 3
Views: 1556

Dual ISP with no balancing but with forwarding some ports to lan

Hello, I have the following setup: - primary ISP1, static ip, 300Mbit connection (has rp_filter enabled) - secondary ISP2, static ip, 20Mbit connection (no rp_filter) I am forwarding some ports (same) from both ISP to some ip's on the lan. I'm using mangle for marking and routes with rules for both ...
by gnro
Sun Oct 06, 2019 5:53 pm
Forum: General
Topic: CCR1036 no link on sfpplus
Replies: 0
Views: 1249

CCR1036 no link on sfpplus

Hello, I have a CCR1036-12G-4S and a problem: I've tried to connect with SFN8200-2 copper cable with a CRS326-24G-2S+ and is not working. Also I've tried to connect with FTLX8571D3BCL from Finisar on both CCR and CRS ans is not working. Also I've tried to connect with copper cable and the Finisar gb...
by gnro
Sat Sep 08, 2018 3:13 pm
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 249
Views: 139075

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Waiting...

+1 UDP suport OpenVPN ovpn
+1 RouterOS v7 :-)