Community discussions

MUM Europe 2020

Search found 19 matches

by szt
Sun Jan 05, 2020 12:24 am
Forum: Beginner Basics
Topic: is this really a "cloud router" ?
Replies: 26
Views: 2775

Re: is this really a "cloud router" ?

BTW ad "ComCast Business gateway" - do you really need it? Two years ago I replaced three such gateways by combo [Mikrotik Router(20USD one-time) + cheapest generic Cable modem bought at Target or such similar store (60USD one-time)]. Total cost 80USD one-time investment per combo, instead of 10USD ...
by szt
Sun Jan 05, 2020 12:16 am
Forum: Beginner Basics
Topic: is this really a "cloud router" ?
Replies: 26
Views: 2775

Re: is this really a "cloud router" ?

ad "It would have to work that way. I can't imagine that they would want to act as the man-in-the-middle for tens of thousands of simultaneous connections." Easy to determine - try to run "netstat -f" command during such TeamViewer session. I bet you will see at least one connection opened to TeamVi...
by szt
Sun Jan 05, 2020 12:15 am
Forum: Beginner Basics
Topic: is this really a "cloud router" ?
Replies: 26
Views: 2775

Re: is this really a "cloud router" ?

Yeah, "Dozens of possible solutions actually." - but why to use unnecessarily complex solution, instead of one cheap/free VPS, one SSTP VPN and two NATs and quarter of hour total deployment time? TeamViewer specifically is not a free product. AWS VPS is totally free for one year. Enough time to test...
by szt
Sat Jan 04, 2020 11:15 pm
Forum: Beginner Basics
Topic: is this really a "cloud router" ?
Replies: 26
Views: 2775

Re: is this really a "cloud router" ?

AWS is not necessary, you can use any VPS. Consider AWS only as example. Generally, 1 shared core and 128MB RAM (plus public IP) is enoung for running a Mikrotik CHR (https://wiki.mikrotik.com/wiki/Manual:CHR#CHR_has_been_tested_on_the_following_platforms:) instance. Such VPS could be obtained for a...
by szt
Sat Jan 04, 2020 9:12 pm
Forum: Beginner Basics
Topic: is this really a "cloud router" ?
Replies: 26
Views: 2775

Re: is this really a "cloud router" ?

With some basic networking knowledge/experience, you can deploy your own cloud controller on VPS using Microtik CHR instance - even AWS EC2 t2.micro instance (1year free ) is enough, including static public IPv4 address. Mikrotik CHR appliance is also free (https://aws.amazon.com/marketplace/pp/B01E...
by szt
Sun Jan 20, 2019 6:15 pm
Forum: General
Topic: Ikev2 + Eap Radius + Windows 10 Not Working - But Working On Apple Devices
Replies: 20
Views: 3392

Re: Ikev2 + Eap Radius + Windows 10 Not Working - But Working On Apple Devices

Is the "certificate" option available in 6.44beta61 ?

It seems like CLI does not recognize this parameter …

[admin@ip-172-31-36-160.eu-west-3.compute.internal] > /ip ipsec peer set certificate=certificate.crt,ca_bundle.crt
expected end of command (line 1 column 31)
by szt
Thu Dec 27, 2018 10:56 am
Forum: General
Topic: Cannot connect to L2TP server from Windows 7: no suitable proposal found [SOLVED]
Replies: 3
Views: 1023

Re: Cannot connect to L2TP server from Windows 7: no suitable proposal found [SOLVED]

please post the whole config here (by /export hide-sensitive command)
please enable ipsec debug blog (by /system logging add topics=ipsec) command

and in case there is NAT between server and client: google "AssumeUDPEncapsulationContextOnSendRule"
by szt
Thu Sep 06, 2018 11:52 pm
Forum: Beginner Basics
Topic: VPN only lets me access my router from internal IP
Replies: 5
Views: 966

Re: VPN only lets me access my router from internal IP

Do you have proxy-arp enabled on your "bridge" interface? Hint: google "mikrotik sstp vpn proxy-arp" And please have a look at https://forum.mikrotik.com/viewtopic.php?t=114422 and search for "proxy-arp" string on that page. BTW, your ether2 is member of "bridge" bridge. /interface bridge port add b...
by szt
Thu Sep 06, 2018 11:31 pm
Forum: General
Topic: Transferring L4 license from dead rb411 to new rb411
Replies: 8
Views: 881

Re: Transferring L4 license from dead rb411 to new rb411

Please see https://wiki.mikrotik.com/wiki/Manual:License#RouterBOARD_and_PC_license, section: Q:I lost my RouterBOARD, can you give me the license to use on another system? A:The RouterBOARD comes with an embedded license. You cannot move this license to a new system in any way, this includes upgrad...
by szt
Sun Aug 19, 2018 11:45 pm
Forum: General
Topic: Need help making a RB2011 pass outside IP address info to local LAN addresses
Replies: 8
Views: 683

Re: Need help making a RB2011 pass outside IP address info to local LAN addresses

Thanks for your explanation and report, so let's correct another bugs in your config. add action=accept chain=input comment="defconf: drop all from WAN" in-interface=all-ethernet is another buggy rule - first of all, like some rule mentioned in my previous post, this rule has also comment (drop) whi...
by szt
Sun Aug 19, 2018 7:02 pm
Forum: General
Topic: routeros hacked again
Replies: 17
Views: 3719

Re: routeros hacked again

Have you changed your passwords ? The most probable explanation of repeated hack is repeated using of previously leaked password.
by szt
Sun Aug 19, 2018 4:51 pm
Forum: General
Topic: Need help making a RB2011 pass outside IP address info to local LAN addresses
Replies: 8
Views: 683

Re: Need help making a RB2011 pass outside IP address info to local LAN addresses

Some bad news - your configuration deserves some fixes due to security reasons (and some simplifications to make it more readable, too.) First of all, add action=accept chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=invalid in-interface=...
by szt
Sun Aug 19, 2018 10:24 am
Forum: Beginner Basics
Topic: cant access my second webserver on Public side
Replies: 1
Views: 324

Re: cant access my second webserver on Public side

Please export your whole configuration here by ("/export hide-sensitive") command Also, make sure you have DSTNATed connections allowed in your firewall forward chain. add action=accept chain=forward comment="allow DSTNATed" connection-nat-state=dstnat connection-state=new in-interface=Wan -- BTW, a...
by szt
Mon Aug 13, 2018 9:48 pm
Forum: Beginner Basics
Topic: IP Firewall
Replies: 6
Views: 2080

Re: IP Firewall

You should use "forward" chain instead of "input" chain. "Input" chain is linked only to packets which are terminated on your Mikrotik. "Forward" chain is linked to packets which goes through your Mikrotik. Or, from a different point of view, your intention is to filter packets which are _forwarded_...
by szt
Sun Aug 12, 2018 6:53 pm
Forum: Beginner Basics
Topic: No Internet Connection on my new setup
Replies: 9
Views: 1337

Re: No Internet Connection on my new setup

Q:How do i set an static IP on the WAN/ether1 interface of the mikrotik router? A:When the modem has DHCP server, do not need to set static IP, you can set mikrotik to act as dhcp client on ether1 by ip dhcp-client add interface=ether1 disabled=no default-route-distance=1 which is currently in your ...
by szt
Sun Aug 12, 2018 6:16 pm
Forum: Beginner Basics
Topic: No Internet Connection on my new setup
Replies: 9
Views: 1337

Re: No Internet Connection on my new setup

Thanks for the picture. So, now it is clear that you want to use your Mikrotik as a router. Could you please add intended IP addresses to your picture (to all interfaces) ? It would be very helpful for further configuration. Here https://ibb.co/fyyAWU is my suggestion, you may choose another, but re...
by szt
Sun Aug 12, 2018 5:55 pm
Forum: Beginner Basics
Topic: No Internet Connection on my new setup
Replies: 9
Views: 1337

Re: No Internet Connection on my new setup

Thanks for the configuration. What about the 192.168.0.0/24 on both brigde1 and WAN interfaces ? Each interface should be on different subnet.

You configuration is strange mix of AP only and AP+router configuration. First of all, do you want your Mikrotik to act as AP only, or as AP+router ?
by szt
Sun Aug 12, 2018 5:16 pm
Forum: Beginner Basics
Topic: No Internet Connection on my new setup
Replies: 9
Views: 1337

Re: No Internet Connection on my new setup

Could you please export and post here the whole configuration ? (by "/export hide-sensitive file=config" command) ? Generally, bridge/PPPoE interface is a virtual interface upon physical ether1 port of your Mikrotik. When change to fiber modem, you should set correct addresses (or DHCP clients (by "...
by szt
Sat Aug 11, 2018 10:55 pm
Forum: Wireless Networking
Topic: STA device strange behavior
Replies: 3
Views: 496

Re: STA device strange behavior

Are you sure that the device had obtained IP address from Mikrotik's DHCP ? Can you please attach a screenshot of IP/DHCP Server/Leases ?