Community discussions

Search found 52 matches

  • 1
  • 2
by draid
Fri May 31, 2019 7:51 pm
Forum: Beginner Basics
Topic: DHCP Server problem
Replies: 1
Views: 284

DHCP Server problem

Hello guys, I found something really strange in the log of the main router recently. It appears that the DCHP server is giving ip addresses to the other Mikrotik devices and imminently after that it de assign them. So basically the log is full of this. The current setup is HEX S as main router -> 2x...
by draid
Fri Mar 15, 2019 8:05 pm
Forum: General
Topic: How to reach RouterOs (web or Winbox) via my static ip address from outside network
Replies: 24
Views: 1041

Re: How to reach RouterOs (web or Winbox) via my static ip address from outside network

I get it. You don't need to open WinBox port from everywhere, you can do it only for connections from VPN, e.g. with in-interface=<vpn client interface>.
Yes, that makes sense. Don't know how I missed it. I\ll definitely try it. Thank you.
by draid
Thu Mar 14, 2019 8:35 pm
Forum: General
Topic: How to reach RouterOs (web or Winbox) via my static ip address from outside network
Replies: 24
Views: 1041

Re: How to reach RouterOs (web or Winbox) via my static ip address from outside network

And about remote access, you have to open some port (VPN should be better than bare WinBox), otherwise you won't be able to connect. Yes, that is true, but along with the VPN port you need to do something with the winbox port if you want to use be able to log remotely through winbox on a client. Wh...
by draid
Wed Mar 13, 2019 9:42 pm
Forum: General
Topic: How to reach RouterOs (web or Winbox) via my static ip address from outside network
Replies: 24
Views: 1041

Re: How to reach RouterOs (web or Winbox) via my static ip address from outside network

I would like to ask which would be the best way to access the router remotely? I'm currently using OVPN but it still seems that the option isn't secure when the port is open? Am I right?
by draid
Wed Mar 13, 2019 7:52 pm
Forum: Beginner Basics
Topic: Daul wan with failover
Replies: 11
Views: 737

Re: Daul wan with failover

Hi RPI, the DHCP server settings, domain should be empty, not 8.8.4.4. You put 8.8.4.4 as 2nd DNS server if you click on the winbox on the DHCP server setting , but don;t put it into domain. In DHCP-CLIENT: you need to DISABLE "add default route" else router does always use default route! masquerad...
by draid
Tue Mar 12, 2019 10:46 pm
Forum: Beginner Basics
Topic: Daul wan with failover
Replies: 11
Views: 737

Re: Daul wan with failover

Hello, this is the configuration I'm using at the moment. I'm also using PPoE and Static address for ISP1/ISP2. Be aware that you can't use PPoE interface for recursive. /ip route add distance=1 gateway=10.1.1.1 //This can be any address but it has to be the same in the check-gateway //Main Link// a...
by draid
Sat Mar 09, 2019 12:22 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 85886

Re: Feature Request: OpenVPN [ovpn] udp tunnels

+1 for the UDP

And the silly duplicate package error is terribly annoying don't know why it isn't addressed.
by draid
Sat Feb 23, 2019 1:36 pm
Forum: Beginner Basics
Topic: Can't log to mikrotik via VPN
Replies: 0
Views: 257

Can't log to mikrotik via VPN

Hello guys, I've encountered the following problem with both OVPN and SSTP. After the initial set up of the server and the client I'm able to connect to the server and I have access to the local network behind the VPN server. I have access to one of the servers behind the Tik and I have ping to the ...
by draid
Tue Feb 19, 2019 10:00 pm
Forum: Beginner Basics
Topic: Open VPN duplicate packet
Replies: 2
Views: 268

Re: Open VPN duplicate packet

I was fighting with this recently. It turned out that there is no way to solve the problem or at least there isn't any information available. Here is the topic: https://forum.mikrotik.com/viewtopic.php?f=2&t=145145&p=715579#p715579 I'm still searching for a way to hide these specific echo warnings i...
by draid
Sat Feb 16, 2019 6:02 pm
Forum: General
Topic: Duplicate packet drop error - OpenVPN
Replies: 7
Views: 1977

Re: Duplicate packet drop error - OpenVPN

Most people running ovpn on MT have this error. Nobody knows why or how to fix it. Only how to hide it in logs. So your setup is OK. I have it on all MT routers I am running or tested ovpn on. Please stop responding if you have no input on the matter just to say "i think, it's because your connecti...
by draid
Tue Feb 12, 2019 7:12 pm
Forum: General
Topic: Duplicate packet drop error - OpenVPN
Replies: 7
Views: 1977

Re: Duplicate packet drop error - OpenVPN

Most people running ovpn on MT have this error. Nobody knows why or how to fix it. Only how to hide it in logs. So your setup is OK. I have it on all MT routers I am running or tested ovpn on. Please stop responding if you have no input on the matter just to say "i think, it's because your connecti...
by draid
Sun Feb 10, 2019 3:16 pm
Forum: General
Topic: Duplicate packet drop error - OpenVPN
Replies: 7
Views: 1977

Re: Duplicate packet drop error - OpenVPN

Hi Do you see it often? If not just ignore, it's informative, and Tik did the right thing already: dropped the duplicate. It might be the consequence of tcp over tcp: opvn tunnel on Tik is tcp based, and if tcp connection is run through the tunnel, that might cause some (unnecessary) retransmission...
by draid
Sun Feb 10, 2019 1:19 pm
Forum: General
Topic: Duplicate packet drop error - OpenVPN
Replies: 7
Views: 1977

Re: Duplicate packet drop error - OpenVPN

No one has any idea how to deal with this problem? I'm seriously stuck at this and the only thread I found with the same problem doesn't seems to deal with it.
by draid
Sat Feb 09, 2019 5:42 pm
Forum: General
Topic: Duplicate packet drop error - OpenVPN
Replies: 7
Views: 1977

Duplicate packet drop error - OpenVPN

Hello guys, Long story short, I've used OpenVPN on a server behind the mikrotik but I had few problems so I've decided to setup OVPN server on the mikrotik (Hex). I've made the settings and everything seemed to be ok but when the client is connected to the server the mikrotik logs the following erro...
by draid
Mon Feb 04, 2019 10:39 pm
Forum: Beginner Basics
Topic: Total Noob's Guide?
Replies: 2
Views: 275

Re: Total Noob's Guide?

I don't have a great experience with mikrotik but could you please tell us something more about your setup. Is the mikrotik behind another device, how do you normally connect is it PPPoE, etc. You may use the quick setup of the mikrotik which has few options that must work with all basic home setups...
by draid
Sun Jan 27, 2019 10:17 am
Forum: General
Topic: Port Knocking + OpenVPN
Replies: 2
Views: 414

Re: Port Knocking + OpenVPN

Perhaps you're right. It was set on the server as I was using UDP. But maybe I would look at setting up the VPN server to the mikrotik router and it'll resolve all of the mentioned problems.
by draid
Sat Jan 26, 2019 6:43 pm
Forum: General
Topic: Port Knocking + OpenVPN
Replies: 2
Views: 414

Port Knocking + OpenVPN

Helllo guys, As I wrote recently I'm using a VPN to connect remotely to my network/router in the name of a better security. There is an OpenVPN server installed on a linux server behind a mikrotik router. The Base path to the server is generally hexS -> hap ac^2 -> debian server with VPN. I was forw...
by draid
Sun Jan 20, 2019 6:28 pm
Forum: General
Topic: Using src-nat over masquarade (Static public addresses)
Replies: 2
Views: 335

Re: Using src-nat over masquarade (Static public addresses)

Well, basically I'm using the ADSL link only for back up as it's slower than the main link (30Mbps). Generally I used this recursive fail-over for more then a month with no visible problems. Every link checks one google and one open DNS address (in case some of them have problems) And if both hosts ...
by draid
Sat Jan 19, 2019 5:38 pm
Forum: General
Topic: Using src-nat over masquarade (Static public addresses)
Replies: 2
Views: 335

Using src-nat over masquarade (Static public addresses)

Hello guys, I have the following configuration at this moment: RB760iGS - x1 as main router (Eth0 for the main PPPoE link and Eth1 for the backup link which is behind ADSL modem) hAP ac^2 - x2 as AP bridges Both Main ISP and the BackUP ISP are providing static public addresses. Till now I was using ...
by draid
Fri Jan 18, 2019 9:31 pm
Forum: General
Topic: Strange IP addresses forwarded to internal server
Replies: 6
Views: 505

Re: Strange IP addresses forwarded to internal server

There is: use tls-auth. see https://community.openvpn.net/openvpn/wiki/Hardening But I don't think that OpenVPN on Tik supports that... My vpn runs off Tik Thanks for the link. I'll take a look at it. The VPN isn't on the tik, it runs on a omv server which is based on debian. The mikrotik only forw...
by draid
Thu Jan 17, 2019 7:36 pm
Forum: General
Topic: Strange IP addresses forwarded to internal server
Replies: 6
Views: 505

Re: Strange IP addresses forwarded to internal server

It's not that I don't trust it as someone who'd like to connect would need to obtain the certificates. I was just wondering if there is a way to increase the security in this case.
by draid
Wed Jan 16, 2019 9:35 pm
Forum: General
Topic: Strange IP addresses forwarded to internal server
Replies: 6
Views: 505

Re: Strange IP addresses forwarded to internal server

That rule will allow any IP address to connect to your VPN server, if you expose services on well known ports they will get scanned at some point. You could create an address list, e.g. 'VPNusers' and add src-address-list=VPNusers to the rule. This will prevent access to your VPN server if the addr...
by draid
Tue Jan 15, 2019 8:55 pm
Forum: General
Topic: Dual wan fail over, fail back not working
Replies: 8
Views: 582

Re: Dual wan fail over, fail back not working

That's normal consequence of masq & fail-over. When your primary comes back, existing connections gets routed over primary, but connection state is still linked to secondary. This results in masquerade not being applied, and leakage of private ip's to ISP. By manually disabling wan2, these connecti...
by draid
Tue Jan 15, 2019 8:42 pm
Forum: General
Topic: Strange IP addresses forwarded to internal server
Replies: 6
Views: 505

Strange IP addresses forwarded to internal server

Hello guys, I have the following configuration at the moment: 1. Main router - hEX S 2. AP/Bridge - hAP ac^2 x2 The main router (Dual WAN) is with default firewall rules (IMCP allowed only from local, everything except winbox is disabled) and both hAPs are reset with no configuration and set as AP (...
by draid
Sun Dec 16, 2018 4:25 pm
Forum: General
Topic: Mikrotik Dual WAN Failover
Replies: 35
Views: 4338

Re: Mikrotik Dual WAN Failover

This definitely needs to be addressed unless you only need it for the testing phase. Either give the server its own subnet or use a src-nat rule (/ip firewall nat add chain=srcnat action=src-nat protocol=udp dst-address=the.lan.ip.of.the.server dst-port=1194 to-addresses=the.ip.of.mikrotik.itself.i...
by draid
Sun Dec 16, 2018 1:06 pm
Forum: General
Topic: Mikrotik Dual WAN Failover
Replies: 35
Views: 4338

Re: Mikrotik Dual WAN Failover

Hello Sindy, I'm glad you've joined the conversation. I'm going to answer your questions in the order you posted them: The Eth1 is for the PPPoE and it's address is directly coming from the pppoe-out client assigned on Eth1. Eth2 is with static address behind the ADSL modem, however I tried the port...
by draid
Sun Dec 16, 2018 9:38 am
Forum: General
Topic: Mikrotik Dual WAN Failover
Replies: 35
Views: 4338

Re: Mikrotik Dual WAN Failover

Your firewall NAT rule looks okay, if you your destination ports are the same as the to ports, you can drop the to=ports and just have the to-adddresses. The Filter rule looks wrong, all you need is the following: add action=accept chain=forward comment=\ "Allow Port Forwarding - DSTNAT" connection...
by draid
Sat Dec 15, 2018 8:35 pm
Forum: General
Topic: Mikrotik Dual WAN Failover
Replies: 35
Views: 4338

Re: Mikrotik Dual WAN Failover

Greetings guys! I didn't had a lot of time recently, so the further configuration of the hAP was on hold. As the christmas holidays are getting closer I hope that I'll manage to finalize and test everything that I wanted to do with the router. Currently I think that the failover is finished and it's...
by draid
Sun Sep 23, 2018 2:28 pm
Forum: General
Topic: Mikrotik Dual WAN Failover
Replies: 35
Views: 4338

Re: Mikrotik Dual WAN Failover

What is the traffic volume through WAN2? Each route with check-gateway=ping generates one ping request and response every 10 seconds, maybe up to three requests when the monitored IP doesn't respond (which is how netwatch behaves so I'd expect the same approach to be reused also here). Another sour...
by draid
Sun Sep 23, 2018 10:01 am
Forum: General
Topic: Mikrotik Dual WAN Failover
Replies: 35
Views: 4338

Re: Mikrotik Dual WAN Failover

OK, so one possibility would be to use a script to generate a ton of routes for the whole range of remote address values the ISP provides. A better possibility is to use an on-up parameter of the /ppp profile to call a script to update the lowermost recursive route: /system script add name=update-p...
by draid
Sat Sep 22, 2018 10:50 pm
Forum: General
Topic: Mikrotik Dual WAN Failover
Replies: 35
Views: 4338

Re: Mikrotik Dual WAN Failover

Sadly today I saw that it's not only these two GWs. They are more then two (yesterday it took only two but today I saw another 2). I though it may be the server side that is the problem with the profile variant as it is trying to establish a connection and imminently afterwords it's terminated. Hone...
by draid
Sat Sep 22, 2018 8:08 pm
Forum: General
Topic: Mikrotik Dual WAN Failover
Replies: 35
Views: 4338

Re: Mikrotik Dual WAN Failover

For PPPoE (used at your WAN1), there is a script-less way which @Sob has described: you create a copy of /ppp profile named default, give it a name like my-pppoe-profile, and set the remote-address item in that new profile to some private address which isn't in conflict with any private subnet you ...
by draid
Sat Sep 22, 2018 11:09 am
Forum: General
Topic: Mikrotik Dual WAN Failover
Replies: 35
Views: 4338

Re: Mikrotik Dual WAN Failover

Yes I don't have problem with the WAN2 a its gateway is constant. I'm using the ADSL modem as GW and it won't change. The route to WAN2 is static. The only thing that is changing is the remote address of the PPPoE which I'm using as WAN1 (main link). The current set is: WAN 1 - Optic -> media conver...
by draid
Fri Sep 21, 2018 11:03 pm
Forum: General
Topic: Mikrotik Dual WAN Failover
Replies: 35
Views: 4338

Re: Mikrotik Dual WAN Failover

Hello guys, Thank you all for the precious help. Tonight I had some time to try the things up and everything seemed to work good with one exception. The remote address of the PPPoE is changing. It seems to be either 5 or 12 but it changes. So What I've done till now: /ip route add check-gateway=ping...
by draid
Mon Sep 17, 2018 8:04 am
Forum: General
Topic: Mikrotik Dual WAN Failover
Replies: 35
Views: 4338

Re: Mikrotik Dual WAN Failover

When I say "you must use as gateway the IP address provided by the PPPoE server", I have in mind the address which that PPPoE server provides as a gateway, not the one it assigns to you. Is it what you mean by "static address of the second ISP"? Normally, where you are a PPPoE client, the server as...
by draid
Sun Sep 16, 2018 6:10 pm
Forum: General
Topic: Mikrotik Dual WAN Failover
Replies: 35
Views: 4338

Re: Mikrotik Dual WAN Failover

First of all, the recursive routing on which the scriptless failover is based does not work if a route's gateway is set to anything else than an IP number anywhere in the recursive chain. So you cannot use the interface name ( PPPoE-out ) as a gateway for dst-address=8.8.8.8 , you have to use the I...
by draid
Sun Sep 16, 2018 2:56 pm
Forum: General
Topic: Mikrotik Dual WAN Failover
Replies: 35
Views: 4338

Re: Mikrotik Dual WAN Failover

Hello guys, I haven't had much time recently to play with the fail-over but today I had some time and I decided to test the fail-over scenario from the article sindy posted here. I think that I'm facing a problem and I'm not exactly sure where it comes from. First of all I want to say that I'm conti...
by draid
Mon Sep 03, 2018 10:41 pm
Forum: General
Topic: Mikrotik Dual WAN Failover
Replies: 35
Views: 4338

Re: Mikrotik Dual WAN Failover

PCC is for load balancing, from your description, you do not need that. Then I would also change the ADSL Modem to bridge mode and configure ADSL PPPoE on the Mikrotik. The do not use the "Add default Gateway"in the PPPoE settings, instead create static default routes with a distance of 1 and 2, 2 ...
by draid
Mon Sep 03, 2018 7:43 pm
Forum: General
Topic: Mikrotik Dual WAN Failover
Replies: 35
Views: 4338

Mikrotik Dual WAN Failover

Hello guys, I've recently bough a mikrotik router and the model I chose as let's say my teaching router thanks to the help of some colleagues from the forum is hAP ac2. If someone is interested of something about the need of the router - here is the thread I made https://forum.mikrotik.com/viewtopic...
by draid
Fri Aug 31, 2018 7:41 am
Forum: Beginner Basics
Topic: Locked Out of Mikrotik
Replies: 29
Views: 2847

Re: Locked Out of Mikrotik

Hey amte I managed to achieve the same thing but in a different way. Still I couldn't connect to the router via web or winbox including winbox mac so a the end I just made a reset of the device. I guess it'll be a bit paintful if you have a lot of settings but it's always an option.
by draid
Fri Aug 31, 2018 7:32 am
Forum: General
Topic: MikroTik routers question
Replies: 28
Views: 1846

Re: MikroTik routers question

I thought it might be the case. According to the releases I've got a bit confused about the bugfix and current versions but as the device came with 6.42.4 I thhought it's best to upgrade it to the last 6.42.7 version. I don't know why the bugfix version is 6.40.9? Is there a devices which can't get ...
by draid
Fri Aug 31, 2018 12:36 am
Forum: General
Topic: MikroTik routers question
Replies: 28
Views: 1846

Re: MikroTik routers question

@normis reiterated a few times that seemingly high temperatures are fine and longevity of units is not at stake. That being said, I've drilled a mesh of vent holes on both top surfaces (depending on where is the transparent stand mounted). I can't say it look cooler now but it surely runs cooler. I...
by draid
Thu Aug 30, 2018 10:38 pm
Forum: General
Topic: MikroTik routers question
Replies: 28
Views: 1846

Re: MikroTik routers question

Hello once again! I get my hands on the ac2 today and I had few hours to play with it. I've upgraded the OS and played with some settings. I've even enabled a second WAN port, I've managed to lose access to the router by removing port 2 from the bridge, but with port 5 it worked fine. I'm planning t...
by draid
Tue Aug 28, 2018 7:09 pm
Forum: General
Topic: MikroTik routers question
Replies: 28
Views: 1846

Re: MikroTik routers question

So it turns out that between the hEX S and the hAP ac2, the AP is the better choice. If you don't need SFP port. No, I have an optic in my cellar but from there to the main router it's copper. And still if I need I can always use a convertor. So I guess that now I'll try to find a hAP ac2 and I'll ...
by draid
Tue Aug 28, 2018 12:42 pm
Forum: General
Topic: MikroTik routers question
Replies: 28
Views: 1846

Re: MikroTik routers question

So it turns out that between the hEX S and the hAP ac2, the AP is the better choice.
by draid
Tue Aug 28, 2018 8:03 am
Forum: General
Topic: MikroTik routers question
Replies: 28
Views: 1846

Re: MikroTik routers question

Hello guys,

I don't really need the SFP port, so I can go without it. However isn't the hAP ac2 labled as an AP or it has the same functuionallity like the hEX S? Is it possible to use hAP ac2 as a router and another hAP ac2 as a pure AP?
by draid
Sun Aug 26, 2018 11:13 am
Forum: General
Topic: MikroTik routers question
Replies: 28
Views: 1846

Re: MikroTik routers question

Greetings mducharme, Thank you for your post. The truths is that I'm not planning to do "a lot"of IPsec traffic or generally to need high routing performance. Currently I'm using the VLAN only to separate the network. My initial goal was to just "upgrade" the current 480T with something more robust ...
by draid
Sat Aug 25, 2018 11:49 pm
Forum: General
Topic: MikroTik routers question
Replies: 28
Views: 1846

Re: MikroTik routers question

Hello guys, Sorry for the delay. I've being looking for different options. Would I get hEX S (RB760iGS) over 3011? I've heard that 3011 is an old model and it's the first one with ARM so it had few problems like when you connect 10/100/1000 and 10/100 on one side. As I see on the site it looks like ...
by draid
Wed Aug 22, 2018 9:01 pm
Forum: General
Topic: MikroTik routers question
Replies: 28
Views: 1846

Re: MikroTik routers question

Sorry for the lack of information. It is for a home, there are 5 PCs, 4TVs, 2 network printers, a server used mainly as storage server and a DVR. I'd prefer an Ethernet router with additional APs. to cover the areas where I need wifi. I'm using 2 VLANs for two different floors of a house. There are ...
  • 1
  • 2