Community discussions

MikroTik App

Search found 42 matches

by aleab
Fri Jun 26, 2020 12:48 pm
Forum: General
Topic: internale lan netmap
Replies: 5
Views: 1001

Re: internale lan netmap

work perfect
thank you
by aleab
Fri Jun 26, 2020 12:47 pm
Forum: General
Topic: openvpn client push request
Replies: 5
Views: 2697

Re: openvpn client push request

i think is a behavior of mikrotik openvpn server, because i see much tutorial on youtube and all of that have this behavior .
so is not a config can i manage.

i wait, is not a big problem...

thank you
by aleab
Thu Jun 25, 2020 7:47 pm
Forum: The Dude
Topic: show devices in a map listed
Replies: 0
Views: 454

show devices in a map listed

Hello, i'm testing dude, it's very great! now i'm monitor few routerOS and work fine. but for testing i have created a network maps called "ping test" i have added some devices (50 about) unrelated to each other , so for me is better have a list of devices instead of view a map... can i view devices...
by aleab
Thu Jun 11, 2020 7:35 pm
Forum: General
Topic: ikev2 assign always same "dynamic address" to same client
Replies: 24
Views: 2804

Re: ikev2 assign always same "dynamic address" to same client

so i can create vpn to this powershell command?

viewtopic.php?t=135647#p668516

i will try ... thank you in advance!!!!
by aleab
Thu Jun 11, 2020 12:05 pm
Forum: General
Topic: ikev2 assign always same "dynamic address" to same client
Replies: 24
Views: 2804

Re: ikev2 assign always same "dynamic address" to same client

sorry, but i'm an idiot...

i try to connect with another pc and works perfectly!!!!
i think the problem is on my laptop i have also a certificate of my CHR (that of my first post)
can i have only one ipsec ikev2 on a single pc/laptop?
or i was wrong on setup ikev2 server?

thank you
by aleab
Thu Jun 11, 2020 12:04 pm
Forum: General
Topic: ikev2 assign always same "dynamic address" to same client
Replies: 24
Views: 2804

Re: ikev2 assign always same "dynamic address" to same client

sorry, but i'm an idiot...

i try to connect with another pc and works perfectly!!!!
i think the problem is on my laptop i have also a certificate of my CHR (that of my first post)
can i have only one ipsec ikev2 on a single pc/laptop?
or i was wrong on setup ikev2 server?

thank you
by aleab
Wed Jun 10, 2020 2:52 pm
Forum: General
Topic: ikev2 assign always same "dynamic address" to same client
Replies: 24
Views: 2804

Re: ikev2 assign always same "dynamic address" to same client

ok, i understand . last question... so if i have this situation : my-laptop (192.168.1.3) | LAN 192.168.1.1 router isp @ home (NAT) WAN IP DINAMIC <- - - - - - - INTERNET - - - - - - > WAN STATIC IP router isp @ office (NAT) with port forwarding on mikrotik 192.168.2.2 LAN ROUTER ISP 192.168.2.1 | W...
by aleab
Tue Jun 09, 2020 11:43 pm
Forum: General
Topic: ikev2 assign always same "dynamic address" to same client
Replies: 24
Views: 2804

Re: ikev2 assign always same "dynamic address" to same client

yes, i resetup all and works if you described... sorry, for i ask again but it's related. (if you prefer i can open a new thread) i setup an ikev2 on my router in office (this time as a server) but mikrotik is behind a NAT (isp router , that i can't touch) now i would connect with my laptop (also be...
by aleab
Sun Jun 07, 2020 5:01 pm
Forum: General
Topic: ikev2 assign always same "dynamic address" to same client
Replies: 24
Views: 2804

Re: ikev2 assign always same "dynamic address" to same client

thank you, now works!!!
i found problem, when i create certificate i dont't select key usage (digital signature)
now i create new cert with that option with common name abc.deg.xyz and now works.

thank you again
by aleab
Sun Jun 07, 2020 1:47 pm
Forum: General
Topic: ikev2 assign always same "dynamic address" to same client
Replies: 24
Views: 2804

Re: ikev2 assign always same "dynamic address" to same client

maybe fqdn is present on certificate?
can i use "key id"? is similar to password or secret that is same on both side?

thank you again
by aleab
Sun Jun 07, 2020 1:39 pm
Forum: General
Topic: ikev2 assign always same "dynamic address" to same client
Replies: 24
Views: 2804

Re: ikev2 assign always same "dynamic address" to same client

thank you for advice, next time i correct also domain name... ok, i have deleted the row add exchange-mode=ike2 name=ike2-office passive=yes profile=ike2 send-initial-contact=no now i have only 1 peer add exchange-mode=ike2 name=ike2 passive=yes profile=ike2 send-initial-contact=no in identties now ...
by aleab
Sun Jun 07, 2020 1:22 am
Forum: General
Topic: ikev2 assign always same "dynamic address" to same client
Replies: 24
Views: 2804

Re: ikev2 assign always same "dynamic address" to same client

ok, i setup again and i have same issue .... identity not found for peer: FQDN: office.ab-tech.it ... this is server CHR # jun/07/2020 00:10:25 by RouterOS 6.45.9 # software id = # # # /interface bridge add name=bridge add name=bridge-loopback-ipsec /interface ethernet set [ find default-name=ether1...
by aleab
Sun Jun 07, 2020 12:31 am
Forum: General
Topic: ikev2 assign always same "dynamic address" to same client
Replies: 24
Views: 2804

Re: ikev2 assign always same "dynamic address" to same client

ok, this is configuration before my first post # jun/06/2020 23:20:15 by RouterOS 6.45.9 # software id = # # # /interface bridge add name=bridge add name=bridge-loopback-ipsec /interface ethernet set [ find default-name=ether1 ] disable-running-check=no /interface wireless security-profiles set [ fi...
by aleab
Sat Jun 06, 2020 10:58 pm
Forum: General
Topic: ikev2 assign always same "dynamic address" to same client
Replies: 24
Views: 2804

Re: ikev2 assign always same "dynamic address" to same client

thank you for replay, but i don't understand... i try to set: on responder (server chr) peer: ike2-office auth method: digital signature certificate: server1-ipsec my id type: auto remote id type: office.mydomain.tld match by: remote id mode config : ike2-office (where i set "static" local ip addres...
by aleab
Sat Jun 06, 2020 7:32 pm
Forum: General
Topic: ikev2 assign always same "dynamic address" to same client
Replies: 24
Views: 2804

Re: ikev2 assign always same "dynamic address" to same client

thank you for reply. but i try to create several mod config (with different pool or single address) and identity, but remote client have not static ip so sometimes client1 when connect takes client2 ip... maybe in identity can i set match by certificate (now is remote id) ? or i must create more pee...
by aleab
Fri Jun 05, 2020 10:23 pm
Forum: General
Topic: ikev2 assign always same "dynamic address" to same client
Replies: 24
Views: 2804

ikev2 assign always same "dynamic address" to same client

Hello, i have this configuration on my chr server /interface bridge add name=bridge-loopback-ipsec /ip address add address=10.115.210.1/24 interface=bridge-loopback-ipsec network=10.115.210.0 /ip pool add name=ipsec-pool ranges=10.115.210.2-10.115.210.200 /ip ipsec profile add name=ike2 /ip ipsec pr...
by aleab
Sun May 31, 2020 12:29 am
Forum: General
Topic: openvpn client push request
Replies: 5
Views: 2697

Re: openvpn client push request

i don't have find any solution. can you post how do you solve? i use this script to configure ovpn server /certificate add name=CA country="IT" state="IT" locality="IT" organization="home" unit="mk" common-name="CA" key-size=4096 days-valid=3650 key-usage=crl-sign,key-cert-sign /certificate sign CA ...
by aleab
Mon May 11, 2020 7:42 pm
Forum: General
Topic: cAP ac bricked after update - netinstall not working
Replies: 8
Views: 2768

Re: cAP ac bricked after update - netinstall not working

I also confirm.
on my win 10 64 bit netinstall not work.

i installed win xp on virtualbox (bridged) and now my cap ac is unbricked! and can boot!
thank you
by aleab
Sat May 09, 2020 11:53 am
Forum: General
Topic: internale lan netmap
Replies: 5
Views: 1001

Re: internale lan netmap

ok, thank you. i have a "normal" lan with more devices but is a single class, so for now i don't need to setup particular interface or remote address.

i will try this and then post if works.

thank you again
by aleab
Sat May 09, 2020 9:49 am
Forum: General
Topic: internale lan netmap
Replies: 5
Views: 1001

Re: internale lan netmap

ok thank you fo reply. so it's correct use this rules (both direction) /ip firewall nat add chain=dstnat dst-address=192.168.89.0/24 action=netmap to-addresses=192.168.88.0/24 /ip firewall nat add chain=srcnat dst-address=192.168.88.0/24 action=netmap to-addresses=192.168.89.0/24 or i add other rule...
by aleab
Fri May 08, 2020 10:31 pm
Forum: General
Topic: internale lan netmap
Replies: 5
Views: 1001

internale lan netmap

Hello, i have a very simple configuration. so quick set ether1 WAN DHCP from isp , ether2-5 LAN with ip 192.168.88.1 DHCP 2-100 some devices in LAN have DHCP ip , other static ip with 192.168.88.0/24. can i setup a netmap or other function (ex dstnat o srcnat) to call my devices with another class? ...
by aleab
Fri May 08, 2020 7:50 pm
Forum: Beginner Basics
Topic: openvpn client and remote same network
Replies: 9
Views: 2649

Re: openvpn client and remote same network

thank you for reply.

so i can't setup a secondary LAN class and access simultaneously without "touch" devices?
i think a similar to masquerade .... i try to add masquerade rules but don't work...

thank you
by aleab
Fri May 08, 2020 1:08 pm
Forum: Beginner Basics
Topic: openvpn client and remote same network
Replies: 9
Views: 2649

Re: openvpn client and remote same network

seems work in strange mode... i explain. if i setup a netmap from local LAN i can ping 192.168.3.100 but i can't access to \\192.168.3.100\share idem from example printet i can ping 192.168.3.101 but i can "visit" webgae at http://192.168.3.101 of course with 192.168.1.100 or 101 works fine. thank you
by aleab
Wed May 06, 2020 9:02 am
Forum: Beginner Basics
Topic: openvpn client and remote same network
Replies: 9
Views: 2649

Re: openvpn client and remote same network

if you feel that i should open a new post feel free to divide... sorry, but i need some help with this setup . as i described i have this situation in office mikrotik as router lan 192.168.1.0/24 local server 192.168.1.100 when a colleague connect with openvpn and at his home have same subnet 192.16...
by aleab
Mon May 04, 2020 11:45 am
Forum: Scripting
Topic: delete address list old than 7 days
Replies: 13
Views: 2657

Re: delete address list old than 7 days

Not sure why its not working, but since you already have the ID of the line to delete, just use the ID like this: { :foreach i in=[/ip firewall address-list find where creation-time~"apr" && list~"mylist"] do={ :local address [/ip firewall address-list get $i address] :log info "Removing $address i...
by aleab
Sat May 02, 2020 7:17 pm
Forum: Scripting
Topic: delete address list old than 7 days
Replies: 13
Views: 2657

Re: delete address list old than 7 days

sorry, but my script seems not work. i added a log, so script is :foreach i in=[/ip firewall address-list find where creation-time~"apr" and list="mylist"] do={ :local address [/ip firewall address-list get $i address] :log info "Removing $address in mylist" /ip firewall address-list remove [find li...
by aleab
Fri Apr 24, 2020 4:36 pm
Forum: Scripting
Topic: delete address list old than 7 days
Replies: 13
Views: 2657

Re: delete address list old than 7 days

ok thank you
is not a problem, i try to set search for month and wait next month to try it

thank you again
by aleab
Fri Apr 24, 2020 10:35 am
Forum: Scripting
Topic: delete address list old than 7 days
Replies: 13
Views: 2657

Re: delete address list old than 7 days

yes, of course.

i did that , but now i no have entries with "mar". next month i will try to "apr"

thank you
by aleab
Thu Apr 23, 2020 11:48 am
Forum: Scripting
Topic: delete address list old than 7 days
Replies: 13
Views: 2657

Re: delete address list old than 7 days

sorry, but i think that function is for files, not for address list... i'm reading link posted before, but i think is more complex ... can help if i would delete entries for past month? so now is april, can i delete all entries for march? :foreach i in=[/ip firewall address-list print where creation...
by aleab
Mon Apr 20, 2020 7:17 am
Forum: Scripting
Topic: delete address list old than 7 days
Replies: 13
Views: 2657

Re: delete address list old than 7 days

sorry,
yes i need to delete a existing entries...

i think plan to use dynamic but they dont persist at reboot...

thank you
by aleab
Sun Apr 19, 2020 8:16 pm
Forum: Scripting
Topic: delete address list old than 7 days
Replies: 13
Views: 2657

delete address list old than 7 days

Can i set a script to delete all items older than 7 days in a specific address list?

thank you
by aleab
Sat Nov 09, 2019 11:03 am
Forum: General
Topic: openvpn client push request
Replies: 5
Views: 2697

openvpn client push request

Hello, i have a mikroitk as openvpn server. and work fine but i noticed that initial connection it's a little slow... in log on client i find... Sat Nov 09 09:54:13 2019 [server] Peer Connection Initiated with [AF_INET]1.2.3.4:1194 Sat Nov 09 09:54:14 2019 MANAGEMENT: >STATE:1573289654,GET_CONFIG,,,...
by aleab
Tue Sep 03, 2019 10:37 am
Forum: General
Topic: OpenVPN move to another Board [SOLVED]
Replies: 4
Views: 1423

Re: OpenVPN move to another Board [SOLVED]

Sorry, i 'm a idiot... works fine, it was enough to restart the mikrotik... so, recap to move openvpn from old mikrotik to new mikrotik on old mikrotik /certificate export-certificate CA export-passphrase="12345678" /certificate export-certificate client1 export-passphrase="12345678" /certificate ex...
by aleab
Tue Sep 03, 2019 12:56 am
Forum: General
Topic: OpenVPN move to another Board [SOLVED]
Replies: 4
Views: 1423

Re: OpenVPN move to another Board [SOLVED]

i see when i import a CA.crt creates automatically a CRL
http://127.0.0.1/crl/1.crl
would be that?

thank you
by aleab
Tue Sep 03, 2019 12:18 am
Forum: General
Topic: OpenVPN move to another Board [SOLVED]
Replies: 4
Views: 1423

Re: OpenVPN move to another Board [SOLVED]

thank you for reply @sebastia but if i try to import only key (without crt) [admin@MikroTik] > /certificate import file-name=server.key passphrase=12345678 certificates-imported: 0 private-keys-imported: 0 files-imported: 0 decryption-failures: 0 keys-with-no-certificate: 0 doesn't import anything.....
by aleab
Mon Sep 02, 2019 6:34 pm
Forum: General
Topic: OpenVPN move to another Board [SOLVED]
Replies: 4
Views: 1423

OpenVPN move to another Board [SOLVED]

Hello, i have a RB941-2nD and I have just purchased RBD52G-5HacD2HnD-TC. my configuration is simple but i have set ovpn server. can i move certificates from "old" mikrotik to new? i searched and i found something but is still not working... i try to do this on old mikrotik /certificate export-certif...
by aleab
Sun Sep 30, 2018 11:13 pm
Forum: Beginner Basics
Topic: openvpn client and remote same network
Replies: 9
Views: 2649

Re: openvpn client and remote same network

i found the solution... i add a simple rules in ip - firewall nat tab add rules chain: dstnat Dst.Address: 192.168.147.0/24 ( fake lan) Tab Action Action: netmap To Addresses: 192.168.1.0/24 (real lan) now when i connect with openvpn client i can ping 192.168.147.1 or ping 192.168.1.1 (mikrotik rout...
by aleab
Wed Sep 26, 2018 9:31 am
Forum: Beginner Basics
Topic: openvpn client and remote same network
Replies: 9
Views: 2649

Re: openvpn client and remote same network

ok, thank you. so i have a dhcp 10 to 19 for vpn users end 20 to 229 to "local lan" users, correct? but if i have a printer with satic ip 172.16.20.20.240 and with my notebook i'm in a same lan 172.16.20.20.0/24 and in connect in openvpn roadwarrior. unfortunately there is a device with ip 172.16.20...
by aleab
Tue Sep 25, 2018 2:41 pm
Forum: Beginner Basics
Topic: openvpn client and remote same network
Replies: 9
Views: 2649

Re: openvpn client and remote same network

can anyone show me a guide to learn about this rules?

thank in advance
Ale
by aleab
Sat Sep 22, 2018 6:23 pm
Forum: Beginner Basics
Topic: openvpn client and remote same network
Replies: 9
Views: 2649

openvpn client and remote same network

Hello, i'm new on mikrotik and now i use it for testing but is very good product. i installed a mikrotik on my office because i need a vpn where i'm outside of office. configured and works like a charm... but i have this problem. lan on mikrotik is "classic" 192.168.1.0/24 and i wan't change it becu...