Community discussions

MikroTik App

Search found 21 matches

by Farseer
Wed Sep 02, 2020 5:28 pm
Forum: General
Topic: Help with VLAN Trunk
Replies: 5
Views: 462

Re: Help with VLAN Trunk

Resolved : My initial problem was having my vlan3777 on it's own bridge, but that made it unable to communicate with the default lan network of 192.168.1.0/24 and devices couldn't get an IP (due to the switch being not-configured at that time). I then spent a lot of time trying to do X and Y to reso...
by Farseer
Wed Sep 02, 2020 3:49 pm
Forum: General
Topic: Help with VLAN Trunk
Replies: 5
Views: 462

Re: Help with VLAN Trunk

Hi, So as it turns out, the switch that I have is a L2 Managed switch. I set it up on a static IP on my .1 range, and accessed it. I am now in a weird situation at the moment and I don't understand why the following is happening : My DLink Switch config : 802.1Q VLAN mode enabled Ports 1-3 and 5-8 s...
by Farseer
Mon Aug 31, 2020 8:20 pm
Forum: General
Topic: Help with VLAN Trunk
Replies: 5
Views: 462

Re: Help with VLAN Trunk

Then ether4 on the router is a trunk port passing all vlans....................... Since the switch now handles the vlan routing out its ports to the unifi APs etc, it will handle the difference between tagged and untagged frames not the router. Also since your doing it in switch port I cannot comm...
by Farseer
Sun Aug 30, 2020 6:01 pm
Forum: General
Topic: Help with VLAN Trunk
Replies: 5
Views: 462

Help with VLAN Trunk

Hi, I have a site where I have a Mikrotik router with 2 UniFi AP's connected on Ether4/5 of the LAN Ports. These 2 AP's would broadcast 2 SSID's, with the guest one being on VLAN 3777. Things were ok, but I have recently added some hardware like an 8-Port Gigabit PoE Switch and an additional AP. So ...
by Farseer
Sat Jul 06, 2019 4:18 pm
Forum: General
Topic: IPSec VPN tunnels not working when upgraded to 6.45.1
Replies: 8
Views: 6182

Re: IPSec VPN tunnels not working when upgraded to 6.45.1

Alright so I managed to get it to work. I was basically playing around with the settings and found that : 1) 0.0.0.0 on SA SRC address is not an issue, if phase2 connects the tunnel will work. 2) I went into IPSec > Peers and set Local Address as first, the ip of the router on that end of the tunnel...
by Farseer
Sat Jul 06, 2019 3:23 pm
Forum: General
Topic: IPSec VPN tunnels not working when upgraded to 6.45.1
Replies: 8
Views: 6182

IPSec VPN tunnels not working when upgraded to 6.45.1

Hi, So I have 1 HO, and 2 branches and previously these devices were on 6.43.12 and connected from the individual branch to the HO via IPSec VPN. Had almost no issues for a long time but with occasional hiccups. Today I upgraded all the devices to 6.45.1. Here is what I did and what happened : 1) Up...
by Farseer
Sun May 26, 2019 6:40 pm
Forum: General
Topic: Trying to change IPSEC Peers from main to aggressive, getting an error I dont understand.
Replies: 9
Views: 2589

Re: Trying to change IPSEC Peers from main to aggressive, getting an error I dont understand.

Thanks Sindy. I set the nat-traversal to yes in ip > ipsec > peer profile on all 3 devices. Seems to be working but i only recently stopped the pinging from the main branch to the branches. Let me see how it goes. In regards to the firewall, I keep Winbox open as that is how I access the devices sin...
by Farseer
Sun May 26, 2019 5:08 pm
Forum: General
Topic: Trying to change IPSEC Peers from main to aggressive, getting an error I dont understand.
Replies: 9
Views: 2589

Re: Trying to change IPSEC Peers from main to aggressive, getting an error I dont understand.

Hi @sindy , here is the code for the export on the main branch : /export hide-sensitive # may/26/2019 HIDDEN by RouterOS 6.43.12 # software id = SMRR-9LV5 # # model = 951G-2HnD # serial number = HIDDEN /interface bridge add admin-mac=HIDDEN auto-mac=no comment=defconf name=bridge /interface wireless...
by Farseer
Sun May 26, 2019 1:08 pm
Forum: General
Topic: Trying to change IPSEC Peers from main to aggressive, getting an error I dont understand.
Replies: 9
Views: 2589

Re: Trying to change IPSEC Peers from main to aggressive, getting an error I dont understand.

Hi @sindy , Thanks for the reply and sorry about the lack of information and misinterpretation from my side. To answer your questions : 1) All 3 devices are Mikrotik devices on the same firmware and the same model. 2) There is a NAT on the main branch (a different device from the ISP on its own sepa...
by Farseer
Sun May 26, 2019 12:20 pm
Forum: General
Topic: Trying to change IPSEC Peers from main to aggressive, getting an error I dont understand.
Replies: 9
Views: 2589

Trying to change IPSEC Peers from main to aggressive, getting an error I dont understand.

Hi, I have IPSec VPN tunnels going from 2 branches to a main branch. The exchange mode is set as Main, and whilst this works, there is an issue that if there is no connection from the Main Branch to any of the branches, then those branches cannot ping or access anything on the main branch. So my sol...
by Farseer
Fri Mar 29, 2019 8:04 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 106721

Re: v6.45beta [testing] is released!

@emils

Is the scenario sufficient for IPSec sa-dst/src-address hostname name usage?
by Farseer
Mon Mar 18, 2019 3:18 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 106721

Re: v6.45beta [testing] is released!

In what scenario? If it's road warrior (typical when src is unknown or when src has dynamic IP) then policies should be already auto generated. In the scenario where an ISP doesn't provide a static IP to it's client, instead using Dynamic IP or PPPoE with a dynamic IP. In such cases, a DDNS hostnam...
by Farseer
Mon Mar 18, 2019 2:15 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 106721

Re: v6.45beta [testing] is released!

For this patch, could you allow sa-dst-address and sa-src-address in IPSec to accept DDNS names? It's great and all to create scripts and to put it on a scheduler to resolve the ip's and update those fields, but can't it just accept the ddns name/cloud host name instead?
by Farseer
Fri Feb 22, 2019 6:31 pm
Forum: General
Topic: Accidentally updated router firmware to long term 6.42.12
Replies: 2
Views: 824

Accidentally updated router firmware to long term 6.42.12

Hello. So I decided to update the firmware on a couple of Mikrotik devices to the latest stable 6.43.12. I opened multiple WinBOX sessions, 1 to each site, and started the firmware update process. Accidentally, one of the sites was set on long term channel, and the router "updated" to a lo...
by Farseer
Wed Feb 20, 2019 4:07 pm
Forum: General
Topic: IPSEC dynamic peer ip
Replies: 11
Views: 8713

Re: IPSEC dynamic peer ip

Ok I did not look into the script exactly, but AFAIK it is not implemented in RouterOS to connect with a remote that has a dynamic IP (identify it via remote ID or certificate) and then use that association without fixup via some script. Using DDNS is kind of a workaround for that problem, but it w...
by Farseer
Wed Feb 20, 2019 3:13 pm
Forum: General
Topic: IPSEC dynamic peer ip
Replies: 11
Views: 8713

Re: IPSEC dynamic peer ip

Thank you for your answer and script, I will check it. Does someone know how then dynamic policy works with ipsec? With that script running with a scheduler, every minute it will check for the DDNS names you entered and update the SA SRC and DST addresses. in IPsec > Peer, just set the address as t...
by Farseer
Wed Feb 20, 2019 1:37 pm
Forum: General
Topic: IPSEC dynamic peer ip
Replies: 11
Views: 8713

Re: IPSEC dynamic peer ip

Hi, As far as I know, RouterOS doesn't have a way to update the SA Src. Address and SA Dst. Address if any of the sites is on Dynamic IP. The solution to this is to create a script, test it out manually, and if its fine, put it on a scheduler to run every minute. Here is a script that I used, can be...
by Farseer
Sat Feb 16, 2019 11:10 am
Forum: General
Topic: Routing L2TP/IPSEC
Replies: 4
Views: 977

Re: Routing L2TP/IPSEC

Can you clarify a bit more if possible : 1) is the VPN already established between the hexes? 2) is your question specifically about routing traffic between them or getting the VPN to setup properly? I managed to get the following up and running for one of my clients via IPSec to site A : https://im...
by Farseer
Mon Feb 11, 2019 7:02 pm
Forum: General
Topic: Need a bit of help with VPN + additional info/question
Replies: 3
Views: 898

Re: Need a bit of help with VPN + additional info/question

If one of the routers lacks a public IP... connect that one using L2TP then setup a encryption inside that connection. Hi, Thanks for the reply. None of the Routers at Site A or B or C lack a public IP, the issue is that the public IP changes for 1 or more of the sites based on the WAN connectivity...
by Farseer
Mon Feb 11, 2019 5:55 pm
Forum: General
Topic: Need a bit of help with VPN + additional info/question
Replies: 3
Views: 898

Need a bit of help with VPN + additional info/question

Hello, first time poster here. I apologize in advance, this will be a bit long with lots of info, and will have some god awful practices being applied which I hope to correct. Hoping to get some help here so I can learn to do things right. Started using Mikrotik devices recently and they are very go...