Community discussions

MikroTik App

Search found 13 matches

by RalfG
Tue Aug 04, 2020 1:53 pm
Forum: Announcements
Topic: v6.47.1 [stable] is released!
Replies: 147
Views: 57343

IPSEC IKEv2 stopped working after upgrade from 6.46.3 to 6.47.1

on RB4011iGS+:
after upgrading to 6.47.1 all of my ikev2 tunnels (RSA auth with certificates) stopped working. (peer's ID does not match certificate).

Tested on a second device, same issue. I had to revert to 6.46.3.

Anyone else saw that?

Ralf.
by RalfG
Wed Apr 29, 2020 11:10 am
Forum: Scripting
Topic: VPN Wake On LAN without DHCP
Replies: 2
Views: 989

Re: VPN Wake On LAN without DHCP

Why not instead use a WOL software, there are many and free, wake your Computer, get Informed as soon as it is active and then do your RDP Session ? What is the practical reason for waking a Computer up on the first attempt of an RDP Session ? Just wondering... Zacharias, there are remote users in ...
by RalfG
Tue Apr 28, 2020 2:16 pm
Forum: Scripting
Topic: VPN Wake On LAN without DHCP
Replies: 2
Views: 989

VPN Wake On LAN without DHCP

Hi, I was asked if it was possible to wake up internal pcs automatically when they are accessed the first time over VPN (RDP). Since dhcp isn't used, I had to create an arp/IP mapping. I used the following rules and script in order to achieve it: 1. Create a firewall rule that adds the target PC to ...
by RalfG
Sun Apr 05, 2020 10:17 pm
Forum: General
Topic: src-nat or masquerading Roadwarrior to second IPSEC tunnel
Replies: 2
Views: 1310

Re: src-nat or masquerading Roadwarrior to second IPSEC tunnel

anyone with an idea?

Ralf
by RalfG
Fri Apr 03, 2020 4:17 pm
Forum: General
Topic: src-nat or masquerading Roadwarrior to second IPSEC tunnel
Replies: 2
Views: 1310

src-nat or masquerading Roadwarrior to second IPSEC tunnel

Hi, I already tried a lot of things but didn't solve the problem: Roadwarrior Clients (OpenVPN) should be masqueraded with an internal address to access some external (IPSEC Tunnel) sites, the Roadwarrior network can't be included in these IPSEC tunnels. So a client R.R.R.100 willing to access F.F.F...
by RalfG
Thu Oct 10, 2019 4:50 pm
Forum: General
Topic: Nice way to do NAT/masquerading before entering VPN
Replies: 5
Views: 1449

Re: Nice way to do NAT/masquerading before entering VPN

remark: /ip firewall nat add action=dst-nat chain=dstnat src-address=b.b.b.1 dst-address=a.a.a.1 to-addresses=a.a.a.70 didn't work, I've to chain=srcnat action=masquerade src-address-list=b.b.b.b dst-address-list=(part of a.a.a.a) out-interface=B1 for translating the source-ip of b.b.b.b to my own i...
by RalfG
Tue Aug 20, 2019 1:28 pm
Forum: General
Topic: Nice way to do NAT/masquerading before entering VPN
Replies: 5
Views: 1449

Re: Nice way to do NAT/masquerading before entering VPN

sob,
it worked (after deleting my previous raw notrack prerouting rules for vpn traffic)!!
thx a lot!

Ralf.
by RalfG
Mon Aug 19, 2019 5:49 pm
Forum: General
Topic: Nice way to do NAT/masquerading before entering VPN
Replies: 5
Views: 1449

Re: Nice way to do NAT/masquerading before entering VPN

thx sob, will give it a try in my lab.

Ralf.
by RalfG
Wed Aug 14, 2019 3:43 pm
Forum: General
Topic: Nice way to do NAT/masquerading before entering VPN
Replies: 5
Views: 1449

Re: Nice way to do NAT/masquerading before entering VPN

nobody to help a bit?
by RalfG
Tue Aug 13, 2019 1:55 pm
Forum: General
Topic: Nice way to do NAT/masquerading before entering VPN
Replies: 5
Views: 1449

Nice way to do NAT/masquerading before entering VPN

Hi, how can I achieve it in an elegant way to nat before packets are entering the ipsecv2 vpn: Site1: client in Site 1 internal network: a.a.a.1/24 mtk: a.a.a.10/24, a.a.a.11/24, a.a.a.12/24 (and so on mtk should use up to 70 addresses) Site2: server in Site2 internal network b.b.b.1/24, b.b.b.2/24 ...
by RalfG
Sun Mar 17, 2019 9:42 pm
Forum: General
Topic: The "bridge"
Replies: 2
Views: 602

Re: The "bridge"

Pukkita,

thx for the explanation, after some hours “in the lab” trying different scenarios, the way it’s done in RouterOS is much more logical and comprehensive.

Ralf
by RalfG
Tue Mar 12, 2019 7:59 pm
Forum: General
Topic: creating route with gateway=interface
Replies: 6
Views: 3720

Re: creating route with gateway=interface

{TLDR Version: This only works if the next hop provides proxy arp.} When you say "use interface X" as the next hop, you're saying "dump it on this interface, and something will take care of it for you." For PPP, tunnels, PVCs, or any non-multi-access type of interface, there's only you and "the oth...
by RalfG
Wed Mar 06, 2019 5:33 pm
Forum: General
Topic: The "bridge"
Replies: 2
Views: 602

The "bridge"

Hi, after testing RB4011iGS+ I ended up buying some for ourself and our customers. Really a nice piece of h/w and a mighty OS. I've been able to test several VPN scenarios with different h/w vendors, speedtests, advanced routing features, netflow monitoring etc. all of that is working like a charm a...