Community discussions

MikroTik App

Search found 24 matches

by marypoppins
Tue Aug 04, 2020 5:23 pm
Forum: General
Topic: Timeout instead of proxy error page when using https
Replies: 5
Views: 1567

Re: Timeout instead of proxy error page when using https

Thank you for answering. I thing there is some misunderstanding here. It is a simple task I would like to achieve: just DENY SITES on mikrotik proxy. It seems the error is related to the marriage of mikrotik proxy (6.47.1, but older is involved) and firefox browser (quantum 68.110esr). However the s...
by marypoppins
Mon Aug 03, 2020 2:29 pm
Forum: General
Topic: Timeout instead of proxy error page when using https
Replies: 5
Views: 1567

Re: Timeout instead of proxy error page when using https

You can't forge HTTPS certificate of the visited site, so you will never be able to show an error. Thank you for answer. So you can not deny a http site, without waiting timeout? I don't understand why should present any certificate of "visited site", when in real that site is DENIED in proxy rules...
by marypoppins
Thu Jul 30, 2020 5:24 pm
Forum: Beginner Basics
Topic: How to remove snmp src-address?
Replies: 2
Views: 446

Re: How to remove snmp src-address?

thank you for answer.
unfortunately it does not work. Wait a long then
"invalid value for argument src-address:"
by marypoppins
Thu Jul 30, 2020 12:54 pm
Forum: Beginner Basics
Topic: How to remove snmp src-address?
Replies: 2
Views: 446

How to remove snmp src-address?

Dear All, Can somebody help me how to remove the /snmp src-address parameter in version 6.46.1? In /snmp there is no "unset" and I tried the following ones which is all invalid: set src-address="::" (the manual said: src-address (IPv4 or IPv6 address; Default: ::)) set src-address="" The following i...
by marypoppins
Tue Jul 28, 2020 5:34 pm
Forum: General
Topic: Timeout instead of proxy error page when using https
Replies: 5
Views: 1567

Re: Timeout instead of proxy error page when using https

Hi,

Is it solved finally? I have the same problem in 2020.... :|
thank you
by marypoppins
Tue Jul 28, 2020 11:39 am
Forum: Beginner Basics
Topic: WebProxy timeout instead of AccessDenied
Replies: 0
Views: 313

WebProxy timeout instead of AccessDenied

Dear All, I'm trying to filter with mikrotik web-proxy feature. There is a last rule in "/ip proxy access" "dst-port="" action=deny" in order to disable unallowed surfing. When I browse a denied http site, the mikrotik gives back the "access denied" answer immediately. In case of denied https pages,...
by marypoppins
Thu Jul 23, 2020 4:50 pm
Forum: General
Topic: WebProxy Address List
Replies: 1
Views: 583

Re: WebProxy Address List

Hi,

Why don't have possibility to use address-lists in the webproxy??
by marypoppins
Wed Jul 15, 2020 9:18 am
Forum: Beginner Basics
Topic: Proxy connect in log
Replies: 4
Views: 783

Re: Proxy connect in log

Thank you for answer
by marypoppins
Fri Jul 10, 2020 1:58 pm
Forum: Beginner Basics
Topic: Proxy connect in log
Replies: 4
Views: 783

Re: Proxy connect in log

Thank you for reply! It is mikrotik ccr1036 (however I think the version is irrelevant). I use its "/ip proxy" feature and turned on the web-proxy,debug in the /system logging. After i see that this message appears in the log related to that clients connect to an https site. So my question what exac...
by marypoppins
Thu Jul 02, 2020 7:56 am
Forum: Beginner Basics
Topic: Proxy connect in log
Replies: 4
Views: 783

Proxy connect in log

Dear All,

I would like to ask what does the CONNECT mean in the context of proxy log? Is it mean the client successfully start tsl with the requested server or it just mean that the client qould like to connect via tsl and it is not inform me whether it os successful or not?
Thank you
by marypoppins
Mon Jun 08, 2020 11:16 am
Forum: Beginner Basics
Topic: raw forwarding
Replies: 1
Views: 474

raw forwarding

Dear All, I have an fw, which has wan, dmz, lan1, lan2. I have a server (SRV1) in dmz for which I would like to pass from/to the internet traffic 1:1, without conntrack or filtering. I tried to make two rules like these: 1)Traffic comming from wan and dst-address=SRV1_IP the notrack: chain=preroutin...
by marypoppins
Thu May 07, 2020 11:04 am
Forum: Beginner Basics
Topic: vrrp and egress interface selection
Replies: 1
Views: 1788

Re: vrrp and egress interface selection

It is select the vrrp mac for the source mac, but why and where is the selection point? It seems sometimes select the vrrp, sometimes the vlan interface. So I had to make doubled the jump rules like: ip firewall filter add chain=input action=jump jump-target=lan1 interface-out=vlan10 ip firewall fi...
by marypoppins
Thu Apr 02, 2020 12:19 am
Forum: Beginner Basics
Topic: vrrp and egress interface selection
Replies: 1
Views: 1788

vrrp and egress interface selection

Dear All, I would like to ask where the decision is made about which interface will be the output interface where forwarding packets? I don't care about the simple examples, where there is only one interface in a network. For example, there is a router with interfaces like this (the if_lan and the v...
by marypoppins
Tue Mar 10, 2020 3:21 pm
Forum: Beginner Basics
Topic: Ipsec identifying active-peers
Replies: 0
Views: 1721

Ipsec identifying active-peers

Dear All, I would like to ask how to identify the active-peers? While in the ipsec sa has spi in the console and the webfig as weel, the isakmp has not. While the log has isakmp sa established with spi identifiers, unfortunately I cannot close one based on that log. My problem that I have more estab...
by marypoppins
Tue Mar 10, 2020 10:01 am
Forum: Beginner Basics
Topic: Ipsec a lot of active peers
Replies: 4
Views: 2388

Re: Ipsec a lot of active peers

Hi All,

The unique parameter does not solve the problem :(
by marypoppins
Tue Feb 25, 2020 11:23 am
Forum: Beginner Basics
Topic: Ipsec a lot of active peers
Replies: 4
Views: 2388

Re: Ipsec a lot of active peers

philipaps: Thank you for the tips. I will try it. It seems the policy's phase2 the problem in my case. There is a monitoring application on one side's client which is trying reach the other application in every 10 minutes. When the connection stack I can see on the wire that: 1) The monitoring syn p...
by marypoppins
Mon Feb 24, 2020 4:38 pm
Forum: Beginner Basics
Topic: vrrp
Replies: 6
Views: 2243

Re: vrrp

Sorry for delay and thank you for your answer!

Could you explain why a vrrp ip should be /32? I have read this, but what does it mean?
"Note: address on VRRP interface must have /32 netmask if address configured on VRRP is from the same subnet as on router's any other interface."
thank you
by marypoppins
Tue Feb 11, 2020 3:35 pm
Forum: Beginner Basics
Topic: vrrp
Replies: 6
Views: 2243

Re: vrrp

Another test: I have these interfaces with these ip addresses. I have forward filter which includes only the interface ether5 (not vrrp5). I begin to ping the target, and during the echo request/reply I change the service ip between the real and vrrp interface with command: /ip address disable numbe...
by marypoppins
Tue Feb 11, 2020 2:37 pm
Forum: Beginner Basics
Topic: vrrp
Replies: 6
Views: 2243

Re: vrrp

Dear All, However everybody tell me I should use the 'real' interface, but it seems that does not want to work. The playground: pc1 ---ether1@TheBox@ether5/vrrp5 --- pc2 TheBox: ether1 - 192.168.90.1/24 ether5 - 192.168.99.99/24 vrrp5 - 192.168.99.100/24 (on ether5) The filter chain: chain=forward a...
by marypoppins
Tue Feb 04, 2020 4:51 pm
Forum: Beginner Basics
Topic: Ipsec a lot of active peers
Replies: 4
Views: 2388

Ipsec a lot of active peers

Dear All, I have a more ipsec peers, and one of them has strange behavior. This "bad" peer has more policy to make connection between pc-s. After few days the ipsec activePeers shows me that there are a lot of "bad" peer. However from these only one has phase2 as "PH2 TOTAL" column shows. The others...
by marypoppins
Wed Jan 29, 2020 10:38 am
Forum: Beginner Basics
Topic: vrrp
Replies: 6
Views: 2243

Re: vrrp

Thank you very much!
Have a nice day!
by marypoppins
Tue Jan 28, 2020 5:28 pm
Forum: Beginner Basics
Topic: vrrp
Replies: 6
Views: 2243

vrrp

Dear All, On a router every interface has a vrrp interface, which is the gateway for those interface's subnet. I would like to make separated firewall rules like this: ip firewall filter add chain=forward out-interface=<?which_if?> action=jump jump-target=fwd_subnet_1 My question is what interface s...
by marypoppins
Fri Jan 10, 2020 2:10 pm
Forum: Beginner Basics
Topic: Ipsec import issue
Replies: 5
Views: 1863

Re: Ipsec import issue

Ohh I see! Thank you very much for your answer!

Have a nice day!
by marypoppins
Fri Jan 10, 2020 12:32 pm
Forum: Beginner Basics
Topic: Ipsec import issue
Replies: 5
Views: 1863

Ipsec import issue

Dear All, I have a strange error. I have a routerboard 1100AHx2, routerOS 6.43.4 with the same routerboot version. There are some ipsec configuration on it. I upgraded it to the most recent 6.46.1 version. Export the config, reset the router and import the config and when it stops at the ipsec polic...