So, I have been adding at least 1 rogue VPN connection attempt to my block list nearly every day. I can see this list growing to hundreds or thousands of IP addresses over time. Would it be more efficient to just white-list the MAC addresses of my devices that would be VPN connecting to the router b...

With or without VPN , this trick should work: Send your wol packet to some unused LAN IP address (dNAT or vpn), add static ARP table for that address, containing LAN broadcast MAC ff-ff-ff-ff-ff-ff, and of your WOL client will receive the WOL packet This is what I was doing initially, but it felt l...

Hi all, Is there a way to tell which firewall filter rule is allowing certain traffic to pass, other than adding a unique log prefix to every single rule, running a ping, and then checking the logs? I am currently able to ping VPN clients from my main VLAN, which IS the behavior I want, but the fire...

Thank you!

My suggestion to trap and then drop any unsolicited VPN traffic is as follows: Create the following address list named rogue_vpn_hosts Create the following Firewall Filter Rules [this assumes ipsec ... if you are using L2TP/ipse you will need to add more dst-ports ports]: /ip firewall filter add ac...

Here are the entries from my log. I know for a fact I was not attempting any VPN connections at these times. feb/09 21:09:47 ipsec,info respond new phase 1 (Identity Protection): ***MyPublicIPAddress***[500]<=> 216.218.206.74 [51722] feb/09 21:09:47 ipsec SPI size isn't zero, but IKE proposal. feb/0...

Hi all. I am relatively new to Mikrotik routers. I have a hAP ac2, and just recently set up IPsec connectivity so that I can VPN from my phone and use RouterOS's built in Wake on LAN feature while I am away from home. Everything seems to be working. I glanced at my logs in Winbox this morning and no...

So, after some tinkering I now have a functional IPsec connection between my Android phone and Mikrotik router. I've made some firewall rules to allow my phone to utilize the Pi-hole on my network when it's connect to the VPN and it is working. However, the wake-on-LAN is not working. I wonder if I ...

I have attempted a combination of the above linked guides in addition to the document posted here: https://mum.mikrotik.com/presentations/EU18/presentation_5196_1523218211.pdf When I attempt to initiate the VPN connection, I can see packets hitting the IKE firewall rule, but authentication ultimatel...

Hi mozerd, thanks for the advice. My router obtains its WAN IP as a DHCP client from my modem. I am following the guide you linked for setting up the IPsec mode config method, however I am wondering if that guide on the Mikrotik Wiki was written for an older version of RouterOS. I am at the part whe...

I have a PC that I want to be able to turn on remotely when I am not home. I have configured the following, and it works, but I want to know if there is a better or more secure way to set this up. The PC is on subnet 10.10.10.0/24. I have taken an IP address outside the DHCP address pool and added i...

I think this may have been a limitation of the radios in my client devices. I just purchased a new Samsung Galaxy S20 FE. Connected it to the 5ghz SSID on the cAP ac and it immediately speedtested at about 420 mbps.

I just upgraded from a Linksys all in one wireless router to a Mikrotik hAP ac2 plus cAP ac setup. Wireless is disabled on the hAP - it is routing only. All wireless connections are configured on the cAP ac. I have a 400mpbs down 20mbps up connection from my ISP. Plugging a PC via ethernet into the ...

Just wanted to give an update. I turned off CAPsMAN and manually configured the virtual WLAN interfaces on the access point. The weird dynamic VLAN tagged/untagged assignments were bothering me and I didn't like that using local forwarding was preventing my from using ingress filtering to block unta...

Hi all, I am new to Mikrotik but am enjoying learning its capabilities. I am using CAPsMAN with local forwarding on a hAP ac2 to provision an access point (cAP ac) with multiple WiFi interfaces: 5ghz and 2ghz networks for my trusted VLAN, 5ghz and 2ghz for a guest network, and 2ghz only for IoT devi...