Community discussions

MikroTik App

Search found 751 matches

by own3r1138
Wed Mar 13, 2024 7:11 pm
Forum: Scripting
Topic: ✂ Rextended Fragments of Snippets
Replies: 96
Views: 61723

Re: ✂ Rextended Fragments of Snippets

sad-cat.jpeg
by own3r1138
Wed Mar 13, 2024 5:54 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 281
Views: 43510

Re: v7.15beta [testing] is released!

1- The format drive of a USB is broken for some reason. My hAP AC3 shows that the file system is unknown after an update from 7.13 to 7.14. OS downgrade with formatting (EXT4) was omitted. It started to work fine, then I saw the 7.15b4 change log: disk - improved support for formatting ext4 file-sys...
by own3r1138
Sun Mar 10, 2024 3:20 pm
Forum: Scripting
Topic: ✂ Rextended Fragments of Snippets
Replies: 96
Views: 61723

Re: ✂ Rextended Fragments of Snippets

@rextended
Will you share your contact info?
by own3r1138
Fri Mar 01, 2024 5:14 am
Forum: Announcements
Topic: v7.14.1 [stable] is released!
Replies: 417
Views: 68591

Re: v7.14 [stable] is released!

*) firewall - increased default "udp-timeout" value from 10s to 30s;
It wasn't applied after the update to v17.14.
by own3r1138
Thu Jan 18, 2024 3:38 pm
Forum: General
Topic: Forum moderation volunteers
Replies: 238
Views: 35504

Re: Forum moderation volunteers

Everyone has their agenda. All I know is what usually brought me here is no longer here, which is not in the best interest of anyone.
by own3r1138
Thu Jan 18, 2024 1:45 pm
Forum: General
Topic: Forum moderation volunteers
Replies: 238
Views: 35504

Re: Forum moderation volunteers

I'm not concerned about who got bullied or who got banned.
The only thing I'm talking about is the documents that are no longer available because of this discussion.
by own3r1138
Thu Jan 18, 2024 1:27 pm
Forum: General
Topic: Forum moderation volunteers
Replies: 238
Views: 35504

Re: Forum moderation volunteers

no. some other things were attempted. some people got banned, some got demoted from moderator status and got really mad :D I did not know MT was in the business of getting people mad. I think this forum is where one could get help. This discussion and the way MT handled the issue harmed the forum.
by own3r1138
Thu Jan 18, 2024 1:01 pm
Forum: General
Topic: Forum moderation volunteers
Replies: 238
Views: 35504

Re: Forum moderation volunteers

This has to be fixed.
Until now, the only outcome of this discussion was a few guideline posts being removed.
by own3r1138
Wed Jan 10, 2024 5:31 pm
Forum: Scripting
Topic: Asking for scripting assistance - DoH Healthcheck [SOLVED]
Replies: 12
Views: 3232

Re: Asking for scripting assistance - DoH Healthcheck [SOLVED]

could you please post your working script? Script :local dohServers {"https://record-a.domain.tld/dns-query";"https://record-b.domain.tld/dns-query";"https://record-c.domain.tld/dns-query";"https://record-d.domain.tld/dns-query"} :local dohServerAvailable fal...
by own3r1138
Tue Nov 21, 2023 2:58 pm
Forum: General
Topic: IKEv2, ROS7.11, Windows would not connect
Replies: 14
Views: 1562

Re: IKEv2, ROS7.11, Windows would not connect

/system logging add prefix=--->IPSEC topics=ipsec,!packet
by own3r1138
Tue Nov 21, 2023 2:48 pm
Forum: General
Topic: IKEv2, ROS7.11, Windows would not connect
Replies: 14
Views: 1562

Re: IKEv2, ROS7.11, Windows would not connect

I'm not familiar with NPS. I utilize the User-manager, Freeradius.
The Strong-Swan log isn't helpful. I strongly recommend enabling the IPsec logging at MT. It will have more details regarding the session.
by own3r1138
Tue Nov 21, 2023 1:01 pm
Forum: General
Topic: IKEv2, ROS7.11, Windows would not connect
Replies: 14
Views: 1562

Re: IKEv2, ROS7.11, Windows would not connect

Intermidiate cert is installed and specified in Identity No joy? What is your radius server? User-manager? Enable the system logging for IPsec, try to establish a connection once more, export the latest IPsec and user-manager configuration, along with logging entries, and share it, please. Also, ca...
by own3r1138
Sun Nov 12, 2023 10:17 am
Forum: The User Manager
Topic: Integration of WireGuard to UserManager V7.x
Replies: 1
Views: 1803

Re: Integration of WireGuard to UserManager V7.x

The user-manager is for Radius which wireguard doesn't support.
change log 7.12:
*)wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code
by own3r1138
Wed Oct 25, 2023 6:12 pm
Forum: General
Topic: Simple Web Server to Host Simple Files [SOLVED]
Replies: 15
Views: 3988

Re: Simple Web Server to Host Simple Files [SOLVED]

I watched this video before, But I want to access these file through Internet without authentication and connect to MikroTik network Only using a Domain Link and some custom driectories Something like this : https://sub.domain.com/dir/file.txt You don't have to have any AUTH if you don't want to. P...
by own3r1138
Sat Oct 21, 2023 2:53 am
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 90090

Re: v7.12rc is released!

Do you have a SUP ticket to reference for this? Thank you!
MikroTik support #[SUP-131841]
by own3r1138
Thu Oct 19, 2023 8:46 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 90090

Re: v7.12rc is released!

Could you please generate a supout file on your router after IPsec has experienced unexpected disconnect and send it to support@mikrotik.com? Without any evidence we can not be sure about that, but seems that the problem might not be caused by the RouterOS: https://forums.macrumors.com/threads/sono...
by own3r1138
Thu Oct 19, 2023 8:19 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 90090

Re: v7.12rc is released!

Yes, that is a common issue with IPsec. People configure "more secure" IPsec settings (PFS, 256 bits, DH with long keys) and then it only works between routers but not with commonly used client devices... The worst is that it requires ongoing research to know what settings are supported i...
by own3r1138
Tue Oct 17, 2023 4:20 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 90090

Re: v7.12rc is released!

On iOS 17 devices, established IKE2 peers will disconnect after 24 minutes of being connected. The disconnect happened after rekeying sent by the responder and then rejected by the initiator. ROS = 7.11.2, 7.12rc1 Responder PFS= none 14:13:28 ipsec --->IPSEC: -> ike2 request, exchange: CREATE_CHILD_...
by own3r1138
Fri Sep 29, 2023 10:44 pm
Forum: General
Topic: ikev2 split-include not working
Replies: 5
Views: 1615

Re: ikev2 split-include not working

Known limitations Windows will always ignore networks received by split-include and request policy with destination 0.0.0.0/0 (TSr). When IPsec-SA is generated, Windows requests DHCP option 249 to which RouterOS will respond with configured split-include networks automatically. Moreover, Strongswan...
by own3r1138
Thu Sep 21, 2023 5:58 pm
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 160627

Re: v7.11.2 [stable] is released!

In previous days, Apple released iOS 17, after which I got lots of reports from IKEv2 EAP clients on Apple devices running this version that they were disconnected after 8 minutes when utilizing a previously created connection to the update. However, they couldn't connect at all when they tried with...
by own3r1138
Thu Aug 31, 2023 3:28 pm
Forum: General
Topic: Missing veth address in both WinBox and WebFig
Replies: 6
Views: 2101

Re: Missing veth address in both WinBox and WebFig

What version?
I think this is due to adding IPv6 support for VETH.
You can check with "interface/veth/print" in the terminal. If you close the window in the Winbox and don't click OK or Apply, It should work as expected.
2023-08-31_15-51-17.png
by own3r1138
Mon Aug 28, 2023 3:17 pm
Forum: General
Topic: DNS over HTTPS
Replies: 258
Views: 119972

Re: DNS over HTTPS

Any way to get it again with a new expiration date?
Where to get it, do you know?
https://support.mozilla.org/en-US/kb/se ... ertificate
by own3r1138
Mon Aug 28, 2023 4:30 am
Forum: General
Topic: DNS over HTTPS
Replies: 258
Views: 119972

Re: DNS over HTTPS

Were you in your underground bunker?
Yes, It seems that it's expired.
Screenshot 2023-08-28 045700.png
by own3r1138
Sun Aug 27, 2023 9:49 am
Forum: General
Topic: Prioritize Telegram Traffic using MikroTik RouterOS v7 [SOLVED]
Replies: 8
Views: 2726

Re: Prioritize Telegram Traffic using MikroTik RouterOS v7 [SOLVED]

@own3r1138, version ROS? Not working:-(
ROS 7, The address list is 100% correct. You should work on your mangles.
Screenshot 2023-08-27 101709.png
by own3r1138
Sat Aug 26, 2023 10:53 pm
Forum: General
Topic: Prioritize Telegram Traffic using MikroTik RouterOS v7 [SOLVED]
Replies: 8
Views: 2726

Re: Prioritize Telegram Traffic using MikroTik RouterOS v7 [SOLVED]

Here is what I use. Although, this is for the ECMP. However, one can change that. /ip firewall address-list add address=149.154.160.0/22 comment="Telegram Messenger Inc" list=AS62041 /ip firewall address-list add address=149.154.164.0/22 comment="Telegram Messenger Inc" list=AS62...
by own3r1138
Fri Aug 25, 2023 4:44 pm
Forum: Announcements
Topic: v7.12beta [testing] is released!
Replies: 263
Views: 122471

Re: v7.12beta [testing] is released!

It will be just like this one.
*) Winbox - allows to set multiple addresses and added IPv6 support under the "Interface/VETH" menu;
by own3r1138
Fri Aug 25, 2023 4:38 pm
Forum: Announcements
Topic: v7.12beta [testing] is released!
Replies: 263
Views: 122471

Re: v7.12beta [testing] is released!

*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);

Thank you very much.
by own3r1138
Thu Aug 24, 2023 12:52 pm
Forum: General
Topic: IKEv2 Vanilla Setup! How-To?
Replies: 3
Views: 1069

Re: IKEv2 Vanilla Setup! How-To?

You're welcome.
by own3r1138
Thu Aug 24, 2023 12:49 pm
Forum: General
Topic: IPSec VTI
Replies: 55
Views: 22663

Re: IPSec VTI

36fc2361959b56bad15a97bdeff62b5f.jpg
by own3r1138
Wed Aug 09, 2023 2:53 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 292
Views: 220085

Re: NEW FEATURE: Back to Home VPN

I have a valid dynamic IP which is obtained via PPPOE. However, BTH didn't have a direct IPv4 connection. 2023-08-08_02-26-21.jpg Apparently it was not possible to connect to it, maybe ISP blocking something Well, I use the main WG tunnel daily. Does the BTH check the tunnel connectivity from your ...
by own3r1138
Tue Aug 08, 2023 9:00 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 292
Views: 220085

Re: NEW FEATURE: Back to Home VPN

MikroTik relay is only involved in this case. IF you have public IP, it's just a direct wireguard, no relay.
I have a valid dynamic IP which is obtained via PPPOE. However, BTH didn't have a direct IPv4 connection.
2023-08-08_02-26-21.jpg
by own3r1138
Sat Aug 05, 2023 8:30 am
Forum: Announcements
Topic: v7.11rc is released!
Replies: 195
Views: 47924

Re: v7.11rc is released!

@strods
Will you fix the IPsec EAP RAS authentication with EC certificates, please?
SUP-124151
by own3r1138
Sat Aug 05, 2023 6:43 am
Forum: Announcements
Topic: v7.11rc is released!
Replies: 195
Views: 47924

Re: v7.11rc is released!

Unfortunately, there's no way to get 7.11rc1 back from the website.
https://download.mikrotik.com/routeros/ ... -arm64.npk
by own3r1138
Sat Aug 05, 2023 6:05 am
Forum: Containers
Topic: Technitium DNS install on Docker ?
Replies: 1
Views: 3803

Re: Technitium DNS install on Docker ?

It does work on MT. You should follow this article about containers in MT.
The Technitium documentation is also available here.
1.jpg
2.jpg
3.jpg
by own3r1138
Mon Jul 31, 2023 10:41 pm
Forum: Announcements
Topic: v7.11rc is released!
Replies: 195
Views: 47924

Re: v7.11rc is released!

Sadly the IPSec problem mentioned here viewtopic.php?t=197095&start=300#p1014852 is still present in this version.
My home setup suffers from the same issue. It also doesn't work with SSTP, which is sad.
by own3r1138
Wed Jul 19, 2023 8:34 pm
Forum: General
Topic: Issue with bind IPv6 address from RouterOS Script for cloudflare DDNS
Replies: 2
Views: 529

Re: Issue with bind IPv6 address from RouterOS Script for cloudflare DDNS

I use this for IPv4. Perhaps, you could also use it with IPv6. My code ([/interface pppoe-client monitor [find name="interface-name"] once as-value]->"local-address") Try this CLI in your terminal and see if it shows your IPv6 as a return to your query. Then, you can use it in yo...
by own3r1138
Wed Jul 19, 2023 7:18 pm
Forum: General
Topic: Wireguard Wizard - 7.11b4
Replies: 27
Views: 2910

Re: Wireguard Wizard - 7.11b4

Then WG needs more entities to do that. The external IP-address/domain and the allowed address range to be able to generate such a config file: Not everybody knows their public IP address. A dynamic domain is then easier and then we are back with the original APP by MT. For those who have a fixed p...
by own3r1138
Wed Jul 19, 2023 3:23 pm
Forum: General
Topic: Wireguard Wizard - 7.11b4
Replies: 27
Views: 2910

Re: Wireguard Wizard - 7.11b4

Well done, Although It would be awesome if Mikrotik could implant the WG Wizard in the main Wireguard section so one could use it for peer config generation like what we have now in OVPN.
by own3r1138
Sat Jul 15, 2023 3:31 pm
Forum: Containers
Topic: IPv6 in containers
Replies: 11
Views: 5378

Re: IPv6 in containers

next beta will have ipv6 support for veth:
add address=172.17.0.3/16,fd8d:5ad2:24:2::2/64 gateway=172.17.0.1 gateway6=fd8d:5ad2:24:2::1
as well as multiple addresses
Thank you, this is good news.
by own3r1138
Thu Jul 06, 2023 10:03 pm
Forum: General
Topic: IPv6 Prefixes [SOLVED]
Replies: 14
Views: 2331

Re: IPv6 Prefixes [SOLVED]

Since the pool is just an allocation, you don't need to break it up unless you have a very large network. Normally you would just add an ipv6 address from the pool with a /64 prefix hint and set it to advertise.
Example:
2023-07-06_22-29-09.jpg
by own3r1138
Tue Jul 04, 2023 8:33 pm
Forum: General
Topic: Wireguard Config File
Replies: 9
Views: 7323

Re: Wireguard Config File

I rather generate the QR code locally.
crash fix
2023-07-04_20-58-45.jpg
by own3r1138
Wed Jun 28, 2023 9:57 am
Forum: General
Topic: Forum moderation volunteers
Replies: 238
Views: 35504

Re: Forum moderation volunteers

I am on quite a bit and can certainly assist in removing spam. I am also cat friendly. :-)
Some of my best posts are not actually my own!
...
gateau.jpg
I think your cat is trying to say something to you. Is it concerned about the pile of junk on your keyboard?
by own3r1138
Thu Jun 22, 2023 10:12 pm
Forum: General
Topic: SSTP client error ssl: fatal alert handshake (6)
Replies: 12
Views: 1991

Re: SSTP client error ssl: fatal alert handshake (6)

Solution found: let'sencrypt, as default, generate ECDSA key, unsupporte by mikrotik. Use --keytype rsa on certbot command to generate a let'sencrypt RSA key, that works on mikrotik. Thank you for taking the time and document it. However, if one creates the certificate with MT "/certificate en...
by own3r1138
Thu Jun 22, 2023 1:38 pm
Forum: Announcements
Topic: v7.11beta [testing] is released!
Replies: 373
Views: 104428

Re: v7.11beta [testing] is released!

Thank you.
Interesting, I have to check this one out.
*) system - reduced RAM usage for SMIPS devices;
by own3r1138
Thu Jun 22, 2023 1:28 pm
Forum: General
Topic: Certificate CRL issue | Got CRL with a bad signature
Replies: 12
Views: 2096

Re: Certificate CRL issue | Got CRL with a bad signature

What's new in 7.11beta2 (2023-Jun-21 14:39):
*) certificate - restored RSA with SHA512 support;
by own3r1138
Thu Jun 22, 2023 11:13 am
Forum: The User Manager
Topic: IKEv2 EAP radius and user manager
Replies: 0
Views: 2700

IKEv2 EAP radius and user manager

Hello, It would be great if you could elaborate on this. Does anyone use IKEv2 EAP with the user manager? Shared users/Max simultaneous sessions don't work as they should when IKEv2 is used. The first connection gets disconnected when the next one is trying to connect. It does work with PPP sessions...
by own3r1138
Wed Jun 21, 2023 4:29 pm
Forum: General
Topic: How many users limit ?
Replies: 6
Views: 654

Re: How many users limit ?

This not helpful, that is shown if i use ppp or hotspot or usermanager ….etc, i would like to know what is the maximum users without any of those type of connections.. just i will use it as a DHCP Server . Well, If what you want to implant is not limited by the license tier, then you are not affect...
by own3r1138
Mon Jun 19, 2023 9:51 am
Forum: Announcements
Topic: v7.10, 7.10.1 and more [stable] are released!
Replies: 369
Views: 128270

Re: v7.10 [stable] is released!

I thought ovpn was something cooked up by those using non ipsec routers and using merlin and other after market hack firmwares to emulate VPN. https://forum.mikrotik.com/viewtopic.php?t=196619#p1005390 Are you saying that OVPN is possible where Wireguard is not? YES I would have thought zerotier a ...
by own3r1138
Mon Jun 19, 2023 9:41 am
Forum: Announcements
Topic: v7.10, 7.10.1 and more [stable] are released!
Replies: 369
Views: 128270

Re: v7.10 [stable] is released!

Anyone who uses OVPN knows that anything higher than 7.7 will render OVPN unusable.
by own3r1138
Sat Jun 17, 2023 8:42 am
Forum: Announcements
Topic: v7.10, 7.10.1 and more [stable] are released!
Replies: 369
Views: 128270

Re: v7.10 [stable] is released!

7.10 (almost) stable. Just get rid of OVPN and solves a bulk of issues.
ezgif.com-optimize.gif
by own3r1138
Fri Jun 16, 2023 9:06 pm
Forum: General
Topic: Desktop SSH Client Error
Replies: 4
Views: 1031

Re: Desktop SSH Client Error

Mine is working correctly.
V7.7, V7.10
strong-crypto=yes
2023-06-16_21-34-23.jpg
Bitvise Client log
2023-06-16_21-31-57.jpg
by own3r1138
Fri Jun 16, 2023 8:48 pm
Forum: General
Topic: ⚠️WARNING: RouterOS v7.10+ will break all scripts based on [/system clock get date] or other date(s)
Replies: 63
Views: 12785

Re: ⚠️WARNING: RouterOS v7.10+ will break all scripts based on [/system clock get date] or other date(s)

@rextended Would you revive this for me, please? It doesn't work correctly anymore. :local arrMonths {jan="01";feb="02";mar="03";apr="04";may="05";jun="06";jul="07";aug="08";sep="09";oct="10";nov=&quo...
by own3r1138
Thu Jun 08, 2023 2:34 am
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 25684

Re: v7.9.2 [stable] is released!

Yes.
Well explained, thank you.
by own3r1138
Wed Jun 07, 2023 11:43 am
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 25684

Re: v7.9.2 [stable] is released!

Is there any known issue when IPv6 mangles are being used? ROS 7.9.2
2023-06-07_11-47-20.jpg
2023-06-07_12-33-12.jpg
by own3r1138
Fri Jun 02, 2023 12:05 am
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 25684

Re: v7.9.2 [stable] is released!

ipv6 dhcp-server bug report.
2023-06-02_00-32-25.jpg
by own3r1138
Thu Jun 01, 2023 8:00 pm
Forum: General
Topic: How to block Adguard LOCAL VPN
Replies: 18
Views: 1946

Re: How to block Adguard LOCAL VPN

I guess they are identifying large TLS traffic to single outside country endpoint (with maybe exclusion of some common safe domains) as suspect and then throttle upload to that endpoint which limits then vpn/proxy connection speed to point of uselessness. IR has different types of censorship on dif...
by own3r1138
Thu Jun 01, 2023 7:05 pm
Forum: General
Topic: How to block Adguard LOCAL VPN
Replies: 18
Views: 1946

Re: How to block Adguard LOCAL VPN

No, What they did was putting a significantly higher price for services. So they can use our own F money for doing the F filtering.
They are cheap as F.
by own3r1138
Thu Jun 01, 2023 6:53 pm
Forum: General
Topic: How to block Adguard LOCAL VPN
Replies: 18
Views: 1946

Re: How to block Adguard LOCAL VPN

Even if you somehow block this, how do you plan to block for example Shadowsocks + v2ray on 443 port with TLS1.3?
You can ask this from the IR government, they successfully blocked it.
by own3r1138
Thu Jun 01, 2023 8:52 am
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 25684

Re: v7.9.2 [stable] is released!

At least do the effort then to provide supout from recent 7.10-chain where this still happens. Well, the ticket was opened in 2022. It doesn't mean I did not update it. https://forum.mikrotik.com/viewtopic.php?t=196061#p1001122 https://forum.mikrotik.com/viewtopic.php?t=193986#p987137 2023-06-01_09...
by own3r1138
Thu Jun 01, 2023 8:23 am
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 25684

Re: v7.9.2 [stable] is released!

If you experience problems with OVPN even after 7.10rc installation, then please let us know about that through support@mikrotik.com. Several issues regarding the OVPN service have been addressed in v7.10. The last visible changes regarding OVPN were in 7.10B5. I didn't check the newer releases bec...
by own3r1138
Thu Jun 01, 2023 12:52 am
Forum: General
Topic: traffic from MK system to VPN
Replies: 4
Views: 562

Re: traffic from MK system to VPN

Thanks for the suggestion. They were helpful. Right? YES Would it work? NO Imagine that Mikrotik would need to query the DNS names of my network, for any type of validation. Then in the RouterOS DNS server settings, the VPN DNS server address would be placed. Rephrase, please. Export your config mi...
by own3r1138
Wed May 31, 2023 11:26 pm
Forum: General
Topic: traffic from MK system to VPN
Replies: 4
Views: 562

Re: traffic from MK system to VPN

I use WG for this tunnel. However, the principle is the same. . /ip firewall mangle add action=mark-connection chain=prerouting comment="DNS VIA VPN" dst-port=53 log=yes new-connection-mark=dns-via-vpn passthrough=no protocol=tcp src-address="192.168.88.5-VPN-CLIENT" /ip firewall...
by own3r1138
Wed May 31, 2023 10:00 pm
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 25684

Re: v7.9.2 [stable] is released!

Most of us don't have a rocket ship to get there so keep dreaming. OVPN is like a zit that won't go away Once we get rid of the useless OVPN code, there will be tons of room, for Zerotrust Cloudflare tunnel WITHIN ROS , let alone as an options package for all devices. Until MT releases a ZT.npk for...
by own3r1138
Wed May 31, 2023 7:09 pm
Forum: Scripting
Topic: Tunnel broker API script
Replies: 1
Views: 1531

Re: Tunnel broker API script

I can NOT delete this.
by own3r1138
Wed May 31, 2023 6:44 pm
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 25684

Re: v7.9.2 [stable] is released!

OVPN is one of the few protocols which still not blocked in the Pleiades.
by own3r1138
Wed May 31, 2023 6:26 pm
Forum: Announcements
Topic: v7.9.2 [stable] is released!
Replies: 72
Views: 25684

Re: v7.9.2 [stable] is released!

@Mikrotik,
What do we need to do? For you to fix the OVPN issues. These OVPN issues have been around for four months now.
by own3r1138
Wed May 31, 2023 5:59 pm
Forum: Scripting
Topic: Tunnel broker API script
Replies: 1
Views: 1531

Tunnel broker API script

I welcome any suggestions to improve the script. 2023-05-31_18-09-18.jpg . :local IPv6 "true" :local APIurl "https://USER:TOKEN@ipv4.tunnelbroker.net/nic/update?hostname=TUNNEL-ID&myip=" :global WANInterface "PPPOE" :local previousIP "" :local WANip "...
by own3r1138
Mon May 29, 2023 6:49 pm
Forum: General
Topic: Dynamic Firewall Address-List [SOLVED]
Replies: 13
Views: 1978

Re: Dynamic Firewall Address-List [SOLVED]

Good, you're welcome.
by own3r1138
Mon May 29, 2023 6:33 pm
Forum: General
Topic: Dynamic Firewall Address-List [SOLVED]
Replies: 13
Views: 1978

Re: Dynamic Firewall Address-List [SOLVED]

Can you separate the list=name? Because I can not create more complex scripts. :D W8 on that. :d I rather not mess with your firewall. I don't feel comfortable enough for that. You need to set a unique comment for this entry in your list=unexpected-src-address-hitting-ISP. :local currentIP [/ip dhcp...
by own3r1138
Mon May 29, 2023 6:24 pm
Forum: General
Topic: Dynamic Firewall Address-List [SOLVED]
Replies: 13
Views: 1978

Re: Dynamic Firewall Address-List [SOLVED]

In which case you would also have to remove the old one? Sorry, my mistake. I didn't think about this part. How do you set the crontab? . /system scheduler add name=ip-list interval=00:00:15 on-event="script-name OR simply paste the below script" . :local currentIP [/ip dhcp-client get [f...
by own3r1138
Mon May 29, 2023 2:21 pm
Forum: Scripting
Topic: Asking for scripting assistance - DoH Healthcheck [SOLVED]
Replies: 12
Views: 3232

Re: Asking for scripting assistance - DoH Healthcheck [SOLVED]

Thank you, Finally. :put [$str2base64 ("\00\00\01\00\00\01\00\00\00\00\00\00\03wwww\07example\03com\00\00\01\00\01") "nopad"] AAABAAABAAAAAAAAA3d3d3cHZXhhbXBsZQNjb20AAAEAAQ :put [$str2base64 ("\00\00\01\00\00\01\00\00\00\00\00\00\03wwww\06google\03com\00\00\01\00\01") &...
by own3r1138
Mon May 29, 2023 9:33 am
Forum: General
Topic: ikev2 eap radius not working on android13 embedded client
Replies: 1
Views: 633

Re: ikev2 eap radius not working on android13 embedded client

Check the official config example.
https://help.mikrotik.com/docs/display/ ... entication
Use Strongswan on Android clients.
by own3r1138
Mon May 29, 2023 9:13 am
Forum: General
Topic: IkeV2 VPN server setup for Android 13
Replies: 3
Views: 2998

Re: IkeV2 VPN server setup for Android 13

https://help.mikrotik.com/docs/display/ ... outerOSv7)

EAP is working fine on MT. Use Strongswan on Android clients.
by own3r1138
Mon May 29, 2023 8:41 am
Forum: General
Topic: Dynamic Firewall Address-List [SOLVED]
Replies: 13
Views: 1978

Re: Dynamic Firewall Address-List [SOLVED]

Perhaps you could also use a script if the IP address changes too frequently. You can set an interval as you like.
:local currentIP [/ip dhcp-client get [find interface=ether1] value-name=address]
/ip firewall address-list
add address=$currentIP list="unexpected-src-address-hitting-ISP"
by own3r1138
Mon May 29, 2023 6:56 am
Forum: General
Topic: Dynamic Firewall Address-List [SOLVED]
Replies: 13
Views: 1978

Re: Dynamic Firewall Address-List [SOLVED]

Check the cached record ttl.
by own3r1138
Mon May 29, 2023 5:55 am
Forum: Scripting
Topic: Asking for scripting assistance - DoH Healthcheck [SOLVED]
Replies: 12
Views: 3232

Re: Asking for scripting assistance - DoH Healthcheck [SOLVED]

Okay, I will keep the default one for now. Can you check the functionality of the script? My DOH is an Adguard-home container. It responded to the default record in the terminal. Well, thank you. I'm reading the https://forum.mikrotik.com/viewtopic.php?p=977576#p977769 right now. What are these [] i...
by own3r1138
Mon May 29, 2023 5:38 am
Forum: General
Topic: Dynamic Firewall Address-List [SOLVED]
Replies: 13
Views: 1978

Re: Dynamic Firewall Address-List [SOLVED]

Enable the DDNS and use the record as an entry in your address list.
/ip cloud set ddns-enabled=yes
/ip firewall address-list
add address=33445566.sn.mynetname.net list="unexpected-src-address-hitting-ISP"
by own3r1138
Mon May 29, 2023 4:40 am
Forum: Scripting
Topic: Asking for scripting assistance - DoH Healthcheck [SOLVED]
Replies: 12
Views: 3232

Re: Asking for scripting assistance - DoH Healthcheck [SOLVED]

I tried the final script, but it didn't work even with the default request record of www.example.com. How should I encode the requested record? I have tried several online Base64url encoders, none of which worked with the error status "400 bad requests". 2023-05-29_05-02-23.jpg . PS C:\Use...
by own3r1138
Mon May 29, 2023 3:17 am
Forum: Scripting
Topic: Asking for scripting assistance - DoH Healthcheck [SOLVED]
Replies: 12
Views: 3232

Re: Asking for scripting assistance - DoH Healthcheck [SOLVED]

Hi, It doesn't work with DoH. :(

This command doesn't exist. :roll:
:put [resolve www.domain.tld use-doh-server="server" ]
2023-05-29_03-45-13.jpg
by own3r1138
Mon May 29, 2023 2:10 am
Forum: General
Topic: Update config from 6 to 7 [SOLVED]
Replies: 16
Views: 1715

Re: Update config from 6 to 7 [SOLVED]

What is src-address-list=\ssh_blacklist in you command? A brake line from your export?

Maybe you could use the import by file command.
import file-name=file.rsc
by own3r1138
Mon May 29, 2023 1:48 am
Forum: Scripting
Topic: Asking for scripting assistance - DoH Healthcheck [SOLVED]
Replies: 12
Views: 3232

Asking for scripting assistance - DoH Healthcheck [SOLVED]

I want to create a service health check script that monitors my DoHs. I couldn't get it done with my poor scripting skill. I surely appreciate any help. Original script :log info "DNS HealthCheck Started" :local currentDNS [/ip dns get use-doh-server] :local DoHMain "https://record.do...
by own3r1138
Mon May 29, 2023 1:40 am
Forum: Beginner Basics
Topic: Routing all traffic of specific IP(or MAC) to VPN gateway is very slow.
Replies: 6
Views: 1030

Re: Routing all traffic of specific IP(or MAC) to VPN gateway is very slow.

1 - You leaked out your device SN in your export.
2 - You have a Fasttrack rule with no disabled=yes, which can be the source of your issue. You can use /routing/rules as @Anav mentioned or use connection-mark=no-mark in your Fasttrack filter rule.
by own3r1138
Sun May 28, 2023 2:58 pm
Forum: General
Topic: IKEv2/IPSec PSK server
Replies: 17
Views: 15858

Re: IKEv2/IPSec PSK server

You're welcome. I have too much shit going on. I rather not confuse anyone.
2023-05-28_15-18-07.jpg
by own3r1138
Sun May 28, 2023 12:52 am
Forum: General
Topic: IKEv2/IPSec PSK server
Replies: 17
Views: 15858

Re: IKEv2/IPSec PSK server

13.jpg
1.jpg
2.jpg
3.jpg
4.jpg
5.jpg
6.jpg
7.jpg
8.jpg
9.jpg
10.jpg
11.jpg
12.jpg
by own3r1138
Fri May 26, 2023 3:30 pm
Forum: Beginner Basics
Topic: How do I make IPv6 work?
Replies: 26
Views: 8484

Re: How do I make IPv6 work?

by own3r1138
Thu May 25, 2023 3:01 pm
Forum: RouterBOARD hardware
Topic: chateau 5g no lte1 interface
Replies: 5
Views: 2907

Re: chateau 5g no lte1 interface

Supout file contains sensitive information. One should not share it publicly.
https://mikrotik.com/client/supout
by own3r1138
Thu May 25, 2023 2:18 pm
Forum: General
Topic: Cisco IPsec To Mikrotik
Replies: 8
Views: 1041

Re: Cisco IPsec To Mikrotik

try this

/ip ipsec peer
add address=78.39.x.x/32 name=Profile-Test profile=Profile-Test send-initial-contact=yes

/ip ipsec policy
add dst-address=78.39.x.x/32 src-address=185.x.x.x/32 protocol=47 level=require peer=Profile-Test proposal=Profile-Test
by own3r1138
Mon May 22, 2023 12:23 pm
Forum: Announcements
Topic: v7.9.1 [stable] is released!
Replies: 59
Views: 17909

Re: v7.9.1 [stable] is released!

2023-05-22_12-52-26.jpg
by own3r1138
Tue May 16, 2023 7:23 pm
Forum: Beginner Basics
Topic: Can't get dst-nat to work
Replies: 17
Views: 2050

Re: Can't get dst-nat to work

Did you check if the ports are bonded with www and www-ssl services?
by own3r1138
Fri May 12, 2023 7:33 pm
Forum: RouterOS beta
Topic: v7 and BFD, any ETA?
Replies: 148
Views: 26287

Re: v7 and BFD, any ETA?

MT, show him that he is wrong. :D
by own3r1138
Fri May 12, 2023 3:48 pm
Forum: Beginner Basics
Topic: Firewall Rules Fast-Track [SOLVED]
Replies: 15
Views: 1826

Re: Firewall Rules Fast-Track [SOLVED]

I see, so the order in post #12 is okay if you wish to use it.
by own3r1138
Fri May 12, 2023 3:38 pm
Forum: Beginner Basics
Topic: Firewall Rules Fast-Track [SOLVED]
Replies: 15
Views: 1826

Re: Firewall Rules Fast-Track [SOLVED]

In the screenshot, you have at least 13 filter rules. Now you have less than that. What is going on? /ip firewall filter add action=accept chain=input comment="Established, Related, Untracked" connection-state=established,related,untracked add chain=input action=drop connection-state=inval...
by own3r1138
Fri May 12, 2023 3:28 pm
Forum: Beginner Basics
Topic: Firewall Rules Fast-Track [SOLVED]
Replies: 15
Views: 1826

Re: Firewall Rules Fast-Track [SOLVED]

The order does matter. export all of your /ip firewall filter and share them.
by own3r1138
Fri May 12, 2023 3:00 pm
Forum: General
Topic: Must manually reconnect after power loss
Replies: 5
Views: 581

Re: Must manually reconnect after power loss

Stopped or disabled? Did you check this after PPPOE reconnected?
by own3r1138
Fri May 12, 2023 2:30 pm
Forum: Beginner Basics
Topic: Firewall Rules Fast-Track [SOLVED]
Replies: 15
Views: 1826

Re: Firewall Rules Fast-Track [SOLVED]

<3.
by own3r1138
Fri May 12, 2023 2:24 pm
Forum: Beginner Basics
Topic: Firewall Rules Fast-Track [SOLVED]
Replies: 15
Views: 1826

Re: Firewall Rules Fast-Forward [SOLVED]

There is not much to it. Reboot after applying these rules. If you Marked your QOS, you could also use connection-mark=no-mark in the Fast-track rule. add action=accept chain=input comment="Established, Related, Untracked" connection-state=established,related,untracked add action=fasttrack...
by own3r1138
Fri May 12, 2023 2:13 pm
Forum: Beginner Basics
Topic: Firewall Rules Fast-Track [SOLVED]
Replies: 15
Views: 1826

Re: Firewall Rules Fast-Forward [SOLVED]

Did you mean Fast-Track?
by own3r1138
Fri May 12, 2023 2:09 pm
Forum: Beginner Basics
Topic: wireguard 'road warrior' cannot use my dns
Replies: 26
Views: 3095

Re: wireguard 'road warrior' cannot use my dns

What is the DNS for your DHCP?
Provide a network diagram, please.
by own3r1138
Fri May 12, 2023 1:24 pm
Forum: General
Topic: Must manually reconnect after power loss
Replies: 5
Views: 581

Re: Must manually reconnect after power loss

Do you use DHCP-client and PPPoE-out on the same port?
by own3r1138
Fri May 12, 2023 12:50 pm
Forum: General
Topic: Lock VPN user to static IP
Replies: 2
Views: 360

Re: Lock VPN user to static IP

I think user-man with an attribute of framed-ip-address=x.x.x.x for that user.
If the number of users is not large and you don't want to set up any Radius, you could also use remote-address=x.x.x.x.
by own3r1138
Fri May 12, 2023 11:43 am
Forum: RouterOS beta
Topic: v7 and BFD, any ETA?
Replies: 148
Views: 26287

Re: v7 and BFD, any ETA?

VTI, IPsec queue :(
by own3r1138
Wed May 10, 2023 11:56 am
Forum: Announcements
Topic: v7.10beta [testing] is released!
Replies: 249
Views: 51103

Re: v7.10beta [testing] is released!

*) ovpn - improved system stability

The supout file is available, Ticket #SUP-96432.
Image
by own3r1138
Tue May 09, 2023 5:20 pm
Forum: Containers
Topic: Adguard not importing on 7.9
Replies: 3
Views: 3362

Re: Adguard not importing on 7.9

Use a tar file. The pull still has problems.
by own3r1138
Thu May 04, 2023 7:36 pm
Forum: Containers
Topic: Set port mapping(-p) for new container
Replies: 4
Views: 3210

Re: Set port mapping(-p) for new container

Internal? Elaborate, please.
The host is your ROS. So you should add a rule to dst-nat your public-ip:8080 to your veth-ip.
Parameters
-p 8080:8080 - Binds the service to port 8080 on the Docker host, required
by own3r1138
Thu May 04, 2023 7:21 pm
Forum: Containers
Topic: Set port mapping(-p) for new container
Replies: 4
Views: 3210

Re: Set port mapping(-p) for new container

/ip firewall nat
by own3r1138
Thu May 04, 2023 4:58 pm
Forum: General
Topic: IKEv2/IPSec PSK server
Replies: 17
Views: 15858

Re: IKEv2/IPSec PSK server

Out of curiosity, why can't you use it?
by own3r1138
Thu May 04, 2023 12:50 pm
Forum: General
Topic: IKEv2/IPSec PSK server
Replies: 17
Views: 15858

Re: IKEv2/IPSec PSK server

It should have a valid certificate. Both IKEv2 Identity and user manager will use that. Otherwise, one should import the CA.
by own3r1138
Thu May 04, 2023 10:33 am
Forum: General
Topic: IKEv2/IPSec PSK server
Replies: 17
Views: 15858

Re: IKEv2/IPSec PSK server

by own3r1138
Sun Apr 30, 2023 8:12 am
Forum: Announcements
Topic: v7.9rc is released!
Replies: 253
Views: 75019

Re: v7.9rc is released!

What happened between old ROS releases and newer ones?
The v7.7 shows unreachable routes with RED color in the "/ip route" However, the latest 7.9rc5 release doesn't!
2023-04-30_08-17-13.png
by own3r1138
Wed Apr 26, 2023 6:08 pm
Forum: Containers
Topic: Rustdesk-server container with many neat features Topic is solved
Replies: 11
Views: 9425

Re: Rustdesk-server container with many neat features Topic is solved

1- pull the image with Docker or Podman.
2- save image-name > name.tar
3- use the.tar file to create a container.
by own3r1138
Thu Apr 20, 2023 10:52 pm
Forum: General
Topic: DNS FWD entry not working as expected [SOLVED]
Replies: 12
Views: 1136

Re: DNS FWD entry not working as expected [SOLVED]

And he only has one eye!!
The Eye of Barad-dûr
hqdefault.jpg
by own3r1138
Thu Apr 20, 2023 10:39 pm
Forum: Virtualization
Topic: RouterOS 7.8 Bug Report on Vmware Esxi 7
Replies: 2
Views: 2137

Re: RouterOS 7.8 Bug Report on Vmware Esxi 7

There is an Alpha version 7.10.39 out, which fixed the CPU utilization problem on 7.8.
In the meantime, stay on 7.7 if you have an OVPN server running.
by own3r1138
Thu Apr 20, 2023 3:49 am
Forum: Beginner Basics
Topic: Can't setup IPSec VPN to work on hap ac3 (tried nordvpn & protonvpn)
Replies: 8
Views: 807

Re: Can't setup IPSec VPN to work on hap ac3 (tried nordvpn & protonvpn)

The log indicates that the connection is stuck in the security association.
Export your config and share it. Someone might find out where the problem is.
by own3r1138
Wed Apr 19, 2023 7:29 pm
Forum: Beginner Basics
Topic: Can't setup IPSec VPN to work on hap ac3 (tried nordvpn & protonvpn)
Replies: 8
Views: 807

Re: Can't setup IPSec VPN to work on hap ac3 (tried nordvpn & protonvpn)

/system logging
add prefix=--->IPSEC topics=ipsec,!packet
share the full log.
by own3r1138
Wed Apr 19, 2023 1:27 pm
Forum: General
Topic: access modem web interface
Replies: 17
Views: 1946

Re: access modem web interface

I want the lan pc that is connected to port 2 able to connect to 192.168.0.5 web interface without manually changing their ip address. . /ip firewall nat add action=src-nat chain=srcnat comment=modem dst-address=192.168.0.5 protocol=tcp dst-port=80,443 out-interface=ether1 src-address=192.168.50.40...
by own3r1138
Wed Apr 19, 2023 12:01 pm
Forum: General
Topic: SSTP client error ssl: fatal alert handshake (6)
Replies: 12
Views: 1991

Re: SSTP client error ssl: fatal alert handshake (6)

No, I await for response in the forum. If no progress is achieved here, I will raise a support ticket. Force AES It doesn't have this on V7. Both the PFS option and clients' certificate verification were disabled. FQDN? Let's Encrypt doesn't support using IPs in their certificates. Yes, I used FQDN.
by own3r1138
Wed Apr 19, 2023 5:19 am
Forum: Beginner Basics
Topic: Can't setup IPSec VPN to work on hap ac3 (tried nordvpn & protonvpn)
Replies: 8
Views: 807

Re: Can't setup IPSec VPN to work on hap ac3 (tried nordvpn & protonvpn)

Downgrade and check again. Moreover, it looks like the new RC version is working correctly.
2023-04-19_06-05-10.png
Regards,
by own3r1138
Wed Apr 19, 2023 2:19 am
Forum: Beginner Basics
Topic: Hairpin nat equivalent
Replies: 4
Views: 495

Re: Hairpin nat equivalent

/ip firewall address-list
add address="duck-dns-record.domain.tld" list=name
Now use this as a dst-address-list in your NAT rule.
by own3r1138
Tue Apr 18, 2023 10:53 pm
Forum: Beginner Basics
Topic: User Manager help
Replies: 1
Views: 248

Re: User Manager help

The new user manager doesn't have a web interface for admin. Therefore you should use CLI or Winbox.
by own3r1138
Tue Apr 18, 2023 10:43 pm
Forum: The User Manager
Topic: UM 5 | profile - user profile - endtime - starts-at [SOLVED]
Replies: 4
Views: 7588

Re: UM 5 | profile - user profile - endtime - starts-at [SOLVED]

 /user-manager set use-profiles=yes
by own3r1138
Tue Apr 18, 2023 12:13 pm
Forum: General
Topic: SSTP client error ssl: fatal alert handshake (6)
Replies: 12
Views: 1991

Re: SSTP client error ssl: fatal alert handshake (6)

How are you generating the certificates for the SSTP server?
Let's Encrypt & CF API
Are those certificates marked as trusted on both ends (if they're not from a trusted CA)?
Yes
2023-04-18_12-37-22.png
by own3r1138
Mon Apr 17, 2023 9:42 pm
Forum: General
Topic: SSTP client error ssl: fatal alert handshake (6)
Replies: 12
Views: 1991

Re: SSTP client error ssl: fatal alert handshake (6)

The goal is to establish an SSTP tunnel between two Mikrotik endpoints.
Does RouterOS support the EC certificate on the SSTP server?
by own3r1138
Mon Apr 17, 2023 11:24 am
Forum: General
Topic: SSTP client error ssl: fatal alert handshake (6)
Replies: 12
Views: 1991

Re: SSTP client error ssl: fatal alert handshake (6)

It does work fine with the RSA certificate. Therefore I conceive the certificate key type plays a role in the error. Furthermore, the EC certificate works well with the www-ssl service and user manager. 2023-04-17_11-18-47.png I have also tried a Windows SSTP client connection without success. The u...
by own3r1138
Mon Apr 17, 2023 9:51 am
Forum: General
Topic: SSTP client error ssl: fatal alert handshake (6)
Replies: 12
Views: 1991

SSTP client error ssl: fatal alert handshake (6)

I changed the SSTP server certificate from RSA 2048 to EC secp384r1, and the client is getting an ssl: fatal alert handshake (6) error. Has anyone else experienced this issue?
by own3r1138
Fri Apr 14, 2023 11:58 pm
Forum: General
Topic: Block IP addresses based on their geographic location
Replies: 12
Views: 5049

Re: Block IP addresses based on their geographic location

@own3r1138 Thank you very much for the script, I've put it onto my router and it already began to ban the IP's with failed attempts from the past logs
You're welcome. However, all the credit goes to Jotne & Rextended, creators of the script.

Regards,
by own3r1138
Thu Apr 13, 2023 10:28 pm
Forum: Beginner Basics
Topic: PPPoE Client not connecting to ISP
Replies: 3
Views: 1333

Re: PPPoE Client not connecting to ISP

disable this line and try. /ip dhcp-client add disabled=no interface=ether1 This is also wrong as the PPPoE should be your WAN, not the ehter1. /interface list member add comment=defconf interface=ether1 list=WAN "I think perhaps I should give my ISP a mac address but I dont know which one to g...
by own3r1138
Thu Apr 13, 2023 10:16 pm
Forum: General
Topic: Block IP addresses based on their geographic location
Replies: 12
Views: 5049

Re: Block IP addresses based on their geographic location

1 - A script to block the IP addresses. https://forum.mikrotik.com/viewtopic.php?p=905420#p906705 2 - By adding the allowed address list that contains your location. https://mikrotikconfig.com/firewall/ https://www.iwik.org/ipcountry/ Wireguard https://forum.mikrotik.com/viewtopic.php?t=182340 Peers...
by own3r1138
Mon Apr 10, 2023 3:27 am
Forum: RouterOS beta
Topic: ROS 7.8 routing bad bug
Replies: 27
Views: 4175

Re: ROS 7.8 routing bad bug

It seems yes!
It's been two days passed I've downgraded everything's fine
Don't use queue or interface binding with 7.7. It'll cause a crash again.
by own3r1138
Sun Apr 09, 2023 11:48 pm
Forum: General
Topic: openvpn behind isp box
Replies: 3
Views: 364

Re: openvpn behind isp box

Thank you for the answer, but it doesn't help me. I need a tutorial because all I tried fails.
Unfortunately, I don't have any tutorial for it. However, if you are interested, I could configure it for you via a remote desktop.
by own3r1138
Sun Apr 09, 2023 11:41 pm
Forum: Containers
Topic: Container "Traefik" (on RB5009)
Replies: 6
Views: 4783

Re: Container "Traefik" (on RB5009)

My container has been running on 7.8b3 since I started it 32 days ago. Perhaps an older build would run? DB https://nginxproxymanager.com/setup/#using-mysql-mariadb-database 2023-04-09_23-55-46.png . /container mounts add dst=/data/ name=nginx-proxy-data src=/pcie1-part1/containers/mounts/nginx-prox...
by own3r1138
Sun Apr 09, 2023 2:24 pm
Forum: Containers
Topic: Container "Traefik" (on RB5009)
Replies: 6
Views: 4783

Re: Container "Traefik" (on RB5009)

I couldn't get the Traefik container to work too. Therefore I decided to use nginx-proxy.
by own3r1138
Sat Apr 08, 2023 10:09 pm
Forum: General
Topic: openvpn behind isp box
Replies: 3
Views: 364

Re: openvpn behind isp box

There is not much to it. Firstly, import your certificate. Secondly, you should create and configure an OVPN client interface to your server requirements. Thirdly, you should create a new routing table and rules to route whatever you want through your VPN tunnel. Perhaps one could use IP/firewall/ma...
by own3r1138
Thu Apr 06, 2023 7:22 pm
Forum: Announcements
Topic: v7.9rc is released!
Replies: 253
Views: 75019

Re: v7.9rc is released!

@MT
We are not able to track this problem down/repeat it in our internal tests.
by own3r1138
Thu Apr 06, 2023 6:41 pm
Forum: Announcements
Topic: v7.9rc is released!
Replies: 253
Views: 75019

Re: v7.9rc is released!

Is OVPN still unstable like in 7.8 or is that already fixed?
I'm very interested in this too, anyone tried it?

No, it has not been fixed. Instant crashes due to high CPU utilization.
by own3r1138
Sat Apr 01, 2023 5:58 am
Forum: Announcements
Topic: v7.9rc is released!
Replies: 253
Views: 75019

Re: v7.9rc is released!

2023-04-01_06-27-06.png
by own3r1138
Wed Mar 29, 2023 10:16 pm
Forum: Announcements
Topic: v7.8 [stable] is released!
Replies: 425
Views: 137444

Re: v7.8 [stable] is released!

7.7 and 7.8beta3 are the most stable in recent releases for the OVPN server.
by own3r1138
Wed Mar 29, 2023 4:41 pm
Forum: General
Topic: User Manager issues on v7.8
Replies: 19
Views: 3396

Re: User Manager issues on v7.8

2023-03-29_17-09-31.png
by own3r1138
Fri Mar 24, 2023 12:15 pm
Forum: Announcements
Topic: v7.9beta [testing] is released!
Replies: 118
Views: 25309

Re: v7.9beta [testing] is released!

Still, no OVPN fix on this release despite numerous reports about the instance kernel crashes from 7.8 RC to 7.9 B.
by own3r1138
Sat Mar 11, 2023 4:53 pm
Forum: Beginner Basics
Topic: Let's Encrypt certificate automatic renewal in ROS v7
Replies: 11
Views: 2776

Re: Let's Encrypt certificate automatic renewal in ROS v7

Auto-renewal doesn't work. You can use scripts for renewal later on.
by own3r1138
Sat Mar 04, 2023 9:56 am
Forum: Announcements
Topic: v7.8 [stable] is released!
Replies: 425
Views: 137444

Re: v7.8 [stable] is released!


I'm having the same problem here, on an RB4011. After updating to 7.8, the system has a kernel error and restarts before completing 5 minutes of uptime. I have about 150 ovpn connections.
https://www.youtube.com/watch?v=XhI2dNzRpHY
by own3r1138
Tue Feb 28, 2023 7:20 am
Forum: Announcements
Topic: v7.8 [stable] is released!
Replies: 425
Views: 137444

Re: v7.8 [stable] is released!

The OVPN service is unstable, and it will cause a Kernel crashes after 2,3 hours of uptime.
SUP-96432
by own3r1138
Sun Feb 19, 2023 6:09 pm
Forum: Announcements
Topic: v7.8rc is released!
Replies: 125
Views: 44252

Re: v7.8rc is released!

I have found an issue with RouterOS IKEv2 version 7.7 also V7.8rc2. It works fine on 6.48.6 (long-term).
The issue is related to handling the certificate chain of trust, as far as I can tell.
SUP-108363
ipsec-f.jpg
by own3r1138
Mon Feb 13, 2023 4:44 pm
Forum: Announcements
Topic: v7.8rc is released!
Replies: 125
Views: 44252

Re: v7.8rc is released!

@ErfanDL
Dear Erfan, can you tell me which USB LTE and carrier you use, please? I'm interested in buying one.
by own3r1138
Mon Feb 13, 2023 1:48 pm
Forum: Announcements
Topic: v7.8rc is released!
Replies: 125
Views: 44252

Re: v7.8rc is released!

rpingar, own3r1138 - This change was a potential fix for your problem. You should try it out and update us with new supout files if the problem for some reason is not fully resolved.
I sent a supout file three days ago.
by own3r1138
Sat Feb 11, 2023 4:03 pm
Forum: Announcements
Topic: v7.8rc is released!
Replies: 125
Views: 44252

Re: v7.8rc is released!

Several Kernel failures on CHR. :d

100% sure
by own3r1138
Fri Feb 10, 2023 6:16 pm
Forum: Announcements
Topic: v7.8rc is released!
Replies: 125
Views: 44252

Re: v7.8rc is released!

Is something wrong with Server binding? The interface is still connected even though I disabled the client!
by own3r1138
Fri Feb 10, 2023 4:34 pm
Forum: General
Topic: ike2, letsencrypt and windows client [SOLVED]
Replies: 4
Views: 2052

Re: ike2, letsencrypt and windows client [SOLVED]

Can you guide me to install Ikev2 on mikrotik using lets encrypt to authenticate radius? or give me the link of the tutorial that you have followed successfully. i am not understanding where i am wrong. https://help.mikrotik.com/docs/display/ROS/IPsec#IPsec-RoadWarriorsetupusingIKEv2withEAP-MSCHAPv...
by own3r1138
Fri Feb 10, 2023 3:57 pm
Forum: Scripting
Topic: An issue with scripting/scheduler for container mount backup
Replies: 2
Views: 1039

Re: An issue with scripting/scheduler for container mount backup

Hi, No, it's a running container. Additionally, It did work when I ran the script manually without the need to stop the container. update I stopped the container first and tested the scheduler. It shows the same behavior as before. workaround Add another script to run the first script and then the s...
by own3r1138
Fri Feb 10, 2023 3:35 pm
Forum: Scripting
Topic: An issue with scripting/scheduler for container mount backup
Replies: 2
Views: 1039

An issue with scripting/scheduler for container mount backup

Hi, I have an issue using the scheduler for this script. Is this something that MT should fix? Or perhaps this is an access/permission issue? This script works when running it manually or via the terminal. However, the scheduler can't run the script. 2023-02-08_17-34-07.jpg CLI /system scheduler add...
by own3r1138
Fri Feb 10, 2023 2:51 pm
Forum: Announcements
Topic: v7.8rc is released!
Replies: 125
Views: 44252

Re: v7.8rc is released!

*) ovpn - improved server stability;

Can you, please, provide more details?
Reference SUP-96432
viewtopic.php?t=190351#p964701
by own3r1138
Tue Feb 07, 2023 6:59 pm
Forum: Announcements
Topic: v7.8beta [testing] is released!
Replies: 307
Views: 72191

Re: v7.8beta [testing] is released!

7.8beta2 is more stable than 7.8beta3
tested on hex s and hap ac3, same behavior.
I am running 7.8b3 on HAP AC3 without any issues.
by own3r1138
Fri Feb 03, 2023 12:27 pm
Forum: Beginner Basics
Topic: redirecting friendly.url.com/whatever to a local.ip:port
Replies: 4
Views: 484

Re: redirecting friendly.url.com/whatever to a local.ip:port

Is the RB3011 ARM?
https://download.mikrotik.com/routeros/ ... 8beta2.zip
I couldn't get the Traefik to work on MT. I think Nginx Proxy will work.
https://nginxproxymanager.com/
by own3r1138
Wed Feb 01, 2023 3:52 pm
Forum: Announcements
Topic: v7.8beta [testing] is released!
Replies: 307
Views: 72191

Re: v7.8beta [testing] is released!

Is it just me? Do others also experiencing the same? I didn't see any issue on ARM devices. The screenshot is from a CHR. 2023-02-01_17-18-18.jpg update The certificate CRL download doesn't work when only the DOH is used. /ip dns use-doh-server=https://dns-record.domain.tdl/dns-query verify-doh-cert...
by own3r1138
Tue Jan 31, 2023 5:57 pm
Forum: Beginner Basics
Topic: Docker? Does anybody use it?
Replies: 16
Views: 3307

Re: Docker? Does anybody use it?

It could be better.
2023-01-31_19-19-33.jpg
by own3r1138
Tue Jan 31, 2023 3:11 pm
Forum: General
Topic: IPv6 connectivity through VPS
Replies: 10
Views: 1321

Re: IPv6 connectivity through VPS

You can use DDNS (IP/cloud) or a script to update a record in thirty-party providers like Cloudflare.
Also, you can get an IPv6 at https://ipv6.he.net/. It will use the same 6-to4 tunnel. Additionally, native IPv6 connectivity is available for both direct connections.
by own3r1138
Sun Jan 29, 2023 2:14 pm
Forum: Wireless Networking
Topic: hAP ac3 - Unable to select channel 11
Replies: 22
Views: 3328

Re: hAP ac3 - Unable to select channel 11

Well, I don't have enough knowledge to comment on this.
by own3r1138
Sun Jan 29, 2023 1:12 pm
Forum: Wireless Networking
Topic: hAP ac3 - Unable to select channel 11
Replies: 22
Views: 3328

Re: hAP ac3 - Unable to select channel 11

the above screenshot is set that way.
For the screenshot, I put it to all rates fixed so it could enable the value.
by own3r1138
Wed Dec 28, 2022 12:33 pm
Forum: The User Manager
Topic: UserManager 7.3.1 - Time Problem
Replies: 6
Views: 2842

Re: UserManager 7.3.1 - Time Problem

The profile and start time work fine for me. You should check your initiated config. I didn't use the limitation reset, so I can't confirm your findings.
by own3r1138
Wed Dec 28, 2022 11:12 am
Forum: The User Manager
Topic: UserManager 7.3.1 - Time Problem
Replies: 6
Views: 2842

Re: UserManager 7.3.1 - Time Problem

"resetting users' traffic after a certain period" did you try this?
2022-12-28_12-39-39.jpg
by own3r1138
Sat Dec 24, 2022 9:45 pm
Forum: General
Topic: Open VPN with user name password and self-signed certificates on IOS 16.2
Replies: 3
Views: 883

Re: Open VPN with user name password and self-signed certificates on IOS 16.2

Provide your router configuration, The OVPN profile you created for the iOS device, and user/pass, Please! so I can test what you have done.
by own3r1138
Fri Dec 23, 2022 10:00 am
Forum: General
Topic: Open VPN with user name password and self-signed certificates on IOS 16.2
Replies: 3
Views: 883

Re: Open VPN with user name password and self-signed certificates on IOS 16.2

Hi, Create your certificates as described here. https://wiki.mikrotik.com/wiki/Manual:Create_Certificates#Generate_certificates_on_RouterOS Then there is the matter of the OVPN client profile, here is an example. client dev tun proto udp remote xxx.xxx.xxx.xxx port 443 resolv-retry infinite nobind a...
by own3r1138
Thu Dec 22, 2022 12:08 pm
Forum: General
Topic: Port knocking from Mikrotik
Replies: 11
Views: 1165

Re: Port knocking from Mikrotik

lol
by own3r1138
Wed Dec 21, 2022 3:46 pm
Forum: Wireless Networking
Topic: hAP ac3 - Unable to select channel 11
Replies: 22
Views: 3328

Re: hAP ac3 - Unable to select channel 11

I think it was a typo Tx power.
2022-12-21_17-14-37.jpg
https://wiki.mikrotik.com/wiki/Manual:Wireless_FAQ
2022-12-21_17-12-00.jpg
by own3r1138
Thu Dec 01, 2022 8:23 am
Forum: Beginner Basics
Topic: vpn functional only certain days
Replies: 4
Views: 506

Re: vpn functional only certain days

You could use user-manger and profile limitations.
2022-12-01_09-50-55.jpg
by own3r1138
Fri Nov 18, 2022 6:47 pm
Forum: Containers
Topic: Rustdesk-server container with many neat features Topic is solved
Replies: 11
Views: 9425

Re: Rustdesk-server container with many neat features Topic is solved

Thank you for all the containers that you created and shared recently. I could certainly use this one too.
2022-11-18_20-13-34.jpg
by own3r1138
Thu Nov 17, 2022 3:18 am
Forum: Containers
Topic: ifconfig.io container is ready
Replies: 3
Views: 2705

Re: ifconfig.io container is ready

Hi, Well, I have already generated my certificate with let's encrypt. Setting up HTTPS in the speed-test container was pretty easy. It would be nice to have the same functionality here (IP:443 is used elsewhere). I use this image in my CHR with lots of available resources. Reverse proxy with LE cert...
by own3r1138
Wed Nov 16, 2022 9:10 pm
Forum: General
Topic: problem Route all traffic to vpn (openvpn client) V7
Replies: 7
Views: 3118

Re: problem Route all traffic to vpn (openvpn client) V7

YVW, This is just an example. You could make the necessary changes to suit your VPN and your needs.
by own3r1138
Wed Nov 16, 2022 7:49 pm
Forum: General
Topic: problem Route all traffic to vpn (openvpn client) V7
Replies: 7
Views: 3118

Re: problem Route all traffic to vpn (openvpn client) V7

/routing table add disabled=no fib name=via-vpn /routing rule add action=lookup-only-in-table disabled=no dst-address=172.20.20.0/24 src-address=172.20.20.15/24 table=main add action=lookup-only-in-table disabled=no dst-address=172.20.20.0/24 src-address=0.0.0.0/0 table=via-vpn /ip firewall address...
by own3r1138
Wed Nov 16, 2022 7:45 am
Forum: Containers
Topic: openspeedtest mikrotik ready container Topic is solved
Replies: 18
Views: 10728

Re: openspeedtest mikrotik ready container Topic is solved

Thankyou for sharing.
2022-11-16_09-13-45.jpg
by own3r1138
Wed Nov 16, 2022 7:41 am
Forum: Containers
Topic: ifconfig.io container is ready
Replies: 3
Views: 2705

Re: ifconfig.io container is ready

Hi,
Thank you, Any instructions or walkthroughs on establishing an HTTPS connection?

Regards,
by own3r1138
Sat Nov 12, 2022 3:41 pm
Forum: Announcements
Topic: v7.7beta [testing] is released!
Replies: 322
Views: 122463

Re: v7.7beta [testing] is released!

There is still PPP and Queue problem in the 7.7beta6 version.
SUP-96432 was raised on 29/Oct/22. I also have added the V7.7b6 supout file.
by own3r1138
Thu Nov 10, 2022 3:11 pm
Forum: Announcements
Topic: v7.7beta [testing] is released!
Replies: 322
Views: 122463

Re: v7.7beta [testing] is released!

There is still PPP and Queue problem in the 7.7beta6 version.
by own3r1138
Mon Nov 07, 2022 7:39 pm
Forum: Beginner Basics
Topic: browser TLS error using Mikrotik hardware
Replies: 12
Views: 1869

Re: browser TLS error using Mikrotik hardware

Well, I don't think so.
pic.jpeg
by own3r1138
Mon Nov 07, 2022 3:51 pm
Forum: General
Topic: Branding package maker
Replies: 18
Views: 2118

Re: Branding package maker

Thanks for your reply, The error appears after clicking on making a file.
2022-11-07_17-53-05.gif
by own3r1138
Mon Nov 07, 2022 3:30 pm
Forum: General
Topic: Branding package maker
Replies: 18
Views: 2118

Re: Branding package maker

NO, I await an answer or confirmation that the ERROR is not at my end.
by own3r1138
Mon Nov 07, 2022 3:25 pm
Forum: General
Topic: Branding package maker
Replies: 18
Views: 2118

Re: Branding package maker

up.
by own3r1138
Mon Nov 07, 2022 3:12 pm
Forum: Announcements
Topic: v7.7beta [testing] is released!
Replies: 322
Views: 122463

Re: v7.7beta [testing] is released!

@MikroTik
Can you elaborate on these two, Please?
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ppp - do not inherit routing mark for encapsulated packets;
by own3r1138
Sat Nov 05, 2022 10:44 pm
Forum: General
Topic: Branding package maker
Replies: 18
Views: 2118

Branding package maker

Is the branding package URL broken? The error will appears after I click on make for V6.7 and above.
2022-11-06_00-09-57.jpg
by own3r1138
Mon Oct 31, 2022 9:26 pm
Forum: Announcements
Topic: v7.7beta [testing] is released!
Replies: 322
Views: 122463

Re: v7.7beta [testing] is released!

own3r1138, fabeni, rpingar - Yes, this seems to be the same problem as mentioned above. Please send supout to support@mikrotik.com.


Hello,
I raised a ticket, SUP-96432.

Thank you.
by own3r1138
Sun Oct 30, 2022 5:30 pm
Forum: General
Topic: Certificate CRL issue | Got CRL with a bad signature
Replies: 12
Views: 2096

Re: Certificate CRL issue | Got CRL with a bad signature

This issue was fixed with the v7.6 release.
by own3r1138
Fri Oct 28, 2022 8:44 pm
Forum: Announcements
Topic: v7.7beta [testing] is released!
Replies: 322
Views: 122463

Re: v7.7beta [testing] is released!

@fabeni
I have three CHRs currently running V 7.6 with the same configuration. This one is the busiest, which I run into a problem with. Since @strods asked for a supout, I will raise a ticket as soon as the issue occurs again. I urge you to do the same, please.
by own3r1138
Fri Oct 28, 2022 3:56 pm
Forum: Announcements
Topic: v7.7beta [testing] is released!
Replies: 322
Views: 122463

Re: v7.7beta [testing] is released!

@fabeni
Simple Queue is not being removed and not allowing PPPoE to reconnect because it said it already had a simple queue running.
Is this similar to your problem?
asd.jpg
by own3r1138
Mon Oct 17, 2022 3:24 pm
Forum: Announcements
Topic: v7.6rc is released!
Replies: 94
Views: 28035

Re: v7.6rc is released!

own3r1138 - Please send a supout file from your router running v7.6 where such functionality would not be working although it did work in v7.5.
Hello,
I raised a new ticket, SUP-95262.

Thank you.
by own3r1138
Sat Oct 15, 2022 6:25 pm
Forum: Useful user articles
Topic: IPSEC/IKE2 (with certificates) VPN server guide for remote access
Replies: 40
Views: 57708

Re: IPSEC/IKE2 (with certificates) VPN server guide for remote access

PowerShell - Connection Add-VpnConnection -Name "IKEv2" -ServerAddress "ike.site.com" -TunnelType "ikev2" -AuthenticationMethod "MachineCertificate" Set-VpnConnection -Name "IKEv2" -RememberCredential $True -SplitTunneling $False Set-VpnConnection -...
by own3r1138
Fri Oct 14, 2022 3:35 pm
Forum: Announcements
Topic: v7.6rc is released!
Replies: 94
Views: 28035

Re: v7.6rc is released!

*) certificate - improved certificate management, signing, and storing processes;
Thank you. I hope this new release will resolve the TLS failure in OVPN too.
2022-10-14_16-02-37.jpg
by own3r1138
Thu Oct 13, 2022 4:31 pm
Forum: Announcements
Topic: v7.6rc is released!
Replies: 94
Views: 28035

Re: v7.6rc is released!

own3r1138 - we might have found a bit different issue, please contact support regarding this.
Hi,
I raised a ticket, SUP-94961.

Thank you.
by own3r1138
Wed Oct 12, 2022 6:41 pm
Forum: Announcements
Topic: v7.6rc is released!
Replies: 94
Views: 28035

Re: v7.6rc is released!

Its okay on V7.5.
2022-10-12_19-08-46.jpg
by own3r1138
Wed Oct 12, 2022 5:53 pm
Forum: Wireless Networking
Topic: received disassoc sending station leaving (8)
Replies: 117
Views: 110337

Re: received disassoc sending station leaving (8)

I successfully added DHCP options 1, 6, and 12. It works fine. I didn't lose connectivity with my phone anymore. Thanks to @dbrowning2 2022-10-12_17-49-09.jpg 2022-10-12_18-08-42.jpg Export /ip dhcp-server option add code=1 name=subnetmask value=0xffffff00 add code=6 force=yes name="WLAN-Domain...
by own3r1138
Tue Oct 11, 2022 11:37 pm
Forum: General
Topic: urgent help
Replies: 49
Views: 13276

Re: urgent help

It doesn't worth it, just run it on Linux.
https://seakfind.github.io/2021/10/10/X-UI/
by own3r1138
Thu Oct 06, 2022 6:51 am
Forum: General
Topic: How to remove logs under tools user-manager session
Replies: 6
Views: 10551

Re: How to remove logs under tools user-manager session

/user-manager/session/remove [find where active=no]
by own3r1138
Wed Oct 05, 2022 5:05 pm
Forum: General
Topic: Wireguard / 2FA
Replies: 14
Views: 5414

Re: Wireguard / 2FA

You can't Wireguard doesn't have any accounting as far as I know.
2FA with userman
by own3r1138
Wed Oct 05, 2022 1:44 pm
Forum: Announcements
Topic: v7.6rc is released!
Replies: 94
Views: 28035

Re: v7.6rc is released!

*) container - added "start-on-boot" parameter for automatic container startup; Doesn't work on multi-container boot on startup. /container/set 0,1 start-on-boot=yes /container print 0 name="96a1d400-542f-462e-9f17-06bc9e30bafa" tag="latest" os="linux" arch=&q...
by own3r1138
Wed Oct 05, 2022 4:47 am
Forum: Beginner Basics
Topic: Route between VPN and LAN networks
Replies: 11
Views: 8129

Re: Route between VPN and LAN networks

A hard reset from the hypervisor should do the job. It's what I have done with ESXi.
by own3r1138
Mon Oct 03, 2022 12:49 am
Forum: SwOS
Topic: Hello Error connecting OVPN Client from Router OS
Replies: 1
Views: 2552

Re: Hello Error connecting OVPN Client from Router OS

I have the Router OS as a Proxmox VM I got the data from the OVPN Tunel server but I get the error: tls handshake failed In General, The TLS handshake failed. Indicate that there is a problem with the certificate. https://wiki.mikrotik.com/wiki/Manual:Create_Certificates#Generate_certificates_on_Ro...
by own3r1138
Mon Oct 03, 2022 12:16 am
Forum: General
Topic: Issue in scripting [SOLVED]
Replies: 8
Views: 1533

Re: Issue in scripting [SOLVED]

@Znevna I settle down with Sindy's suggestion that I don't need it. Although I tried to work it out, I failed. I have to grasp a better understanding of syntax first. @Sindy AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...
by own3r1138
Sun Oct 02, 2022 9:55 pm
Forum: General
Topic: Issue in scripting [SOLVED]
Replies: 8
Views: 1533

Re: Issue in scripting [SOLVED]

Thank you, I changed them, still doesn't work. It does work in another Script But, I couldn't find where the problem is in this one. :log info "IPIP Tunnel address start" :local interfaceN PPPOE :local commentN Name :local locoIP [/ip address get [find interface=$interfaceN] address] :loca...
by own3r1138
Sun Oct 02, 2022 8:43 pm
Forum: General
Topic: Issue in scripting [SOLVED]
Replies: 8
Views: 1533

Re: Issue in scripting [SOLVED]

Hi, Thank you, I tried to replicate it. It seems okay till the last section of the script :( It looks like the problem starts from there or perhaps shows itself when I added the line. ;log info "IPIP Tunnel address start" :local interfaceN PPPOE :local commentN Name :local locoIP [/ip addr...
by own3r1138
Sun Oct 02, 2022 7:07 pm
Forum: General
Topic: Issue in scripting [SOLVED]
Replies: 8
Views: 1533

Issue in scripting [SOLVED]

I tried to write a script in which, I needed to get a local address of a dynamic interface like PPPoE but failed to do so. Any help would be appreciated. Something like this but I couldn't find a way to make it work. # get local-address of the dynamic interface. :local locoIP [get [find where commen...
by own3r1138
Thu Sep 29, 2022 3:35 pm
Forum: Wireless Networking
Topic: received disassoc sending station leaving (8)
Replies: 117
Views: 110337

Re: received disassoc sending station leaving (8)

Seriously who here is typing on this forum with their iphone 6?
Me, don't judge me. :D
2022-09-29_16-01-13.jpg
by own3r1138
Thu Sep 29, 2022 12:04 pm
Forum: General
Topic: Wireguard Clinet on Mikrotik
Replies: 26
Views: 2169

Re: Wireguard Clinet on Mikrotik

Hi, I hope I did it right. H7kjdkoHmfR8/XMTFcSzbs803y320YsVWN/WyzzY0yzRSoXiMD8oi4YoigxJMXaD 92Wo+KoU11BWsmYFg06b9z36O45KIjYc3nfsaE+vjA8NzG9elK7wft5WaCgW67qF nAxgCJnCVgb5Y2FKbRJLZt0LJZHOdibJwnq31u1fQEizPslxzVnDkehxfEL9FTSd OVF0E/MwCbYmWXIdV90PE6k4CM5WSmuV/YsWs6SxRg1+b0bVNjo+oqdANGfoOxXd IqnFxScKuDAjG...
by own3r1138
Wed Sep 28, 2022 3:00 pm
Forum: General
Topic: Wireguard Clinet on Mikrotik
Replies: 26
Views: 2169

Re: Wireguard Clinet on Mikrotik

Yes, It could be secured with IPsec.
by own3r1138
Wed Sep 28, 2022 2:13 pm
Forum: General
Topic: Wireguard Clinet on Mikrotik
Replies: 26
Views: 2169

Re: Wireguard Clinet on Mikrotik

If both sides are MTs' you should use an IP Tunnel because WG and OVPN are UDP and are being targeted widely right now.
by own3r1138
Wed Sep 28, 2022 1:56 pm
Forum: General
Topic: Wireguard Clinet on Mikrotik
Replies: 26
Views: 2169

Re: Wireguard Clinet on Mikrotik

No, It is going to change. However, You could use a script to get the new one and set it as your site A peer endpoint. What do you want to do with WG? IP Tunnel is better :D
by own3r1138
Wed Sep 28, 2022 1:48 pm
Forum: General
Topic: Wireguard Clinet on Mikrotik
Replies: 26
Views: 2169

Re: Wireguard Clinet on Mikrotik

PPPOE ?
by own3r1138
Wed Sep 28, 2022 1:09 pm
Forum: General
Topic: Wireguard Clinet on Mikrotik
Replies: 26
Views: 2169

Re: Wireguard Clinet on Mikrotik

@Mehrdadx

A large number of public DNS servers are filtered. It is going to fail at resolving your DDNS record. You could order a public IP for a DVR or something like that.
by own3r1138
Wed Sep 28, 2022 1:00 pm
Forum: General
Topic: Certificate CRL issue | Got CRL with a bad signature
Replies: 12
Views: 2096

Certificate CRL issue | Got CRL with a bad signature

Hi,
Does anyone know how to solve this issue?
cert.jpg
crl.jpg
log.jpg
ntp.jpg
cert set.jpg
Regards,
by own3r1138
Mon Sep 26, 2022 6:59 pm
Forum: Beginner Basics
Topic: RouterOS 7.5 as Wireguard client
Replies: 45
Views: 11966

Re: RouterOS 7.5 as Wireguard client

You're very welcome.
by own3r1138
Mon Sep 26, 2022 6:47 pm
Forum: Beginner Basics
Topic: RouterOS 7.5 as Wireguard client
Replies: 45
Views: 11966

Re: RouterOS 7.5 as Wireguard client

Is this a typo?
-ensure the clients if need internet have on peer settings allowed-ips=0.0.0.0/24
by own3r1138
Mon Sep 26, 2022 5:06 pm
Forum: Beginner Basics
Topic: RouterOS 7.5 as Wireguard client
Replies: 45
Views: 11966

Re: RouterOS 7.5 as Wireguard client

I run my WG at my CHR but other than that its the same.
2022-09-26_17-30-19.jpg
by own3r1138
Sun Sep 25, 2022 3:38 am
Forum: Beginner Basics
Topic: Route between VPN and LAN networks
Replies: 11
Views: 8129

Re: Route between VPN and LAN networks

I agree. However, in the past few versions' log changes, There were a few changes to OVPN. It seems they are working on it. In the meantime, a container option is handy. Although, I raised a support ticket for OVPN problems. I have two operational containers at my CHR. Overall, It's a neat option to...
by own3r1138
Sat Sep 24, 2022 11:59 pm
Forum: Beginner Basics
Topic: Route between VPN and LAN networks
Replies: 11
Views: 8129

Re: Route between VPN and LAN networks

Right now, I'm working on a docker image for my OVPN. I even found a Plugin for Radius to MT.
2022-09-25_00-26-16.jpg
by own3r1138
Fri Sep 23, 2022 5:36 am
Forum: Containers
Topic: Looking for Docker container ideas for RouterOS
Replies: 121
Views: 30045

Re: Looking for Docker container ideas for RouterOS

Well, the default OVPN port was filtered long before WG existed. I have both services on 443/UDP. I don't know how they did it too.
by own3r1138
Fri Sep 23, 2022 5:03 am
Forum: Containers
Topic: Looking for Docker container ideas for RouterOS
Replies: 121
Views: 30045

Re: Looking for Docker container ideas for RouterOS

@gotsprings
I live in Iran. I don't know how much you are familiar with our current government. Due to the latest movements, 2/3 of The internet is down including WG protocol, but OVPN*** is working.
by own3r1138
Fri Sep 23, 2022 3:08 am
Forum: General
Topic: General Licensing Question [SOLVED]
Replies: 3
Views: 1006

Re: General Licensing Question [SOLVED]

True, I was looking at the wrong documentation.
https://help.mikrotik.com/docs/pages/vi ... RLicensing
by own3r1138
Fri Sep 23, 2022 2:36 am
Forum: General
Topic: General Licensing Question [SOLVED]
Replies: 3
Views: 1006

General Licensing Question [SOLVED]

I never bought any license from MT whats so ever. All the devices I own are pre-licensed. Even my VMs licensed through the reseller.
Now I have two devices that aged enough that I don't use them anymore.
Can I use their licenses on my new CHR?
by own3r1138
Fri Sep 23, 2022 1:51 am
Forum: RouterBOARD hardware
Topic: CRS504-4XQ-IN, LTT, LinusTechTips
Replies: 6
Views: 1344

Re: CRS504-4XQ-IN, LTT, LinusTechTips

One thing that caught my eye was where in another video (I think the one where they changed their NAS), Linus cowardly changed some MTs to the other vendor. However, they used MT when they needed more throughput.
by own3r1138
Thu Sep 22, 2022 11:35 pm
Forum: General
Topic: Let's Encrypt automatic certificate renewal
Replies: 16
Views: 10083

Re: Let's Encrypt automatic certificate renewal

It's okay, I understand as I suffer the same way.
Personally, I check everything I write in English on Grammarly and after that in google translate it to my first language, and still, it confuses people.
by own3r1138
Thu Sep 22, 2022 11:21 pm
Forum: General
Topic: Let's Encrypt automatic certificate renewal
Replies: 16
Views: 10083

Re: Let's Encrypt automatic certificate renewal

As I said in the other post, it certainly could use your touch/magic. I appreciate your time and effort. I will do better next time now that I have an example to follow. Although, at this point, what you have suggested "better insert a loop that checks when cert is ready or timeout after x &quo...
by own3r1138
Thu Sep 22, 2022 10:11 pm
Forum: Scripting
Topic: I have 0 knowledge on scripting: Script to update HTTPS certificate
Replies: 10
Views: 1395

Re: I have 0 knowledge on scripting: Script to update HTTPS certificate

@Simonej I did something similar to this. I will update it after the @rextended comments. Maybe this gives you ideas about how to write yours. Also, he might try to do his magic on it for me. :d When you do your test, exclude the actual certificate renewal, it might hit the let's encrypt limit. http...
by own3r1138
Thu Sep 22, 2022 10:08 pm
Forum: Scripting
Topic: I have 0 knowledge on scripting: Script to update HTTPS certificate
Replies: 10
Views: 1395

Re: I have 0 knowledge on scripting: Script to update HTTPS certificate

Hi,

What I meant was this part
on-error={:log warning "Failed to set HTTPS certificate!"};
. I didn't check if this will work or not.
Anyway, thank you for the correct one. <3
by own3r1138
Thu Sep 22, 2022 10:04 pm
Forum: General
Topic: A noob VS MT container networking | OCSERV Image [SOLVED]
Replies: 6
Views: 1666

Re: A noob VS MT container networking | OCSERV Image [SOLVED]

@Znevna
When proxy-arp fixes something, you're doing something wrong.
I welcome you with open arms if you have a better solution for this.

Thanks.
by own3r1138
Thu Sep 22, 2022 9:35 pm
Forum: General
Topic: A noob VS MT container networking | OCSERV Image [SOLVED]
Replies: 6
Views: 1666

Re: A noob VS MT container networking | OCSERV Image [SOLVED]

I set the value to proxy-arp as it looks more right to me but I'm not certain.
local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface
proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces

Thank you.
by own3r1138
Thu Sep 22, 2022 9:22 pm
Forum: Scripting
Topic: I have 0 knowledge on scripting: Script to update HTTPS certificate
Replies: 10
Views: 1395

Re: I have 0 knowledge on scripting: Script to update HTTPS certificate

Well, I learned this line from it I don't think it's useless.
:do {/ip service set $ServiceWWWSSL certificate="$CertName" tls-version=only-1.2} on-error={:log warning "Failed to set HTTPS certificate!"};
by own3r1138
Thu Sep 22, 2022 1:34 pm
Forum: Beginner Basics
Topic: VPN - PPTP Cannot Connect Remotely
Replies: 1
Views: 1004

Re: VPN - PPTP Cannot Connect Remotely

Enable the LOG on your server and also check if the firewall helper service is on. some of your configs look wrong to me I changed them to what I have done. However, You should consider changing the protocol to something else, the PPTP protocol was discontinued. system logging add disabled=no topics...
by own3r1138
Thu Sep 22, 2022 9:15 am
Forum: General
Topic: A noob VS MT container networking | OCSERV Image [SOLVED]
Replies: 6
Views: 1666

Re: A noob VS MT container networking | OCSERV Image [SOLVED]

@mkx

I can't tell you how much I appreciate your help. You just made my day. <3

Could you please confirm if I set the ARP proxy correctly?
arp.jpg

tourch-done.jpg
howis.jpg
traceroute.jpg

Again, Thank you.
by own3r1138
Thu Sep 22, 2022 8:00 am
Forum: General
Topic: A noob VS MT container networking | OCSERV Image [SOLVED]
Replies: 6
Views: 1666

A noob VS MT container networking | OCSERV Image [SOLVED]

Hi, I have been working to build my own ocserv container image for the past few days. I will post it, but before getting into that, I have to ask a question. I can't find any documentation for it at MT documentation, Or perhaps I misunderstand it as I usually do. How should one configure the contain...
by own3r1138
Wed Sep 21, 2022 4:24 pm
Forum: Beginner Basics
Topic: Port Forward not working for RDP
Replies: 7
Views: 880

Re: Port Forward not working for RDP

lots of ports to open
Then use a VPN protocol. You will get lots of bots trying to poke holes inside your network if you use port forward.
by own3r1138
Fri Sep 16, 2022 10:35 pm
Forum: Beginner Basics
Topic: Redirect all DNS requests to local hosted Pi-Hole [SOLVED]
Replies: 21
Views: 6535

Re: Redirect all DNS requests to local hosted Pi-Hole [SOLVED]

I don't have any pi-hole at my home setup. I use an ad-guard container in my x86 ROS VDS. Which provides VPNs like WG and IKEv2. There is a WG tunnel between my home route and this VDS. Most of my internet and any DNS queries are routed through this tunnel.
by own3r1138
Fri Sep 16, 2022 9:44 pm
Forum: Beginner Basics
Topic: Redirect all DNS requests to local hosted Pi-Hole [SOLVED]
Replies: 21
Views: 6535

Re: Redirect all DNS requests to local hosted Pi-Hole [SOLVED]

The DNS rules are also for forwarding to WG. :D
by own3r1138
Fri Sep 16, 2022 6:16 pm
Forum: General
Topic: Let's Encrypt automatic certificate renewal
Replies: 16
Views: 10083

Re: Let's Encrypt automatic certificate renewal

This is what I came up with. Interval 80d 00:00:00 :log info "Script - Certificate renewal" :local ipWWW [/ip/service find name=www]; /ip/service set $ipWWW disabled=no /ip firewall filter set disabled=no [find comment="IP Services HTTP"] certificate remove [find common-name=&quo...
by own3r1138
Fri Sep 16, 2022 5:54 pm
Forum: Beginner Basics
Topic: Redirect all DNS requests to local hosted Pi-Hole [SOLVED]
Replies: 21
Views: 6535

Re: Redirect all DNS requests to local hosted Pi-Hole [SOLVED]

removed useless quote ... use Post Replay not Quote button Well, You are correct and I have one rule number=2 is my src-nat rule. However, OP config files and topic suggest the pi-hole runs at the same subnet as the LAN. There is a WG IP range that needs to be forwarded too, although the WG config ...
by own3r1138
Fri Sep 16, 2022 3:59 pm
Forum: Beginner Basics
Topic: Redirect all DNS requests to local hosted Pi-Hole [SOLVED]
Replies: 21
Views: 6535

Re: Redirect all DNS requests to local hosted Pi-Hole [SOLVED]

removed useless quote ... use Post Replay not Quote button
I have very similar commands the only difference is I used src-address-list vs src-address.
2022-09-16_17-27-14.jpg
2022-09-16_17-27-22.jpg
by own3r1138
Fri Sep 16, 2022 2:17 pm
Forum: Beginner Basics
Topic: Redirect all DNS requests to local hosted Pi-Hole [SOLVED]
Replies: 21
Views: 6535

Re: Redirect all DNS requests to local hosted Pi-Hole [SOLVED]

Know how to formulate such rules. CLI /ip firewall mangle add action=mark-connection chain=prerouting comment="DNS-Mark" connection-state=new dst-port=53 new-connection-mark="via-dns" passthrough=yes protocol=tcp src-address="your-LAN" add action=mark-connection chain=...