MikroTik

mike6715b

@anav: Marking is based on linked post. It can be done without it, but it's not wrong, just slightly different approach. On the upside, it does srcnat only for connections that 100% need hairpin NAT. In this case I don't see any added value, but it could help with some configs, e.g. with VPNs where...

mike6715b

Did you add 10.20.0.0/24 and 10.20.10.0/24 in CroatiaIPList list?

jesus... sometimes I just feel dumb... That was the problem. Thanks!
Also thanks to @anav for fix unrelated to this post its actually really appreciated.

mike6715b

Hy, thanks for the quick reply. Want to do testing and just homelab type of stuff at home. Example: I have a website hosted in homelab and want to use traefik as reverse-proxy so that when i go to nginx.example.com it goes to that nginx instance but when I go to portfolio.example.com it goes to a po...

mike6715b

Hello, I recently posted about having a Hairpin NAT issue. This time I'm configuring it to access my home server behind traefik. I followed the configuration outlined in this post and have not been able to get it to work. Last time the issue was my firewall rule regarding allowing port-forwarding an...

mike6715b

Hello, I was following a guide by @erkexzcx from this post and I'm having issues with port forwarding. Enabling logs i see that the packet are getting marked but no getting masqueraded on "step 3" since packet count is 0(zero) and no logs are showing and i believe that's why its not workin...

mike6715b

@Sob On the mikrotik wiki here it says that secure FTP is added from version v6.45. Also for when its time for proper deployment, they all will be encrypted. For now its another mikrotik in my network for testing purposes. The FTP server has a ACME client running set to renew certificates ~30d befor...

mike6715b

Hello! Thank you to everyone for responding. Thank you to @tdw and @MickeyT for the suggestion on adding the private key. I updated my script and now it also imports the private key. The way i had it before was it downloaded a .pfx file for the certificate and imported it. Seems that the .pfx file d...

mike6715b

Hello, For a while i've been using a self signed certificate and deploying the mikrotiks CA to client computers that need access. I wanted to automate this and make it simpler by adding R3 certificates for SSTP connections. But when i switch SSTP to the let's encrypt certificate, Windows 10 clients ...

mike6715b

Hello everyone. I work at a IT company and we manage multiple companys and their infrastructure. Reacently we have been deploying Mikrotiks as main routers/firewalls and placing VPNs so that we can securly connect to local resources at the company and for employees working from home. All of these co...

mike6715b

The VPN server will not be behind NAT. Also, I'm not usting a EoIP Interface for the tunnel but all policy based. From what i gather, this would be the main solution for me: # Add required NAT rule before main NAT rule /ip firewall nat add action=src-nat chain=srcnat dst-address=10.22.22.3 to-addres...

mike6715b

After some more reaserch on nating rules and ip-sec policy i found that this rule allows internet to work on the client side /ip firewall nat add action=accept chain=srcnat comment="defconf: accept all that matches IPSec policy" ipsec-policy=out,ipsec Would this be the correct way of setti...

mike6715b

Hello, I was following a guide from here on how to setup a IPSec Site-to-site tunnel. Currently its connected to my local network for testing before deploying. I am having problems getting internet from the remote site from the local network. So from 192.168.110.0/24 --> Internet unless i enable the...

mike6715b

Yes i have exported the client certificate in pkcs12 format and the CA in pem and succesfully imported them both. Both mikrotiks can ping each other so they do see each other. Seems im gonna look stupid but i turned on my PC this morning and went to check if Mikrotiks can ping each other for this po...

mike6715b

Hello, I have been following this guide on creating a site to site encrypted connection with 2 mikrotiks. https://mum.mikrotik.com/presentations/ID19/presentation_7168_1572420263.pdf Server is made to give out locally: 10.20.1.0/24 Client is made to give locally: 10.20.2.0/24 VPN pool is: 10.20.10.0...

mike6715b

Hy all, the situation is as follows... We have a RDP Gateway running on our server on port 443 and we also wish to host a HTTPS website on a linux server also on port 443. What I am wondering is if there is a way to run some sort of reverse-proxy on the Mikrotik to achieve this? Eg. rdgateway.domain...

mike6715b

Hello, I have my domain managed on cloudflare and I am able to get the proper certificate and everything but since the certificate is valid for a specific domain eg. proxmox.home.domain.com i am still getting an ssl error when connecting to my server since i have to connect via the local IP address.

mike6715b

Hy, i've started to use a Proxmox server for homelab testing and learning. I wanted to make a proper SSL certificate with ACME for proxmox using this tutorial https://www.youtube.com/watch?v=9vVKazwO1s4 and i seem to have it working with a problem. In the video they guy has a PFsense box for his net...

mike6715b

I have seen "split-tunneling" being used elsewhere but the security concerns around it are noticeable enough for the type of work they are doing.

mike6715b

Hello, i have a wierd problem and was hoping it could maybe be solved with a Mikrotik router. So one of our clients need to access local network resources, specifficaly a local server via RDP, but also needs to connect to a secure VPN to be able to use another application because, dependant on the &...

mike6715b

If you are looking to make your own DNS at home, check out this video. Gives a general overview of using PiHole and Unbound. Great place to get started. :)

https://youtu.be/FnFtWsZ8IP0

mike6715b

While I'm still learning Mikrotik, I'm pretty good at programming so I decided to update a Cloudflare DDNS script that wasn't working for me bacause of authentication failure. Working script can be found here: https://github.com/mike6715b/Mikrotik_CF_DDNS Appreciate any comments and possible improve...

mike6715b

Correct me if im wrong... The input chain is for stuff going to the router it self like Winbox and ssh-ing into the router. Forward chain is stuff just passing through the router like RDP witch needs to get to my PC. I disabled the admin account and added my own account and set login from allowed-ad...

mike6715b

Latest export included

mike6715b

No worries, it was a logical conclusion based on the info provided. If RDP was on the same PC wouldnt the firewall have blocked that as well??

That's why i didn't assume it wasn't my PC since RDP worked and I had a rule setup for port 25565 allowing it on all network types :/

mike6715b

I never thought it was my firewall since I added a custom rule that accepts port 25565 on all networks...

Anyways.. I will mark your post as the solution, but could you elaborate more on those filter rules you said are required to make my router secure?

mike6715b

Just saw your updated question... After disabling windows firewall the server is visible... Seems after connecting to my Mikrotik my PC changed my network type to Public not Private...

mike6715b

Yes... Cloudflare has the same IP as my WAN and Mikrotik Cloud IP. I know i used to be able to check via https://mcsrvstat.us/ if the server is working since it queries on the same port (port 25565) but its not working. Also port checker tools like https://www.yougetsignal.com/tools/open-ports/ also...

mike6715b

I have Cloudflare setup for my domain that updates with my public IP (since it changes every 24h). Local connection works. Outside connections used to work but after i added the mikrotik as my main router (ISP's router in bridge-mode) i wasen't able to connect anymore. So its the EXTERNAL peoples wh...

mike6715b

Would tidy this up for sure....... the ones in red should be removed.
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add list=WAN
add list=WAN
add interface=pppoe-out list=WAN

Okay they are removed...

mike6715b

I probably will do a full reinstall after i figure out why mc is not working and what all the filter rules mean :)

Yes i did change it to bridge

mike6715b

While I am aware of the risks of someone entering my network from the outside, I am also confident that nothing out of the ordinary has happened on my network since its only my PC, phone and TV that's on it. If you wish you could explain to me the Firewall rules you said i needed to apply to secure ...

mike6715b

Okay added the rules.. Did not know i needed them :/ Anyways... Yes because i have seen viruses enter networks via RDP port specifically 3389 so changing it to 3399 seems "more" secure. MC server just goes from 25565 to 25565 EDIT: I did notice A LOT of login attempts yesterday so disabled...

mike6715b

Export attached

mike6715b

Hy everyone, been working with Mikrotiks for some time now and finally set up one at home so i could learn more. I have set up port forwarding for RDP and it works fine. I just copied that and added a new one fore minecraft only changing the ports to 25565 and it just wont work. I see requests comin...

Search found 34 matches

Re: Hairpin NAT issue [SOLVED]

Re: Hairpin NAT issue [SOLVED]

Re: Hairpin NAT issue [SOLVED]

Hairpin NAT issue [SOLVED]

Hairpin NAT issues [SOLVED]

Re: Using Let's Encrypt for SSTP

Re: Using Let's Encrypt for SSTP

Using Let's Encrypt for SSTP

Multiple VPNs but one per port

Re: IPSec IKEv2 Tunnel - no internet

Re: IPSec IKEv2 Tunnel - no internet

IPSec IKEv2 Tunnel - no internet

Re: IKEV2 IPsec VPN not connecting

IKEV2 IPsec VPN not connecting

DIfferent port-forwarding based on domain

Re: SSL certificate for Proxmox

SSL certificate for Proxmox

Re: Joining 2 networks with a Mikrotik??

Joining 2 networks with a Mikrotik??

Re: quad9 DoH setup

Mikrotik Cloudflare Update script

Re: Forwarding Minecraft server [SOLVED]

Re: Forwarding Minecraft server [SOLVED]

Re: Forwarding Minecraft server [SOLVED]

Re: Forwarding Minecraft server [SOLVED]

Re: Forwarding Minecraft server [SOLVED]

Re: Forwarding Minecraft server [SOLVED]

Re: Forwarding Minecraft server [SOLVED]

Re: Forwarding Minecraft server [SOLVED]

Re: Forwarding Minecraft server [SOLVED]

Re: Forwarding Minecraft server [SOLVED]

Re: Forwarding Minecraft server [SOLVED]

Re: Forwarding Minecraft server [SOLVED]

Forwarding Minecraft server [SOLVED]