Community discussions

MikroTik App

Search found 353 matches

  • 1
  • 2
by wiseroute
Sun Jul 30, 2023 1:04 pm
Forum: Beginner Basics
Topic: Configure Hotspot and PPTP on the same network
Replies: 5
Views: 1172

Re: Configure Hotspot and PPTP on the same network

hello,

ok. nevermind.

have you read this wiki?

https://wiki.mikrotik.com/wiki/Manual:S ... sMAN_setup

--- additional

https://wiki.mikrotik.com/wiki/Manual:IP/Hotspot

maybe it can help you with your user login problem.
by wiseroute
Sat Jul 29, 2023 9:34 pm
Forum: General
Topic: Port mapping TCP/UDP port 53 to 2 IPs
Replies: 2
Views: 590

Re: Port mapping TCP/UDP port 53 to 2 IPs

hello, Is there a way to map the port 53 on both IPs as failover? e.g. If 172.168.188.10 (ns1) is down to switch to 172.168.188.11 (ns2). I'm using RB5009 (ROS 7.9). the short answer is no. dst-nat can't do target weighting. you will need to add another machine behind your router in front of your ta...
by wiseroute
Sat Jul 29, 2023 7:34 pm
Forum: Beginner Basics
Topic: WIreguard - Reaching LAN on another WG interface [SOLVED]
Replies: 3
Views: 1079

Re: WIreguard - Reaching LAN on another WG interface [SOLVED]

hello, Site A - HEX s - With public IP -Interface Wireguard 4 -allowed addresses 10.10.200.0/30 is that 200.0/30 between site a and your phone? have you allow that subnet on site b? from phone to site b, ip route site b via wg site a. from site b to phone, ip route phone via wg site a. --- addition,...
by wiseroute
Sat Jul 29, 2023 7:25 pm
Forum: General
Topic: Wireguard help required
Replies: 5
Views: 597

Re: Wireguard help required

hello, stuck with letting remote user(s) connect to the other remote sites through a existing wireguard connection to the main site. from your diagram - apart from any firewall problem, - do you a working bidirectional route from the wg2 clients to wg remote sites? - tools : ping and traceroute with...
by wiseroute
Sat Jul 29, 2023 6:55 pm
Forum: Beginner Basics
Topic: Configure Hotspot and PPTP on the same network
Replies: 5
Views: 1172

Re: Configure Hotspot and PPTP on the same network

hello, aaa.. a campus topology. does your university consist of separate building for each faculty? well, your question won't take a short answer. for this part, So the questions, How should I configure the HotSpot so that: It can work besides PPTP server? I mean, client either logins to PPTP VPN, o...
by wiseroute
Fri Jul 28, 2023 9:37 am
Forum: General
Topic: Efficient and Strong Firewall Rules
Replies: 2
Views: 689

Re: Efficient and Strong Firewall Rules

hello, hmm, done some reading on few lines of your fw rules, i think those are nice rules. if i may suggest, there are many types of firewalling based on these: layer 2, layer 3 and layer 4 and above. and the most important thing is to understand: - whether any set firewall rules need to be in state...
by wiseroute
Fri Jul 28, 2023 9:09 am
Forum: General
Topic: Router os some users can not access the Internet
Replies: 5
Views: 727

Re: Router os some users can not access the Internet

hmm, just to summarize all of the above suggestions: 1. dhcp snooping is mainly applied on switch level. so if anyone considering to get any manageable switch - they should look at this feature availability before they buy. it is really nice feature and important one. πŸ‘πŸ» 2. if your 4 switches are ma...
by wiseroute
Fri Jul 28, 2023 3:50 am
Forum: General
Topic: NAT Timeout (IMAP Idle)
Replies: 4
Views: 638

Re: NAT Timeout (IMAP Idle)

@ nescafe2002,

nice pointer. i didn't notice that pageπŸ‘πŸ»

@ thomas,
The question here is, if the NAT on Mikrotik becomes a problem with a time of around 30 minutes with no communication on a specific NAT connection.
maybe you can try to tune it by @ nescafe2002 pointer.
by wiseroute
Thu Jul 27, 2023 6:20 pm
Forum: General
Topic: NAT Timeout (IMAP Idle)
Replies: 4
Views: 638

Re: NAT Timeout (IMAP Idle)

hello, interesting πŸ€” i barely pay attention to that details πŸ‘πŸ» did you host imap server internally or you were just asking about how long for your router to close your outgoing imap? i myself prefer to choose idle time is set by the server. but as for the MT firewall nat time out - maybe you can rea...
by wiseroute
Thu Jul 27, 2023 5:55 pm
Forum: General
Topic: Zabbix SNMP high polling problem
Replies: 2
Views: 552

Re: Zabbix SNMP high polling problem

hello, occasionally the items stop polling, the monitored interfaces (about 800) have a polling time of 40 seconds. do you know of any mikrotik or Zabbix bugs? this one is a classic snmp problem. and generally, any polled devices - in their normal operating condition - will have no problem replying ...
by wiseroute
Wed Jul 26, 2023 8:27 pm
Forum: Beginner Basics
Topic: WAN Bridge
Replies: 7
Views: 1436

Re: WAN Bridge

@ anav

lightened up... let us say it is guessing week πŸ˜‚

no worries... you are invited πŸ‘πŸ»
by wiseroute
Wed Jul 26, 2023 7:24 pm
Forum: General
Topic: Change MT from router to switch using VLANs
Replies: 5
Views: 620

Re: Change MT from router to switch using VLANs

@ anav The openwrt LAN traffic will come in on ether3 untagged and we can tag it with vlan2 and move it to other ports on the MT are you sure this won't make l2 loop? openwrt LAN traffic is coming tagged from the openwrt. that's what I have suggested in my reply πŸ˜‰ NOW WHICH DEVICE MT do you have ......
by wiseroute
Wed Jul 26, 2023 6:41 pm
Forum: Beginner Basics
Topic: WAN Bridge
Replies: 7
Views: 1436

Re: WAN Bridge

hello, But while my WAN port is a member of this bridge, it seems the NAT masquerading doesn't work since any appliance in the LAN isn't able to connect to the internet or other addresses in the WAN network. first advice is... if you don't have any urgent need to bridge wan interfaces - i think they...
by wiseroute
Wed Jul 26, 2023 6:28 pm
Forum: General
Topic: Change MT from router to switch using VLANs
Replies: 5
Views: 620

Re: Change MT from router to switch using VLANs

hello, from this point, Forward all traffic from ONT from ETH1 port on MT to port ETH2 on MT (connected to OpenWRT) - VLAN untagged ETH1 - VLAN tagged ETH2 - erase public IP on MT those 2 interfaces should have the same vlan, let us say vlan 5. now, the first problem you will encounter in configurin...
by wiseroute
Wed Jul 26, 2023 5:57 pm
Forum: General
Topic: Bridge Layer 2 and LAN DHCP going stuck
Replies: 8
Views: 814

Re: Bridge Layer 2 and LAN DHCP going stuck

@ miankamran, are you sure your *switch* was cisco sa500? doesn't look right? πŸ€” Cisco https://www.cisco.com β€Ί obsolete Cisco Small Business SA500 Series Security Appliances anyway... with your current drawing, dynamic vlan can't do what you have in mind. so, the simplest way is : 1. make 2 vlan on M...
by wiseroute
Wed Jul 26, 2023 5:35 pm
Forum: Announcements
Topic: Click here
Replies: 35
Views: 9143

Re: Click here

@ normis,

you really have a nice green view there, wonderful πŸ‘πŸ»

well, maybe the next 2023 MT MUM it knows where to go... coffee β˜• on top of that cable roller, funtasticoπŸ˜‰
by wiseroute
Wed Jul 26, 2023 4:49 pm
Forum: Beginner Basics
Topic: Configure Hotspot and PPTP on the same network
Replies: 5
Views: 1172

Re: Configure Hotspot and PPTP on the same network

hello, interesting... are you some kind of isp? πŸ€” Clients connect to switches using Ethernet cable or Wi-Fi bridges, login to PPTP VPN and use network. We use PPTP to limit bandwidth and weekly traffic usage. are you sure - that was pptp vpn you are using to manage your subscribers? typo? However, P...
by wiseroute
Wed Jul 26, 2023 9:19 am
Forum: Beginner Basics
Topic: Sanity check for hybrid router setup with vlans [SOLVED]
Replies: 3
Views: 1046

Re: Sanity check for hybrid router setup with vlans [SOLVED]

how'dy down under πŸ‘‹πŸ» everything looks great. you are good to go πŸ‘πŸ» on rb5009, - make a single bridge. - make 2 vlan iface : ip 10.0/24 and 200.0/24 - put ether2, 5-8 on the bridge. do bridge vlan filters. how to guide available on MT wiki bridge vlan. - make your ap in bridge mode. plug in ether2 vl...
by wiseroute
Tue Jul 25, 2023 5:19 pm
Forum: Beginner Basics
Topic: NEED HELP
Replies: 3
Views: 942

Re: NEED HELP

hello nima, The service provider of point B informed me via email that a portscan has happened from this server (point B). for the first part, you should request any logs from your provider about their claims (to which target your router b did the scans). otherwise you will get busy for nothing. sec...
by wiseroute
Tue Jul 25, 2023 4:58 pm
Forum: General
Topic: how I can stop users from sharing my hotspot
Replies: 13
Views: 2018

Re: how I can stop users from sharing my hotspot

@ pe1chl,

are you sure about that?
wpa2/3 etc don't work any longer?

hmm, what does @op role anyway? internet cafe or something else? πŸ€”
by wiseroute
Tue Jul 25, 2023 4:52 pm
Forum: General
Topic: VRRP Failover when WAN drops [SOLVED]
Replies: 7
Views: 1000

Re: VRRP Failover when WAN drops [SOLVED]

@ primeyeti,

can you show us your drawing?

well, vrrp is very nice protocol - but it is considered *old* and not too flexible to manage.

at least you should give a dynamic routing a spin. πŸ‘πŸ»
by wiseroute
Tue Jul 25, 2023 4:42 pm
Forum: General
Topic: how I can stop users from sharing my hotspot
Replies: 13
Views: 2018

Re: how I can stop users from sharing my hotspot

@ essam, peoples are sharing my internet with WiFi Scanning. how I can stop users from sharing my hotspot. maybe some basic approach? πŸ€” 1. don't broadcast your wifi ssid. 2. macaddress filters. need to register their macaddr before making the connection. 3. userman. radius. etc.. hope this helps.
by wiseroute
Tue Jul 25, 2023 4:33 pm
Forum: General
Topic: MikroTik same network on location A and B double NAT - how to solve
Replies: 6
Views: 535

Re: MikroTik same network on location A and B double NAT - how to solve

@ holvoetn, don't worry, your proposal was totally correct - to change the remote subnets. so @op network will be scalable in the future. while my proposal was *options* - promoting MT own bridging vpn protocols πŸ‘πŸ» maybe vxlan as well πŸ˜‰ so now, let us give the @op a time to think about which solutio...
by wiseroute
Tue Jul 25, 2023 4:25 am
Forum: Forwarding Protocols
Topic: Enable BGP with kubernetes cilium bgp
Replies: 3
Views: 2477

Re: Enable BGP with kubernetes cilium bgp

hmm... interesting πŸ€”

never tried myself - and i think it is difficult to see the point of having it.

anyway... have you read this guide?

https://docs.cilium.io/en/stable/network/kube-router/
by wiseroute
Mon Jul 24, 2023 6:32 pm
Forum: Forwarding Protocols
Topic: OSPF Not Behaving Correctly
Replies: 9
Views: 2417

Re: OSPF Not Behaving Correctly

hello,

you might want to read this post, i have made a simple ospf interface path priority lab - almost similar to your problem.

viewtopic.php?t=196850

hope this helps.
by wiseroute
Mon Jul 24, 2023 6:04 pm
Forum: General
Topic: Upgrading to ROSV7 from ROSV6 breaks ppp on some older devices
Replies: 1
Views: 288

Re: Upgrading to ROSV7 from ROSV6 breaks ppp on some older devices

hello, hmm, interesting πŸ€” maybe... if all of these older devices are failed in the upgrade process - probably those devices are not supported by the v7. so they will have at max. v6.48? if there are some that succeed in the upgrade - then this will lead you doing some kind of device sorting. and ask...
by wiseroute
Mon Jul 24, 2023 5:31 pm
Forum: Forwarding Protocols
Topic: OSPF Not Behaving Correctly
Replies: 9
Views: 2417

Re: OSPF Not Behaving Correctly

hello, As far as I know, priority is used to determine DR and BDR roles... that's router-id in ospf instance config. I was referring to interface path priority - not related to any dr-bdr roles. For the ECMP part you mentioned, I should see two different next-hops and not the same. two different nex...
by wiseroute
Mon Jul 24, 2023 5:27 pm
Forum: General
Topic: Switch stacking
Replies: 5
Views: 2846

Re: Switch stacking

hello,

have you read this wiki?
maybe it can help you.

https://wiki.mikrotik.com/wiki/Manual:C ... s_examples
by wiseroute
Mon Jul 24, 2023 2:30 pm
Forum: General
Topic: Bridg
Replies: 6
Views: 577

Re: Bridge Layer 2 and LAN DHCP going stuck

hello @miankamran, yes, But I want my users to use ether-2 for IP telephone and ether-5 for the internet. you can just plugged the phone directly to the router. or, if you have any spare budget - you can get a manageable switch for your network. if you have configure the router correctly - maybe you...
by wiseroute
Mon Jul 24, 2023 2:22 pm
Forum: General
Topic: Mikrotik NAS External AAA
Replies: 3
Views: 461

Re: Mikrotik NAS External AAA

hello eabs, once you remove the customer from the Active & Host List of hotspot tab , then customer starts to browse again. have you set user connection limit? maybe your router running out of port for nat translation. for heavy tabbed internet browsing - you should limit user session/connection...
by wiseroute
Mon Jul 24, 2023 2:11 pm
Forum: General
Topic: Bridg
Replies: 6
Views: 577

Re: Bridge Layer 2 and LAN DHCP going stuck

hello,
after this, I plug the ether-2 wire into the unmanageable switch and also plug ether-5 in the switch but my users are facing problems with the internet.
did you plug those 2 cables on the same switch?

if yes, it is looped.
by wiseroute
Mon Jul 24, 2023 2:06 pm
Forum: Forwarding Protocols
Topic: OSPF Not Behaving Correctly
Replies: 9
Views: 2417

Re: OSPF Not Behaving Correctly

hello, for this part, have two GRE tunnels between them one with a symmetric cost of 100 and the other 200. The v7 router, instead of choosing the least cost for the networks advertised, load-balances the traffic between the two GRE tunnels (192.168.106.20/30), use path priority instead of path cost...
by wiseroute
Mon Jul 24, 2023 5:06 am
Forum: Forwarding Protocols
Topic: OSPF Not Behaving Correctly
Replies: 9
Views: 2417

Re: OSPF Not Behaving Correctly

hello msanaii, is this setup - a triangle shaped between those 3 devices? |-------- mt1 path 100 nsx | | |-------- mt2 path 200 am i correct? are you just want to drive the traffic to use mt1 as main, and mt2 as backup? just use lower path priority for the mt2. ie. mt1 128, mt2 64. hope this helps.
by wiseroute
Mon Jul 24, 2023 4:47 am
Forum: General
Topic: TCP Reset Attack Mitigation on Router Level [SOLVED]
Replies: 22
Views: 2554

Re: TCP Reset Attack Mitigation on Router Level [SOLVED]

@ anav Just to be clear this is advanced tweaking not for the normal home user? Y/N yes and no. yes, if you feel you are being blocked by remote server (ie. www) and your internet became deteriorating because the effects of remote end closing your router ports aggressively. check cmd> netstat -a see...
by wiseroute
Mon Jul 24, 2023 4:39 am
Forum: Beginner Basics
Topic: Wireguard help - connected, but traffic won't route over WG; still works as usual
Replies: 13
Views: 2397

Re: Wireguard help - connected, but traffic won't route over WG; still works as usual

@ op,
I'm not certain-certain but the IF is up,
your router needs to listen on different port - for the wg tunnels to be usable. ie. 13231 for nordvpn and 13232 for purevpn.
by wiseroute
Sun Jul 23, 2023 5:01 pm
Forum: Beginner Basics
Topic: NAT question
Replies: 1
Views: 711

Re: NAT question

hello shirenzo,
/ip firewall nat add chain=dstnat action=dst-nat dst-address=100.100.100.100 src-address=10.10.10.100 dst-port=25 to-addresses=10.10.10.100 protocol=tcp
you don't need that src-addr.

and specify which interface should listen for the incoming traffic to be translated.
by wiseroute
Sun Jul 23, 2023 9:42 am
Forum: Forwarding Protocols
Topic: OSPF, Wireguard, and multiple path problem [SOLVED]
Replies: 10
Views: 4402

Re: OSPF, Wireguard, and multiple path problem [SOLVED]

hello Maxwell, glad to hear you have solved your network πŸ‘πŸ» The design requires that sites 1-3 from the original diagram are able to access the public internet without first going through the Main Office. Therefore, non-office bound traffic was being masqueraded on the public interfaces of router1 a...
by wiseroute
Sun Jul 23, 2023 9:26 am
Forum: General
Topic: Mikrotik NAS External AAA
Replies: 3
Views: 461

Re: Mikrotik NAS External AAA

hello,

hmm, interesting πŸ€”

Customers randomly are not able to browse, we have noticed that those cannot ping to their Gateway.
did you ever check how many users connected to the hotspot?

did you provide enough ip for both authorized and unauthorized hotspot clients?
by wiseroute
Sun Jul 23, 2023 9:15 am
Forum: Beginner Basics
Topic: Wireguard help - connected, but traffic won't route over WG; still works as usual
Replies: 13
Views: 2397

Re: Wireguard help - connected, but traffic won't route over WG; still works as usual

hello @op,

are you sure about this wg interface setup?
/interface wireguard

add listen-port=13231 mtu=1420 name=wg1-nordvpn

add listen-port=13231 mtu=1420 name=wg2-purevpn

by wiseroute
Sat Jul 22, 2023 5:17 pm
Forum: General
Topic: Access WebFig behind Nginx reverse proxy.
Replies: 1
Views: 513

Re: Access WebFig behind Nginx reverse proxy.

hello,

maybe you want to read this article?

https://www.educba.com/nginx-gateway-timeout/

hope this helps.
by wiseroute
Sat Jul 22, 2023 5:11 pm
Forum: Beginner Basics
Topic: Improve OpenBSD router with Mikrotik hardware
Replies: 2
Views: 1057

Re: Improve OpenBSD router with Mikrotik hardware

hello, So there are no switching needs at all between the LANs, each kid only communicates and connects to the internet out through the OpenBSD router. so, do you think it is possible to forward lan traffic to the internet without switching? πŸ€” anyway, never tried that openbsdrouter project myself - ...
by wiseroute
Sat Jul 22, 2023 5:04 pm
Forum: Forwarding Protocols
Topic: Routing with multiple BGP fullfeeds crashes
Replies: 2
Views: 1821

Re: Routing with multiple BGP fullfeeds crashes

hello, so one of the problem was We have one customer were the internal network will not be routed right. it is the ip 185.199.107.19. maybe this? add blackhole disabled=no distance=1 dst-address=185.199.104.0/22 gateway="" pref-src="" routing-table=main scope=30 suppress-hw-offl...
by wiseroute
Sat Jul 22, 2023 4:43 pm
Forum: Forwarding Protocols
Topic: Ros7 Ospf over wire guard, no neighbours
Replies: 2
Views: 2128

Re: Ros7 Ospf over wire guard, no neighbours

hello, ospf neighbor discovery using multicast address 224.0.0.0 - you should allow that address to flow inside the wg tunnels. or... you can specify ospf interface as ptp with unicast static neighbors. so... there are a lot of subnets to pass the wg tunnels : ospf itself and the rest of the network...
by wiseroute
Wed Jul 19, 2023 5:22 pm
Forum: Forwarding Protocols
Topic: BGP full table routing on CCR2xxx with route filters
Replies: 5
Views: 2649

Re: BGP full table routing on CCR2xxx with route filters

hello,

is this ccr in production or just feeding test?

which routeros version? and in what role? i mean: ebgp/ibgp? direct peering or rr-client?

if you have sample config and screenshot - maybe @mrz could help you.
by wiseroute
Wed Jul 19, 2023 5:03 pm
Forum: Beginner Basics
Topic: [SOLVED] Accessing internal IP via domain name from AP wifi router [SOLVED]
Replies: 6
Views: 1781

Re: Accessing internal IP via domain name from AP wifi router [SOLVED]

hello Glinka,

However, this doesn't seem to have fixed the problem, and the wifi clients still cannot connect.
ok. let us see your MT dns settings,

and tell us how do configure your wifi clients ip settings. which device gives ip settings to your wifi clients? MT or your wifi box?
by wiseroute
Wed Jul 19, 2023 4:50 pm
Forum: Forwarding Protocols
Topic: CCR1072 MPLS Router Sporadic High CPU
Replies: 3
Views: 1790

Re: CCR1072 MPLS Router Sporadic High CPU

hello,

you have a nice new router there πŸ‘πŸ»

where did you place this new ccr1072? p? pe?

i think you should contact @support for better response - don't forget to attach some comparison screenshot between the old ccr and this new one.

good luck πŸ‘πŸ»
by wiseroute
Wed Jul 19, 2023 1:17 pm
Forum: Beginner Basics
Topic: [SOLVED] Accessing internal IP via domain name from AP wifi router [SOLVED]
Replies: 6
Views: 1781

Re: Accessing internal IP via domain name from AP wifi router [SOLVED]

hello glinka, I'm not sure if this is what you are asking, but foo.bar.com directs to my external IP. This mapping is propagated to all DNS servers. Hence anyone can access my external IP via this domain. ok... where did you hosted your foo.bar.domain? did you rent this domain and host it on the int...
by wiseroute
Wed Jul 19, 2023 12:56 pm
Forum: General
Topic: IPSec Client Behind NAT [SOLVED]
Replies: 8
Views: 814

Re: IPSec Client Behind NAT [SOLVED]

@ primeyeti, I would assume they had NAT traversal enabled on the tunnel. I will double check this with them no no no.. nat traversal is on your router side to configure. There is only a single WAN so shouldn't be an issue of it coming in one WAN and attempting to leave via another if that's what yo...
by wiseroute
Wed Jul 19, 2023 9:49 am
Forum: Beginner Basics
Topic: [SOLVED] Accessing internal IP via domain name from AP wifi router [SOLVED]
Replies: 6
Views: 1781

Re: Accessing internal IP via domain name from AP wifi router [SOLVED]

hello, $ ping foo.bar.com PING foo.bar.com (<external IP>) 56(84) bytes of data. 64 bytes from <my ISP's domain name> (<external IP>): icmp_seq=1 ttl=64 time=3.96 ms is that foo.bar.com dns domain hosted on the internet? if yes, then you could make secondary dns server for lan user on MT : - with pr...
by wiseroute
Wed Jul 19, 2023 4:47 am
Forum: General
Topic: VPN X ACTIVE DIRECTORY
Replies: 5
Views: 2346

Re: VPN X ACTIVE DIRECTORY

hello Thompson, Action: Redirect The domain stops working. How to proceed in this case? Can someone help me? since we don't have any idea which/what version of your ms ad platform - i only could give you general explanation. ms active directory works on top of its own dns server service (it has to b...
by wiseroute
Wed Jul 19, 2023 4:38 am
Forum: Beginner Basics
Topic: DNS lookup - redirect for local server
Replies: 3
Views: 1072

Re: DNS lookup - redirect for local server

hello, so, where did you host this dns server? on the internet or locally hosted? did you have a dedicated dns server for this domain or you want to make routeros to host your domain? if this domain is actually hosted on the internet, you can dstnat that domain for local lan user directly to the tar...
by wiseroute
Wed Jul 19, 2023 4:08 am
Forum: General
Topic: IPSec Client Behind NAT [SOLVED]
Replies: 8
Views: 814

Re: IPSec Client Behind NAT [SOLVED]

@ primeyeti i manage a Mikrotik that sits in front of a customer's firewall in which we dstNAT all traffic from the router to their firewall. The client side of the IPSec site to site is on the customer's firewall. did you do ip or port based dsnat? i think you need to know what firewall they have a...
by wiseroute
Tue Jul 18, 2023 8:41 pm
Forum: Forwarding Protocols
Topic: ROS v7.10.1 - OSPF default route missing on routing table
Replies: 6
Views: 2211

Re: ROS v7.10.1 - OSPF default route missing on routing table

@ tangent

which I count as "mission accomplished" when it comes to the edit, but you tell me; should I have left it as-is or put the breaks in somewhere else, or rewritten it for formatting, or…
nahh.. nevermind, mission accomplished.

let us get some coffee β˜•

it is late already πŸ˜‰
by wiseroute
Tue Jul 18, 2023 8:34 pm
Forum: Beginner Basics
Topic: Packet Loss!!! BOND (802.3ad) on BRIDGE w/ HW Offload
Replies: 12
Views: 2491

Re: Packet Loss!!! BOND (802.3ad) on BRIDGE w/ HW Offload

@ pe1chl
Probably when this happens and there is enough load, the result is packet loss due to buffer overflow?
can you try that @ gavinj suggested - hw=no?
by wiseroute
Tue Jul 18, 2023 6:07 pm
Forum: Forwarding Protocols
Topic: ROS v7.10.1 - OSPF default route missing on routing table
Replies: 6
Views: 2211

Re: ROS v7.10.1 - OSPF default route missing on routing table

@ tangent

I'm sorry, are those @op outputs not being altered by your edits? it is a bit difficult to read the outputs.

@ pmsfm

which router is this on? v6 or that v7?

routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never
by wiseroute
Tue Jul 18, 2023 5:23 pm
Forum: Forwarding Protocols
Topic: ROS v7.10.1 - OSPF default route missing on routing table
Replies: 6
Views: 2211

Re: ROS v7.10.1 - OSPF default route missing on routing table

hello pmstm, aaa... ok, you have intra area there 10. which router advertise the default route 0.0.0.0/0 - and in which area? backbone or 10 ? i don't see it in your outputs. this instance=default router-id=10.1.100.71 address=10.1.1.114 interface=ether1 priority=1 dr-address=0.0.0.0 backup-dr-addre...
by wiseroute
Tue Jul 18, 2023 12:56 pm
Forum: General
Topic: Discovery not working correctly
Replies: 2
Views: 620

Re: Discovery not working correctly

hello from this guide, https://wiki.mikrotik.com/wiki/Manual:IP/Neighbor_discovery it said: Summary MikroTik Neighbor Discovery protocol (MNDP) and LLDP allows to "find" other devices compatible with MNDP or CDP (Cisco Discovery Protocol) or LLDP in Layer2 broadcast domain ip connectivity ...
by wiseroute
Tue Jul 18, 2023 12:31 pm
Forum: General
Topic: Dual WAN: Route specific WireGuard peer through second WAN
Replies: 7
Views: 1457

Re: Dual WAN: Route specific WireGuard peer through second WAN

hello,

I'm sorry I don't get your question - can you explain this?
Now I would like to route two (fixed IPv4 address based) outgoing WireGuard peers through the second WAN. All others through the first WAN.
do you mean:
outgoing wg should go out on wan2, and regular traffic go out on wan1?
by wiseroute
Tue Jul 18, 2023 12:27 pm
Forum: Beginner Basics
Topic: DualWAN mangle IPSEC packetflow
Replies: 3
Views: 1772

Re: DualWAN mangle IPSEC packetflow

hello vadimkara,

. I can ping and access other filials they can ping me but opening ports just hangs from filial to center.
can you show us your ping and traceroute output, from the branch to the central, and vice versa?

if you have a tcping or tcptraceroute output would be nice.
by wiseroute
Tue Jul 18, 2023 12:19 pm
Forum: Forwarding Protocols
Topic: How to make local IPs prefered over BGP routes
Replies: 2
Views: 1710

Re: How to make local IPs prefered over BGP routes

hello,

so, your local lan routes goes out of local router - before reaching its local destination?

you might want to read this guide :

https://wiki.mikrotik.com/wiki/Manual:B ... _Algorithm
by wiseroute
Tue Jul 18, 2023 11:45 am
Forum: Forwarding Protocols
Topic: ROS v7.10.1 - OSPF default route missing on routing table
Replies: 6
Views: 2211

Re: ROS v7.10.1 - OSPF default route missing on routing table

hello can you give us some examples config between 2 neighboring v6.48 (which got that default route) and v7 (which not having the default advertisement) - and their ip route output between those 2. just ospf related part config will suffice. also, do you have any route filters on incoming route to ...
by wiseroute
Tue Jul 18, 2023 10:43 am
Forum: General
Topic: OpenVPN client connection to server network [SOLVED]
Replies: 2
Views: 460

Re: OpenVPN refused connection on RB5009UG [SOLVED]

hello

have you follow this guide,

https://wiki.mikrotik.com/wiki/Manual:Interface/OVPN

try post your config - so that forum members can help you.
by wiseroute
Tue Jul 18, 2023 6:47 am
Forum: General
Topic: Allow remote desktop to an Active Directory PC from a different subnet
Replies: 1
Views: 388

Re: Allow remote desktop to an Active Directory PC from a different subnet

hello tomas, for basic remote desktop 1 to 1 connection, maybe you might read this article : https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-allow-access or, if you want other simple rdp software : https://www.tightvnc.com/ and many others. i th...
by wiseroute
Mon Jul 17, 2023 6:46 pm
Forum: General
Topic: TCP Reset Attack Mitigation on Router Level [SOLVED]
Replies: 22
Views: 2554

Re: TCP Reset Attack Mitigation on Router Level [SOLVED]

@ rextended,

this is a good one,
The source IP of the tcp-reset-attack is the same, or it appear to be the IP of the remote site requested?
If is the same... just drop that IP...
hmm, i have forgot what was that tool to check...

netstat -a??
by wiseroute
Mon Jul 17, 2023 6:22 pm
Forum: General
Topic: TCP Reset Attack Mitigation on Router Level [SOLVED]
Replies: 22
Views: 2554

Re: TCP Reset Attack Mitigation on Router Level [SOLVED]

this is the last part from your referenced link above. To help protect the router from TCP RST and SYN DoS attacks: Issue the tcp ack-rst-and-syn command in Global Configuration mode. host1(config)#tcp ack-rst-and-syn Use the no version to disable this protection (the default mode). and I don't know...
by wiseroute
Mon Jul 17, 2023 5:42 pm
Forum: General
Topic: TCP Reset Attack Mitigation on Router Level [SOLVED]
Replies: 22
Views: 2554

Re: TCP Reset Attack Mitigation on Router Level [SOLVED]

Any attempts to open blocked domain will be thrown into ERR_CONNECTION_RESET in Chrome and PR_CONNECT_RESET_ERROR in Firefox (see ... This indicates that a middleman had sent a RST packet, masquerading as the endpoint. first, any isp (read : routers) are mitm - in terms of traffic routing. second, ...
by wiseroute
Mon Jul 17, 2023 5:20 pm
Forum: General
Topic: TCP Reset Attack Mitigation on Router Level [SOLVED]
Replies: 22
Views: 2554

Re: TCP Reset Attack Mitigation on Router Level [SOLVED]

My ISP employs DPI and as one of its strategy is to use TCP Reset Attack
reading your post,
the first thing comes to my mind is:

how do you know that?
by wiseroute
Mon Jul 17, 2023 3:17 pm
Forum: General
Topic: Migrating routes when a central node goes down
Replies: 15
Views: 826

Re: Migrating routes when a central node goes down

if I got it correctly: need to create the same wireguard tunnels from each branch to the new backup router. yes. so there would be 2*4 = 8 tunnels to both primary and backup. Still don’t understand what routing protocol i’d need to implement in the case main router goes down and backup router shoul...
by wiseroute
Mon Jul 17, 2023 1:49 pm
Forum: General
Topic: Migrating routes when a central node goes down
Replies: 15
Views: 826

Re: Migrating routes when a central node goes down

the backup router has a public address. I can't mesh the branches between each other. Am I understanding correctly? let's make it simple... you can have either another wan for hq as backup link to connect those branches. high availability in single router with redundant wan. example: mt wan1 main l...
by wiseroute
Mon Jul 17, 2023 1:15 pm
Forum: General
Topic: Migrating routes when a central node goes down
Replies: 15
Views: 826

Re: Migrating routes when a central node goes down

try to rent a vps on cloud.

install a chr on it. make it a secondary backup route server to overcome those cgnat.

but note those bandwidth traversing that router.

if your branches only use for online transactions - i think the vps bandwidth should suffice.

as long as you aren't huge files.
by wiseroute
Mon Jul 17, 2023 1:03 pm
Forum: General
Topic: Migrating routes when a central node goes down
Replies: 15
Views: 826

Re: Migrating routes when a central node goes down

yes.

hq to a (backup), b, c, d.
a (backup) to hq, b, c, d.

partial meshed.

the dynamic routing protocol is used only for hq failure take over. hq and backup router path priority can be adjusted to your needs.
by wiseroute
Mon Jul 17, 2023 12:55 pm
Forum: General
Topic: Migrating routes when a central node goes down
Replies: 15
Views: 826

Re: Migrating routes when a central node goes down

@ kartone The weak point is clear here: the central router. Ideally we would create another router, with a different link, that needs to take the ownership of routing the traffic when the other (central) router goes down. that's a good point. so there are 5 sites : hq and 4 branches. take one of the...
by wiseroute
Mon Jul 17, 2023 12:37 pm
Forum: General
Topic: redirect https and http sites to a site
Replies: 9
Views: 1839

Re: redirect https and http sites to a site

@ darci Are there any alternative solutions for redirecting them? well, basically - a port is just a port. but... a port will be in different state if it was used by an app. some app can take redirection - some with ssl (read: certificate) planted in it can't take redirection. there are differences ...
by wiseroute
Mon Jul 17, 2023 4:00 am
Forum: Beginner Basics
Topic: Domain Search List for MT devices
Replies: 4
Views: 1037

Re: Domain Search List for MT devices

@ chaosphere64 Context: I have a FW that acts as DHCP server and sends the local domain as default and also as Domain Search List via DHCP. It seems like the MT devices don't pick that information when configured as DHCP clients. As a result I can't ping all other devices in the local network just b...
by wiseroute
Sun Jul 16, 2023 12:34 pm
Forum: General
Topic: CGNAT assigned to local interface not working
Replies: 5
Views: 609

Re: CGNAT assigned to local interface not working

hello,

can you show us your topology?
by wiseroute
Sun Jul 16, 2023 12:24 pm
Forum: Beginner Basics
Topic: Need assistance setting up queue tree (QoS) for multiple networks/VLANs [SOLVED]
Replies: 3
Views: 1806

Re: Need assistance setting up queue tree (QoS) for multiple networks/VLANs [SOLVED]

hello What is the "best practice" here? I've tried building something with the help of ChatGPT but I think I am going nowhere. I also do lack of knowledge of queues/QoS in general, so please be kind with me. 8) really? you have asked bots for your settings? πŸ˜‚ I'm curious... what did the AI...
by wiseroute
Sun Jul 16, 2023 12:18 pm
Forum: Forwarding Protocols
Topic: missing route bridge id
Replies: 3
Views: 1734

Re: missing route bridge id

I'm sorry, i thought i have asked you that cli output?

Interface print

interface bridge port print
by wiseroute
Sun Jul 16, 2023 10:01 am
Forum: Forwarding Protocols
Topic: Redirect traffic from a Source IP [SOLVED]
Replies: 8
Views: 3463

Re: Redirect traffic from a Source IP [SOLVED]

@ werdarrfr congratulations! hmm, in case you interested in - what i thought - more simple way... let us say - MT with 4 ethers : - mtcp router, LAN : 192.168.100.253/24, WAN : 172.16.1.2/24 (masqueraded) - lte router, LAN : 192.168.2.2/24, WAN : 172.16.1.3/24 (masqueraded) - MT, to-mtcp : 192.168.1...
by wiseroute
Sun Jul 16, 2023 4:14 am
Forum: Beginner Basics
Topic: Forward secondary IP to web server
Replies: 4
Views: 997

Re: Forward secondary IP to web server

hello, 7 chain=dstnat action=netmap to-addresses=192.168.88.71 dst-address=1.1.2.85 in-interface=ether2 log=no log-prefix="" 8 chain=srcnat action=netmap to-addresses=1.1.2.85 src-address=192.168.88.71 out-interface=ether2 log=no log-prefix="" please note that netmap is 1 to 1 ip...
by wiseroute
Fri Jul 14, 2023 3:31 pm
Forum: Forwarding Protocols
Topic: Redirect traffic from a Source IP [SOLVED]
Replies: 8
Views: 3463

Re: Redirect traffic from a Source IP [SOLVED]

@ werdarrfr,

aaa... you have multiple gateways there.

in that case - this will help

https://wiki.mikrotik.com/wiki/Manual:P ... _Balancing

don't overlook at the load balancing part - but focus on the classifiers to drive 10.10.2.0/24 out to your mtcp router.
by wiseroute
Fri Jul 14, 2023 1:22 pm
Forum: Forwarding Protocols
Topic: missing route bridge id
Replies: 3
Views: 1734

Re: missing route bridge id

hello,

do you mean the last bridge number 11? with id 0x00?

please show us your:

interface print

interface bridge port print
by wiseroute
Fri Jul 14, 2023 1:17 pm
Forum: Forwarding Protocols
Topic: Redirect traffic from a Source IP [SOLVED]
Replies: 8
Views: 3463

Re: Redirect traffic from a Source IP [SOLVED]

hello What I would like to do is a default route but taking into account only a source address (10.10.2.0/24). I'm sorry, but your setup and your requirements just doesn't make sense because your MT only have 100.253 as gateway? or do you have any other gateway on MT? let us say you make a PBR class...
by wiseroute
Fri Jul 14, 2023 1:02 pm
Forum: General
Topic: Multiple networks on the same SSID
Replies: 2
Views: 325

Re: Multiple networks on the same SSID

hello challenge here, for me, is that the VMs are running in different hypervisors. hmm, how many hypervisor host connected to this ap? 1 host with multiple hypervisors? or different machine for each hypervisor? do you mean: you want to interconnect vm's under those hypervisors in other vlan than th...
by wiseroute
Fri Jul 14, 2023 6:34 am
Forum: Beginner Basics
Topic: SIP phone cannot register from VLAN
Replies: 10
Views: 1893

Re: SIP phone cannot register from VLAN

@ sebus, If I make the port on D-link untagged VLAN 21 , W70B gets 192.168.21.2 and Registration FAILS (yet full access to Internet from this VLAN exists) that was your first problem correct? now, this on your router - where did you put vlan bridge config for tagged and untagged port? 13 R vlan21-ip...
by wiseroute
Fri Jul 14, 2023 3:31 am
Forum: General
Topic: OS V7.8 BGP needs port 23 open
Replies: 3
Views: 380

Re: OS V7.8 BGP needs port 23 open

bgp session is on tcp 179,

maybe you either accidentally dropped it in your fw rules - or you have misconfigured somewhere else.
by wiseroute
Thu Jul 13, 2023 11:52 pm
Forum: Forwarding Protocols
Topic: Redirect traffic from a Source IP [SOLVED]
Replies: 8
Views: 3463

Re: Redirect traffic from a Source IP [SOLVED]

hello wetdarrfr,

is this your setups?
10.10.2.0/24 ---> MT ---> 100.253
https://wiki.mikrotik.com/wiki/Policy_R ... uterOS_3.x
by wiseroute
Thu Jul 13, 2023 11:37 pm
Forum: Forwarding Protocols
Topic: Bgp- signaled vpls and l3vpn issues in 7.10
Replies: 14
Views: 3210

Re: Bgp- signaled vpls and l3vpn issues in 7.10

hello croissante, thing is when create a bgp-vpls tunnel from PE1 to PE2 the tunnels form with the peer being the route reflector! and it doesn't even show up in route reflector or has the Bgp signaled flag. can we take a look at your sample output here? along with these 2 part samples tried lots of...
by wiseroute
Thu Jul 13, 2023 11:26 pm
Forum: Forwarding Protocols
Topic: OSPF, Wireguard, and multiple path problem [SOLVED]
Replies: 10
Views: 4402

Re: OSPF, Wireguard, and multiple path problem [SOLVED]

@ Maxwell,

went ahead and tested changing the router priority at site 'D' to 64, but I'm still having the same issue
no no. that 64 is the lte path priority, with its default cost you have set = 500. not the router priority.

hope this helps.
by wiseroute
Thu Jul 13, 2023 4:28 pm
Forum: Beginner Basics
Topic: Problem with additional ports
Replies: 9
Views: 1201

Re: Problem with additional ports

hello graham, On a Linux Mint host using VirtualBox as the hypervisor, with 3 three Debian 11 VMs along with the Router OS VM ok. since i think it was easier to rolls out those vm in Linux - maybe you could try this example steps - with 3 vnic and 3 bridges for the router : 1. Linux and vbox are set...
by wiseroute
Thu Jul 13, 2023 1:19 pm
Forum: Beginner Basics
Topic: SIP phone cannot register from VLAN
Replies: 10
Views: 1893

Re: SIP phone cannot register from VLAN

@ sebus46

i thought i have requested you for
interface bridge vlan print
by wiseroute
Wed Jul 12, 2023 5:45 pm
Forum: Beginner Basics
Topic: Problem with additional ports
Replies: 9
Views: 1201

Re: Problem with additional ports

hmm.. what platform did you use for this setup? windows/linux? VMware/vbox? Looking at the above I notice that ether2 and the bridge have the same mac address. Is this normal / significant? hmm... under basic bridge this is not normal. try to change its Mac address to say 41. and let see what happens.
by wiseroute
Wed Jul 12, 2023 5:30 pm
Forum: Beginner Basics
Topic: A strange case in OpenVPN client mode
Replies: 6
Views: 2136

Re: A strange case in OpenVPN client mode

@ nikolay have gaps in the server configuration, wouldn't that affect the OpenWrt clients that work normally? I don't have any objections with your openwrt output. let us just focus on the MT to your server part. ok. i saw that you have changed your MT client ip 1 D 10.8.0.114/32 10.8.0.113 ovpn-out...
by wiseroute
Wed Jul 12, 2023 5:20 pm
Forum: Beginner Basics
Topic: Project for Home and Tenants
Replies: 3
Views: 756

Re: Project for Home and Tenants

hello am new to Mikrotik and everything i know now is learnt from Youtube and Testing. it's great to have a wonderful learning curve. keep the spirit πŸ‘πŸ» and of course MT would love to have you as their next mtcineπŸ‘πŸ» as for your dream network... i think it is better to wait for your isp to do their w...
by wiseroute
Wed Jul 12, 2023 5:03 pm
Forum: Beginner Basics
Topic: Problem with additional ports
Replies: 9
Views: 1201

Re: Problem with additional ports

hello If I attach clients to the bridge connected to ether2 everything is OK, but connecting any clients to the bridges connected to ether3 or ether 4 fail. do any vms attached to ether3 or ether4 have dual nic connected to both bridges? (as in some kind of bonded interface? no?) ok. let us see your...
by wiseroute
Wed Jul 12, 2023 4:54 pm
Forum: Beginner Basics
Topic: How to ping Mikrotik router behind ISP Router
Replies: 8
Views: 1381

Re: How to ping Mikrotik router behind ISP Router

@ mwaqsaziz
ISP will provide 0 help, I have asked them how to configure IP POOL they said your headache,
the problem is - if your ISP locked down their router then you can't do much with your router.

so, be nice with your isp - and ask them politely, maybe they will help you πŸ‘πŸ»
by wiseroute
Wed Jul 12, 2023 4:44 pm
Forum: General
Topic: Why is a l2tp rename in server side?
Replies: 3
Views: 340

Re: Why is a l2tp rename in server side?

hello

ups... wrong post.

--- edit

you might want to read this first

https://wiki.mikrotik.com/wiki/Manual:Interface/L2TP

your requirements on the l2tp server profile section.

hope this helps.
by wiseroute
Wed Jul 12, 2023 4:12 pm
Forum: Beginner Basics
Topic: How to ping Mikrotik router behind ISP Router
Replies: 8
Views: 1381

Re: How to ping Mikrotik router behind ISP Router

hello
is it possible to ping Miktotik router from public? If yes! How to configure my routers?
yes. it is possible - but it is easier for you to get help from your isp directly. because forum members don't have any idea/privilege on your isp router.

hope this helps.
by wiseroute
Wed Jul 12, 2023 4:05 pm
Forum: Beginner Basics
Topic: A strange case in OpenVPN client mode
Replies: 6
Views: 2136

Re: A strange case in OpenVPN client mode

hello nikolay, this part on your MT router - ovpn client DAc 10.8.0.113/32 ovpn-out1 0 doesn't match with any of your ping result output (the second picture) - that is why you don't see any ovpn interface traffic on your first picture. maybe you might have missed the client config on your ovpn server?
by wiseroute
Wed Jul 12, 2023 3:53 pm
Forum: General
Topic: Wireguard Wizard - 7.11b4
Replies: 27
Views: 2770

Re: Wireguard Wizard - 7.11b4

@ holvoetn Not sure what you mean with 1:1. as dedicated 1 ip 1 user (exact measurements of dhcp pool allocation). and the line being not over crowded/over subscribed πŸ˜€ 500/30 - 1/6 compression. i think it's above normal for home subscription, don't you think? πŸ‘πŸ» ok. back to the topic.. so, is this ...
by wiseroute
Wed Jul 12, 2023 1:28 pm
Forum: General
Topic: Optimal method to rate limit for a BGP neighbor?
Replies: 3
Views: 412

Re: Optimal method to rate limit for a BGP neighbor?

My network leases transit and an IP space of 1.0.0.0/24 to CompanyX CompanyX pays me for 150/150mbit of bandwidth to the internet CompanyX has 2 sites that connect to my network, and I also sell them capacity into my network at 100/100mbit for each site aaa... ok. you have played both l2 and last m...
by wiseroute
Wed Jul 12, 2023 12:59 pm
Forum: Beginner Basics
Topic: Problem with additional ports
Replies: 9
Views: 1201

Re: Problem with additional ports

hello smithg400 In each case the virtual machines were setup with 4 network interfaces and these are configured so that ether1 is attached to Bridged Adapter (virtualbox) / Network Bridge (hyper-v) and ether2-4 are attached to separate internal networks (virtualbox) / private virtual switches (hyper...
by wiseroute
Wed Jul 12, 2023 12:28 pm
Forum: General
Topic: Optimal method to rate limit for a BGP neighbor?
Replies: 3
Views: 412

Re: Optimal method to rate limit for a BGP neighbor?

@ millenium7 i am sorry don't quite understand for the first part of your questions. can you be more specific? for the second part, imho, although everything is up to you as your own network operator - but I think it is better to leave your client doing their own bgp peering directly to ix. otherwis...
by wiseroute
Wed Jul 12, 2023 9:20 am
Forum: General
Topic: Wireguard Wizard - 7.11b4
Replies: 27
Views: 2770

Re: Wireguard Wizard - 7.11b4

@ holvoetn
(though in practice I have never seen it change the past years).
it's good for you πŸ‘πŸ»

and I could imagine that your line rate never below 75 percent of your service plan? maybe 1:1 subscription?
by wiseroute
Wed Jul 12, 2023 9:07 am
Forum: Beginner Basics
Topic: What is the lifetime of prefixes delegated by the DHCPv6 server?
Replies: 8
Views: 1643

Re: What is the lifetime of prefixes delegated by the DHCPv6 server?

@ kentzo

maybe you might want to read this article

https://www.techtarget.com/searchnetwor ... lems-occur

you will find your answer there.

hope this helps.
by wiseroute
Wed Jul 12, 2023 8:56 am
Forum: Beginner Basics
Topic: SIP phone cannot register from VLAN
Replies: 10
Views: 1893

Re: SIP phone cannot register from VLAN

hello sebus46, SIP (Yealink W70B) is on default LAN, it gets 192.168.88.20 & Registers fine at VoIP provider on Internet via DSL line out hmm, can you post your interface print interface bridge vlan print and your ip firewall rules related to your incoming sip. let us see what exactly is being t...
by wiseroute
Wed Jul 12, 2023 8:41 am
Forum: General
Topic: Why is a l2tp rename in server side?
Replies: 3
Views: 340

Re: Why is a l2tp rename in server side?

i think that's a normal dynamic behavior since you didn't put your l2tp clients as static.

for every dynamic interface links (such as pptp, pppoe etc) you will have that behavior.

hope this helps.
by wiseroute
Wed Jul 12, 2023 8:28 am
Forum: Beginner Basics
Topic: DNS not working as expected on names without domain?
Replies: 5
Views: 1325

Re: DNS not working as expected on names without domain?

@ velis after re-read your post, I want to be able to "ping zabbix" and that would resolve to a machine identifying itself as zabbix, which is somewhere in the subnet. Right now all I can do is "ping 192.168.237.22". i think you should understand that there are 2 ways of ip addre...
by wiseroute
Tue Jul 11, 2023 6:25 am
Forum: General
Topic: Bridge->NAT
Replies: 3
Views: 457

Re: Bridge->NAT

do you mean bridge nat as mac address proxy? as my experience concerned, i could barely meet or need one - both in data center and sp environment. let's say i preferred to avoid another unnecessary layer 2 headache since it's really difficult to predict its (l2) behavior, and mac address doesn't pas...
by wiseroute
Tue Jul 11, 2023 5:30 am
Forum: General
Topic: Bridge->NAT
Replies: 3
Views: 457

Re: Bridge->NAT

@ nichky https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge nat - bridge network address translation provides ways for changing source/destination MAC addresses of the packets traversing a bridge. Has two built-in chains: - srcnat - used for "hiding" a host or a network behind a differ...
by wiseroute
Mon Jul 10, 2023 9:16 am
Forum: General
Topic: How to forward FQDN to local network
Replies: 18
Views: 2955

Re: How to forward FQDN to local network

have last two questions: 1. I will know if I will not install a next OS with the reverse proxy is there a good option to use the dsnat function for each FQDN to forward it to the correct server? 2. What is better - install a linux system with reverse proxy or use the Win Server? 1. how many public ...
by wiseroute
Mon Jul 10, 2023 1:43 am
Forum: Forwarding Protocols
Topic: VXLAN vs MPLS(vpls) MTU and Performance
Replies: 4
Views: 2741

Re: VXLAN vs MPLS(vpls) MTU and Performance

in MikroTik, neither are offloaded to ASIC.
speaking of which.. has anyone tried to port routeros to an onie-based bare metal switches?

like those from netberg, edge-core?
by wiseroute
Sun Jul 09, 2023 6:04 pm
Forum: Forwarding Protocols
Topic: VXLAN vs MPLS(vpls) MTU and Performance
Replies: 4
Views: 2741

Re: VXLAN vs MPLS(vpls) MTU and Performance

hello, let's say I have to serve 20 clients in lan2lan, that I will have to close 20 VXLAN tunnels from one router to another only, let's say, this is an example.would it be an overhead of 20x50bytes? I'm not too well versed in vxlan since I had retired long enough to forget the industry. but, afaik...
by wiseroute
Sun Jul 09, 2023 4:40 pm
Forum: Beginner Basics
Topic: wireguard traffic heading problem
Replies: 15
Views: 1273

Re: wireguard traffic heading problem

@ gnoby, please explain us if this is what you meant internet(Public Network AddressοΌ‰ connected to: wireguard(mikrotik-server ip-address10.10.10.1/24) it then connected to: wireguard(mikrotik-client10.10.10.2/24) it then connected to: PC{ win7(ip-address)192.168.0.1/24 win10(ip-address192.168.0.2/24...
by wiseroute
Sun Jul 09, 2023 2:03 pm
Forum: General
Topic: Wireguard endpoint route using DDNS
Replies: 4
Views: 1136

Re: Wireguard endpoint route using DDNS

@ shadow82 Maybe there is some statis route autoupdating scirpt also? interesting πŸ€” hmm.. how about these? from the wg client, 1. since you already did the remote ip ddns, how about - wait for the tunnel to come up. then.. 2. create another script to read the tunnel interface status, to read remote ...
by wiseroute
Sun Jul 09, 2023 11:25 am
Forum: Beginner Basics
Topic: Block Between VLANs In the Same Bridge
Replies: 22
Views: 2512

Re: Block Between VLANs In the Same Bridge

@dungtran88 hmm... i dont know whether this lab will fits you : vlan5-kids : ether2 192.168.5.0/24, gateway 192.168.5.1 vlan2-others : ether3 192.168.2.0/24, gateway 192.168.2.1 internet 172.16.1.1/32 ### show interfaces : [admin@home] > /interface/print Flags: R - RUNNING; S - SLAVE Columns: NAME, ...
by wiseroute
Sun Jul 09, 2023 8:52 am
Forum: General
Topic: redundant/backup routeros7 dhcp/radius server and usermanager?
Replies: 1
Views: 273

Re: redundant/backup routeros7 dhcp/radius server and usermanager?

hello, How can I make make these services redundant as the way they configured in the second machine. I would like to setup the second machine the same way but it should be the backup machine. Is it possible? yes, you can make those 2 routers in redundant setup - but not for the: 1. ip/gateway/routi...
by wiseroute
Sun Jul 09, 2023 8:27 am
Forum: General
Topic: Test ping beetween ports without physical device [SOLVED]
Replies: 4
Views: 693

Re: Test ping beetween ports without physical device [SOLVED]

want to test ping from One of the porta in the second switch to One of the devices connected tΓ² the First One, but Is a remote location so I cannot attach nothing to the second switch. as an addition to what @mkx has explained above, there's a tool called mac-telnet, https://manpages.ubuntu.com/man...
by wiseroute
Sat Jul 08, 2023 8:02 am
Forum: General
Topic: Proper VRRP configuration
Replies: 10
Views: 1690

Re: Proper VRRP configuration

@ nichky

aaa... yes, sorry. i didnt take a closer look below that line

'i' as inactive. backup site.
by wiseroute
Sat Jul 08, 2023 4:32 am
Forum: General
Topic: Proper VRRP configuration
Replies: 10
Views: 1690

Re: Proper VRRP configuration

@ sindy are you sure your vrrp example in a running state? [me@chr-7-2] > ip address/print where interface=vrrp1 Flags: I, D - DYNAMIC Columns: ADDRESS, NETWORK, INTERFACE # ADDRESS NETWORK INTERFACE 13 I 192.168.216.1/24 192.168.216.0 vrrp1 it has 'i' in it as invalid? by the way, this is interesti...
by wiseroute
Sat Jul 08, 2023 4:00 am
Forum: General
Topic: gateway spoof
Replies: 9
Views: 922

Re: gateway spoof

I'm not using DHCP; IP addresses are assigned manually, but I'm involved in server leasing, and the management of the leased servers belongs to the customers. Each server is allocated one IP address, so I'm running only one VLAN. How can I solve this using a different method? 1. are you in some kin...
by wiseroute
Fri Jul 07, 2023 6:55 pm
Forum: Beginner Basics
Topic: Block Between VLANs In the Same Bridge
Replies: 22
Views: 2512

Re: Block Between VLANs In the Same Bridge

@ dungtran88 ok. let us see your cli output of ip firewall filter print. we just need to see your firewall sequence. i think you need to put that kids to adults block rule on top of everything. and start doing ip based firewall instead of interface list. vlan is nothing without ip. sorry, my eyes co...
by wiseroute
Fri Jul 07, 2023 6:25 pm
Forum: Beginner Basics
Topic: Block Between VLANs In the Same Bridge
Replies: 22
Views: 2512

Re: Block Between VLANs In the Same Bridge

much more efficient to have a drop rule at the end of the forward chain.
absolutely,
but just for trouble shooting - sometimes we need to do top to bottom approach @anav πŸ˜‰

if it is harder to filter in layer 2 - how about we do it on upper layer 3
by wiseroute
Fri Jul 07, 2023 6:16 pm
Forum: Beginner Basics
Topic: Site to site Wireguard with both Mikrotiks behind NAT. Can you do it? [SOLVED]
Replies: 15
Views: 4438

Re: Site to site Wireguard with both Mikrotiks behind NAT. Can you do it? [SOLVED]

hello filament, The config I've posted is full and complete, these routers are currently working perfectly (using SSTP), but I would like to change to Wireguard. That's why I'm asking for help. The examples in Mikrotik's website do not work for me. I tried to use them, but I reverted back to my norm...
by wiseroute
Fri Jul 07, 2023 5:51 pm
Forum: Beginner Basics
Topic: Block Between VLANs In the Same Bridge
Replies: 22
Views: 2512

Re: Block Between VLANs In the Same Bridge

how about this Bridge - VLAN2 = 20.0/24 - VLAN3 = 30.0/24 - VLAN4 = 40.0/24 - VLAN5-Kids = 50.0/24 - VLAN6 = 60.0/24 ip firewall list add kids address 50.0/24 ip firewall list add adults address 20, 30, 40, 60.0/24 ip firewall filter add chain input in interface bridge src-addr=kids dst-addr=adults ...
by wiseroute
Fri Jul 07, 2023 4:52 pm
Forum: General
Topic: How to forward FQDN to local network
Replies: 18
Views: 2955

Re: How to forward FQDN to local network

@ pe1chl
Don't let you distract by questions from wiseroute, it is clear what you want.
ok. i am just trying to draw @ op topology and knowing what he wants -- i don't like crystal ball πŸ˜‚

ok. feel free to take over this topic
by wiseroute
Fri Jul 07, 2023 1:09 pm
Forum: General
Topic: How to forward FQDN to local network
Replies: 18
Views: 2955

Re: How to forward FQDN to local network

@ alfista
the requests should go from internet (FQDN) to local servers (IP or FQDN). I have local DNS server which resolve also some other local FQDN's.
does your router have a public ip?

did you really host an internet dns locally already?
by wiseroute
Fri Jul 07, 2023 1:01 pm
Forum: General
Topic: gateway spoof
Replies: 9
Views: 922

Re: gateway spoof

@ asdgmae2, There is a malicious user who sets up a virtual router on their own server and assigns the gateway address to themselves, redirecting all traffic to their server. if your network is office network, then you should lock down all the workers station from any system modification. if your ne...
by wiseroute
Fri Jul 07, 2023 12:16 pm
Forum: General
Topic: How to forward FQDN to local network
Replies: 18
Views: 2955

Re: How to forward FQDN to local network

hello,

which direction do you want to redirect?

1. from the internet going to your network
or
2. from your network going to the internet?

and,

3. which subject do you want to translate to?
- from fqdn to ip
or
- from ip to fqdn?
by wiseroute
Thu Jul 06, 2023 8:12 pm
Forum: General
Topic: Capure the addresses of HTTP redirects
Replies: 1
Views: 318

Re: Capure the addresses of HTTP redirects

hello, hmm... it's a bit complicated because of vpn and 3rd party redirection. assuming : a = you (or your router/browser), b = first hop server, c = redirected server. did you mean: you need to know c address? or... am finding form Wireshark the connection is failing. in natted environment - it is ...
by wiseroute
Thu Jul 06, 2023 6:19 pm
Forum: General
Topic: Getting in touch with Burst Mode - basic understanding
Replies: 1
Views: 257

Re: Getting in touch with Burst Mode - basic understanding

interesting topic πŸ‘πŸ» but unfortunately this qos/sla kind of questions can't take a short answer. key points : - bandwidth available on interface (or on the network) - multipliers (idle/peak time, numbers of concurrent access etc) which then creates baseline average, which sometimes could be below no...
by wiseroute
Tue Jul 04, 2023 2:39 pm
Forum: Beginner Basics
Topic: Just need a simple push guide to WDS
Replies: 1
Views: 700

Re: Just need a simple push guide to WDS

hello,

you might want to read this wiki first

https://wiki.mikrotik.com/wiki/Mesh_wds

hope this helps.
by wiseroute
Tue Jul 04, 2023 2:34 pm
Forum: General
Topic: Mikrotik as VPN server/concentrator (SSTP + OVPN) - "dead" clients are not disconnected
Replies: 1
Views: 279

Re: Mikrotik as VPN server/concentrator (SSTP + OVPN) - "dead" clients are not disconnected

hello,

you might want to read this article:

https://forums.openvpn.net/viewtopic.php?t=21205

maybe you could find any similarities and work around your problem.

hope this helps πŸ‘πŸ»
by wiseroute
Tue Jul 04, 2023 11:59 am
Forum: General
Topic: How to separate traffic in an MLAG setup [SOLVED]
Replies: 13
Views: 1135

Re: How to separate traffic in an MLAG setup [SOLVED]

@mkx, With VLANs again... πŸ˜‚ it still Tuesday consider MLAG as L2.1 and VLANs as L2.5). no no.. they said mpls as l2.5, and ppp as l2.5... so that would make vlans as l2.3 πŸ˜‚ @ wassy83 know how to do this with vlans without MLAG but I don't how to do this with MLAG on top. as @mkx said, it is the othe...
by wiseroute
Mon Jul 03, 2023 5:32 pm
Forum: Beginner Basics
Topic: Vpn site to site behind ISP router
Replies: 5
Views: 980

Re: Vpn site to site behind ISP router

hello pulzpulz, 1) ISP router does nat. from there, i just would like to ask you whether you subscribed to your isp managed service? because not that i don't want to help you, but I think your requirements will be much easier for you to work with your isp in this matter. just let them know what you ...
by wiseroute
Sun Jul 02, 2023 7:00 pm
Forum: General
Topic: Howto configure a set of machine to only send and receive data from one WAN?
Replies: 2
Views: 397

Re: Howto configure a set of machine to only send and receive data from one WAN?

hello benoitc,

it's a bit tricky config but maybe you might want to try it?

https://wiki.mikrotik.com/wiki/Manual:PCC

hope this helps
by wiseroute
Sun Jul 02, 2023 6:02 pm
Forum: Beginner Basics
Topic: Vpn site to site behind ISP router
Replies: 5
Views: 980

Re: Vpn site to site behind ISP router

hello pulzpulz, instantiate a connection to my MK ipsec+l2tp (i can connect to vpn server from lan from windows 10 client, but cannot from outside) one thing you need to know first, which router do the nat/masquerade for your lan? the isp cpe router or your router? second, you need to know whether y...
by wiseroute
Sun Jul 02, 2023 5:47 pm
Forum: Beginner Basics
Topic: Sip connection after sudden change of ip
Replies: 4
Views: 951

Re: Sip connection after sudden change of ip

@ kxrist

you might want to read this

https://wiki.freepbx.org/plugins/servle ... /100929794

hope this helps.
by wiseroute
Sun Jul 02, 2023 4:22 am
Forum: General
Topic: PXE Boot From Mikrotik
Replies: 9
Views: 18210

Re: PXE Boot From Mikrotik

tftp error code explained:

https://docs.ruckuswireless.com/fastiro ... 014D2.html

hope this helps.
by wiseroute
Sat Jul 01, 2023 4:08 am
Forum: General
Topic: Maximum number of NAT users / sessions
Replies: 45
Views: 21859

Re: Maximum number of NAT users / sessions

any ways - sorry for posting IPv4 & IPv6 stuff in this "Maximum number of NAT users / sessions" thread. @tom, let us put those last ipv6 posts as a way to promote ipv6 usage and adoption πŸ˜‰ this one, think of ISPs that have no plans to add IPv6 networks to their customers somewhat like...
by wiseroute
Fri Jun 30, 2023 9:25 pm
Forum: General
Topic: Maximum number of NAT users / sessions
Replies: 45
Views: 21859

Re: Maximum number of NAT users / sessions

@ rextended, However I currently have 75% of my traffic over IPv6... On 2014, when this topic is open, 0%..... i would definitely say that is really a great achievement πŸ‘πŸ» it is always about our team. when they are ready, everything looks easy. - but sometimes it was kinda 1 in 1000 momentum to deli...
by wiseroute
Fri Jun 30, 2023 7:27 pm
Forum: General
Topic: Maximum number of NAT users / sessions
Replies: 45
Views: 21859

Re: Maximum number of NAT users / sessions

@ tom, My NAT444 configuration uses jump rules/tables , If IP & port range is this then jump here and scan only a few lines to find what to NAT to/from. hmm, interesting πŸ€” which platform did you use to perform this setup? i mean: MT or Linux boxes? since I read that jump statement. in your curre...
by wiseroute
Fri Jun 30, 2023 7:12 pm
Forum: General
Topic: Interesting DDoS case
Replies: 11
Views: 995

Re: Interesting DDoS case

... than detecting all the fake source addresses of ddos traffic to block that traffic afaik, well if the graph triggers sms - all i could say was don't overlook sa-da. just do rate limit to throttle the bandwidth. neutralize it to a state safe enough to do the next step. +++ edit after all, the on...
by wiseroute
Fri Jun 30, 2023 7:03 pm
Forum: General
Topic: Maximum number of NAT users / sessions
Replies: 45
Views: 21859

Re: Maximum number of NAT users / sessions

@ chechito, is a common missconception to think that you are limited to 65535 connections per "WAN" ip, you are limited to that only for a single Destination IP, you can reuse SRC port "numbers" for diferent destinations. agreed to *reuse* src port part. but, are you sure about t...
by wiseroute
Fri Jun 30, 2023 6:33 pm
Forum: General
Topic: Interesting DDoS case
Replies: 11
Views: 995

Re: Interesting DDoS case

@ chechito,
in a ddos attack source ip addresses are fake you are not catching nothing useful
even if they were real - can the router or the server or the target (read: cpu+ram) buffers such a massive objects in single window time frame?

hmm... i think my calculator running out of battery πŸ˜‚
by wiseroute
Fri Jun 30, 2023 8:57 am
Forum: General
Topic: accessing devices behind NAT
Replies: 5
Views: 482

Re: accessing devices behind NAT

@ anav
Wait, my crystal ball is due to be delivered by amazon later.
you buy another one?? πŸ˜‚

does the old one in your fish aquarium no longer work? πŸ€”
by wiseroute
Fri Jun 30, 2023 7:16 am
Forum: General
Topic: Interesting DDoS case
Replies: 11
Views: 995

Re: Interesting DDoS case

@ anav, Short answer: No MT routers are not capable of stopping an attack! It is the responsibility of your provider ISP to do so and further up the food chain. I don't think MT or any brand has any relationship with stopping the ddos. i would think of the man behind the car. ie. even though you gav...
by wiseroute
Thu Jun 29, 2023 5:41 pm
Forum: General
Topic: Multiple networks how to give priority.
Replies: 3
Views: 410

Re: Multiple networks how to give priority.

hello andriusk79,

I'm sorry I don't get your question.

what is that traffic priority you were talking about? do you mean intervlan traffic? internet??
by wiseroute
Thu Jun 29, 2023 5:34 pm
Forum: General
Topic: Interesting DDoS case
Replies: 11
Views: 995

Re: Interesting DDoS case

hello hagoyi, it depends on the router resources itself. ie. cpu, ram. but the way you make some firewall rules for that dos - will give you insight whether it is effective or not. ie. on part 1 of your reading, i could say yes - maybe it is effective enough to protect the target. on part 2, the att...
by wiseroute
Wed Jun 28, 2023 2:34 pm
Forum: General
Topic: SSH into LAN over external IP from a L2TP tunnel
Replies: 6
Views: 678

Re: SSH into LAN over external IP from a L2TP tunnel

@ ruberts,

maybe this one has better example:

https://wiki.mikrotik.com/wiki/Manual:PCC
by wiseroute
Wed Jun 28, 2023 4:24 am
Forum: General
Topic: Forum moderation volunteers
Replies: 238
Views: 34054

Re: Forum moderation volunteers

This will put any VI/EMACS discussion to shame. :D
Seems more like a sed and awk problem to me ;).
where is that notepad when we need it most? πŸ˜‚
by wiseroute
Tue Jun 27, 2023 7:42 pm
Forum: General
Topic: Router Leaking Packets (ICMP) Marked for Wireguard Tunnel
Replies: 32
Views: 3214

Re: Router Leaking Packets (ICMP) Marked for Wireguard Tunnel

@ blacksnow, It is much easier to use the policy rules to steer the entire incoming interface's traffic to use a particular routing table. So for me I continue to do it that way versus the connection marking route and therefore I still need the drop rule on the router output chain. well, after all t...
by wiseroute
Tue Jun 27, 2023 6:48 pm
Forum: General
Topic: LACP 802.3ad Bonding TCP connections [SOLVED]
Replies: 9
Views: 684

Re: LACP 802.3ad Bonding TCP connections [SOLVED]

blizzard, The question is, why do i see multiple TCP connects from the same client and to the same WAN IP, and might that be expected behavior with bonding (Fragmentation or whatever)? if you were alone on your lan, just you and your computer browsing MT website using multiple tabs - you will have t...
by wiseroute
Tue Jun 27, 2023 3:52 pm
Forum: General
Topic: SSH into LAN over external IP from a L2TP tunnel
Replies: 6
Views: 678

Re: SSH into LAN over external IP from a L2TP tunnel

hello ruberts, The connection works one way because I can see packets coming into the debian server with tcpdump: ok. assuming that your tcpdump out was correct - which is your debian server sees your home client ssh connection - now all you have to do is routing back your server reply via that l2tp...
by wiseroute
Tue Jun 27, 2023 3:37 pm
Forum: General
Topic: LACP 802.3ad Bonding TCP connections [SOLVED]
Replies: 9
Views: 684

Re: LACP 802.3ad Bonding TCP connections [SOLVED]

SACs 192.168.0.10:50491
do you mean that ip?

was that your vrrp ip and outgoing/incoming port number? no?
by wiseroute
Tue Jun 27, 2023 1:09 pm
Forum: General
Topic: LACP 802.3ad Bonding TCP connections [SOLVED]
Replies: 9
Views: 684

Re: LACP 802.3ad Bonding TCP connections [SOLVED]

hello blizzard, example, if a client visits a website, i see around 10 different TCP connection in the firewall connections list, with different source Ports, but the same destination/port. is this your setup? inet --- cisco --- mt1 --- mt2 can you be more specific in log examples?
by wiseroute
Tue Jun 27, 2023 12:49 pm
Forum: General
Topic: Forum moderation volunteers
Replies: 238
Views: 34054

Re: Forum moderation volunteers

think Normis is looking for a moderator, not for 5 minutes a day, but for more time, otherwise the waits continue to be long. With the work I do, I have to be connected all the time, basically from 09:00 (CET) to 22:00 (CET) (if not longer…) 7 days a week. no. not again πŸ˜‚ how can I make that script...
by wiseroute
Sun Jun 25, 2023 7:57 pm
Forum: General
Topic: Router Leaking Packets (ICMP) Marked for Wireguard Tunnel
Replies: 32
Views: 3214

Re: Router Leaking Packets (ICMP) Marked for Wireguard Tunnel

hello blacksnow, So the issue is really in between the connection closing and the NAT entry being deleted, the router responds with ICMP. yes. but this chicken and the eggs thing could be overlap one another. which is who will close the door first: the server or the router? supposed that remote serv...
by wiseroute
Sun Jun 25, 2023 6:22 pm
Forum: General
Topic: Router Leaking Packets (ICMP) Marked for Wireguard Tunnel
Replies: 32
Views: 3214

Re: Router Leaking Packets (ICMP) Marked for Wireguard Tunnel

@ msatter, Reading this I think this is not the golden bullet because the incoming traffic can be valid and have a active connection tracking. Only when the router want to push the traffic to the client the client says, won't accept it because I don't have an active memory of that connection. absolu...
by wiseroute
Sun Jun 25, 2023 5:04 pm
Forum: General
Topic: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?
Replies: 22
Views: 3013

Re: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?

@ fvaseghi,

that's wonderful πŸ‘πŸ»

anyhow, this
If the result of this checking faile, connection will be close or disconnect.
as per your pptp question,
does this probe only apply for the initial internet link - or.. will it applies to any other subsequent new link? ie. other vpn link etc?
by wiseroute
Sun Jun 25, 2023 4:50 pm
Forum: General
Topic: Router Leaking Packets (ICMP) Marked for Wireguard Tunnel
Replies: 32
Views: 3214

Re: Router Leaking Packets (ICMP) Marked for Wireguard Tunnel

@ msatter ps. filtering on related is not needed because it is always related when the router answers on behalf. agreed. related means conntrack should be enabled. otherwise we will see huge amount of alien Traffic. but. why do we bother to stop the end result of a stale connection (outgoing to any ...
by wiseroute
Sun Jun 25, 2023 5:56 am
Forum: General
Topic: Router Leaking Packets (ICMP) Marked for Wireguard Tunnel
Replies: 32
Views: 3214

Re: Router Leaking Packets (ICMP) Marked for Wireguard Tunnel

hello blacksnow, To be clear, I orginally thought the router was responding to a ICMP packet but the actual situation is that flow of TCP packets that cannot be delivered generate a ICMP packet from the router back to the source letting them know the packet cannot be delivered etc. it (the icmp 3 ge...
by wiseroute
Sat Jun 24, 2023 2:25 pm
Forum: General
Topic: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?
Replies: 22
Views: 3013

Re: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?

@ fvaseghi i am sorry, i and the other members just coloring the day. it's weekend, so let us all and you - get some rest a little bit πŸ˜‰ ok. back to you, As I said, the MikroTik router still serves to other devices properly. But Just Windows 10 and 11 clients can't connect correctly. they connect fo...
by wiseroute
Fri Jun 23, 2023 7:56 pm
Forum: General
Topic: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?
Replies: 22
Views: 3013

Re: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?

@ amm0 maybe use "pptp" as topic as well to make sure. can you make my life easier?? πŸ˜‚ @ rextended was busy helping the other OP how to script deleting pppoe username and password twice a day... and now you asked me to debug and find pptp logs?? how many pipe should I use? :debug [ find to...
by wiseroute
Fri Jun 23, 2023 6:43 pm
Forum: General
Topic: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?
Replies: 22
Views: 3013

Re: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?


Perhaps enabling "debug" as topic in logging would yield more clues on what's going on for you during PPTP session establishment
i really like this one πŸ‘πŸ»

ok @OP... show us the that pptp logs. show us that crystal ball πŸ˜‰

because @ chechito said the other way around -
by wiseroute
Fri Jun 23, 2023 5:15 pm
Forum: General
Topic: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?
Replies: 22
Views: 3013

Re: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?

@ amm0

yes, i don't mind with that l2tp in winbox quick setup.

but... again, have you ever count how many clicks you have to make for your windows based road warrior l2tp client to get them work? both for the server and the client πŸ˜‚

no no no... I'm just kidding πŸ˜‚ have a nice weekend folks πŸ‘πŸ»
by wiseroute
Fri Jun 23, 2023 4:47 pm
Forum: General
Topic: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?
Replies: 22
Views: 3013

Re: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?

@ erlinden,

have you ever count how many clicks you have to make between pptp and IPsec to get them work? πŸ˜‚
by wiseroute
Fri Jun 23, 2023 1:01 pm
Forum: General
Topic: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?
Replies: 22
Views: 3013

Re: Why Windows 10 and 11 cannot connect to the Mikrotik PPTP server?

hello But now windows 10 and 11 connot connect to these pptp servers. Older versions of windows, Smart Phones, Other routers and ... still connect properly. did you do any windows update before this happened? well, let us be fair - don't put any unnecessary burden to MT side alone. sometimes other s...
by wiseroute
Fri Jun 23, 2023 12:53 pm
Forum: General
Topic: Can someone give me the command line, to delete pppoe-out1
Replies: 16
Views: 1337

Re: Can someone give me the command line, to delete pppoe-out1

the main reason is that i need to make a script, where it will automatically change the username and password of that pppoe interface and then put it on a schedule..
I'm just wondering how will your isp call center handling your pppoe change request twice a day πŸ˜‚
by wiseroute
Thu Jun 22, 2023 7:42 pm
Forum: General
Topic: CCR1072-1G-8S+ Not Working Properly at 3000 PPPoE Active Users
Replies: 9
Views: 917

Re: CCR1072-1G-8S+ Not Working Properly at 3000 PPPoE Active Users

hello @abn,

ok. are those olt's linked directly back to the core (your pppoe server)?

or do you have any pop nearest to the olt's?

are those 1200, 1300, 3000 users differentiated by profiles? do you have any mac filters for the wires?
by wiseroute
Thu Jun 22, 2023 11:57 am
Forum: General
Topic: CCR1072-1G-8S+ Not Working Properly at 3000 PPPoE Active Users
Replies: 9
Views: 917

Re: CCR1072-1G-8S+ Not Working Properly at 3000 PPPoE Active Users

hello @abn,

i am wondering about your pppoe and overall network design. did you put one centralized server for all these connections? πŸ€”
by wiseroute
Wed Jun 21, 2023 3:07 pm
Forum: Beginner Basics
Topic: Packet Loss!!! BOND (802.3ad) on BRIDGE w/ HW Offload
Replies: 12
Views: 2491

Re: Packet Loss!!! BOND (802.3ad) on BRIDGE w/ HW Offload

@ edpa, agreed. vm lab doesnt represent true hardware performance. but - if you take a closer on those tx-rx error/drops between the bridged bonded interface vs plain bonded one, i think the error/drop would be quite significant in heavy traffic load. again, i just doing a balance-rr, i dont know ab...
by wiseroute
Wed Jun 21, 2023 1:08 pm
Forum: Beginner Basics
Topic: Packet Loss!!! BOND (802.3ad) on BRIDGE w/ HW Offload
Replies: 12
Views: 2491

Re: Packet Loss!!! BOND (802.3ad) on BRIDGE w/ HW Offload

@edpa i think these OP's @unlikely and @iamgavinj maybe correct - it seems adding bond interface to a bridge causing some packet lost. but, i am not really sure about their config/performance lost while @ourplan - the bond mode still in question? output - balance-rr, without bridge on v7.9: [admin@s...
by wiseroute
Wed Jun 21, 2023 5:23 am
Forum: Beginner Basics
Topic: End customer vpls Internet connection from ISP
Replies: 4
Views: 826

Re: End customer vpls Internet connection from ISP

hello ok. 1. vpls is a professional services from your isp, they should be the first one who you call to assist you with the problem. while this forum members we don't have any idea you and your isp setup. 2. The ISP says they have tagged all the vlan's and the assigned subnet is routing from the IS...
by wiseroute
Wed Jun 21, 2023 4:17 am
Forum: Beginner Basics
Topic: Packet Loss!!! BOND (802.3ad) on BRIDGE w/ HW Offload
Replies: 12
Views: 2491

Re: Packet Loss!!! BOND (802.3ad) on BRIDGE w/ HW Offload

interesting πŸ€” first built a basic BOND with two ETHs, with all default settings (ARP Enabled), and everything worked fine. No packet loss. Then I created the BRIDGE and added the BOND to it, swapped the IP address from the BOND to the BRIDGE, and the packet loss returned. could the problem be in the...
by wiseroute
Tue Jun 20, 2023 3:25 pm
Forum: Beginner Basics
Topic: Load balance with PCC and a Non-reachable Destination
Replies: 6
Views: 990

Re: Load balance with PCC and a Non-reachable Destination

hello atanas, As a result, I’m going to conclude that PCC doesn’t β€œmake” internet more reachable - effectivly. It may balance your load, but at the same time you may loose part of it; however it may bring to your basket something, which you considered unreachable until then. yup πŸ‘πŸ» especially in nat...
by wiseroute
Mon Jun 19, 2023 5:36 pm
Forum: Beginner Basics
Topic: Is it possible to provide dst-nat action in prerouting chain?
Replies: 3
Views: 806

Re: Is it possible to provide dst-nat action in prerouting chain?

hello ipavlik What I tried was based on layer7 protocol mark connection, based on this mark all packets and process specific dst-nat rule with marked packets , since I found information that I can't process dst-nat with layer7 filtering because only part of packet takes place. i think you are abusin...
by wiseroute
Mon Jun 19, 2023 5:20 pm
Forum: Beginner Basics
Topic: Load balance with PCC and a Non-reachable Destination
Replies: 6
Views: 990

Re: Load balance with PCC and a Non-reachable Destination

hello aa.. ok. 2 wan pcc. May someone tell me how ROS behaves when a destination IP is unreachable through a route engaged in PCC, while the same IP is reachable through the rest routes in PCC? pcc has nothing to do with routeros as a system - but rather it (pcc) just a more complex routing algorith...
by wiseroute
Sun Jun 18, 2023 7:40 pm
Forum: Beginner Basics
Topic: Can there be a virtual external L2TP interface for inbound SSH?
Replies: 5
Views: 840

Re: Can there be a virtual external L2TP interface for inbound SSH?

think I will better verify it for sure with them (AA). yup πŸ‘πŸ» My understanding was that they would provide me with just an external IP address (static IP) and when I connect to that address, it would be tunnelled to my router and it would appear as if my router's l2tp-client-interface has that exte...
by wiseroute
Sun Jun 18, 2023 5:38 pm
Forum: Beginner Basics
Topic: End customer vpls Internet connection from ISP
Replies: 4
Views: 826

Re: End customer vpls Internet connection from ISP

hello ip firewall nat add chain=srcnat action=masquerade out-interface-list=WAN comment="Default Internet masquerade" disabled=no hmm, how about trying to ping the internet via that setting on the router. ping dst-ip src-addr=your-wan-ip. Don't forget to put that src-addr. ip route list?
by wiseroute
Sun Jun 18, 2023 5:31 pm
Forum: Beginner Basics
Topic: Rechable only for SNMP
Replies: 3
Views: 542

Re: Rechable only for SNMP

hello looks like a simple question - but actually not πŸ˜‚ have a CRS318-16P-2S+OUT setup. It will be "only" used to assign VLANs for the Ethernet Port, the uplink is via a 10G connection. I'm sorry i don't get your question. do you mean the switch just basically for vlan access with 1 vlan t...
by wiseroute
Sun Jun 18, 2023 5:16 pm
Forum: Beginner Basics
Topic: Can there be a virtual external L2TP interface for inbound SSH?
Replies: 5
Views: 840

Re: Can there be a virtual external L2TP interface for inbound SSH?

hello ruberts, i like your drawing - very artistic πŸ‘πŸ» btw, about your 3rd party cloud based l2tp vpn server for your cgnat pass through.. i am afraid it won't work - because there should be other routing to be made on the server to connect your home and office net. if they offer that auto paired rou...
by wiseroute
Fri Jun 16, 2023 2:08 pm
Forum: Forwarding Protocols
Topic: Routes learned by BGP in VRF-Lite installed and active, but no routing beyond direcly connected subnets [SOLVED]
Replies: 3
Views: 2662

Re: Routes learned by BGP in VRF-Lite installed and active, but no routing beyond direcly connected subnets [SOLVED]

hello, [f4hof@e1-lyo69] > ping 44.7.0.1 vrf=hamnet SEQ HOST SIZE TTL TIME STATUS 0 22 (Invalid argument) there are not much info which source which interface did you ping 0.1 from? and is there really 0.1 host up? are local and remote.role don't mean anything to your config? ++++ edit and could you ...
by wiseroute
Thu Jun 15, 2023 12:29 pm
Forum: Beginner Basics
Topic: Load balance with PCC and a Non-reachable Destination
Replies: 6
Views: 990

Re: Load balance with PCC and a Non-reachable path

hello I'm sorry I don't get your question. what are you trying to do related to pcc? are you trying to connect 2 isps via your router as transit point? ie. user1 connects from isp1 at your eth1 - and then you want to mark the connection - and then you want to re-route that user1 to isp2 and vice ver...
by wiseroute
Thu Jun 15, 2023 12:12 pm
Forum: Forwarding Protocols
Topic: VRF Shenanigans (need help with VRF Lite)
Replies: 5
Views: 2067

Re: VRF Shenanigans (need help with VRF Lite)

hello troy,

it's nice to meet you. I'm Athens. could you be kind enough to give our helen back?

no no. just kidding πŸ˜‚

ok. @ troy, what is your core? layer 2 network access provider or something?

as we have no idea - what are you trying to achieve (vrf) related to your environment.
by wiseroute
Wed Jun 14, 2023 12:19 pm
Forum: Forwarding Protocols
Topic: bgp-origin incomplete not being set in v7?
Replies: 6
Views: 2247

Re: bgp-origin incomplete not being set in v7?

hello @xxiii very long description you have there, and interesting thought as well πŸ‘πŸ» from the fact that incomplete origin is the least preferred route 1. igp 2. egp - actually doesn't mean much. that MT wiki about not having synchronize off option does really help to minimize this ? routes. Routes ...
by wiseroute
Tue Jun 13, 2023 12:26 pm
Forum: Beginner Basics
Topic: Wireguard for external gateway
Replies: 3
Views: 487

Re: Wireguard for external gateway

dalami, when there are 2 routes to the internet in single router : 1 to internet and 1 to wireguard network (which for simplicity - let us call it the second "internet*) made the map lan member (iot) needs to know which route to reply pings. the symptoms: from tip you can ping map ip - but not ...
by wiseroute
Tue Jun 13, 2023 9:19 am
Forum: Forwarding Protocols
Topic: bgp-origin incomplete not being set in v7?
Replies: 6
Views: 2247

Re: bgp-origin incomplete not being set in v7?

hello from the wiki https://help.mikrotik.com/docs/display/ROS/Moving+from+ROSv6+to+v7+with+examples In v7 it is not possible to turn off synchronization with IGP routes (the network will be advertised only if the corresponding IGP route is present in the routing table). and this I don't want to fil...
by wiseroute
Tue Jun 13, 2023 9:06 am
Forum: Forwarding Protocols
Topic: MAC & IP forwarding behaviour
Replies: 1
Views: 1618

Re: MAC & IP forwarding behaviour

hello pere What am I missing here? Shouldn't the router send the packets to 10.0.2.0/30 using the sfp-sfpplus8 interface even though it is learning that the D8:5B:22:02:46:93 MAC address is also available through sfp-sfpplus7? well sometimes resolving a layer 2 problem much harder then those in rout...
by wiseroute
Tue Jun 13, 2023 8:29 am
Forum: Beginner Basics
Topic: Wireguard for external gateway
Replies: 3
Views: 487

Re: Wireguard for external gateway

hello this Add TIP to mAP Wireguard allowedip. Attempt to access TIP from mAP - succeeds. Attempt to access TIP from IoT - fails the answer is this IoT device connected to a mAP. IoT uses mAP as gateway. you need to srcnat iot as map gateway ip. as not in full ip routing - but ip srcnat. So, what am...
by wiseroute
Sun Jun 11, 2023 2:07 pm
Forum: General
Topic: Trying to make a sneaky VPN [SOLVED]
Replies: 17
Views: 2215

Re: Trying to make a sneaky VPN [SOLVED]

@ sindy thank you for your compliment πŸ˜‚ Believe me or not, it is not always the case :) having difficulty in market penetration, doesn't mean you have to push your luck to the edge. and, as far as experience concerned - either the op doesn't have that promising look or just can't compete with others...
by wiseroute
Sun Jun 11, 2023 1:08 pm
Forum: General
Topic: Trying to make a sneaky VPN [SOLVED]
Replies: 17
Views: 2215

Re: Trying to make a sneaky VPN [SOLVED]

Is there a way to generate a port knock from within RouterOS? even if there is port knocking in MT or in other vendors - your question description is too obvious that the company simply don't trust you, be it other vendors resident engineer who stayed there to run the security subsection nor local ...
by wiseroute
Sun Jun 11, 2023 10:08 am
Forum: General
Topic: Trying to make a sneaky VPN [SOLVED]
Replies: 17
Views: 2215

Re: Trying to make a sneaky VPN [SOLVED]

And I'm having difficulties working with the corporate firewall administration. I'm hoping they'll approve opening the ports I need but even if they do it's made me think about how I can safeguard for the future. the obvious question is : who are you and what is your relationship with the company? ...
by wiseroute
Fri Jun 09, 2023 6:40 pm
Forum: Forwarding Protocols
Topic: OSPF, Wireguard, and multiple path problem [SOLVED]
Replies: 10
Views: 4402

Re: OSPF, Wireguard, and multiple path problem [SOLVED]

@ maxwell, hmm, done some lab for you - abcd topology, which i think your topology turned out to be normal one? :) running on v7.6 the modified point was only on router d/LTE : /routing ospf instance add disabled=no name=default redistribute=connected router-id=172.16.1.4 /routing ospf area add disa...
by wiseroute
Fri Jun 09, 2023 9:26 am
Forum: Forwarding Protocols
Topic: OSPF, Wireguard, and multiple path problem [SOLVED]
Replies: 10
Views: 4402

Re: OSPF, Wireguard, and multiple path problem [SOLVED]

hello Maxwell, I'm sorry, didn't remember this thread. ok. let us continue shall we? your topology was a-b-c-d-a , am i correct? a-b is dark fiber a-d is lte. am i correct? ab is 1, ad is 500. and you want that if ab has back online - you want to re route ad 500 to ab 1, correct? your problem was on...
by wiseroute
Fri Jun 09, 2023 5:46 am
Forum: Forwarding Protocols
Topic: ROSv7 - Filtering ospf routes outbound without using redistribution
Replies: 2
Views: 1901

Re: ROSv7 - Filtering ospf routes outbound without using redistribution

hello, Trying to get an idea of the "official" MikroTik answer here. As far as I can tell, unless you're redistributing connected, rip, bgp, static, etc , it's not possible to filter routes for LSA types that aren't external for my own simplicity when configuring routing protocols - i woul...
by wiseroute
Fri Jun 09, 2023 5:16 am
Forum: General
Topic: MLAG Bridge not work in ROS 7.7 - 7.8 - 7.9, OK in ROS 7.6
Replies: 18
Views: 3614

Re: MLAG Bridge not work in ROS 7.7 - 7.8 - 7.9, OK in ROS 7.6

good morning folks, @ connectlife i haven't lab your diagram yet - but just having some thought from basic stp point of view. from your diagram - let us just view them in basic stp operation minus the lacp/mlag operation - each sw1, 2, 3 and 4 ---> from those 3 interface each on the switch, basic st...
by wiseroute
Tue Jun 06, 2023 9:01 am
Forum: Forwarding Protocols
Topic: Traffic Engineering RouterOS 7
Replies: 2
Views: 1892

Re: Traffic Engineering RouterOS 7

hello, firstable, i am not in any way as an expert. second, we don't have any idea what is your topology look like and what are you trying to achieve with that te, and its implementation results (simple diagram sometimes doesn't match with/can't represent, the actual complex end result). just wanted...
by wiseroute
Tue Jun 06, 2023 8:29 am
Forum: Forwarding Protocols
Topic: BGP filters from v6 -> v7 high CPU
Replies: 1
Views: 1718

Re: BGP filters from v6 -> v7 high CPU

hello George, maybe @ mrz can help you with this Unfortunately, applying the above into the filter chain, increases CPU very much. From ~20% without this filter to 60-80%. but for this one, The above is with one transit (default route only) and one IXP; traffic levels are 200-300Mbps. it is obvious ...
by wiseroute
Tue Jun 06, 2023 8:17 am
Forum: General
Topic: Encountered an ARP table exhaustion attack
Replies: 15
Views: 1564

Re: Encountered an ARP table exhaustion attack

@ wwj 5. Or if ROS provides a function similar to PSD, it would be perfect. For example, it can monitor the traffic entering a certain interface within 3 seconds. If the number of dst-ips for a certain src IP reaches the set value, it can be added to the address list, so that we can better identify ...
by wiseroute
Tue Jun 06, 2023 5:10 am
Forum: Forwarding Protocols
Topic: OSPF, Wireguard, and multiple path problem [SOLVED]
Replies: 10
Views: 4402

Re: OSPF, Wireguard, and multiple path problem [SOLVED]

hello Maxwell, . I believe the issue hinges on the fact that Wireguard interfaces are considered to be in a running state regardless of whether there is actually a viable session with its peer. maybe you could try to lower those persistent keepalive value between peers : /interface wireguard peers a...
by wiseroute
Sat Jun 03, 2023 5:56 pm
Forum: General
Topic: Encountered an ARP table exhaustion attack
Replies: 15
Views: 1564

Re: Encountered an ARP table exhaustion attack

@ paternot This brings a host of new problems, and this isn't the place to discuss them. ... This isn't to say "just do this and everything will be fine". could not disagree. But You have to remember that the real gateway would still answer to MAC requests. absolutely. as i said in my prev...
by wiseroute
Sat Jun 03, 2023 7:30 am
Forum: General
Topic: Is a catchall src-nat good or bad?
Replies: 3
Views: 367

Re: Is a catchall src-nat good or bad?

@ dalami, nice masquerade vs srcnat observation. super πŸ‘πŸ» This then makes me wonder - what's wrong with just a generic masquerade rule with no conditions on it? no. there is nothing wrong with plain masquerade. even it is so simple to setup. in basic linux iptables terms example to masquerade any la...
by wiseroute
Sat Jun 03, 2023 3:16 am
Forum: General
Topic: Confused about srcnat and dstnat chain in NAT [SOLVED]
Replies: 7
Views: 1725

Re: Confused about srcnat and dstnat chain in NAT

@ sohrabp72 if a packet is received, what we want to do with the packed is determined in Action, then what is the use of Chain? well, maybe you were right. the chain set renaming for nat context - for example: chain prerouting to dstnat chain postrouting to srcnat could gave user a false sense to de...
by wiseroute
Sat Jun 03, 2023 2:49 am
Forum: Beginner Basics
Topic: EOIP with two Subnet
Replies: 2
Views: 739

Re: EOIP with two Subnet

hello Scheme; LAN1 <--- EOIP ---> LAN2 Subnet LAN1 192.168.0.0/24. Subnet LAN2 192.168.50.0/24. did you mean: you want to extend the lan subnet on the left to right and vice versa? and how will you interconnect those 2 lans if you don't have any termination point? you don't need one? if you don't ne...
by wiseroute
Sat Jun 03, 2023 2:28 am
Forum: Forwarding Protocols
Topic: OSPF ECMP changes from ROS6 -> ROS7? [SOLVED]
Replies: 12
Views: 3468

Re: OSPF ECMP changes from ROS6 -> ROS7? [SOLVED]

@ ibutton77 For example my frustrating workaround of plumbing fresh vlans over longer paths to make them look like one hop is enough to allow ROS7 to play ball.. but the workaround is all of fragile, hell to maintain, significantly increased surface area for error, etc etc. ☹ well, i think you don't...
by wiseroute
Fri Jun 02, 2023 5:26 pm
Forum: Beginner Basics
Topic: Site to site Wireguard - traffic from LAN to LAN not passing through.
Replies: 3
Views: 377

Re: Site to site Wireguard - traffic from LAN to LAN not passing through.

@ anav,

maybe the OP was trying to say that he made a triangle shaped site to site wg tunnels. r-s-o. its a fully meshed tunnels.

and his problem was :
one of the tunnel seemed not forwarding any traffic (pings).
by wiseroute
Fri Jun 02, 2023 4:11 pm
Forum: Forwarding Protocols
Topic: OSPF ECMP changes from ROS6 -> ROS7? [SOLVED]
Replies: 12
Views: 3468

Re: OSPF ECMP changes from ROS6 -> ROS7? [SOLVED]

@gmsmstr

aaa... thank you for the confirmation.

i dont know, changing those interface path cost made some of the ospf routes became inactive. is that bug as well?
by wiseroute
Fri Jun 02, 2023 3:58 pm
Forum: Forwarding Protocols
Topic: OSPF ECMP changes from ROS6 -> ROS7? [SOLVED]
Replies: 12
Views: 3468

Re: OSPF ECMP changes from ROS6 -> ROS7? [SOLVED]

@ ibutton77 well, i dont know whether this will work for your setup, but looks like nice workaround? on v7.6 [admin@a] > ip route/print Flags: D - DYNAMIC; A - ACTIVE; c, s, o, y - COPY; + - ECMP Columns: DST-ADDRESS, GATEWAY, DISTANCE # DST-ADDRESS GATEWAY DISTANCE DAc 10.0.11.0/30 vab 0 DAc 10.0.1...
by wiseroute
Fri Jun 02, 2023 9:56 am
Forum: Forwarding Protocols
Topic: OSPF ECMP changes from ROS6 -> ROS7? [SOLVED]
Replies: 12
Views: 3468

Re: OSPF ECMP changes from ROS6 -> ROS7? [SOLVED]

@ ibutton77 aaa... yes. please wait. i think @signumfera has the point of using filter to set the metric. but i don't have time to lab it up. if you can do some search on ospf filters parameters - just try to grap this idea : 1. search inbound route to c, from b advertisment. 2. check whether you ca...
by wiseroute
Fri Jun 02, 2023 9:18 am
Forum: Forwarding Protocols
Topic: OSPF ECMP changes from ROS6 -> ROS7? [SOLVED]
Replies: 12
Views: 3468

Re: OSPF ECMP changes from ROS6 -> ROS7? [SOLVED]

@ ibutton77 then maybe MPLS-TE could play a part. congratulations.... you have entered your next step in the service provider track πŸ‘πŸ»πŸ˜‚ for the ecmp path, 1. you could read some articles about eigrp for unequal ecmp. 2. for the time being (ospf way), either you can go with mpls te or you could use b...
by wiseroute
Fri Jun 02, 2023 8:58 am
Forum: General
Topic: Voice Vlan
Replies: 7
Views: 820

Re: Voice Vlan

Can anyone tell me how to configure the voice vlan on the switch? well, basically all vlan (voice or data) are the same thing vlan. but, if you were asking about dynamic vlan port assignment - then hopefully MT will provide those features in the future (or maybe its already there in the wiki?) hope...
by wiseroute
Thu Jun 01, 2023 10:01 pm
Forum: General
Topic: Encountered an ARP table exhaustion attack
Replies: 15
Views: 1564

Re: Encountered an ARP table exhaustion attack

@ paternot couldn't disagree with what you have said. ok. let us say : ok. the mac table is full. traffic dropped. let's clear up some old inactive entries. do clear ip arp. this could lead to 2 things: 1. if that chatty broadcaster stopped, then the forwarding media is good to go. - again that is i...
by wiseroute
Thu Jun 01, 2023 7:54 pm
Forum: General
Topic: How to remove one or more NAT layers from my internal network?
Replies: 31
Views: 1831

Re: Accessing internet without NAT?

this one? https://www.zte.com.cn/global/products/access/Smarthome/ONT/ZXHN-F660.html [*] No Just range , i changed ONT Default ip to that range . MT DHCP is 10.0.1.11-10.0.1.20 [*] ok. do you know your zte ont default ip? (just in case you need to hard reset to factory settings) disclaimer : you wil...
by wiseroute
Thu Jun 01, 2023 7:36 pm
Forum: General
Topic: How to remove one or more NAT layers from my internal network?
Replies: 31
Views: 1831

Re: Accessing internet without NAT?

hello aymen1986, [*] Yes i can do a Bridge mode on ONT [*] are you sure? what/which type is your ont box? we don't have any ideas. before you change any config in it - make sure you write down all the config ie. user name, password, isp account id, channel id, protocols for your internet link (pppoe...
by wiseroute
Thu Jun 01, 2023 5:59 pm
Forum: General
Topic: How to remove one or more NAT layers from my internal network?
Replies: 31
Views: 1831

Re: Accessing internet without NAT?

probably the OP just wanted to know whether he/she can do bridge mode on the isp supplied ont box to the MT router, so that OP can have many MT features for his/her network - that is why the OP asked how to not doing double NAT. happened occasionally because the subscribers think isp supplied modem/...
by wiseroute
Thu Jun 01, 2023 4:57 pm
Forum: General
Topic: Encountered an ARP table exhaustion attack
Replies: 15
Views: 1564

Re: Encountered an ARP table exhaustion attack

@ rextended [*] Some are called anti-virus, [*] well... we can't rely that on end-users/subscribers, can we? maybe some just doing some tests - ie. networking students etc. but not to be underestimate the impact for the network. @paternot [*] Wouldn't be better if upon space exhaustion the least use...
by wiseroute
Thu Jun 01, 2023 4:47 pm
Forum: Forwarding Protocols
Topic: BGP and IPSec policy
Replies: 6
Views: 2618

Re: BGP and IPSec policy

@ pe1chl [*] That is indeed sometimes inconvenient, but it is what it is. Remember that there are tens of different VPN protocols each having multiple options, and it simply isn't possible to implement EVERYTHING. Each time when an often-requested VPN or option is finally implemented, people are alr...
by wiseroute
Thu Jun 01, 2023 4:34 pm
Forum: General
Topic: Encountered an ARP table exhaustion attack
Replies: 15
Views: 1564

Re: Encountered an ARP table exhaustion attack

[*]
Probably not really an attack.
[*]

yes. maybe you are right. πŸ‘πŸ»

because there are some computer virus that did ruin layer 2. i have forgot its name.

but, how we could localized the infections could bring easier disaster management.
by wiseroute
Thu Jun 01, 2023 4:23 pm
Forum: Beginner Basics
Topic: Block communication between multiple ports
Replies: 9
Views: 943

Re: Block communication between multiple ports

@ anav... calm down πŸ˜‚

i think you should take some break from that vrrp tutorial writing... and get some fresh air down the hill... next to the river.

and don't forget to bring your fishing tools, and some snacks πŸ˜‰
by wiseroute
Thu Jun 01, 2023 4:16 pm
Forum: Forwarding Protocols
Topic: OSPF operation between ROS V6 and ROS V7 [SOLVED]
Replies: 30
Views: 5291

Re: OSPF operation between ROS V6 and ROS V7 [SOLVED]

Yes, it's already in production.
πŸ‘πŸ»

how about 'gre' ? πŸ˜‰
by wiseroute
Thu Jun 01, 2023 10:36 am
Forum: Forwarding Protocols
Topic: OSPF operation between ROS V6 and ROS V7 [SOLVED]
Replies: 30
Views: 5291

Re: OSPF operation between ROS V6 and ROS V7 [SOLVED]

[*]
Settings
/ip ipsec policy
The default is 255
[*]

πŸ‘πŸ»

did you move the hub to the cloud already?
by wiseroute
Thu Jun 01, 2023 10:31 am
Forum: General
Topic: Encountered an ARP table exhaustion attack
Replies: 15
Views: 1564

Re: Encountered an ARP table exhaustion attack

hello [*] i know,we have PSD to find the ports-scaner , but in this case , How should we protect ourselves? and Can the ARP table be expanded? [*] my sympathy for your network. well, i don't know anything about your network layout - whether those disasters came in wired or wireless one? maybe, that ...
by wiseroute
Thu Jun 01, 2023 6:55 am
Forum: Forwarding Protocols
Topic: OSPF operation between ROS V6 and ROS V7 [SOLVED]
Replies: 30
Views: 5291

Re: OSPF operation between ROS V6 and ROS V7 [SOLVED]

hello bigdrive,

[*]
Everything worked out,
[*]
glad to hear that πŸ‘πŸ»

what filter did you have for 47 and 255?
by wiseroute
Thu Jun 01, 2023 6:45 am
Forum: General
Topic: VRRP + routing
Replies: 3
Views: 393

Re: VRRP + routing

hello [*] I'm using EVE-NG. [*] ok. what I was asking was for you to observe your vrrp master-master problem on underlying the eve-ng hypervisor - which is linux bridge and virtual interface for your routers. you go to underlying eve-ng host - as root user - and take a look at your lab bridge there ...
by wiseroute
Thu Jun 01, 2023 4:45 am
Forum: General
Topic: VRRP + routing
Replies: 3
Views: 393

Re: VRRP + routing

hello [*] The hosts from VLAN 10 can ping the hosts from VLAN20/30 and every VRRP interface but they can't ping hosts from VLAN40/50/60. When one router is down inter-vlan routing works perfect. [*] ok. can we see your diagram? and which/what hypervisor did you use for the lab? if you use Linux: try...
by wiseroute
Tue May 30, 2023 9:01 am
Forum: Forwarding Protocols
Topic: using static routes to overide BGP and OSPF internally
Replies: 8
Views: 2151

Re: using static routes to overide BGP and OSPF internally

@ralphmt

have you really solved the problem? πŸ€”
by wiseroute
Tue May 30, 2023 5:22 am
Forum: Forwarding Protocols
Topic: OSPF ECMP changes from ROS6 -> ROS7? [SOLVED]
Replies: 12
Views: 3468

Re: OSPF ECMP changes from ROS6 -> ROS7? [SOLVED]

hello ibutton77 from your diagram, i don't see anything for the ospf to have ecmp? am I missing something? πŸ€” let us say, all links are ether with default cost of 10. a - c = 10 a - b = 10 a - b - c = 20 i think no matter how you reduce the a - b or b - c, it won't make it apple to apple. and that wo...
by wiseroute
Tue May 30, 2023 4:45 am
Forum: Forwarding Protocols
Topic: using static routes to overide BGP and OSPF internally
Replies: 8
Views: 2151

Re: using static routes to overide BGP and OSPF internally

[*] static route 0.0.0.0/0 to the far end [*] I'm sorry I don't quite understand your layout. do you mean: you want to re-route all those connected tunnels back to you as well - just for the tunnels network go to the internet? you lost half? maybe some kind of unconnected tunnels safe those networks...
by wiseroute
Tue May 30, 2023 4:25 am
Forum: General
Topic: Is running OSPF on Campus Network Overkill?
Replies: 3
Views: 547

Re: Is running OSPF on Campus Network Overkill?

hello Buford [*] we actually have about 12+ locations [*] from your diagram, are those college's on different geographical location connected by private wan ie. thru isp mpls, metro ether/vpls or something? (even though they are using fiber links). or... those colleges are in 1 location but just dif...
by wiseroute
Sun May 28, 2023 5:46 am
Forum: Beginner Basics
Topic: MikroTik and Empowering IPv6 - a general discussion.
Replies: 2
Views: 424

Re: MikroTik and Empowering IPv6 - a general discussion.

@ kentzo,

yes, i am sure they are wonderful ipv6 community - and perhaps some nice references there too.

but... MT users and forum members can have their own discussion here in this MT forum as well, right? πŸ™‚
by wiseroute
Sun May 28, 2023 3:47 am
Forum: Beginner Basics
Topic: MikroTik and Empowering IPv6 - a general discussion.
Replies: 2
Views: 424

MikroTik and Empowering IPv6 - a general discussion.

I've created this topic just for sharing ideas between MT users and IT related community (be they were service provider, home users, or any other businesses) who would like to deploy IPv6 Network - but still having doubt about how will it work as transition from IPv4 scheme, how IPv6 will impact cur...
by wiseroute
Fri May 26, 2023 2:24 pm
Forum: Beginner Basics
Topic: How do I make IPv6 work?
Replies: 26
Views: 7269

Re: How do I make IPv6 work?

@ mrz @ rextended : interesting πŸ€” but firstable, @xyuri i am sorry I didn't mean to hijack your post - but rather i would like to elevate your post title *how can i enable ipv6* to a new perspective πŸ‘πŸ» back to @mrz, supposed you were right, but won't that lead us back to the old ipv4 mind set? πŸ€” @re...
by wiseroute
Fri May 26, 2023 12:58 pm
Forum: Beginner Basics
Topic: How do I make IPv6 work?
Replies: 26
Views: 7269

Re: How do I make IPv6 work?

[*]
NAT66/NPTv6
[*]

why would its (ipv6) development need to build that? won't it against its own development spirit - which is every device will have its own ip and reducing the router numbers? πŸ€” (read : to overcome ipv4 exhaustion).
by wiseroute
Fri May 26, 2023 3:27 am
Forum: Beginner Basics
Topic: Wireless bridges and virtual network bridges
Replies: 9
Views: 720

Re: Wireless bridges and virtual network bridges

[*]
None of the nodes see BPDU of the opposite
[*]

have you set your Wireshark interface - or the whole connected interface in your lab to be in promiscuous mode?
by wiseroute
Thu May 25, 2023 12:43 pm
Forum: Forwarding Protocols
Topic: iBGP vs OSPF
Replies: 11
Views: 3004

Re: iBGP vs OSPF

hello gryyzli, [*] Now there is a need of connecting all branches to AWS so it is good opportunity for me to consider switching to BGP instead of creating new multiple areas, ospf instances etc. [*] do you mean you were thinking about having *sd-wan like* bgp over the cloud, to overcome hq session a...
by wiseroute
Thu May 25, 2023 11:57 am
Forum: Beginner Basics
Topic: Wireless bridges and virtual network bridges
Replies: 9
Views: 720

Re: Wireless bridges and virtual network bridges

hello kentzo, [*] However, my Mikrotik AP does not recognize laptop's wireless connection as bridged (per /interface/wireless/registration-table) nor these bridged devices appear in /interface/bridge/host. [*] it is because the only device which has real physical connection to the ap was only laptop...
by wiseroute
Thu May 25, 2023 9:21 am
Forum: General
Topic: {ASK} BGP-def route
Replies: 10
Views: 1760

Re: {ASK} BGP-def route

hello, 2- see the topology well, i just want to make sure your network topology. more over i saw that you already made it worked. from the second code. i don't think i can give you any confirmation about your v7 thoughts since I have left the industry long enough. now I'm just sharing what I used to...
by wiseroute
Thu May 25, 2023 8:44 am
Forum: General
Topic: {ASK} BGP-def route
Replies: 10
Views: 1760

Re: {ASK} BGP-def route

aa.. you mean your pe as bgp to ce?

ok. so, from which router this pe has the bgp peering info? directly to rr or just from regular neighbors?
by wiseroute
Thu May 25, 2023 8:22 am
Forum: General
Topic: {ASK} BGP-def route
Replies: 10
Views: 1760

Re: {ASK} BGP-def route

hello nichky,

what do you mean by

ebgp==cpe?

which router actually hold the 0/0? r1? r3?
by wiseroute
Wed May 24, 2023 2:19 pm
Forum: Forwarding Protocols
Topic: RouterOS 7: routing "in" matcher against ip firewall ipsets
Replies: 12
Views: 2740

Re: RouterOS 7: routing "in" matcher against ip firewall ipsets

jkroon, we've got a /21 outermost, and then some idiot is handing us our own /23 inside that which we're also advertising from another location, so the /23 along with a the /22s passes through the bogon filter, only the actual /21 gets filtered. is that part your current problem? that wasn't other a...
by wiseroute
Wed May 24, 2023 12:36 pm
Forum: Forwarding Protocols
Topic: iBGP vs OSPF
Replies: 11
Views: 3004

Re: iBGP vs OSPF

hello No need to specify exact address of peer. hmm... getting more interesting πŸ€” ok. before getting deeper into this dynamic peer, from your previous diagram - let us say : *ospf vs ibgp* for simplicity - i am just wondering what do you have in mind? what i mean is: a. where or which part of your n...
by wiseroute
Wed May 24, 2023 9:57 am
Forum: Forwarding Protocols
Topic: RouterOS 7: routing "in" matcher against ip firewall ipsets
Replies: 12
Views: 2740

Re: RouterOS 7: routing "in" matcher against ip firewall ipsets

hello
This is all about BGP and filtering the routes advertised by (eBGP) peers
well, I am sure you know it better than me πŸ˜‰

there are many how to guide bgp filters on the net saying it will match the longest prefix.

ok. good day and good luck πŸ‘πŸ»
by wiseroute
Wed May 24, 2023 9:26 am
Forum: Forwarding Protocols
Topic: RouterOS 7: routing "in" matcher against ip firewall ipsets
Replies: 12
Views: 2740

Re: RouterOS 7: routing "in" matcher against ip firewall ipsets

firstable, Given that 192.168.0.0/15 really is in (ie, a subset of) 192.168.0.0/16 I expected the prefix to be rejected by the bogon filter. /15 is not a subset of /16. /15 is the upper net (cidr) of /16, /22, /24 so forth. /16 is the subnet (vlsm) of /15, /12, /8 so forth. second, let us go back to...
by wiseroute
Wed May 24, 2023 8:56 am
Forum: Forwarding Protocols
Topic: RouterOS 7: routing "in" matcher against ip firewall ipsets
Replies: 12
Views: 2740

Re: RouterOS 7: routing "in" matcher against ip firewall ipsets

hello Given that 192.168.0.0/15 really is in (ie, a subset of) 192.168.0.0/16 I expected the prefix to be rejected by the bogon filter. do you mean: you want to know which rule will be executed first by the filter? in ordered manner? or you want to know whether the filter will match the longest or t...
by wiseroute
Wed May 24, 2023 8:08 am
Forum: Forwarding Protocols
Topic: OSPF operation between ROS V6 and ROS V7 [SOLVED]
Replies: 30
Views: 5291

Re: OSPF operation between ROS V6 and ROS V7 [SOLVED]

hello bigdrive, i have put everything on my post above. the hub is v7.6 config, the spoke is v6.49 config. no firewall at all, only srcnat on the spoke side (physical interface, not on the gre tunnel). since I just doing this test solely for you. just copy those code to notepad so they don't clutter...
  • 1
  • 2