Community discussions

Search found 1486 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 30
by sebastia
Wed Jun 19, 2019 11:57 pm
Forum: RouterBOARD hardware
Topic: RBSXTR problem with LTE
Replies: 16
Views: 1186

Re: RBSXTR problem with LTE

Must have jinxed it...Just had a major interruption (25+ hours from main ISP) and SXT LTE kit was not a reliable backup. Constantly loosing connection (state11 + plain loss). Me not happy at all... Jun 18 00:23:12 ltegw.home lte,info lte1: not registred, state: 11 Jun 18 01:17:34 ltegw.home lte,info...
by sebastia
Wed Jun 19, 2019 11:44 pm
Forum: Beginner Basics
Topic: PiHole DNS for any subnet
Replies: 1
Views: 61

Re: PiHole DNS for any subnet

If all those subnets get ip config automatically (through dhcp), then configure in your dhcp network definition the pihole as the dns server. to simplify config, put the pihole on different net than the targeted subnets. and make sure that pihole itself can do dns request, either through Tik or dire...
by sebastia
Wed Jun 19, 2019 11:36 pm
Forum: Virtualization
Topic: ar71xx mikrotik build 18.06.2 ?
Replies: 1
Views: 107

Re: ar71xx mikrotik build 18.06.2 ?

You should check on the openwrt forum, this one only relates to Tik software = ROS.
by sebastia
Wed Jun 19, 2019 11:31 pm
Forum: Beginner Basics
Topic: CCR1072 PCC Multi-WAN Performance Stuck
Replies: 1
Views: 73

Re: CCR1072 PCC Multi-WAN Performance Stuck

Hi Some feedback... 1. See https://wiki.mikrotik.com/wiki/Manual:IP/Hotspot. It has quite some limitations / requirements. In high load scenario some can become a bottleneck, ex "users accounting in local database on the router", local storage => SLOW Only use what you really need and optimise where...
by sebastia
Wed Jun 19, 2019 10:56 pm
Forum: Wireless Networking
Topic: LHG LTE kit
Replies: 3
Views: 169

Re: LHG LTE kit

This one is strange, masq doens't take dst-address as param...recreate without dst-address. add action=masquerade chain=srcnat dst-address=0.0.0.0/0 out-interface=lte1 (ti's just a filter =all => no-op /ip route add distance=1 gateway=lte1 Do you get point-to-point ip onyour lte1? if not this route...
by sebastia
Wed Jun 19, 2019 10:45 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 33
Views: 1196

Re: single IP constantly trying to log to my Mikrotik

Hey @krisjanisj 2) as soon as the connection is flagged for fasttrack, conntrack communicates with interface drivers and packets from those connections are fasttracked skipping all the firewall rules ( RAW /mangle/filter) Don't you mean NAT? RAW is pre conntrack... 3) conntrack by default is most ex...
by sebastia
Mon Jun 17, 2019 10:11 pm
Forum: Scripting
Topic: lte interface disabled inconsistency
Replies: 2
Views: 125

Re: lte interface disabled inconsistency

Hey

the command shoul be "/interface lte disable <name>"
by sebastia
Mon Jun 17, 2019 9:55 pm
Forum: General
Topic: LTE modem firmware changelog
Replies: 2
Views: 133

Re: LTE modem firmware changelog

To my knowledge it's not documented.
Just for info, looks like current version is v11.
by sebastia
Mon Jun 17, 2019 9:30 pm
Forum: Beginner Basics
Topic: Redirect Port to specific WAN [SOLVED]
Replies: 5
Views: 194

Re: Redirect Port to specific WAN [SOLVED]

Hi You can to that with mangling. In mangle:prerouting, route-mark all all packets for port SSH (tcp:22) (or any other port you might be using), with some mark. Next step, make sure you have a route over desired isp with that routing-mark. See https://wiki.mikrotik.com/wiki/Policy_Base_Routing, wrt ...
by sebastia
Mon Jun 17, 2019 9:08 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 33
Views: 1196

Re: single IP constantly trying to log to my Mikrotik

@Emil66
It's a forum for technical assistance. Don't be offended when you "waltz in" post "some gut feelings and expectations" without any substations, and someone reacts on that...

Your opinions are incorrect.
by sebastia
Sat Jun 15, 2019 10:15 am
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 33
Views: 1196

Re: single IP constantly trying to log to my Mikrotik

I asked for factual info & data, not some gut feelings and expectations! ...to pass many rules before they are accepted, the CPU load will be high... Can you prove it? Tik can easily handle hundreds of rules with no / minimal impact (caveat: as long as no heavy matchers are used) This is bad even wi...
by sebastia
Sat Jun 15, 2019 12:28 am
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 33
Views: 1196

Re: single IP constantly trying to log to my Mikrotik

I wouldn't advise to use raw-prerouting rule. It might have negative impact on speed of all (including fasttracked) connections. ... it will have more negative, than positive consequences because ... This is based on what factual info / data? It a rule base system like any other table (filter,nat,m...
by sebastia
Fri Jun 14, 2019 10:48 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 33
Views: 1196

Re: single IP constantly trying to log to my Mikrotik

right, that's what you get for writing commands from memory...
/ip firewall raw add action=drop src-address=141.98.80.115 chain=prerouting
Thx!
by sebastia
Fri Jun 14, 2019 6:13 pm
Forum: Beginner Basics
Topic: Limit WAN Winbox access to OpenVPN connected user
Replies: 1
Views: 91

Re: Limit WAN Winbox access to OpenVPN connected user

I tried by using src ip range to limit access only to IP range assigned by OpenVPN but apparently firewall checks "real" user's IP (it's dynamic) not IP assigned by OpenVPN that's the way to go. clients need to use the openvpn ip to connect with Winbox. And then their source ip will be automaticall...
by sebastia
Fri Jun 14, 2019 4:40 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 33
Views: 1196

Re: single IP constantly trying to log to my Mikrotik

Add this
/ip firewall raw add action=drop src-address=141.98.80.115
by sebastia
Fri Jun 14, 2019 2:59 pm
Forum: General
Topic: one dhcp server, static leases two diffent gateway addresses
Replies: 4
Views: 206

Re: one dhcp server, static leases two diffent gateway addresses

You can achieve this by defining multiple networks, ex: /ip dhcp-server network add address=192.168.1.0/26 dns-server=192.168.1.1 domain=home gateway=192.168.1.1 netmask=24 ntp-server=192.168.1.1 add address=192.168.1.64/26 dns-server=172.16.1.2 domain=dyn.home gateway=192.168.1.2 netmask=24 ntp-ser...
by sebastia
Fri Jun 14, 2019 2:24 pm
Forum: General
Topic: Static route between 2 routers,2 networks
Replies: 7
Views: 308

Re: Static route between 2 routers,2 networks

the default gateways are set on both pc's?

try pinging one hop further at a time to discover where "connection breaks", from both ends.
by sebastia
Fri Jun 14, 2019 2:15 pm
Forum: Beginner Basics
Topic: Two WAN, 1 Mikrotik, 2 Networks [SOLVED]
Replies: 1
Views: 144

Re: Two WAN, 1 Mikrotik, 2 Networks [SOLVED]

Sure possible, quite a similar situation here viewtopic.php?f=13&t=149263
by sebastia
Fri Jun 14, 2019 2:10 pm
Forum: General
Topic: SSTP over 1 Gbps link bad performance
Replies: 4
Views: 261

Re: SSTP over 1 Gbps link bad performance

probably related to fragmentation, you'll need to adjust the MTU to max allowed by tunnel.
by sebastia
Fri Jun 14, 2019 12:39 pm
Forum: General
Topic: Static route between 2 routers,2 networks
Replies: 7
Views: 308

Re: Static route between 2 routers,2 networks

Your firewall is allowing all which is not explicitly blocked. So that should be fine. add action=accept chain=forward connection-state=established add action=accept chain=forward connection-state=related add action=drop chain=forward connection-state=invalid Are the firewalls same for both routers?
by sebastia
Fri Jun 14, 2019 11:07 am
Forum: General
Topic: MT setup- FW setup due to GDPR - Hotspot - General Security Issue(s)
Replies: 5
Views: 368

Re: MT setup- FW setup due to GDPR - Hotspot - General Security Issue(s)

GDPR doesn't specify any specific measures: so its up for interpretation.

Personally I would prefer a certificate based VPN above port knocking.
by sebastia
Fri Jun 14, 2019 11:00 am
Forum: Scripting
Topic: switch on and off wifi radio script don't work anymore
Replies: 8
Views: 329

Re: switch on and off wifi radio script don't work anymore

Hence why you need a script that will be triggered often and can determine what to do ...
by sebastia
Fri Jun 14, 2019 10:56 am
Forum: General
Topic: Static route between 2 routers,2 networks
Replies: 7
Views: 308

Re: Static route between 2 routers,2 networks

Hi You have two relevant routes on each router: one without mark and one with mark. So, whether it's marked or not routing should work. Although the whole connection / routing marking for "to_LAN" looks unnecessary to me (in current context) -> one route entry WITHOUT mark should have been enough. Y...
by sebastia
Thu Jun 13, 2019 10:31 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Cablelabs Micronets
Replies: 4
Views: 382

Re: Cablelabs Micronets

Amen to that!
by sebastia
Thu Jun 13, 2019 10:28 pm
Forum: Scripting
Topic: switch on and off wifi radio script don't work anymore
Replies: 8
Views: 329

Re: switch on and off wifi radio script don't work anymore

Looking at other posts, ex https://forum.mikrotik.com/viewtopic.php?t=149298 is a good start :local time [/system clock get time]; :if ($time >= "07:00:00" && $time < "21:59:00") do={ :if (<is_wifi_off>) do={ :log warning "Switching wifi on" # add code here } } else { :if (<is_wifi_on>) do={ :log wa...
by sebastia
Thu Jun 13, 2019 10:02 pm
Forum: Scripting
Topic: switch on and off wifi radio script don't work anymore
Replies: 8
Views: 329

Re: switch on and off wifi radio script don't work anymore

why don't you schedule a repeatable task and put the logic to trigger or not in the script?
by sebastia
Thu Jun 13, 2019 3:40 pm
Forum: Wireless Networking
Topic: Change network
Replies: 2
Views: 132

Re: Change network

I would suggest to add new addresses first, then remove the old ones.
by sebastia
Thu Jun 13, 2019 2:45 pm
Forum: Beginner Basics
Topic: Cannot route over EoIP tunnel on PtP link
Replies: 3
Views: 147

Re: Cannot route over EoIP tunnel on PtP link

default route should look like this:
forward traffic to 0.0.0.0/0 (connection destination) to <ip> (gateway), with ip being a directly connected router

so for
TikA: it needs to forward to ip of your ips appliance
TikB: needs to forward to ip of TikA 10.8.8.1

why do you need a pppoe client?
by sebastia
Thu Jun 13, 2019 2:39 pm
Forum: Beginner Basics
Topic: STATIC ROUTE
Replies: 1
Views: 109

Re: STATIC ROUTE

you would want to split the test route and general route:
so have specific route for test server over wan1
and 2nd general route for all destination over wan1

Only the second gets disabled.
by sebastia
Thu Jun 13, 2019 2:36 pm
Forum: General
Topic: Mikrotik mangle for VoIP
Replies: 3
Views: 254

Re: Mikrotik mangle for VoIP

Any will do, but usually forward or postrouting, as then the outgoing interface is known.
by sebastia
Thu Jun 13, 2019 2:09 pm
Forum: Beginner Basics
Topic: Cannot route over EoIP tunnel on PtP link
Replies: 3
Views: 147

Re: Cannot route over EoIP tunnel on PtP link

You need to configure default gateway on both endpionts. -> where to forward non-local traffic

A note/question: why do you need ipip tunnel? You already have dedicated network between the radios: 10.8.8.1 & .2..
by sebastia
Thu Jun 13, 2019 1:02 am
Forum: General
Topic: RouterOS Virtual Labs
Replies: 84
Views: 107339

Re: RouterOS Virtual Labs

Now:
gns3 Version 2.1.20 (current), NPcap v0.995 (with wincap compatible api) and gns3 vm. (=only components installed)
The vm is running on Hyper-V on Win10Pro. The vm was built "manually": minimal install Ubuntu 18.04.2 server + gns3-server packages.
by sebastia
Wed Jun 12, 2019 11:35 pm
Forum: General
Topic: MT setup- FW setup due to GDPR - Hotspot - General Security Issue(s)
Replies: 5
Views: 368

Re: MT setup- FW setup due to GDPR - Hotspot

GDPR is not specific about what measure should be taken, but "appropriate ones" to ensure customers privacy, based on "industry standards". It also expect inherent security within the systems, it's called "security / privacy by default / design" default: safe settings out of the box design: safe sys...
by sebastia
Wed Jun 12, 2019 9:38 pm
Forum: General
Topic: MT setup- FW setup due to GDPR - Hotspot - General Security Issue(s)
Replies: 5
Views: 368

Re: MT setup- FW setup due to GDPR - Hotspot

GDPR is about personal identification. As long as you don't log data which could identify a person, you're fine. So is that applicable in the case you specified?
by sebastia
Wed Jun 12, 2019 5:21 pm
Forum: General
Topic: RouterOS Virtual Labs
Replies: 84
Views: 107339

Re: RouterOS Virtual Labs

Just a heads-up: when running VPCS within the gns3-vm, it fully loads a core of cpu.
Running that same VPCS on the gns3server locally doesn't have this effefct: cpu load is minimal.
by sebastia
Wed Jun 12, 2019 2:55 pm
Forum: General
Topic: Cant connect to winbox after hotspot setup
Replies: 5
Views: 219

Re: Cant connect to winbox after hotspot setup

https://wiki.mikrotik.com/wiki/Manual:IP/Hotspot
The MikroTik HotSpot Gateway provides authentication for clients before access to public networks .
I think you should still have access to routerboard when using MacServer with WinBox -> so connect to "mac of routerboard".
by sebastia
Wed Jun 12, 2019 2:51 pm
Forum: Beginner Basics
Topic: set up second WAN/ISP temporarily
Replies: 8
Views: 377

Re: set up second WAN/ISP temporarily

The above will work for traffic going to router itself only.

For traffic forwarded, "forward chain + input interface condition" for inbound and "prerouting chain + mark condition" for outbound can be used.
by sebastia
Wed Jun 12, 2019 12:53 am
Forum: General
Topic: Cant connect to winbox after hotspot setup
Replies: 5
Views: 219

Re: Cant connect to winbox after hotspot setup

your pcc config looks ok

hotspot will divert traffic to login page, hence you would want to setup hotspot on a guest network only, not your internal network.
by sebastia
Wed Jun 12, 2019 12:08 am
Forum: Beginner Basics
Topic: set up second WAN/ISP temporarily
Replies: 8
Views: 377

Re: set up second WAN/ISP temporarily

You'll need to mark traffic coming from ISP2, so that based on that mark only that traffic will be routed out to internet over isp2.
The other traffic to internet should go over isp1.

Added emphasis
by sebastia
Wed Jun 12, 2019 12:01 am
Forum: RouterBOARD hardware
Topic: RBSXTR problem with LTE
Replies: 16
Views: 1186

Re: RBSXTR problem with LTE

Was quite spotty last year, when isp was upgrading it's fiber network, but now stable again. Most recent event: Mar 24 19:45:28 firewall.home interface,info e5_ext link down I'm using that link for vpn traffic during office hours on occasion, but otherwise just idling (except for link mgmt traffic (...
by sebastia
Tue Jun 11, 2019 8:55 pm
Forum: RouterBOARD hardware
Topic: RBSXTR problem with LTE
Replies: 16
Views: 1186

Re: RBSXTR problem with LTE

My LTE is a backup link so it's used exceptionally by design.
by sebastia
Tue Jun 11, 2019 5:06 pm
Forum: RouterBOARD hardware
Topic: RBSXTR problem with LTE
Replies: 16
Views: 1186

Re: RBSXTR problem with LTE

I do Jun 1 00:07:11 ltegw.home script,error checkLTE: loss of lte1, recycling Jun 1 06:51:12 ltegw.home script,error checkLTE: loss of lte1, recycling Jun 1 12:11:12 ltegw.home script,error checkLTE: loss of lte1, recycling Jun 1 14:59:12 ltegw.home script,error checkLTE: loss of lte1, recycling Jun...
by sebastia
Tue Jun 11, 2019 4:47 pm
Forum: RouterBOARD hardware
Topic: RBSXTR problem with LTE
Replies: 16
Views: 1186

Re: RBSXTR problem with LTE

I've upgraded by netwatch to scheduler as well. In my case, the "state:11" are not related to ISP: they don't register anything at their end, must be something local. I'm inclined to think so too, as I didn't had these issues when the device was new. Started appearing after some months of operation ...
by sebastia
Tue Jun 11, 2019 4:39 pm
Forum: Wireless Networking
Topic: SXT LTE lost lte interface
Replies: 30
Views: 5238

Re: SXT LTE lost lte interface

It's same modem but different antenna...
by sebastia
Tue Jun 11, 2019 4:32 pm
Forum: Beginner Basics
Topic: 1 mikrotik, 2 ISPs, 2 LANs, can't make LANS see each other
Replies: 2
Views: 179

Re: 1 mikrotik, 2 ISPs, 2 LANs, can't make LANS see each other

Hi I've looked at first config only: it's using mangling to route traffic. It could be done, but is quite heavy on cpu. Better solution: use routing rules together with routing tables. Todo: * add/adjust routing tables * add routing rules * clean up existing config # route table /ip route add gatewa...
by sebastia
Tue Jun 11, 2019 2:12 pm
Forum: General
Topic: Interface packets discard.
Replies: 7
Views: 384

Re: Interface packets discard.

right. any queueing in place which limits the traffic?

Or just post your config: /export hide-sensitive compact...
by sebastia
Tue Jun 11, 2019 1:12 pm
Forum: General
Topic: RouterOS Virtual Labs
Replies: 84
Views: 107339

Re: RouterOS Virtual Labs

No issues here on GNS3: pings ok from one end to other
[admin@MikroTik] /interface ethernet> export
# jun/11/2019 10:13:21 by RouterOS 6.44.3
# software id = 
#
#
#

2R-setup.png
by sebastia
Tue Jun 11, 2019 12:39 pm
Forum: General
Topic: Interface packets discard.
Replies: 7
Views: 384

Re: Interface packets discard.

Looks to me like traffic is going to pppoe-dait (internet?) from ether1 (lan?). Download probably. No drops. -> upload
by sebastia
Tue Jun 11, 2019 12:06 pm
Forum: General
Topic: Tagged input packet with VLAN ID
Replies: 3
Views: 207

Re: Tagged input packet with VLAN ID

Bad news: since the devices can't tag traffic themselves, with an unmanaged switch it's not possible to isolate the networks. You'll need something to do that for them: indeed managed switch would do the trick, but also any routerboard with 5 ports (if the count is correct). So suggest you get a che...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 30