Community discussions

Search found 108 matches

by greek
Fri Aug 02, 2019 1:30 am
Forum: General
Topic: IKEv2 - Win10 Select Certificate Multiple VPN tunels [SOLVED]
Replies: 5
Views: 910

Re: IKEv2 - Win10 Select Certificate Multiple VPN tunels [SOLVED]

Tell me please, how to do it for Win7 Pro ?
by greek
Mon Jul 08, 2019 7:17 pm
Forum: General
Topic: DNS wiki example not work. Why?
Replies: 3
Views: 249

Re: DNS wiki example not work. Why?

Thank! It works fine.

This is seem to mistake in wiki page :(
by greek
Mon Jul 08, 2019 6:54 pm
Forum: General
Topic: DNS wiki example not work. Why?
Replies: 3
Views: 249

DNS wiki example not work. Why?

Hi!

WIKI: https://wiki.mikrotik.com/wiki/Manual%3AIP/DNS#Notes

I am trying to test wiki example:

Code: Select all

/ip dns static add name=".*\\.example\\.com" address="127.0.0.1"
But i saw answer:

Code: Select all

failure: bad name
What's wrong?
by greek
Mon Jul 01, 2019 9:04 pm
Forum: Beginner Basics
Topic: CLI command for conntrack port range?
Replies: 5
Views: 556

Re: CLI command for conntrack port range?

Nobody knows?
by greek
Thu Jun 27, 2019 1:55 am
Forum: Beginner Basics
Topic: CLI command for conntrack port range?
Replies: 5
Views: 556

Re: CLI command for conntrack port range?

up!
by greek
Sun Jun 16, 2019 7:09 am
Forum: Beginner Basics
Topic: CLI command for conntrack port range?
Replies: 5
Views: 556

Re: CLI command for conntrack port range?

And also I am trying to find cli-command for this filter:

Image
by greek
Sun Jun 16, 2019 5:12 am
Forum: Beginner Basics
Topic: CLI command for conntrack port range?
Replies: 5
Views: 556

CLI command for conntrack port range?

Hi!
Help me find CLI-analog of this filter:
Image


How i can print connections with port range of dst-addresses?
by greek
Tue Aug 07, 2018 12:20 pm
Forum: General
Topic: L2TP to different wan?
Replies: 4
Views: 512

Re: L2TP to different wan?

Спасибо a lot.

I am also think about script to check l2tp-connection state and removing connection from conntrack table.

But i am still hope to find native solution (without scripts).
by greek
Mon Aug 06, 2018 3:13 am
Forum: General
Topic: L2TP to different wan?
Replies: 4
Views: 512

Re: L2TP to different wan?

Yes, you are right.

And i have no idea, how to reconnect l2tp via new wan.
by greek
Sun Aug 05, 2018 8:47 pm
Forum: General
Topic: L2TP to different wan?
Replies: 4
Views: 512

L2TP to different wan?

Hi!
How to direct output l2tp-connection to new WAN after disconnect\reconnect?

I have 2 routing tables.
I try to catch 1 packet of new l2tp-connection in mangle output with "connection state = new" option, but not seen any packets.

How to solve?
by greek
Thu May 03, 2018 5:30 pm
Forum: RouterBOARD hardware
Topic: R11e-LTE
Replies: 3
Views: 961

Re: R11e-LTE

Using a 24V power supply on a RBM11G My R11e-LTE-US consumes 50ma at peak. Board pulls 60ma idle and 110ma when modem is tx/rx My R11e-LTE with RBM11G do not detecting after reboot (no LTE interface after reboot, no usb device in system - recources - usb). Only hard power reboot (power jack switch ...
by greek
Wed Apr 05, 2017 4:03 pm
Forum: General
Topic: L2TP with external Radius
Replies: 5
Views: 793

Re: L2TP with external Radius

I real need this feature very much too :( I need passing phone number from L2tp session in LNS mode to radius: 73.047827 10.110.198.1 → 10.110.197.157 L2TP 154 79526009820 Control Message - ICRQ (tunnel id=44370, session id=0) 73.048965 10.110.198.1 → 10.110.197.157 L2TP 269 test_mtik PPP CHAP Contr...
by greek
Wed Apr 05, 2017 12:54 pm
Forum: General
Topic: LNS. Phone Number to Radius?
Replies: 0
Views: 201

LNS. Phone Number to Radius?

Hi! My question is about LNS-mode autentification thru Radius. Can i see the cellular phone number in Radius requests? This number placed in ICRQ-packets from LAC (I see it in Wireshark): 205.608691 10.110.198.8 → 10.110.197.157 L2TP 154 79526619820 Control Message - ICRQ (tunnel id=83, session id=0...
by greek
Mon Mar 27, 2017 4:30 pm
Forum: General
Topic: Hotspot. MAC auth before HTTPS.
Replies: 1
Views: 467

Re: Hotspot. MAC auth before HTTPS.

Up?
by greek
Fri Mar 17, 2017 3:49 pm
Forum: General
Topic: Hotspot. MAC auth before HTTPS.
Replies: 1
Views: 467

Hotspot. MAC auth before HTTPS.

Hi. Is it possible to use MAC (or mac-cookie) auth strongly before HTTPS? Now MAC auth starts in the same time with HTTPS redirect to login page. Client succesfully log in thru MAC-cockie (use RADIUS), but browser trying to open log-in page. Mobile phone (Android) makes first trying connect to WiFi-...
by greek
Thu Jan 12, 2017 3:01 am
Forum: Scripting
Topic: Using "interface ppp-client info" in script
Replies: 11
Views: 6861

Re: Using "interface ppp-client info" in script

I use this variant of script:
/interface ppp-client info ppp-WAN do={
:if ([:len $"access-technology"] > 0 ) do={
:global lte $"access-technology" ;
:global signalstrengh $"signal-strengh";
:global itog ($lte."  ".$signalstrengh); 
:log warn $itog;
:quit;
}
}
by greek
Thu Jan 12, 2017 2:55 am
Forum: General
Topic: How split the variable?
Replies: 14
Views: 3846

Re: How split the variable?

And after reading this topic my final variant:
/interface ppp-client info ppp-WAN do={
:if ([:len $"access-technology"] > 0 ) do={
:global lte $"access-technology" ;
:global signalstrengh $"signal-strengh";
:global itog ($lte."  ".$signalstrengh); 
:log warn $itog;
:quit;
}
}
by greek
Thu Jan 12, 2017 2:49 am
Forum: General
Topic: How split the variable?
Replies: 14
Views: 3846

Re: How split the variable?

I use this variant: /system script add name=lte owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":local i 0;\ \n/interface ppp-client info ppp-WAN do={\ \n:set i (\$i+1);\ \n:if (\$i=5) do={\ \n:global lte \$\"access-technology\" ;\ \n:global signalstrengh \$\"si...
by greek
Thu Jan 12, 2017 2:44 am
Forum: General
Topic: How split the variable?
Replies: 14
Views: 3846

Re: How split the variable?

Thanks for your help! It works! My script has name QTY_Signal /interface ppp-client info ppp-out1 user-command="AT^HCSQ\?" do={ :if ([:len $manufacturer] > 0 ) do={ :set HCSQ $"manufacturer" /system script job remove [find script=QTY_Signal] } } Try this script: /interface ppp-client info ppp-out1 ...
by greek
Tue Jan 10, 2017 6:11 pm
Forum: General
Topic: Problem with Huawei E3372 4G modem
Replies: 68
Views: 126431

Re: Problem with Huawei E3372 4G modem

Dear Mikrotik, we really-really need this functional :) Please, implement this. What problem do you have and want to be solved? Also, make sure you bark up the correct tree, e.g. when you don't want NAT. The NAT is happening in the Huawei, so you should ask them to fix that. We need to get ip addre...
by greek
Tue Jan 10, 2017 3:04 am
Forum: General
Topic: Problem with Huawei E3372 4G modem
Replies: 68
Views: 126431

Re: Problem with Huawei E3372 4G modem

The best thing would be when mikrotik is importing the ncm driver from the e3372 stick. ;) Its working really nice with openwrt. I am using OpenWRT with the NCM Driver and ppp is working fine and as i know the 150mbit would be possible, but if the e3372 is in ppp modem modus lte reachs only 30 mpbs...
by greek
Fri Dec 23, 2016 5:55 pm
Forum: Beginner Basics
Topic: Please Help me im being attacked RIGHT NOW
Replies: 34
Views: 4765

Re: Please Help me im being attacked RIGHT NOW

Go to IP - Services menu, click telnet and click Disable-button (with red cross)
by greek
Fri Dec 23, 2016 5:52 pm
Forum: Beginner Basics
Topic: How to auth l2tp and pptp sessions on different radius servers?
Replies: 0
Views: 262

How to auth l2tp and pptp sessions on different radius servers?

Good day.

How i can auth pptp-users on Radius1 and l2tp on Radius2 ?
by greek
Fri Dec 23, 2016 5:48 pm
Forum: Beginner Basics
Topic: How to create empty username of ppp-secret?
Replies: 0
Views: 339

How to create empty username of ppp-secret?

Hello. I want to put temporary ip-addresses to users, who fogot enter usernames: 18:43:47 l2tp,ppp,error <10.10.198.3>: user authentication failed (Example error with non-empty username: 18:41:55 l2tp,ppp,error <10.10.228.128>: user 105323 authentication failed ) How to create ppp-account with empty...
by greek
Fri Sep 23, 2016 10:06 pm
Forum: General
Topic: New Packet flow diagram
Replies: 103
Views: 71998

Re: New Packet flow diagram

Where is placed "IP - Firewall - Raw" menu ?
by greek
Wed Aug 31, 2016 3:28 pm
Forum: Beginner Basics
Topic: Lt2p as LNS and Proxy Auth
Replies: 1
Views: 489

Re: Lt2p as LNS and Proxy Auth

Yes, it's possible since 6.35.4 (may be early)
by greek
Tue Aug 30, 2016 6:38 pm
Forum: Beginner Basics
Topic: Lt2p as LNS and Proxy Auth
Replies: 1
Views: 489

Lt2p as LNS and Proxy Auth

Hi.
Does proxy auth works in LNS mode?
I see in WireShark all ProxyAuth attributes is sent to Mikrotik, but authorization starts only in additional ppp lcp phase.

What is analog of Cisco command 'no lcp renegotiation always' in mikrotik?
by greek
Sun Mar 13, 2016 8:10 pm
Forum: Announcements
Topic: Winbox3.2 released!
Replies: 59
Views: 11165

Re: Winbox3.2 released!

Please, turn back "Exit" button. It's very useful button, one of main in paradigma of Winbox managment (all functional buttons in one place, at left). Or do it as configurable option.

ps: [X]-button at top-right is no comfortable for me.
by greek
Thu Mar 03, 2016 7:51 pm
Forum: General
Topic: LTE Troubleshouting
Replies: 0
Views: 388

LTE Troubleshouting

I use 912UAG-2HPnD with Cinterion PLS8-E (LTE module inside), ppp-client mode.

After reboot LTE module use only 3G mode with signal -55..-63.

Module go from 3G to LTE mode in ~30-120 minutes after reboot.

How to troubleshoute the reason of this non-LTE long time mode?

(Russia, Megafon)
by greek
Wed Mar 02, 2016 3:54 pm
Forum: The User Manager
Topic: user manager keep alive timeout
Replies: 8
Views: 4788

Re: user manager keep alive timeout

And It's happening the same to me.

How to set different keepalive timeout for 2 hotspots, which use the same userman for authorizing users?
by greek
Wed Feb 10, 2016 10:17 pm
Forum: General
Topic: How to mark every 2nd connection?
Replies: 3
Views: 476

Re: How to mark every 2nd connection?

Thak you for answer.

But i need to mark every 2nd connection for every uniq (src_ip+dst_ip) every 2 minutes.

I think about combination of parameters "per connection classifier" and "Dst limit", but i cann't find right combination.
by greek
Wed Feb 10, 2016 5:04 pm
Forum: General
Topic: How to mark every 2nd connection?
Replies: 3
Views: 476

How to mark every 2nd connection?

Hello.

Help me, please, how to mark every 2nd connection to one host (every N minutes)?
by greek
Wed Feb 10, 2016 12:27 am
Forum: General
Topic: Can CoA remove queue rule?
Replies: 2
Views: 907

Re: Can CoA remove queue rule?

No answer yet :(
by greek
Mon Nov 16, 2015 3:36 pm
Forum: General
Topic: Can CoA remove queue rule?
Replies: 2
Views: 907

Can CoA remove queue rule?

Good day. I use CoA with PPP with parametr "Mikrotik-Rate-Limit", when i need to limit speed for my l2tp-user. It creates new simple queue rule. Examle: echo -e user-name = 45@tst, Mikrotik-Rate-Limit=64k/64k | radclient -x 172.x.y.z:3799 coa mypass When i need to disable limit, i use this command: ...
by greek
Fri Oct 16, 2015 10:39 pm
Forum: General
Topic: How to run Netinstall on dedicated interface
Replies: 0
Views: 405

How to run Netinstall on dedicated interface

I have PC with Win8.1 I use some VLAN interfaces (created by realtek utility) When i disable all interfaces except one NetInstall works fine. But when i enable all interface NetInstall does not work. WireShark shows me that my devices cann't find bootp server. How to run Netinstall on dedicated inte...
by greek
Wed Sep 30, 2015 11:19 am
Forum: General
Topic: Problem when adding EoIP tunnel to interface with hotspot
Replies: 5
Views: 1221

Re: Problem when adding EoIP tunnel to interface with hotspot

I have the same problem.
Disabling EoIP in bridge ports solve trouble, but not solve problem.
by greek
Mon Aug 03, 2015 4:34 pm
Forum: Beginner Basics
Topic: New feature - MAC cookies
Replies: 4
Views: 5214

Re: New feature - MAC cookies

Is it feature realy insecure?
Somebody can take any already logged mac-address from the air and set it on the own wi-fi adapter.
by greek
Tue Apr 21, 2015 3:17 pm
Forum: Scripting
Topic: Scripts for random?
Replies: 10
Views: 2464

Re: Scripts for random?

Is it done?
by greek
Mon Mar 16, 2015 5:08 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: ipsec hardware support on CCR still no working ?
Replies: 1
Views: 1702

Re: ipsec hardware support on CCR still no working ?

You have got to solve this problem? I have the same problem.
by greek
Thu Oct 30, 2014 3:04 pm
Forum: Beginner Basics
Topic: How to change one parametr for many items?
Replies: 3
Views: 827

Re: How to change one parametr for many items?

Thank you for answer!

I have more than 40 almost identical profiles with minimal diferences and i need to change range

numbers=1-5,7,9,20-37

Can i do it easy ? (Without numbers=1,2,3,4,5,7,9,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37)
by greek
Thu Oct 30, 2014 1:46 pm
Forum: Beginner Basics
Topic: How to change one parametr for many items?
Replies: 3
Views: 827

How to change one parametr for many items?

Hello. How to make this command more shortly? /ip hotspot profile set 1,2,3,4,5,6,7,8,9,0,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 http-cookie-lifetime=1h May be /ip hotspot profile set number=1-33 http-cookie-lifetime=1h or /ip hotspot profile set number={1..15,16..33...
by greek
Thu Oct 09, 2014 3:24 pm
Forum: General
Topic: Easy firewall rule doesn't work
Replies: 2
Views: 889

Re: Easy firewall rule doesn't work

Can you please tell us what you are trying to do? Global target is different shaping of ports-in-bridge. I want to mark packets from WAN side to specific port-in-bridge (and back). I use simple rule for this purpose. /ip firewall mangle add chain=forward in-interface=ether1 log=yes out-bridge-port=...
by greek
Wed Oct 08, 2014 9:52 pm
Forum: General
Topic: Easy firewall rule doesn't work
Replies: 2
Views: 889

Easy firewall rule doesn't work

Good day. Default configuration. WAN = ether1, LAN = Bridge1, NAT Rule: /ip firewall mangle add chain=forward in-interface=ether1 log=yes out-bridge-port=wlan1 out-interface=bridge1 Counter of packets = 0, log is empty. Laptop is connected to wlan1, internet works fine. Why it's not work? ps: /ip fi...
by greek
Fri Jun 20, 2014 12:42 am
Forum: General
Topic: New Packet flow diagram
Replies: 103
Views: 71998

Re: New Packet flow diagram

Why first and last figures in output chain are not a parallelepiped as in original scheme?

As i know, parallelepiped has concretic mining in flowchart http://en.wikipedia.org/wiki/Flowchart
by greek
Tue Apr 15, 2014 11:02 am
Forum: General
Topic: Marking packets in bridge is working?
Replies: 1
Views: 1566

Re: Marking packets in bridge is working?

Any idea?

[Ticket#2014041166000279] with no answer :(
by greek
Tue Apr 08, 2014 11:18 pm
Forum: General
Topic: Marking packets in bridge is working?
Replies: 1
Views: 1566

Marking packets in bridge is working?

Hello. I have a simple default config: wan-(nat)-bridge(ether,wlan) I try to mark all packets to bridge port (wlan). I do it in bridge src-nat chain. I have "use-ip-firewall" checked. "Packet flow scheme" say to me, that next hop will be "Postrouting" ( http://wiki.mikrotik.com/wiki/Manual:Packet_Fl...
by greek
Tue Apr 08, 2014 9:59 pm
Forum: General
Topic: New Packet flow diagram
Replies: 103
Views: 71998

Re: New Packet flow diagram

Thank you, fixed - see updated my post.
Why last block in output chain is "Bridge Adjustm"?
In original scheme it's "Routing Adj."

And why "Simple queues" blocks is absent in "Input" and "Postrouting" chains ?
by greek
Sat Apr 05, 2014 1:05 am
Forum: Beginner Basics
Topic: How to mark packets from\to port in bridge?
Replies: 5
Views: 2878

Re: How to mark packets from\to port in bridge?

you'll notice there isn't any difference in the src/dst. So what I had to do was mark the src, in my case wlan30 and then mark the dst, in my case vlan30. Thank you for answer. wlan30 and vlan 30 are both bridge ports of same bridge ? You mark src and dst interface in "Bridge - Filter\Nat" or "IP F...