Community discussions

Search found 530 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 11
by 2frogs
Sat Aug 17, 2019 4:34 am
Forum: Beginner Basics
Topic: can only get a dynamic ip on bridge interface
Replies: 10
Views: 718

Re: can only get a dynamic ip on bridge interface

If you plug your computer into the cable that is on ether1, does it get an IP address. If it does, make sure it is not in the same range as your router (ie 192.168.88.0/24). I don't see anything in config that would prevent it from obtaining an IP.
by 2frogs
Thu Aug 15, 2019 9:41 pm
Forum: Beginner Basics
Topic: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server
Replies: 26
Views: 2372

Re: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server

On CRS, navigate to IP>Addresses. Or
/ip address remove [find address="192.168.88.1/24"]
The address is most likely a left-over from the default config.
by 2frogs
Thu Aug 15, 2019 7:08 pm
Forum: Beginner Basics
Topic: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server
Replies: 26
Views: 2372

Re: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server

Since you have a dhcp-client on bridge, just remove the 192.168.88.1/24 address
by 2frogs
Thu Aug 15, 2019 3:08 pm
Forum: Beginner Basics
Topic: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server
Replies: 26
Views: 2372

Re: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server

Change: add action=masquerade chain=srcnat comment=LetsencrypLocal dst-address=192.168.88.254 \ dst-port=180,1443 protocol=tcp to add action=masquerade chain=srcnat comment=Hairpin NAT dst-address=192.168.88.0/24 src-address=192.168.88.0/24 as SOB suggested as it is universal. Do you have any static...
by 2frogs
Wed Aug 14, 2019 6:03 pm
Forum: Beginner Basics
Topic: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server
Replies: 26
Views: 2372

Re: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server

And you have flushed dns on your device?
What is doing or not doing?
Can you provide:
/ip firewall nat export
by 2frogs
Mon Aug 12, 2019 9:02 pm
Forum: General
Topic: Simple Queue not working unless torch is running
Replies: 2
Views: 329

Re: Simple Queue not working unless torch is running

Try disabling the fast-track firewall rules.
by 2frogs
Sun Aug 11, 2019 5:44 am
Forum: Beginner Basics
Topic: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server
Replies: 26
Views: 2372

Re: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server

@sebastia

I believe you missed that the server is on ports 180 & 1443. Static DNS entries will not work in this case as it points to ports 80 & 443.
by 2frogs
Sat Aug 10, 2019 3:21 pm
Forum: Beginner Basics
Topic: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server
Replies: 26
Views: 2372

Re: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server

Instead of the DNS trick, try correcting your dst-nat rules. If you have a static IP: /ip firewall nat add action=dst-nat chain=dstnat comment=Letsencrypt dst-port=80 dst-address=your.external.ip.address protocol=tcp to-addresses=192.168.88.245 to-ports=180 add action=dst-nat chain=dstnat comment=Le...
by 2frogs
Thu Aug 08, 2019 9:10 pm
Forum: Beginner Basics
Topic: wifi speed - 2 clients only
Replies: 2
Views: 372

Re: wifi speed - 2 clients only

What you are seeing is normal. The data rate is the combined theoretically possible rate for upload and download. Since the AP and Client can only send or receive and do so to a single device at a time it will half the data rate. And as you noticed, if you connect a second device and try to download...
by 2frogs
Thu Aug 08, 2019 4:28 pm
Forum: Beginner Basics
Topic: MikroTik wAP as wireless client?
Replies: 4
Views: 777

Re: MikroTik wAP as wireless client?

The best way to set it up is to use Winbox to reset without default and configure it manually. Once you have reset the wAP, you will have to connect to it using it MAC Address. Now you can setup a bridge and add ether1 and wlan1 to it. And now configure wlan1 to be a station with the proper SSID and...
by 2frogs
Thu Aug 08, 2019 7:45 am
Forum: Wireless Networking
Topic: Hotspot Mikrotik Customization
Replies: 1
Views: 274

Re: Hotspot Mikrotik Customization

The Hotspot Trial user is perfect for what you want. You can edit the default login.html to remove the login box and use the trial user link as the "click here" to agree. https://wiki.mikrotik.com/wiki/Manual:Hotspot_Introduction https://wiki.mikrotik.com/wiki/Manual:IP/Hotspot https://wiki.mikrotik...
by 2frogs
Thu Aug 08, 2019 7:30 am
Forum: Scripting
Topic: Failover script to call another script
Replies: 1
Views: 242

Re: Failover script to call another script

So if you put these in terminal they run, but not from the script? /system script run firewall-to-backup /system script run firewall-to-main You could also change from using in/out-interface to interface-list and not have to change the firewall rules at all: /interface list add comment=defconf name=...
by 2frogs
Thu Aug 08, 2019 6:33 am
Forum: Beginner Basics
Topic: simultaneous user logins
Replies: 2
Views: 385

Re: simultaneous user logins

/tool user-manager user set [find shared-users=unlimited] shared-users=1
by 2frogs
Thu Aug 01, 2019 6:35 am
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1309

Re: Very simple VLAN

You mentioned untagging/tagging is why I suggested a bridge. But yes, you can put the IP and DHCP Server directly on vlan1. And you can then remove the bridge port for vlan1 as it is not needed.
by 2frogs
Thu Aug 01, 2019 5:16 am
Forum: Beginner Basics
Topic: VPN problem between local LAN and VPN clients
Replies: 3
Views: 482

Re: VPN problem between local LAN and VPN clients

Do you have a static route to your LAN set on the Synology and a static route to the Synology from the Router?
by 2frogs
Thu Aug 01, 2019 4:59 am
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1309

Re: Very simple VLAN

I believe you need to create a new bridge for the vlan and add IP and DHCP Server to the new bridge. Then change the bridge port for vlan1 to the new bridge. /interface bridge add name=vlan1-bridge /interface bridge port add bridge=vlan1-bridge interface=vlan1 The rest of your config should remain t...
by 2frogs
Wed Jul 31, 2019 4:30 pm
Forum: Wireless Networking
Topic: Help with a wireless backbone
Replies: 3
Views: 509

Re: Help with a wireless backbone

You will need to use vlans, but having two networks in both buildings should not be a problem. There are many tutorials and examples on this forum and elsewhere. You will need a clan capable switch. Or if you only need a few ports and it is indoors you can use something like an hAP-AC/hAP-AC2 and br...
by 2frogs
Wed Jul 31, 2019 2:33 am
Forum: Wireless Networking
Topic: Help with a wireless backbone
Replies: 3
Views: 509

Re: Help with a wireless backbone

I would use the Wireless Wire to bridge the buildings as it can provide wire speeds.
by 2frogs
Tue Jul 30, 2019 5:35 am
Forum: General
Topic: Mikrotik Mobile App [SOLVED]
Replies: 2
Views: 399

Re: Mikrotik Mobile App [SOLVED]

The app uses the Winbox port to connect. You can specify the correct port in the address field of app like; 192.168.88.1:1234
by 2frogs
Fri Jul 26, 2019 2:23 pm
Forum: Wireless Networking
Topic: Faile to add queue
Replies: 1
Views: 193

Re: Faile to add queue

From Terminal run this command:
/export hide-sensitive file=export
Download and edit the export.rsc using a text editor to remove any public ips or identifying information and paste using the code wrapper [ code][ /code].
by 2frogs
Fri Jul 26, 2019 2:11 pm
Forum: General
Topic: Ovpn server on separate pool cannot reach lan
Replies: 4
Views: 338

Re: Ovpn server on separate pool cannot reach lan

Try adding this to the top of your mangle rules:
/ip firewall mangle
add action=accept chain=prerouting dst-address=10.255.255.0/24 in-interface=bridge
I believe your rules are too loose and catching any traffic from your LAN to VPN IP ranges.
by 2frogs
Thu Jul 25, 2019 7:35 am
Forum: General
Topic: Need to set up access to NAS openvpn
Replies: 45
Views: 2531

Re: Need to set up access to NAS openvpn

Thought I would let you know that L2TP/IPSec is not any better. I have a TS-431XeU with AnnapurnaLabs Alpine AL-314 32-bit ARM® Cortex-A15 quad-core 1.7GHz processor and 10-11MB/s is all it will do at 40% CPU usage. QVPN represents only 10% CPU usage.
by 2frogs
Tue Jul 23, 2019 12:15 am
Forum: Wireless Networking
Topic: 6 x 60G AP Sectors Area Configuration Thread
Replies: 5
Views: 511

Re: 6 x 60G AP Sectors Area Configuration Thread

Separation will do wonders too. Both horizontal and vertical. Any radio device back to back on a mast is usually a bad idea. 2-3 meters vertically and 1 horizontal is about minimal in my opinion.
by 2frogs
Mon Jul 22, 2019 9:25 pm
Forum: General
Topic: Can't access Winbox from VPN - OpenVpn
Replies: 4
Views: 313

Re: Can't access Winbox from VPN - OpenVpn

/ip firewall filter 
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
This rule, since no interfaces are listed and it is above the drop rule (they are processed in order), allows pings from any where.
by 2frogs
Mon Jul 22, 2019 9:02 pm
Forum: General
Topic: Can't access Winbox from VPN - OpenVpn
Replies: 4
Views: 313

Re: Can't access Winbox from VPN - OpenVpn

This rule is blocking access: /ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN Your VPN is not included in interface-list. You can add it under /ppp profiles: /ppp profile add local-address=192.168.1.1 name=Ovpn-profile remote-a...
by 2frogs
Sat Jul 20, 2019 3:52 am
Forum: Beginner Basics
Topic: RBwAPG-60ad IP Settings
Replies: 1
Views: 354

Re: RBwAPG-60ad IP Settings

The bridge is the correct place for the dhcp-client as it is the master interface. It looks like the quick-set is broken, but since it is based off of simple scripts it is limited in functionality and should not be used passed initial setup anyway.
by 2frogs
Sat Jul 20, 2019 3:05 am
Forum: Scripting
Topic: am i missing something???
Replies: 2
Views: 429

Re: am i missing something???

:if ([:len [/ip ipsec policy find dst-address=10.0.0.0/16]]=0) do={:put "Not Found" } else={:put "Found"} Or :if ([:len [/ip ipsec policy find dst-address=10.0.0.0/16]]>0) do={:put "Found"} el se={:put "Not Found"} A missing value is not 0, it is null and ROS scripts can't handle nulls. But you can...
by 2frogs
Fri Jul 19, 2019 4:13 am
Forum: General
Topic: hair pin when out interface has different address
Replies: 8
Views: 529

Re: hair pin when out interface has different address

I am sorry, I either miss read your original setup or confused it with another. You don't even need the ddns hack. Use dst-address=192.168.1.252. /ip firewall nat add chain=srcnat action=src-nat protocol=tcp src-address=10.0.1.0/24 dst-address=192.168.1.252 to-address=10.0.1.1 out-interface=bridge d...
by 2frogs
Thu Jul 18, 2019 8:13 pm
Forum: General
Topic: hair pin when out interface has different address
Replies: 8
Views: 529

Re: hair pin when out interface has different address

Yes, you can use the DDNS you already have setup.
by 2frogs
Wed Jul 17, 2019 8:18 pm
Forum: General
Topic: hair pin when out interface has different address
Replies: 8
Views: 529

Re: hair pin when out interface has different address

On your 10.0.1.1, enable the built in DDNS. Now add your DDNS URL to an address-list with a name like My_IP. You now use dst-address-list in place of dst-address in the hair-pin nat tutorials.

You can also use the DDNS URL to access your server without having to know your current IP.
by 2frogs
Wed Jul 17, 2019 2:13 pm
Forum: General
Topic: A difficault question about CLI [SOLVED]
Replies: 3
Views: 368

Re: A difficault question about CLI [SOLVED]

In Terminal, the [TAB] key can be your friend! :)

It can auto complete command and list: directories, commands and variables
by 2frogs
Tue Jul 16, 2019 3:23 pm
Forum: Beginner Basics
Topic: connection state question [SOLVED]
Replies: 13
Views: 1017

Re: connection state question [SOLVED]

Correct! It is already accepted!
by 2frogs
Tue Jul 16, 2019 2:42 pm
Forum: Beginner Basics
Topic: connection state question [SOLVED]
Replies: 13
Views: 1017

Re: connection state question [SOLVED]

The default for the firewall filter is to accept. If you remove all rules, everything would be accepted. If you only add chain=forward action=drop, then all being forwarded would be dropped. Now change that rule to include in-interface=ether1 and now only forwards coming from ether1 are being droppe...
by 2frogs
Tue Jul 16, 2019 2:21 pm
Forum: General
Topic: A difficault question about CLI [SOLVED]
Replies: 3
Views: 368

Re: A difficault question about CLI [SOLVED]

unset
/ip firewall nat unset [find action=masquerade] out-interface
by 2frogs
Tue Jul 16, 2019 3:33 am
Forum: General
Topic: Redirecting Problems [SOLVED]
Replies: 3
Views: 381

Re: Redirecting Problems [SOLVED]

That is correct, you need both rules.
by 2frogs
Mon Jul 15, 2019 3:02 am
Forum: General
Topic: Port Forwarding Not Working but Shows Packets
Replies: 11
Views: 769

Re: Port Forwarding Not Working but Shows Packets

@anav
hmm, so glad we can agree it could be done with a single rule:
"And your Filter rule need to be for chain=forward: (or enable the default drop rule)"
by 2frogs
Sat Jul 13, 2019 11:45 pm
Forum: General
Topic: Mikrotik Web Interface not accesible via VPN on remote router
Replies: 5
Views: 536

Re: Mikrotik Web Interface not accesible via VPN on remote router

Or add script to ppp profile to add/remove the interface when you login/logout: on-up=/interface list member add list="LAN" interface=[/interface get [find type=l2tp-in && dynamic=yes] name] on-down=/interface list member remove [find interface!="bridge" && list="LAN"] Or you can also set l2tp serve...
by 2frogs
Sat Jul 13, 2019 4:28 am
Forum: General
Topic: Redirecting Problems [SOLVED]
Replies: 3
Views: 381

Re: Redirecting Problems [SOLVED]

You also need a src-nat:
/ip firewall nat
add action=src-nat chain=srcnat src-address=192.168.0.0/24 dst-address=192.168.0.4 to-address=192.168.0.1
by 2frogs
Sat Jul 13, 2019 1:46 am
Forum: Wireless Networking
Topic: Can I use NV2 and "normal" Wifi on the same device?
Replies: 4
Views: 438

Re: Can I use NV2 and "normal" Wifi on the same device?

The Wireless Wire is basically 2 WAP 60G AP, just pre-configured as PtP pair (they can be reconfigured). They have a 60 degree beam width, so depending on the lay out it could cover your end points. There is also a WAP 60Gx3 AP that can cover 180 degrees.
https://mikrotik.com/product/wap_60gx3_ap
by 2frogs
Fri Jul 12, 2019 9:25 pm
Forum: Wireless Networking
Topic: Can I use NV2 and "normal" Wifi on the same device?
Replies: 4
Views: 438

Re: Can I use NV2 and "normal" Wifi on the same device?

You can not use 802.11 and NV2 at same time. A dedicated point to point or point to multi-point would be better than trying to use an AP that has other wireless users on it. Have you seen: https://mikrotik.com/product/wap_60g_ap https://mikrotik.com/product/wireless_wire These should be able to conn...
by 2frogs
Fri Jul 12, 2019 9:09 pm
Forum: General
Topic: Port Forwarding Not Working but Shows Packets
Replies: 11
Views: 769

Re: Port Forwarding Not Working but Shows Packets

Your NAT rules do not need a to-port unless your are changing ports. They should look like this: /ip firewall nat add action=dst-nat chain=dstnat comment="ALA USG VPN" dst-port=500 in-interface=ether1-gateway log=yes protocol=udp to-addresses=10.0.1.89 add action=dst-nat chain=dstnat comment="ALA US...
by 2frogs
Fri Jul 12, 2019 8:24 pm
Forum: General
Topic: Mikrotik Web Interface not accesible via VPN on remote router
Replies: 5
Views: 536

Re: Mikrotik Web Interface not accesible via VPN on remote router

There are actually major differences between the 2 routers when you consider the firewall rules. On Router 1, the default drop for input is dropping all from ether1, which is your WAN. By default it is accepting from all other ports including all other ethers, wlans, bridges, l2tp ,etc. /ip firewall...
by 2frogs
Fri Jul 12, 2019 6:35 pm
Forum: Beginner Basics
Topic: Log File [SOLVED]
Replies: 4
Views: 556

Re: Log File [SOLVED]

Yes
/log print file=log.txt
A remote syslog might b a better option depending on intended use.
https://wiki.mikrotik.com/wiki/Manual:System/Log
by 2frogs
Wed Jul 10, 2019 11:18 pm
Forum: General
Topic: Very high sector writes
Replies: 24
Views: 1241

Re: Very high sector writes

Most likely a partially failed update or some corruption in OS.
by 2frogs
Wed Jul 10, 2019 5:38 am
Forum: General
Topic: Help with IP-> Filter needed
Replies: 2
Views: 228

Re: Help with IP-> Filter needed

Create a address-list name=payment_gateway and add www.some.paymentsystem.com and dns ip to it.
Now add dst-address-list!=payment_gateway to both of your rules. The "!" means "not".

This should work for http, but I don't think it will for https...
by 2frogs
Wed Jul 10, 2019 3:05 am
Forum: Beginner Basics
Topic: Scripting distance of routes [SOLVED]
Replies: 8
Views: 687

Re: Scripting distance of routes [SOLVED]

Is x.x.x.x a unique ID or do you have multiple with gateway=x.x.x.x? Copy and paste the following in Terminal: /ip route add dst-address=1.2.3.4/32 gateway=1.2.3.4 distance=5; :if ([/ip route get [find gateway=1.2.3.4] distance]=5) do={:put "True"} else={:put "False"}; ##Should have output of "True"...
by 2frogs
Tue Jul 09, 2019 7:45 pm
Forum: Beginner Basics
Topic: Scripting distance of routes [SOLVED]
Replies: 8
Views: 687

Re: Scripting distance of routes [SOLVED]

Spacing maybe!?!? This works for me:
:if ([/ip route [find gateway=x.x.x.x] distance]=2) do={:log error “True”}
by 2frogs
Sat Jul 06, 2019 3:25 am
Forum: General
Topic: Very high sector writes
Replies: 24
Views: 1241

Re: Very high sector writes

/system logging
add topics=debug
Have tried disabling this?
  • 1
  • 2
  • 3
  • 4
  • 5
  • 11