Community discussions

MikroTik App

Search found 131 matches

by harvey
Sun Jan 15, 2023 1:27 pm
Forum: RouterOS beta
Topic: Problem with editing file in container store [SOLVED]
Replies: 2
Views: 4089

Re: Problem with editing file in container store [SOLVED]

I’m seeing the same issue. Creating any folders, uploading pre edited files etc via sftp causes the same issue. Whilst getting a console to the container works, depending on the container it’s self, you may need to install text editors inside it which defeats the point of a container. This is not th...
by harvey
Wed Nov 25, 2020 4:08 pm
Forum: General
Topic: Mikrotik as PPPoE modem
Replies: 1
Views: 796

Mikrotik as PPPoE modem

Hi, Apologies if I'm coming at this from the wrong angle but currently we have a Mikrotik that acts as a full router/firewall and it connects to the internet using PPPoE and it assigns the WAN IP via DHCP. We are looking to replace all the Wifi with Eero. The problem is Eero does not support PPPoE s...
by harvey
Wed Sep 09, 2020 5:08 pm
Forum: General
Topic: LTE dropouts
Replies: 9
Views: 2702

Re: LTE dropouts

@WeWiNet - Thanks for pointing that out. I run the lte firmware update last night and for about 3+ hours it was fine. This morning I checked again and it was still happening @mkx - Thanks for explaining this. We have three of the LHR's, all on the same network provider and this is the only one that ...
by harvey
Tue Sep 08, 2020 12:18 pm
Forum: General
Topic: LTE dropouts
Replies: 9
Views: 2702

Re: LTE dropouts

Anyone have any further suggestions?
by harvey
Mon Aug 17, 2020 10:28 am
Forum: General
Topic: LTE dropouts
Replies: 9
Views: 2702

Re: LTE dropouts

Hi, thanks for sending the page through, I'd found a similar page but not finding it easy to cross-reference my output to the examples on that page. The common CREG command in my output shows two sets of numbers 6+7 and 6+9: lte1: +CREG: 6,"0603","00139102",7 lte1: +CREG: 6,"...
by harvey
Wed Aug 12, 2020 4:11 pm
Forum: General
Topic: LTE dropouts
Replies: 9
Views: 2702

LTE dropouts

We recently installed an LHG R LTE kit for client. We are aware that its location is not ideal but we were restricted due to the building being listed. pin-status: ok registration-status: registered functionality: full manufacturer: "MikroTik" model: "R11e-LTE6" revision: R11e-LT...
by harvey
Sat Jul 18, 2020 10:44 am
Forum: General
Topic: CHR + AWS + IPv6
Replies: 16
Views: 4640

Re: CHR + AWS + IPv6

Hi Sindy, Sorry for the delay, been a busy few days, so yes, I think it's already like that, here is the route table: 2020-07-18 at 07.56.png 3200::/64 is the WAN subnet 3299::/64 is the LAN subnet eni-xx4f1 is the network is the CHR's WAN network interface I have then associated the route table to ...
by harvey
Wed Jul 15, 2020 11:25 pm
Forum: General
Topic: CHR + AWS + IPv6
Replies: 16
Views: 4640

Re: CHR + AWS + IPv6

Firewall is as follows: /ipv6 firewall address-list add address=2a04:xxxxxx::/64 comment="Office" list=remote add address=fe80::/16 comment="Link Local" list=allowed add address=ff02::/16 comment=Multicast list=allowed add address=2a05:xxxxxxxx:3299::/64 comment="AWS LAN&quo...
by harvey
Wed Jul 15, 2020 11:20 pm
Forum: General
Topic: CHR + AWS + IPv6
Replies: 16
Views: 4640

Re: CHR + AWS + IPv6

I've created the route table in AWS and pointed the LAN subnet to the network interface of the CHR's WAN. This route table is associated to the AWS's IGW 2020-07-15 at 21.15.png This is what is described here https://docs.aws.amazon.com/vpc/latest/userguide/route-table-options.html#route-tables-appl...
by harvey
Wed Jul 15, 2020 10:10 pm
Forum: General
Topic: CHR + AWS + IPv6
Replies: 16
Views: 4640

Re: CHR + AWS + IPv6

When using dhcp-client, the gateway is not an address out of the pool at all: As @mrz wrote, fe80:what:ever:: are link-local addresses, which by definition do not fit into the global IP address range, and it is nothing unusual that a default gateway's IP address is a link-local one. It seems to me ...
by harvey
Tue Jul 14, 2020 11:35 am
Forum: General
Topic: CHR + AWS + IPv6
Replies: 16
Views: 4640

Re: CHR + AWS + IPv6

Hi Sindy, I'm very appreciative of your help, even if it's just from the Mikrotik side. Just trying to work out if I'm wasting my time with the AWS side. When using dhcp-client, the gateway is not an address out of the pool at all: IPv6 address allocated via DHCP is in the range of 2a05:d018:xxxxxxx...
by harvey
Sat Jul 11, 2020 4:35 pm
Forum: General
Topic: CHR + AWS + IPv6
Replies: 16
Views: 4640

Re: CHR + AWS + IPv6

Hi Sindy, Thanks as always for your input. I'm guessing your advice is IPv6 generic and not directly related to how it works with AWS? Please correct me if I'm wrong. Let me summarise a little bit on what I know: 1) You can only allocate a /56 to the VPC 2) You can only allocate a single /64 to the ...
by harvey
Fri Jul 10, 2020 11:31 pm
Forum: General
Topic: CHR + AWS + IPv6
Replies: 16
Views: 4640

Re: CHR + AWS + IPv6

I've tried using prefix within the ipv6 dhcp-client to add the /64 to a pool, when I do this the status is stuck at searching.

Anyone have any ideas? Thanks
by harvey
Fri Jul 10, 2020 9:37 pm
Forum: General
Topic: CHR + AWS + IPv6
Replies: 16
Views: 4640

Re: CHR + AWS + IPv6

Scratch the previous post, the ipv6 route out on when I did the pcap was down at the time. Once that was working again I re-ran the test. I can only see the outbound connection, this time. I've also realised the error of my ways. As the server's ipv6 subnet is not allocated to the public subnet of t...
by harvey
Fri Jul 10, 2020 8:54 pm
Forum: General
Topic: CHR + AWS + IPv6
Replies: 16
Views: 4640

Re: CHR + AWS + IPv6

I've performed a packet capture on CHR whilst pinging 2001:4860:4860::8888 from the link server and opened it up in wireshark I can see the icpmv6 packets going from the server's ip6 address but it says: ICMPv6 118 Echo (ping) request id=0x10fb, seq=4, hop limit=64 (no response found!) I am also see...
by harvey
Fri Jul 10, 2020 7:31 pm
Forum: General
Topic: CHR + AWS + IPv6
Replies: 16
Views: 4640

CHR + AWS + IPv6

Hi All, Apologies, my skills in IPv6 aren't great. I've set up CHR in AWS, all is working fine with IPv4 with an ec2 instance natted behind CHR I'd like to set up IPv6 for the Mikrotik and servers located in the "LAN" side of AWS behind the CHR instance. I have enabled IPv6 on the VPC (/56...
by harvey
Wed Jul 08, 2020 11:13 pm
Forum: General
Topic: SMS receive 'allowed-number' multiple numbers [SOLVED]
Replies: 9
Views: 3737

Re: SMS receive 'allowed-number' multiple numbers [SOLVED]

The following gets accepted, but don't know whether it works in practice: /tool sms set allowed-number="+447xxxxxxxxx,+447xxxxxxxx" "/tool/sms print" says then: ... allowed-number: +447xxxxxxxxx,+447xxxxxxxx ... OTOH entering the numbers via the GUI interface one by one does the...
by harvey
Wed Jul 08, 2020 3:36 pm
Forum: General
Topic: SMS receive 'allowed-number' multiple numbers [SOLVED]
Replies: 9
Views: 3737

Re: SMS receive 'allowed-number' multiple numbers [SOLVED]

Thanks all. I have raised a ticket with support, hopefully it will get fixed in the future. For now I'm happy it works fine in the terminal
by harvey
Sun Jul 05, 2020 6:50 pm
Forum: General
Topic: SMS receive 'allowed-number' multiple numbers [SOLVED]
Replies: 9
Views: 3737

Re: SMS receive 'allowed-number' multiple numbers [SOLVED]

Yes, it does work fine from the terminal: /tool sms set allowed-number=+447xxxxxxxxx,+447xxxxxxxx However, after setting it through the terminal, opening it up in Winbox the field was blank. I cleared the setting via terminal manual put +447xxxxxxxxx,+447xxxxxxxx in winbox, tested and the second num...
by harvey
Sun Jul 05, 2020 6:37 pm
Forum: General
Topic: SMS receive 'allowed-number' multiple numbers [SOLVED]
Replies: 9
Views: 3737

Re: SMS receive 'allowed-number' multiple numbers [SOLVED]

Thanks. I’m running 6.45.9. Winbox does not use the standard list option, you only get a single field, I only tried comma based lists in winbox, I’ll try through ther terminal. Interesting winbox might have a bug regards this anyway as it seems to show no value even if it has been set. I had to use ...
by harvey
Sun Jul 05, 2020 6:32 pm
Forum: General
Topic: Inbound SMS run script pass number [SOLVED]
Replies: 8
Views: 5871

Re: Inbound SMS run script pass number [SOLVED]

Hi @sindy, thanks for the idea, I've had another thread open trying to look at it from another angle and that solution seems like it will be suitable enough for me. Thanks for your input. Well, the only difference is that in that other thread you use the print as-value approach for the same thing, ...
by harvey
Sun Jul 05, 2020 2:31 pm
Forum: General
Topic: SMS receive 'allowed-number' multiple numbers [SOLVED]
Replies: 9
Views: 3737

SMS receive 'allowed-number' multiple numbers [SOLVED]

Hi, Is there anyway to specify multiple 'allowed-number' for receiving SMS: https://wiki.mikrotik.com/wiki/Manual:Tools/Sms#Receiving I've tried using several delimiters like comma and semicolon etc but only the first number is allowed through. We have several engineers who would need to be able to ...
by harvey
Sun Jul 05, 2020 2:21 pm
Forum: General
Topic: Inbound SMS run script pass number [SOLVED]
Replies: 8
Views: 5871

Re: Inbound SMS run script pass number [SOLVED]

I guess that the part you are missing is how to fetch the sender number from the received message. So you need something like :local senderNumber [tool sms inbox get [find message~"a regexp to check that it is the expected query message, not a spam"] number] and then you can send the resp...
by harvey
Sun Jul 05, 2020 2:17 pm
Forum: Scripting
Topic: Extracting last SMS number [SOLVED]
Replies: 9
Views: 4051

Re: Extracting last SMS number [SOLVED]

The SMS inbox is a 2D array, tips on how to work with and get parameter values from arrays can be found in the Scripting Tips and Tricks section of the wiki, specifically sections 5. Get values for properties if 'get' command is not available and 6. Always check what value and type command returns ...
by harvey
Sun Jul 05, 2020 2:15 pm
Forum: Scripting
Topic: Extracting last SMS number [SOLVED]
Replies: 9
Views: 4051

Re: Extracting last SMS number [SOLVED]

More research suggests /tool sms inbox get $i phone doesn't use the index so using my count - 1 method won't work . However `/tool sms inbox find` still returns nothing Try this: :global lastIx ([:len /tool sms inbox] - 1) :global lastNum [/tool sms inbox get number=$lastIx phone] :put $lastNum ......
by harvey
Sat Jul 04, 2020 11:34 pm
Forum: General
Topic: Inbound SMS run script pass number [SOLVED]
Replies: 8
Views: 5871

Re: Inbound SMS run script pass number [SOLVED]

I'm trying to write a script so when the Mikrotik receives an SMS it runs the script, gathers some information from the Mikrotik, and then sends an SMS back to the number that sent the request. Is there any way to pass the phone number of the incoming message to the script so it can be used within ...
by harvey
Sat Jul 04, 2020 12:18 am
Forum: Scripting
Topic: Extracting last SMS number [SOLVED]
Replies: 9
Views: 4051

Re: Extracting last SMS number [SOLVED]

More research suggests /tool sms inbox get $i phone doesn't use the index so using my count - 1 method won't work .

However `/tool sms inbox find` still returns nothing
by harvey
Sat Jul 04, 2020 12:05 am
Forum: General
Topic: Inbound SMS run script pass number [SOLVED]
Replies: 8
Views: 5871

Inbound SMS run script pass number [SOLVED]

Hi, I'm trying to write a script so when the Mikrotik receives an SMS it runs the script, gathers some information from the Mikrotik, and then sends an SMS back to the number that sent the request. Is there any way to pass the phone number of the incoming message to the script so it can be used with...
by harvey
Fri Jul 03, 2020 11:49 pm
Forum: Scripting
Topic: Extracting last SMS number [SOLVED]
Replies: 9
Views: 4051

Extracting last SMS number [SOLVED]

Hi All, I'm trying to write a script, that gets the phone number of the last received SMS message in the inbox. I'm running 6.45.9. If I run `/tool sms inbox print` I can see messages. Looking at other forum posts it looks like `/tool sms inbox find` and `/tool sms inbox get $i phone` (where is pres...
by harvey
Mon Apr 20, 2020 10:06 am
Forum: General
Topic: URL to get latest versions of ROS branches [SOLVED]
Replies: 5
Views: 6493

Re: URL to get latest versions of ROS branches [SOLVED]

Sorry for dredging up an old post but I wanted to share the new URL's as the previous URL's mentioned by @normis have stopped being updated. I was about to post a new post but then worked out the new URL's. # curl https://download.mikrotik.com/routeros/LATEST.6 6.46.5 1586248107 # curl https://downl...
by harvey
Sun Apr 14, 2019 9:21 am
Forum: General
Topic: Pass WAN over VLAN [SOLVED]
Replies: 15
Views: 6490

Re: Pass WAN over VLAN [SOLVED]

There's a topic on differences between VLAN setup on bridge vs. VLAN setup on switch ... I've posted config for both cases for the same real-life usage case. Thanks. Reminds me of when I did vlans on an old CRS. Don’t know why, I thought that method was unique to the CRS line. I presume with the CC...
by harvey
Sat Apr 13, 2019 1:37 am
Forum: Beginner Basics
Topic: Router for my new home!
Replies: 14
Views: 3534

Re: Router for my new home!

Presuming you want Wifi as well. The HAP AC2 is a cost effective and small unit with a good balance of features. All depends what you need.
by harvey
Sat Apr 13, 2019 1:30 am
Forum: Beginner Basics
Topic: Access to webfig not working
Replies: 9
Views: 25598

Re: Access to webfig not working

Can you post the output of:-
/ip firewall export


You may need to obscure any private details such as public IP addresses if needed.
by harvey
Sat Apr 13, 2019 1:24 am
Forum: Beginner Basics
Topic: External ip in lan network redirect to the router
Replies: 3
Views: 1288

Re: External ip in lan network redirect to the router

Or a simpler way, if your internal clients use the Mikrotik for DNS you could add a static entry for your dynamic DNS name to the internal IP. External clients will use the proper WAN IP and internal clients use the internal IP address.
by harvey
Sat Apr 13, 2019 1:13 am
Forum: General
Topic: Pass WAN over VLAN [SOLVED]
Replies: 15
Views: 6490

Re: Pass WAN over VLAN [SOLVED]

What I meant indeed. I guess the advantage would be that bridge would already have done the security (vlan filter) checks. Works just fine. Thanks. Ok, so hopefully final question, with regards your comment on "use vlan filtering of /interface switch chip", how exactly would the configura...
by harvey
Sat Apr 13, 2019 12:39 am
Forum: General
Topic: Pass WAN over VLAN [SOLVED]
Replies: 15
Views: 6490

Re: Pass WAN over VLAN [SOLVED]

B2 copy-paste error -> name=ether1-vlan-20-access since vlan 100 is passed to bridge1, I would setup the vlan interface on bridge not the ether5 directly (haven't verified if there would be a difference) /interface vlan add comment="WAN Passthrough VLAN" interface=ether5-trunk-to-b1 name=...
by harvey
Fri Apr 12, 2019 11:39 pm
Forum: General
Topic: Pass WAN over VLAN [SOLVED]
Replies: 15
Views: 6490

Re: Pass WAN over VLAN [SOLVED]

Screen Shot 2019-04-12 at 21.36.53.png Ok, so I set up a rough configuration, apart from setting up ingress-filtering and frame-type, is there anything major I have missed? B1:- /interface bridge add name=bridge1 vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] comment="...
by harvey
Fri Apr 12, 2019 7:35 pm
Forum: General
Topic: Pass WAN over VLAN [SOLVED]
Replies: 15
Views: 6490

Re: Pass WAN over VLAN [SOLVED]

Try this On B1 /interface bridge vlan add bridge=bridge1 tagged=ether5 ,bridge1 untagged=ether1 vlan-ids=100 On B2: /interface bridge vlan add bridge=bridge1 tagged=ether5,bridge1 untagged=ether1 vlan-ids=100 /interface vlan add interface=bridge1 name=v100 vlan-id=100 /ip address add address=1.1.1....
by harvey
Fri Apr 12, 2019 6:19 pm
Forum: General
Topic: Pass WAN over VLAN [SOLVED]
Replies: 15
Views: 6490

Re: Pass WAN over VLAN [SOLVED]

Screen Shot 2019-04-12 at 16.16.31.png OK, so I've done as follows and I've gone wrong somewhere. I'm doing this all in GNS3 at the moment. I set up a fake internet router on 1.1.1.1:- interface ethernet set [ find default-name=ether5 ] name=ISP /ip address add address=1.1.1.1/30 interface=ISP netw...
by harvey
Fri Apr 12, 2019 5:53 pm
Forum: General
Topic: Pass WAN over VLAN [SOLVED]
Replies: 15
Views: 6490

Re: Pass WAN over VLAN [SOLVED]

vlan = virtual lan, so what you try to do is not out of the ordinary. Instead of using another physical cable you use vlan instead. To achieve what you want: mark the wan interface on hap as (to-be) as access port for wan vlan: so untagging on egress, and tagging on ingress for WAN interface config...
by harvey
Fri Apr 12, 2019 4:50 pm
Forum: General
Topic: Pass WAN over VLAN [SOLVED]
Replies: 15
Views: 6490

Pass WAN over VLAN [SOLVED]

So, I have a dilemma. I'd like to move by main firewall to a separate building away from where my WAN comes in but I only have a single ethernet cable linking the two buildings. I currently run a VLAN trunk between the buildings using the new Bridge VLAN filtering method. The WAN comes in to an area...
by harvey
Fri Apr 12, 2019 3:59 pm
Forum: Beginner Basics
Topic: CCR1009-8G-1S-1S+, Smart card and Certificates
Replies: 12
Views: 10231

Re: CCR1009-8G-1S-1S+, Smart card and Certificates

I'd be interested to know more too if anyone has found a compatible product and some guidelines on how to set up.

Thanks
by harvey
Fri Feb 15, 2019 6:44 pm
Forum: General
Topic: SNMP PSU Values
Replies: 1
Views: 752

Re: SNMP PSU Values

Anyone have information on this? Thanks.
by harvey
Wed Feb 13, 2019 10:09 pm
Forum: General
Topic: SNMP PSU Values
Replies: 1
Views: 752

SNMP PSU Values

Hi, Quick question, I'm monitoring PSU status with SNMP. I can see that a value of 1 means the PSU is OK. Can anyone confirm the value of a failed PSU? Is it 0, 2 or other? Is there anyway to look this up? Also, when it comes to things like fan speed or temperature readings, is there anywhere that d...
by harvey
Sun Oct 28, 2018 10:01 pm
Forum: Wireless Networking
Topic: WAP ac 5GHz issues with iPhone XS
Replies: 143
Views: 43634

Re: WAP ac 5GHz issues with iPhone XS

The only common factor for me is ipv6. With it off problem goes away. By 'off' you mean complete disabling of 'ipv6' package or just disabling IPv6 DHCP Server / ND so that devices don't get ipv6 routable addresses? I’m using 6to4 so I disable the sit interface, disable the ip address on the wan an...
by harvey
Sun Oct 28, 2018 6:22 pm
Forum: Wireless Networking
Topic: WAP ac 5GHz issues with iPhone XS
Replies: 143
Views: 43634

Re: WAP ac 5GHz issues with iPhone XS

The only common factor for me is ipv6. With it off problem goes away. Currently running ac at 80mhz and all fine. As soon as I unable ipv6 it dies. If you disable ipv6 also make sure your clients are not being allocated and don’t have an ipv6 address too.
by harvey
Sat Oct 13, 2018 12:55 pm
Forum: Wireless Networking
Topic: WAP ac 5GHz issues with iPhone XS
Replies: 143
Views: 43634

Re: WAP ac 5GHz issues with iPhone XS

Version 6.44beta14 has been released.
*) wireless - improved stability for 802.11ac;
Have you tried latest 6.44beta release, too?
Already seen and tried without luck
by harvey
Thu Oct 11, 2018 5:46 pm
Forum: General
Topic: iPhone XS and Mikrotik hAP ac
Replies: 29
Views: 11511

Re: iPhone XS and Mikrotik hAP ac

Actually, I'm more convinced it's something to do with Hurricane Electric IPv6 Tunnel. I just remembered I had also disabled this. As soon as I re-enabled it the issue returned. This post already highlighted this issue https://forum.mikrotik.com/viewtopic.php?p=691678#p688505 Can there be a relation...
by harvey
Thu Oct 11, 2018 5:41 pm
Forum: General
Topic: iPhone XS and Mikrotik hAP ac
Replies: 29
Views: 11511

Re: iPhone XS and Mikrotik hAP ac

The only other change I made was to apply Frequency Mode, Country (as per 5Gz) and Antenna Gain to 2 on the 2.4 Ghz Network
by harvey
Thu Oct 11, 2018 5:37 pm
Forum: General
Topic: iPhone XS and Mikrotik hAP ac
Replies: 29
Views: 11511

Re: iPhone XS and Mikrotik hAP ac

I have been able to resolve the issue by making some configuration changes on the Mikrotik. I'm currently running AC at 5Ghz/80Mhz and seems fine. the only difference I can see is `country="united kingdom"` and `frequency-mode=regulatory-domain` :- Before, Not working:- set [ find default-...
by harvey
Sun Oct 07, 2018 1:56 am
Forum: Wireless Networking
Topic: WAP ac 5GHz issues with iPhone XS
Replies: 143
Views: 43634

Re: WAP ac 5GHz issues with iPhone XS

Hi, I just wanted to cross post a similar thread where others have reported the same issues with HAP AC's. I too use 80MHz Channels and HE IPv6 tunnels. I haven't tried changing these. The thread is here https://forum.mikrotik.com/viewtopic.php?f=2&t=139524 I don't believe the phone is at fault ...
by harvey
Sun Oct 07, 2018 1:49 am
Forum: General
Topic: iPhone XS and Mikrotik hAP ac
Replies: 29
Views: 11511

Re: iPhone XS and Mikrotik hAP ac

Creating a 5Ghz only network on the hap ac2 did not help. In vain I setup up a spare Unifi AC Pro and the iPhone XS wifi works perfectly. I'm struggling to see how this is not Mikrotik related?

This seems separate and unrelated to the other iPhone XS wireless issues reported generally.
by harvey
Mon Oct 01, 2018 11:38 am
Forum: General
Topic: iPhone XS and Mikrotik hAP ac
Replies: 29
Views: 11511

Re: iPhone XS and Mikrotik hAP ac

The only other oddity which I found, when the iPhone XS loses network connectivity I can still ping via IP address e.g. 8.8.8.8 but google.com will not respond. I tried overwriting the DNS on the phone to something out on the WAN e.g. 1.1.1.1 but didn't seem to make a difference. Sometimes the wifi ...
by harvey
Mon Oct 01, 2018 11:24 am
Forum: General
Topic: iPhone XS and Mikrotik hAP ac
Replies: 29
Views: 11511

Re: iPhone XS and Mikrotik hAP ac

I too am having issue with an iPhone XS Max connecting to a HAP AC and HAP AC2 both running 6.43.2. Macbook Pro, iPhone 7 Plus and iPad Pro all working fine. Current Wifi Setup from the AC2:- /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik add authenticati...
by harvey
Fri Sep 14, 2018 8:53 pm
Forum: Beginner Basics
Topic: Can't access webfig on WAN
Replies: 10
Views: 5885

Re: Can't access webfig on WAN

I very much doubt the 1Mb limit is the issue unless you have other traffic saturating it. I use CHR in the free mode for all my GNS3 labs and have no issues with connecting on any method
by harvey
Fri Sep 14, 2018 6:56 pm
Forum: Beginner Basics
Topic: Can't access webfig on WAN
Replies: 10
Views: 5885

Re: Can't access webfig on WAN

In my experience physical Mikrotik hardware has a default set of rules but CHR is normally blank. This would explain the reason you didn't have any rules.

Did you check your cloud providers security rules? What cloud provider are you using?
by harvey
Fri Sep 14, 2018 1:05 pm
Forum: Beginner Basics
Topic: Can't access webfig on WAN
Replies: 10
Views: 5885

Re: Can't access webfig on WAN

Also, is 443 allowed through on the cloud providers security group/firewall?
by harvey
Fri Sep 14, 2018 1:03 pm
Forum: Beginner Basics
Topic: Can't access webfig on WAN
Replies: 10
Views: 5885

Re: Can't access webfig on WAN

Do you have any conflicting DST-nat rules on port 443 under the nat table? What if you change the https service port number to something different than 443 such as 4443 and then update your filter rule to match?
by harvey
Fri Sep 14, 2018 9:36 am
Forum: Beginner Basics
Topic: Configuring VLANs with DHCP Server and Cisco switch Uplink
Replies: 3
Views: 1955

Re: Configuring VLANs with DHCP Server and Cisco switch Uplink

It looks like you have created your trunk on your switch port, I presume you have also created your untagged vlan's on the switch for your access ports? On the Mikrotik side, you'll need to use bridging in one way or another. The newest way which requires ROS 6.4.1 or newer is Bridge VLAN filtering ...
by harvey
Wed Sep 12, 2018 5:35 pm
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 6091

Re: Bridge VLAN Filtering help [SOLVED]

Thank you to both @xvo and @sindy' for your help, it's working perfectly. For completeness for anyone else in the future, I have included the final working configs and diagram are below:- Screen Shot 2018-09-12 at 15.29.26.png CHR-1 /interface bridge add name=bridge1 vlan-filtering=yes /interface vl...
by harvey
Wed Sep 12, 2018 12:25 pm
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 6091

Re: Bridge VLAN Filtering help [SOLVED]

/interface vlan add interface=ether3 name=vlan200 vlan-id=200 add interface=ether3 name=vlan300 vlan-id=300 add interface=ether3 name=vlan400 vlan-id=400 This part on CHR-1 is wrong: the interfaces should be created on top of the bridge, not ether3. Then you add ether2 to the same bridge1, set PVID...
by harvey
Tue Sep 11, 2018 1:21 pm
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 6091

Bridge VLAN Filtering help [SOLVED]

Hi, I am testing out Bridge VLAN filtering to understand how it works. I have built a working example:- Current Setup.png CHR-1: /interface bridge add name=bridge1 vlan-filtering=yes /interface vlan add interface=ether3 name=vlan200 vlan-id=200 add interface=ether3 name=vlan300 vlan-id=300 add inter...
by harvey
Thu Aug 30, 2018 6:24 pm
Forum: General
Topic: Tapatalk SQL error
Replies: 2
Views: 1272

Tapatalk SQL error

I am able to browse the Mikrotik Forum on Tapatalk for iOS but as soon as I attempt to login I'm presented with an SQL error.

I have seen on the chat within Tapatalk that other people have a similar issue.

Any ideas how to resolve?
by harvey
Wed Aug 29, 2018 11:28 am
Forum: General
Topic: Caravan WiFi [SOLVED]
Replies: 16
Views: 5966

Re: Caravan WiFi [SOLVED]

Everything was pretty simple to setup. Connected without issue to the campsite WiFi. Captive portal didn't just pop up but on accessing a http based webpage it redirected to the captive portal. Payed my fee and internet worked fine. Multiple devices working so far without issue. When I get a bit mor...
by harvey
Tue Aug 28, 2018 8:01 pm
Forum: General
Topic: Caravan WiFi [SOLVED]
Replies: 16
Views: 5966

Re: Caravan WiFi [SOLVED]

My question is, how will the captive portal be handled? When connecting, would the captive portal of the campsite WiFi be passed through to the clients connected to the Mikrotik in the caravan? If not how would this be achieved? I use Groove 52's for the client that are usually connected to 951ui-2...
by harvey
Mon Aug 27, 2018 8:16 pm
Forum: General
Topic: Caravan WiFi [SOLVED]
Replies: 16
Views: 5966

Re: Caravan WiFi [SOLVED]

May I ask what you guys are using for your block diagrams?

Thanks.
by harvey
Mon Aug 27, 2018 10:58 am
Forum: General
Topic: Caravan WiFi [SOLVED]
Replies: 16
Views: 5966

Re: Caravan WiFi [SOLVED]

Thanks. I did consider the ac lite too. He ac2 was only £12 more and if this doesn't work as a test I can make use of the ac2 at home. As for ac2 running hotter, it's always freezing when we camp so it'll act as a nice heater 😂
by harvey
Mon Aug 27, 2018 10:32 am
Forum: General
Topic: Caravan WiFi [SOLVED]
Replies: 16
Views: 5966

Re: Caravan WiFi [SOLVED]

Thanks for all the advice. I was going to pick up two hap lite's but for a few extra quid I've ordered a hap ac2. I can make more use of that if needed. I'll use 2.4 for site WiFi and 5ghz for caravan WiFi. All my devices should be ok on 5ghz.
by harvey
Sun Aug 26, 2018 10:33 pm
Forum: General
Topic: Caravan WiFi [SOLVED]
Replies: 16
Views: 5966

Re: Caravan WiFi [SOLVED]

Thanks. Pretty happy with the general wifi configuration. So would you expect the campsite captive portal to pop up/pass through to the first connected client on the "LAN" side? This was my main concern. You show the example of the Virtual wireless AP, would that suffice or would two separ...
by harvey
Sun Aug 26, 2018 7:49 pm
Forum: General
Topic: Simple queues didn't work
Replies: 5
Views: 1532

Re: Simple queues didn't work

In your firewall filter table you'll have a "forward" rule with an action of fasttrack. Disable that rule. There should be a matching accept rule to let the traffic rule. If you lose internet access change the fasttrack action to accept and re-enable
by harvey
Sun Aug 26, 2018 4:48 pm
Forum: General
Topic: Caravan WiFi [SOLVED]
Replies: 16
Views: 5966

Caravan WiFi [SOLVED]

Quite often when we go on holiday in our caravan the campsites we stay at have WiFi which you typically have to pay for and often limited to one or two devices. They will always have a captive portal. I have often thought about putting in a Mikrotik in the caravan which would connect to the campsite...
by harvey
Sun Aug 26, 2018 4:46 pm
Forum: General
Topic: Simple queues didn't work
Replies: 5
Views: 1532

Re: Simple queues didn't work

Yes @joni is right. If you have fasttrack enabled the majority of your traffic will skip through many of the main features including queues. As soon as you disable fasttrack your queues should see a great deal more traffic hitting them. However, your CPU usage may well go up considerably if you have...
by harvey
Mon Oct 30, 2017 10:03 am
Forum: General
Topic: IKEv2 Road Warrior Drops
Replies: 2
Views: 1370

Re: IKEv2 Road Warrior Drops

Config is:- /ip ipsec mode-config add address-pool=ipsec-pool name=cfg_priv split-include=0.0.0.0/0,10.10.1.0/24 add address-pool=ipsec-pool address-prefix-length=32 name=cfg1 /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha512,sha256,sha1 lifetime=1h pfs-group=modp4096 /ip ipsec peer...
by harvey
Mon Oct 30, 2017 9:59 am
Forum: General
Topic: IKEv2 Road Warrior Drops
Replies: 2
Views: 1370

IKEv2 Road Warrior Drops

I've tried setting up IKEv2 Road Warrior as per this:- https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_Ikev2_RSA_auth When the device attempts to connect it immediately disconnects but from the Mikrotik side it appears connected. It shows Installed SA's, it shows a remote peer and ...
by harvey
Sat Oct 28, 2017 4:22 pm
Forum: Beginner Basics
Topic: how can I setup mikrotik + local dns server
Replies: 2
Views: 18847

Re: how can I setup mikrotik + local dns server

Hello. I recently bought a Routerboard 951G-2HnD. I used defaults since it's for my home LAN, I need no fancy configuration. Just some port forwarding that I already know how to do it. I changed network segment from 192.168.88.0 to 192.168.0.0 Problem is I have no local name resolution. Maybe you c...
by harvey
Sat Oct 28, 2017 4:05 pm
Forum: RouterBOARD hardware
Topic: Paid VPN service Nord VPN
Replies: 13
Views: 13854

Re: Paid VPN service Nord VPN

I'd like to do this as well, I cannot get the solution posted on NordVPN's site for MikroTik to work as the VPN isn't connecting although the traffic marking and routing does work (with other VPNs I've tested) I can get NordVPN working only with L2TP/IPSec and only with certain servers, I was provi...
by harvey
Sat Oct 28, 2017 3:43 pm
Forum: General
Topic: Help with IKEv2/IPsec client configuration
Replies: 37
Views: 23722

Re: Help with IKEv2/IPsec client configuration

Could someone from the MikroTik community please reply and help with the IKEv2 client configuration setup for NordVPN (or any other non-MikroTik VPN provider)? Thanks a lot in advance. I too am interested in getting this to work, however, I spoke to NordVPN support and they stated the following:- A...
by harvey
Fri Oct 27, 2017 5:32 pm
Forum: Wireless Networking
Topic: Wireless clients keep getting disconnected/reconnected
Replies: 27
Views: 39701

Re: Wireless clients keep getting disconnected/reconnected

And you can disable management protection. Hi there, I was reading this post because I have a similar problem. May I ask that is the difference on allowed management protection enable and the disable management protect, does? what's the difference. Thank you in advance. I've started having a simila...
by harvey
Mon Feb 20, 2017 10:17 am
Forum: General
Topic: New device alert
Replies: 0
Views: 723

New device alert

Hi, I have been using arpwatch ( https://en.wikipedia.org/wiki/Arpwatch ) on a raspberry pi on the network to detect when new devices appear on the network and send me an email alert. Is there any kind of script on routeros that could be used to achieve a similar thing without having to require an e...
by harvey
Thu Oct 13, 2016 3:47 pm
Forum: General
Topic: Feature request for v7.x
Replies: 296
Views: 106956

Re: Feature request for v7.x

I would like to voice my agreement with all the requests for enhanced OpenVPN support including:-

UDP support
auth-tls support
Enhance 'auth' algorithms such as SHA512.
Enhance 'cipher' support.
The ability to push configurations to clients.

Thanks for all the hard work.
by harvey
Wed Oct 12, 2016 6:15 pm
Forum: General
Topic: Logging of all traffic - No Blocking
Replies: 8
Views: 3273

Re: Logging of all traffic - No Blocking

Has anybody got any thought on why only one part of the traffic is not being sent to ntopng? Any parts of my configuration that would be useful? Simple try to use netflow v5 in targets options. That seems better. Some devices are showing more accurately. Some others I'm not so sure but I'll keep an...
by harvey
Tue Oct 11, 2016 5:24 pm
Forum: General
Topic: USB 4G UK recommendations
Replies: 1
Views: 847

Re: USB 4G UK recommendations

The ZTE MF823 (https://www.amazon.co.uk/ZTE-86694801-M ... B00MEJJSGW) is jumping out at me. How can I find out if it support the Direct-IP mode talked about here (http://mum.mikrotik.com/presentations/US15/brian.pdf).

Would the ZTE MF823 support SMS?
by harvey
Tue Oct 11, 2016 5:13 pm
Forum: General
Topic: USB 4G UK recommendations
Replies: 1
Views: 847

USB 4G UK recommendations

Hi, I have taken a look at the hardware compatibility list (http://wiki.mikrotik.com/wiki/Supported_Hardware#4G_LTE_cards_and_modems) and I tried an E3372 4G stick, the problem was it came in hilink mode (where it does it's own NAT etc) and I tried converting it to modem mode (following http://blog....
by harvey
Tue Oct 11, 2016 5:02 pm
Forum: General
Topic: Logging of all traffic - No Blocking
Replies: 8
Views: 3273

Re: Logging of all traffic - No Blocking

Has anybody got any thought on why only one part of the traffic is not being sent to ntopng? Any parts of my configuration that would be useful?
by harvey
Sat Oct 08, 2016 12:31 pm
Forum: General
Topic: Logging of all traffic - No Blocking
Replies: 8
Views: 3273

Re: Logging of all traffic - No Blocking

In old versions, yes. Did you update RouterOS?
Yes on 6.37.1
by harvey
Sat Oct 08, 2016 1:00 am
Forum: General
Topic: Logging of all traffic - No Blocking
Replies: 8
Views: 3273

Re: Logging of all traffic - No Blocking

Ok, so it appears that uploads from the client are working fine but downloads are not and the percentage between sent and received it like 98%/2% in favour of sent.

Could something like fasttrack be the issue? Could traffic incoming from the internet be skipping the traffic-flow capture?
by harvey
Sat Oct 08, 2016 12:42 am
Forum: General
Topic: Logging of all traffic - No Blocking
Replies: 8
Views: 3273

Re: Logging of all traffic - No Blocking

traffic-flow is the way to go. what is inaccurate about it? of course you could also setup a port mirroring or packet sniff streaming and send all traffic to an external computer doing the work. Ok, so Mikrotik is set up as follows:- /ip traffic-flow set active-flow-timeout=1m enabled=yes /ip traff...
by harvey
Fri Oct 07, 2016 5:11 pm
Forum: General
Topic: Logging of all traffic - No Blocking
Replies: 8
Views: 3273

Logging of all traffic - No Blocking

Hi, I wondered what the best option would be for logging and generating reports on all internet traffic not just web traffic from within an office. I do not need to block any traffic but is purely for reporting. Some Information I would like to capture would be:- HTTP / HTTPS domains visited and by ...
by harvey
Fri Sep 30, 2016 5:04 pm
Forum: General
Topic: Port forwarding to VLAN
Replies: 4
Views: 5469

Re: Port forwarding to VLAN

You can have one rule for all forwarded ports:
/ip firewall filter
add action=accept chain=forward connection-nat-state=dstnat
Perfect, i'll give that a test.
Seems to work perfectly, thanks
by harvey
Fri Sep 30, 2016 5:03 pm
Forum: Beginner Basics
Topic: find / where + export
Replies: 3
Views: 2326

Re: find / where + export

Currently not possible
Ok, no worries, just a thought.

Thanks.
by harvey
Fri Sep 30, 2016 4:29 pm
Forum: General
Topic: Port forwarding to VLAN
Replies: 4
Views: 5469

Re: Port forwarding to VLAN

You can have one rule for all forwarded ports:
/ip firewall filter
add action=accept chain=forward connection-nat-state=dstnat
Perfect, i'll give that a test.
by harvey
Fri Sep 30, 2016 4:06 pm
Forum: Beginner Basics
Topic: find / where + export
Replies: 3
Views: 2326

find / where + export

Hi, Simple little question. Is it possible to combine 'find' or 'where' with the 'export' command. For example, lets say I want to export just the "forward" chain of the firewall filter section? With the print command I can do the following:- /ip firewall filter print where chain=forward H...
by harvey
Fri Sep 30, 2016 3:50 pm
Forum: General
Topic: Port forwarding to VLAN
Replies: 4
Views: 5469

Port forwarding to VLAN

Normally when I do a port forward on a simple single network setup I don't need to add anything else to make it work but recently I've had to setup a solution for a multi tenanted building using a CCR with each tenant in their own VLAN and each VLAN is isolated from one another with the exception of...
by harvey
Tue Aug 30, 2016 10:21 pm
Forum: General
Topic: Mikrotik Bridging but Mikrotik can't access the internet
Replies: 6
Views: 3281

Re: Mikrotik Bridging but Mikrotik can't access the internet

Okay - you started this thread by saying that your Mikrotik is bridging between your modem and your firewall (which I found a bit strange, but didn't ask questions) This term is what threw me off on the wrong track. Your Mikrotik is routing and not bridging. Anyway, I've looked back over your firew...
by harvey
Thu Aug 25, 2016 9:56 am
Forum: General
Topic: Mikrotik Bridging but Mikrotik can't access the internet
Replies: 6
Views: 3281

Re: Mikrotik Bridging but Mikrotik can't access the internet

ether1-wan gets a single dynamic public IP from the ISP. Overlaid on that we are provided with a /29 of public IP's. One of these /29 IP's is placed on ether2-lan and another is placed on the WAN side of the Sophos UTM. The UTM uses ether2-lan's address as it's default gateway. In that /29 there are...
by harvey
Tue Aug 23, 2016 5:28 pm
Forum: General
Topic: Mikrotik Bridging but Mikrotik can't access the internet
Replies: 6
Views: 3281

Re: Mikrotik Bridging but Mikrotik can't access the internet

So there is no way for it to directly access the internet considering it is directly connected to the internet gateway? Can you explain why just so I understand.

Many thanks.
by harvey
Tue Aug 23, 2016 5:14 pm
Forum: General
Topic: Mikrotik Bridging but Mikrotik can't access the internet
Replies: 6
Views: 3281

Mikrotik Bridging but Mikrotik can't access the internet

Hi, I have a Mikrotik that is acting as a bridge between a modem and firewall. The network diagram looks like this:- https://www.dropbox.com/s/tm8lfd0e7g0kxi2/Firewall%20Setup.png?dl=0 The Clients behind the Sophos UTM all have internet access OK but if I log on to the mikrotik and try and ping 8.8....
by harvey
Tue Aug 23, 2016 10:59 am
Forum: General
Topic: WAN Failover Question
Replies: 5
Views: 1271

Re: WAN Failover Question

Have you taken a look at this.... http://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting "But what if your modem is up, and telephone line is down?" This is the script that is confusing to me. I'm confused about the virtual routes. Is this what I use for my public pinga...
by harvey
Mon Aug 22, 2016 3:30 pm
Forum: General
Topic: WAN Failover Question
Replies: 5
Views: 1271

Re: WAN Failover Question

Have you taken a look at this....

http://wiki.mikrotik.com/wiki/Advanced_ ... _Scripting

"But what if your modem is up, and telephone line is down?"
by harvey
Tue Feb 23, 2016 11:37 am
Forum: Beginner Basics
Topic: Unable to manage switch from tagged vlan
Replies: 5
Views: 1577

Re: Unable to manage switch from tagged vlan

What firewall rules do you have in place? Do you have any rules in place that could restrict access to the winbox or web interface ports from certain IP ranges? You'd need to specifically look at the INPUT chain. Also take a look at '/ip service' and see if there are any subnet restrictions under th...
by harvey
Tue Feb 23, 2016 11:26 am
Forum: Beginner Basics
Topic: Port Opening Issue
Replies: 3
Views: 1091

Re: Port Opening Issue

Can you share, what you have done so far to open the port?
by harvey
Wed Oct 22, 2014 12:11 am
Forum: Beginner Basics
Topic: rb2011 - poor performance with uk bt infinity
Replies: 42
Views: 19096

Re: rb2011 - poor performance with uk bt infinity

Yes the hardware is at fault. This blog post explains it somewhat http://blog.linitx.com/mikrotik-fttc-eci-modems/
by harvey
Wed Aug 07, 2013 3:21 pm
Forum: Beginner Basics
Topic: rb2011 - poor performance with uk bt infinity
Replies: 42
Views: 19096

Re: rb2011 - poor performance with uk bt infinity

Oh no false alarm, my switch was still inline.
Oh well, never mind
by harvey
Wed Aug 07, 2013 1:42 pm
Forum: Beginner Basics
Topic: rb2011 - poor performance with uk bt infinity
Replies: 42
Views: 19096

Re: rb2011 - poor performance with uk bt infinity

I've tried v6.2 on my 951G and the problem appears to be resolved. What firmware level are you running?
6.2! Thats strange. Definitely still auto negotiating at 10Mb
by harvey
Mon Aug 05, 2013 11:01 pm
Forum: Beginner Basics
Topic: rb2011 - poor performance with uk bt infinity
Replies: 42
Views: 19096

Re: rb2011 - poor performance with uk bt infinity

Any further update on this? Same issue on v6.2 on 951G-2HnD. Can anyone confirm placing a switch between the modem and RB temporarily fixes the issue?
by harvey
Mon Jul 15, 2013 11:18 pm
Forum: Beginner Basics
Topic: Is the following VLAN / WIFI setup possible?
Replies: 5
Views: 2827

Re: Is the following VLAN / WIFI setup possible?

That's fantastic. I'll try to implement that in the next day or so. Can you confirm which interface you assign ip addresses and DHCP pools to? Is it the vlan interface?
by harvey
Mon Jul 15, 2013 9:46 pm
Forum: Beginner Basics
Topic: Is the following VLAN / WIFI setup possible?
Replies: 5
Views: 2827

Re: Is the following VLAN / WIFI setup possible?

This is doable, yes. If you need wire-speed between the ports on each VLAN you'll have to use the 493G's switch chip, which is a little bit more work to set up. Otherwise you can just set up regular VLANs on the trunk port and bridge the access ports and VAPs with the appropriate VLANs. Regular VLA...
by harvey
Mon Jul 15, 2013 11:47 am
Forum: Beginner Basics
Topic: Is the following VLAN / WIFI setup possible?
Replies: 5
Views: 2827

Is the following VLAN / WIFI setup possible?

I have an 493G with a wireless card in it, I also have a cisco small business switch capable of handling VLAN's. Is it possible to have 2 vlans (potentially more in the future), then have two vaps's linked to the vlans, then specify specific ports on the 493g to be associated specific vlans and comm...
by harvey
Fri Mar 08, 2013 9:22 am
Forum: General
Topic: IPSec Tunnel not working
Replies: 7
Views: 2862

Re: IPSec Tunnel not working

Have done a few checks and all is well.

I have not been able to find any other changes that I may have made. Thanks all for you help.
by harvey
Wed Mar 06, 2013 9:22 am
Forum: General
Topic: IPSec Tunnel not working
Replies: 7
Views: 2862

Re: IPSec Tunnel not working

Not 100% sure what I did but it is now working. The only thing I can think of is when using the ping tool I specified the bridge interface and after a few missed pings it started working. I need to do some more testing to be sure it initiates from both sides etc. I will report back if I find out I d...
by harvey
Tue Mar 05, 2013 9:08 am
Forum: General
Topic: IPSec Tunnel not working
Replies: 7
Views: 2862

Re: IPSec Tunnel not working

Hi, As suggested I have added /ip firewall filter add chain=input comment=Ip-Sec-ESP protocol=ipsec-esp add chain=input comment=IP-Sec-AH protocol=ipsec-ah To both routers. Also both of these were already done:- Also alow UDP 500 on your firewall (input chain), be sure that your nat rule for local n...
by harvey
Mon Mar 04, 2013 1:02 pm
Forum: General
Topic: IPSec Tunnel not working
Replies: 7
Views: 2862

Re: IPSec Tunnel not working

Ok, will try that tonight, thanks!

I will take a look at that thread too.
by harvey
Mon Mar 04, 2013 9:11 am
Forum: General
Topic: IPSec Tunnel not working
Replies: 7
Views: 2862

IPSec Tunnel not working

Hi, I am trying to get an IPSec tunnel working between my home and datacenter. I have set up the IPSec tunnel but nothing seems to happen. Nothing appears on under 'Remote Peers' or 'Installed SAs' on either side. I have enabled IPsec logging on one side and nothing appears:- [admin-sy@scorpio] > / ...
by harvey
Mon Feb 11, 2013 8:08 am
Forum: General
Topic: Can't work out simple VLAN setup
Replies: 3
Views: 1281

Re: Can't work out simple VLAN setup

Based on your replies I will give that a go. If I am still stuck I will come back to you with more setup information
by harvey
Sun Feb 10, 2013 10:56 am
Forum: General
Topic: Can't work out simple VLAN setup
Replies: 3
Views: 1281

Can't work out simple VLAN setup

I am trying to set up a very simple vlan setup on my existing RB751G-2HnD. I have attached a diagram of my simplet setup. In a summary:- - VLAN 1 - Main Network with wireless SSID and devices plugged in to switch ports 1-4 - VLAN 10 - Guest Network with SSID and anything plugged in to port 5 of the ...
by harvey
Sun Feb 10, 2013 9:39 am
Forum: General
Topic: DHCP to DNS hostname?
Replies: 4
Views: 7378

Re: DHCP to DNS hostname?

I use a script for this which I am using with with 6.0rc9 and is very simple to implement. Just create a new script with none of the checkbox's selected and paste in the following code:- # Domain to be added to your DHCP-clients hostname :local topdomain; :set topdomain "corp.com"; # Use t...
by harvey
Thu Dec 06, 2012 1:01 pm
Forum: General
Topic: New to routerOS VLAN's simple set up help
Replies: 3
Views: 2692

Re: New to routerOS VLAN's simple set up help

To clarify can you provide some sample commands and I will try to adapt to my scenario.
by harvey
Wed Dec 05, 2012 4:40 pm
Forum: General
Topic: New to routerOS VLAN's simple set up help
Replies: 3
Views: 2692

New to routerOS VLAN's simple set up help

Hi, I am new to setting up VLAN's on router OS. Current Setup:- RB751G - Simple home access point with bridge containing the switch ports and built in wireless with with interface IP address on bridge and DHCP etc. I also have a Draytek 3300, Cisco SG300 and Netgear WAG302 wireless access point. The...
by harvey
Sun May 13, 2012 7:28 pm
Forum: General
Topic: Router no longer giving out IPv6 addresses
Replies: 0
Views: 745

Router no longer giving out IPv6 addresses

Hi, I am using Hurricane Electric as my tunnel broker for IPv6. It was working absolutely fine to start with and was issuing my devices with IPv6 addresses. Currently any devices that were initially given an address when it was working still gets given an IPv6 address and they can still access IPv6 ...
by harvey
Tue Apr 17, 2012 4:03 pm
Forum: General
Topic: Dual stack IPv6 default?
Replies: 6
Views: 2488

Re: Dual stack IPv6 default?

Yes I have both and the IPv6 is at the top of the list.

The ipv6 only url I have tried and using that will show the IPv4 address. Very strange. At the same time I can go to http://ipv6-test.com/ and it will show both address just fine.
by harvey
Wed Apr 11, 2012 11:20 pm
Forum: Beginner Basics
Topic: Mikrotik Learning Book
Replies: 24
Views: 42071

Mikrotik Learning Book

There are two ebooks available on Amazon Kindle.
by harvey
Wed Apr 11, 2012 11:07 pm
Forum: General
Topic: Dual stack IPv6 default?
Replies: 6
Views: 2488

Dual stack IPv6 default?

I have successfully set up up Dual Stack IPv4/IPv6 with hurricane electric and can browse ipv6 sites. However when browsing sites that offer both it's quite random if it's accessed on the ipv4 or 6 address. For example visiting http://ipv6.chappell-family.com/ipv6tcptest/ when testing the firewall s...
by harvey
Tue Apr 10, 2012 4:58 pm
Forum: General
Topic: Q: VPN L2TP/IPSec
Replies: 30
Views: 8472

Re: Q: VPN L2TP/IPSec

I agree about the PPTP thats why I have avoided it so far.
by harvey
Tue Apr 10, 2012 4:46 pm
Forum: General
Topic: Q: VPN L2TP/IPSec
Replies: 30
Views: 8472

Re: Q: VPN L2TP/IPSec

Ok thanks but Open VPN isn't an option to me as there is no iPad / iPhone client.

PPTP is the only other option.
by harvey
Tue Apr 10, 2012 1:41 pm
Forum: General
Topic: Q: VPN L2TP/IPSec
Replies: 30
Views: 8472

Re: Q: VPN L2TP/IPSec

I am the same, I can't have two connections from the same public IP address even if I create an L2TP server for each user. This is a problem for me as you can't always guarantee where remote workers will be, there are times they may both be in the same place needing to connect back to the office. It...
by harvey
Sun Apr 08, 2012 8:19 pm
Forum: General
Topic: Q: VPN L2TP/IPSec
Replies: 30
Views: 8472

Re: Q: VPN L2TP/IPSec

Please check assigned IPs for userA and userB. Do you use pool for local and remote IP assignements? Solutions: 1. you assign from pool but you need set for local and remote too!! (you can not give fix IP for local and dynamic for remote! because /30 mask) 2. you give fix IP for local and remote to...
by harvey
Sun Apr 08, 2012 1:19 am
Forum: General
Topic: Q: VPN L2TP/IPSec
Replies: 30
Views: 8472

Re: Q: VPN L2TP/IPSec

Further question, following your instructions worked well. However..... If I create a new 'secret' for a new user and they try to simultaneously connect at the same time they can but one user will lose network access. I have also created a new l2tp server interface and mapped the new user to it and ...
by harvey
Sat Apr 07, 2012 9:13 pm
Forum: General
Topic: Q: VPN L2TP/IPSec
Replies: 30
Views: 8472

Re: Q: VPN L2TP/IPSec

Ok, you are right! Need NAT-T for NATed user. But I don't understand your all config because I tested today with my 1100AH (ROS 5.14) and I needed this: mod: I tested with: win7, winXP and Android phone are working well. 1. (you need separate l2tp-server /user with user-name) /interface l2tp-server...
by harvey
Sat Apr 07, 2012 8:39 pm
Forum: General
Topic: Require SSH key
Replies: 2
Views: 992

Re: Require SSH key

It's like that by default, at least on 5.x.
So it does. Just reacts in a different way to what I expected.

Thanks
by harvey
Fri Apr 06, 2012 3:15 am
Forum: General
Topic: Require SSH key
Replies: 2
Views: 992

Require SSH key

Is it possible, like in Linux to only allow SSH access with the use of an ssh key and not allow password authentication.

I currently have DSA key working just fine but would like to not allow ssh connections via password.
by harvey
Fri Apr 06, 2012 2:48 am
Forum: General
Topic: L2TP / IPSec Useable
Replies: 0
Views: 729

L2TP / IPSec Useable

Hi, I purchased my first RouterBoard today (RB751G-2HnD) running v5.6. I have managed to set it up pretty much as I want. I have been able to set ip PPTP VPN access from my iPhone. I would ideally like to run L2TP as it is more secure. I have tried setting it up without much luck. I have been readin...