Community discussions

Search found 702 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 15
by gotsprings
Sun May 26, 2019 10:58 am
Forum: Wireless Networking
Topic: 2.4 4-way handshake timeout
Replies: 1
Views: 93

Re: 2.4 4-way handshake timeout

Took cAP out of caps-mode. Same result. Well sort of. Log file showed unicast key time out. Went back to caps mode and added an unencrypted SSID. Devices connected for about 10 seconds. Then I got a disconnected for extensive data loss. Looked up several old posts tagged with extensive data loss. Th...
by gotsprings
Sat May 25, 2019 5:47 pm
Forum: Wireless Networking
Topic: 2.4 4-way handshake timeout
Replies: 1
Views: 93

2.4 4-way handshake timeout

This seems to have come back on me. Router OS is 6.44.3 on hEX and cAP AC devices on the 2.4 radio are disconnecting from the wifi. Log into the router and check the logs and see... (MAC of Devices) disconnect 4-way handshake timeout Devices on 5Gig radio do not show this error. Last time I reported...
by gotsprings
Thu May 02, 2019 5:10 pm
Forum: General
Topic: GoogleFiber
Replies: 14
Views: 714

Re: GoogleFiber

Support just got back to me and set to set the chain in Mangle to OUTPUT. That seems odd. Hello, In RouterOS you can set QoS priority 3 to outgoing VLAN packets using this rule: /ip firewall mangle add chain=output out-interface=GoogleVLAN action=set-priority new-priority=3 Best regards, Follow up ...
by gotsprings
Tue Apr 30, 2019 8:12 pm
Forum: General
Topic: GoogleFiber
Replies: 14
Views: 714

Re: GoogleFiber

Support just got back to me and set to set the chain in Mangle to OUTPUT.

That seems odd.
Hello,

In RouterOS you can set QoS priority 3 to outgoing VLAN packets using this rule:

/ip firewall mangle
add chain=output out-interface=GoogleVLAN action=set-priority new-priority=3

Best regards,
by gotsprings
Sun Apr 28, 2019 10:10 pm
Forum: General
Topic: GoogleFiber
Replies: 14
Views: 714

Re: GoogleFiber

That is correct, you got an IP without that line active so you could also omit that line.
but I think we are discussing a 3011 here, right?
Correct
by gotsprings
Sun Apr 28, 2019 10:09 pm
Forum: General
Topic: GoogleFiber
Replies: 14
Views: 714

Re: GoogleFiber

Also check if your ethernet interface negotiates to the correct speed and duplex.
Status shows as Unknown.
by gotsprings
Sat Apr 27, 2019 2:09 pm
Forum: General
Topic: GoogleFiber
Replies: 14
Views: 714

Re: GoogleFiber

That is correct, you got an IP without that line active so you could also omit that line.

Can't test because I am not even on the same continent. ;-)
Thanks for the help.

Will get someone on site to check it.
by gotsprings
Sat Apr 27, 2019 1:48 pm
Forum: General
Topic: GoogleFiber
Replies: 14
Views: 714

Re: GoogleFiber

So in Mangle they want this? /ip firewall mangle add chain=forward out-interface=GoogleVLAN action=set-priority \ new-priority=3 comment="All other traffic with priority 3" I added it and released the DHCP-Client and got a new address. Now if I could get a bandwidth test server to let me connect.
by gotsprings
Sat Apr 27, 2019 1:26 pm
Forum: General
Topic: GoogleFiber
Replies: 14
Views: 714

GoogleFiber

First install with GoogleFiber. After looking into several documents I found that Small Business accounts ABSOLUTELY could remove the Google Router and go straight to their own router. The install I was working on was residential so Google refused to "click that switch" or help me get around the nee...
by gotsprings
Fri Apr 26, 2019 3:01 pm
Forum: RouterBOARD hardware
Topic: Sierra MC7455 solutions?
Replies: 4
Views: 376

Re: Sierra MC7455 solutions?

Using the WAP-R with T-Mobile and Verizon... Never saw better than about 11M. I have tucked tail and given in. At 579 dollars US... the CBA850 is my standard once again. Its not worth my time for the performance hits and issues I had with the MoFi. Won't "play with the WAP-R" anymore, until they get...
by gotsprings
Mon Apr 22, 2019 1:36 pm
Forum: General
Topic: RouterBoard Webserver Stop Responding
Replies: 4
Views: 261

Re: RouterBoard Webserver Stop Responding

rebooted the RB3011 running 6.44 and the webserver is working again.

Support...

Could you please take a look at the file I sent.
by gotsprings
Sat Apr 20, 2019 2:24 pm
Forum: General
Topic: DNS Failover
Replies: 8
Views: 732

Re: DNS Failover

Set the Mikrotik to use a DNS other than piehole... Like 8.8.8.8, 1.1.1.1.

Then in your DHCP server... Set the DNS value under network to be piehole, Mikrotik.

If piehole doesn't work... The client will ask the Mikrotik.
by gotsprings
Fri Apr 19, 2019 10:19 pm
Forum: General
Topic: Make external IP address accessible on secondary port
Replies: 6
Views: 286

Re: Make external IP address accessible on secondary port

Dumb switch and both routers being independent won't go well with the requirement to control other router's bandwidth (on first router, as I undertand it).
Which should be done per router.

But let's face it... This could / should all be done on one router.
by gotsprings
Fri Apr 19, 2019 3:08 pm
Forum: General
Topic: LTE failover just doesn't work properly
Replies: 2
Views: 202

Re: LTE failover just doesn't work properly

I use recursive routing and ping one if the DNS servers with netwatch. When it goes down... I use the connections flush method. Works perfectly.
by gotsprings
Fri Apr 19, 2019 2:51 pm
Forum: General
Topic: Make external IP address accessible on secondary port
Replies: 6
Views: 286

Re: Make external IP address accessible on secondary port

Put a dumb switch infront of the two Mikrotiks. $30 or less.
by gotsprings
Fri Apr 19, 2019 2:30 pm
Forum: General
Topic: RouterBoard Webserver Stop Responding
Replies: 4
Views: 261

Re: RouterBoard Webserver Stop Responding

Sent a support file to Mikrotik about 8 days ago.

What gives?
by gotsprings
Mon Apr 15, 2019 3:24 pm
Forum: General
Topic: IKEv2 Dual WAN Setup not possible? (2:1 relation) [SOLVED]
Replies: 18
Views: 671

Re: IKEv2 Dual WAN Setup not possible? (2:1 relation) [SOLVED]

@gotsprings yeah it would be great if routeros had something like mesh tunneling or "SD-VPN". something like tinc would be great, but before that, ovpn with udp ;) I meant... SUBSCRIBE TO BIG LEAF'S Service. I only dealt with them on one install so far. The customer found them himself. BigLeaf take...
by gotsprings
Fri Apr 12, 2019 12:53 pm
Forum: Wireless Networking
Topic: wAP LTE US - Carriers?
Replies: 12
Views: 1136

Re: wAP LTE US - Carriers?

Thanks for the replies. No Verizon coverage is going to be a deal breaker for me, so I ordered a Sierra Wireless MC7455 card. Will RouterOS recognize this, or is there a way to install drivers? Kind of late... But that same wAP LTE KIT-US I used on T-Mobile. Is now running on Verizon wireless. I ha...
by gotsprings
Thu Apr 11, 2019 8:00 pm
Forum: Wireless Networking
Topic: Cap AC, Hap AC2 or UniFi?
Replies: 38
Views: 7094

Re: Cap AC, Hap AC2 or UniFi?

I'm actually very happy with the hAP ac2. My home is of wood construction, is single story, and about 185 m^2. We have a couple of tablets, a couple of smartphones, a couple of laptops, and an Amazon Fire stick on the TV. We occasionally have house guests that add another 1 or 2 phones and perhaps ...
by gotsprings
Thu Apr 11, 2019 4:45 pm
Forum: General
Topic: RouterBoard Webserver Stop Responding
Replies: 4
Views: 261

RouterBoard Webserver Stop Responding

I have 2 RB3011s that the webserver seems to have stopped responding. Winbox works. I can put a firewall rule in as a pass through and see the connection come in. But I see no response. Both running 6.44 Anyone seen something like this before? (I normally turn off the webserver... but this site requ...
by gotsprings
Thu Mar 28, 2019 11:27 pm
Forum: General
Topic: Port forwarding to two pcs for RDP
Replies: 12
Views: 454

Re: Port forwarding to two pcs for RDP

@anav: Give it a break with in-interface, dst-address is fine. Sorry I usually talk myself through config rules. Where are you coming from my sweet little packet and so forth . :-) Is there a situation where stating in-interface=eth-1 wan could be a problem (not including multi-wan setups)?? Yes......
by gotsprings
Thu Mar 28, 2019 3:19 pm
Forum: General
Topic: Port forwarding to two pcs for RDP
Replies: 12
Views: 454

Re: Port forwarding to two pcs for RDP

OVPN has been "Broken" on Mikrotik for as long as I have been working on Tiks.

IPSec works well.

You should do an export of your firewall. As I stated above... your PAT (Port Address Translation) in the NAT chain "looked right".
by gotsprings
Wed Mar 27, 2019 10:13 pm
Forum: General
Topic: IKEv2 - Road Warrior (NAT Workaround)
Replies: 50
Views: 4576

Re: IKEv2 - Road Warrior (NAT Workaround)

ANAV As I put in that other thread you comment in. I wrote that script to UPDATE THE LOCAL IP ADDRESS ON EACH ROUTER. The EoIP tunnel configuration accepts the IP cloud address and updates it with in 70 seconds on a change. The script I wrote needs a scheduler to run it. But it checks to see if the ...
by gotsprings
Wed Mar 27, 2019 6:50 pm
Forum: General
Topic: LTE passthrough over EoIP
Replies: 16
Views: 637

Re: LTE passthrough over EoIP

Hey gotsprings Question: my lte suffers from frequent lte disconnects, which most of the time the modem resolves itself, but sometimes it can't and I need to recycle (stop-start) lte interface to resume connectivity. That the reason why I have netwatch to monitor remote ip. Do you experience simila...
by gotsprings
Wed Mar 27, 2019 6:48 pm
Forum: Beginner Basics
Topic: Confused about VPN local IP
Replies: 2
Views: 213

Re: Confused about VPN local IP

I don't use quickset...

But from what you posted... looks like it is setting up the VPN connection to get a 192.168.89.0/24 address.

If this was allowed in the firewall... you would be able to reach your local network unless SPECIFICALLY blocked.
by gotsprings
Wed Mar 27, 2019 6:44 pm
Forum: General
Topic: Providing Internet access to VLANs
Replies: 13
Views: 493

Re: Providing Internet access to VLANs

I would say to not use interface lists and try doing the firewall with interfaces or address lists.

Its more than doable.
by gotsprings
Wed Mar 27, 2019 6:39 pm
Forum: General
Topic: vpn for office netwrok only? [SOLVED]
Replies: 5
Views: 277

Re: vpn for office netwrok only? [SOLVED]

You are welcome.

You might want to select my answer as accepted so others can find it quickly.
by gotsprings
Wed Mar 27, 2019 6:35 pm
Forum: General
Topic: Port forwarding to two pcs for RDP
Replies: 12
Views: 454

Re: Port forwarding to two pcs for RDP

Those look right.
by gotsprings
Wed Mar 27, 2019 6:32 pm
Forum: General
Topic: IKEv2 - Road Warrior (NAT Workaround)
Replies: 50
Views: 4576

Re: IKEv2 - Road Warrior (NAT Workaround)

@gotsprings, does IP cloud address of home router get updated automatically if the IP changes or does one need a script for that?/ @sindy remind me to call you when I try ipsec related setups. I managed to get ikev2 working on my iphone....... pretty pleased with that. IP Cloud updates every 60 sec...
by gotsprings
Wed Mar 27, 2019 6:28 pm
Forum: General
Topic: Cloud IPs need to be blocked
Replies: 11
Views: 615

Re: Cloud IPs need to be blocked

/ip firewall address-list add address=81.198.87.240 list=ipCLOUD add address=159.148.147.229 list=ipCLOUD /ip firewall filter add action=drop chain=output dst-address-list=ipCLOUD place-before=1 add action=drop chain=forward dst-address-list=ipCLOUD place-before=1 /ip dns cache flush That should bl...
by gotsprings
Wed Mar 27, 2019 6:21 pm
Forum: General
Topic: IP Cloud
Replies: 37
Views: 4787

Re: IP Cloud

Hello, I am using Mikrotik on the vessels behind satellite modem with very limited data usage such as 50Mbyte per month. So each MBbye cost the customers extra US$s. We just allow e-mail IPs on the firewall I have seen on satellite POP, we have a lot of request from our satellite modem to 81.198.87...
by gotsprings
Wed Mar 27, 2019 5:21 pm
Forum: General
Topic: How to route (assign) two Public IP's on same segment /29 and keep connectivity
Replies: 18
Views: 792

Re: How to route (assign) two Public IP's on same segment /29 and keep connectivity

If you have more than 1 PUBLIC IP... you have to use src-nat in your firewall NAT chain. NOT Masquerade. Lets use this an example... ISP issues you... xxx.xxx.229.105/29 Gateway as xxx.xxx.229.110 You would connect one connection from the WAN MODEM to one port on your router... say ether1. You would...
by gotsprings
Wed Mar 27, 2019 4:22 pm
Forum: General
Topic: Firewall rules: dst-limit invert
Replies: 10
Views: 357

Re: Firewall rules: dst-limit invert

Why not use queues?
by gotsprings
Wed Mar 27, 2019 4:19 pm
Forum: General
Topic: vpn for office netwrok only? [SOLVED]
Replies: 5
Views: 277

Re: vpn for office netwrok only? [SOLVED]

If I understood... You VPN to the Office using a OPERATING SYSTEMS OS. But you don't want to SEND ALL YOUR TRAFFIC to the Office network, then on to the internet? In Apple there is a Tick Mark for "send all traffic over VPN Connection". In Windws there is a Tick Mark for "use default gateway on remo...
by gotsprings
Wed Mar 27, 2019 3:57 pm
Forum: General
Topic: IKEv2 - Road Warrior (NAT Workaround)
Replies: 50
Views: 4576

Re: IKEv2 - Road Warrior (NAT Workaround)

I have 2 connections at my office. 1 RCN Cable Modem 1000/25M With a Public IP address. 2 ATT Cellular Backup Modem. 25/25M with a carrier grade NAT address. SO my solution was to set up a L2TP tunnel to my cohorts office. The L2TP tunnel does not use encryption... as it would fail if behind NAT whe...
by gotsprings
Wed Mar 27, 2019 3:41 pm
Forum: General
Topic: vpn for office netwrok only? [SOLVED]
Replies: 5
Views: 277

Re: vpn for office netwrok only? [SOLVED]

You need to allow the VPN'd client to reach the internet and BLOCK access to the subnets you don't want it reaching. Mostly handled in /ip firewall filter. Rule 11 lets you access 192.168.44.0/24 network Rule 12 lets you access 192.168.40.0/24 network Rule 13 BLOCKS you from any other network. SO un...
by gotsprings
Wed Mar 27, 2019 3:38 pm
Forum: General
Topic: LTE passthrough over EoIP
Replies: 16
Views: 637

Re: LTE passthrough over EoIP

]/interface lte apn add apn=NE01.VZWSTATIC default-route-distance=1 name=VerizonIPPass \ passthrough-interface=ether1 passthrough-mac=auto Once I did that on the WAP-R LTE Kit... the external IP passed to what ever device I connected. If you look at the APN... I am in the North East Part of the US....
by gotsprings
Tue Mar 26, 2019 8:44 pm
Forum: Scripting
Topic: EOIP + IPSEC Update Local IP
Replies: 2
Views: 201

Re: EOIP + IPSEC Update Local IP

When you setup EOIP... You have to have an entry for Local IP and Far IP. You can place the IP cloud information in the tunnel config. However... the LOCAL IP will RESOLVE AT THE TIME you OK the tunnel. So if the local address changes... the tunnel's encryption will fail. This will update the local ...
by gotsprings
Thu Mar 21, 2019 5:08 am
Forum: Scripting
Topic: Script & Schedule for Network on & off [SOLVED]
Replies: 8
Views: 457

Re: Script & Schedule for Network on & off [SOLVED]

Connect a client and it will turn black?
by gotsprings
Tue Mar 19, 2019 1:43 pm
Forum: Scripting
Topic: EOIP + IPSEC Update Local IP
Replies: 2
Views: 201

EOIP + IPSEC Update Local IP

Needed this the other day. In Eoip Tunnel you can define the far point (remote-address) to use IPCloud. But the local address does not. This will grab the local WAN IP and add it to a EoIP tunnel with the word "Tunnel" in the name. /system script add dont-require-permissions=no name=EoipUpdate owner...
by gotsprings
Tue Mar 19, 2019 1:33 pm
Forum: Scripting
Topic: How to really make backups (by script) ?
Replies: 15
Views: 668

Re: How to really make backups (by script) ?

I always hated the fact that people could easily steal you scripts with passwords in them. (dyndns)
by gotsprings
Mon Mar 18, 2019 3:53 pm
Forum: Scripting
Topic: Script & Schedule for Network on & off [SOLVED]
Replies: 8
Views: 457

Re: Script & Schedule for Network on & off [SOLVED]

Figured this out when I was working on caps-man. When you have to disable the SSID across more than one radio... that code made life much easier.
by gotsprings
Fri Mar 15, 2019 9:53 pm
Forum: Scripting
Topic: Script & Schedule for Network on & off [SOLVED]
Replies: 8
Views: 457

Re: Script & Schedule for Network on & off [SOLVED]

Then this would kill it :log info "Turning OFF Training." /interface disable [find name~"Training"] :log info "Training DOWN." This would bring it back up. :log info "Turning ON Training." /interface enable [find name~"Training"] :log info "Training UP." You can get fancy with if then and time of da...
by gotsprings
Fri Mar 15, 2019 2:25 pm
Forum: Scripting
Topic: Script & Schedule for Network on & off [SOLVED]
Replies: 8
Views: 457

Re: Script & Schedule for Network on & off [SOLVED]

You could do this several ways...
A simple way to "learn" or "start" would be to make 2 scripts and 2 schedules.
One enables the INTERFACES
One disables the INTERFACES

What are the names of the virtual interfaces?
by gotsprings
Fri Mar 15, 2019 2:59 am
Forum: General
Topic: 6.44.1 Broke Stuff Need to Downgrade to 6.44
Replies: 4
Views: 469

Re: 6.44.1 Broke Stuff Need to Downgrade to 6.44

The device is not properly setting connections as new then established. So it flags the connection as invalid. Then the router drops it on the next pass at invalid or dumps it on my drop all.

Been using this firewall for a couple of years now. This is new behavior.
by gotsprings
Fri Mar 15, 2019 1:21 am
Forum: General
Topic: 6.44.1 Broke Stuff Need to Downgrade to 6.44
Replies: 4
Views: 469

6.44.1 Broke Stuff Need to Downgrade to 6.44

Updated a CCR1009 and hAP AC2 from 6.44 to 6.44.1 Lots of connections are suddenly getting dropped by my DROP INVALID Forwarding rule. Pings between the 2 routers on VPN show timeouts that never did before. How can I downgrade and hAP AC when the Files Directory doesn't show enough space to put in t...
by gotsprings
Fri Mar 15, 2019 12:00 am
Forum: General
Topic: ROS 6.44 - VPN L2TP not working
Replies: 23
Views: 2674

Re: ROS 6.44 - VPN L2TP not working

Upgrading 6.44.1 broke my firewall forwarding chains.
by gotsprings
Thu Mar 14, 2019 10:38 pm
Forum: Announcements
Topic: v6.44.1 [stable] is released!
Replies: 86
Views: 15830

Re: v6.44.1 [stable] is released!

Updated hAP AC2 and CCR1009 from 6.44 to 6.44.1 I am seeing a lot of dropped Forwarded packets as INVALID. These are packets that should have hit the New connection from a local device in the address list. But are getting dropped. Also IPSEC connection between offices is now dropping pings. Call fro...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 15