MikroTik

gotsprings

Needed this the other day. In Eoip Tunnel you can define the far point (remote-address) to use IPCloud. But the local address does not. This will grab the local WAN IP and add it to a EoIP tunnel with the word "Tunnel" in the name. /system script add dont-require-permissions=no name=EoipUpdate owner...

gotsprings

I always hated the fact that people could easily steal you scripts with passwords in them. (dyndns)

gotsprings

Figured this out when I was working on caps-man. When you have to disable the SSID across more than one radio... that code made life much easier.

gotsprings

Then this would kill it :log info "Turning OFF Training." /interface disable [find name~"Training"] :log info "Training DOWN." This would bring it back up. :log info "Turning ON Training." /interface enable [find name~"Training"] :log info "Training UP." You can get fancy with if then and time of da...

gotsprings

You could do this several ways...
A simple way to "learn" or "start" would be to make 2 scripts and 2 schedules.
One enables the INTERFACES
One disables the INTERFACES

What are the names of the virtual interfaces?

gotsprings

The device is not properly setting connections as new then established. So it flags the connection as invalid. Then the router drops it on the next pass at invalid or dumps it on my drop all.

Been using this firewall for a couple of years now. This is new behavior.

gotsprings

Updated a CCR1009 and hAP AC2 from 6.44 to 6.44.1 Lots of connections are suddenly getting dropped by my DROP INVALID Forwarding rule. Pings between the 2 routers on VPN show timeouts that never did before. How can I downgrade and hAP AC when the Files Directory doesn't show enough space to put in t...

gotsprings

Upgrading 6.44.1 broke my firewall forwarding chains.

gotsprings

Updated hAP AC2 and CCR1009 from 6.44 to 6.44.1 I am seeing a lot of dropped Forwarded packets as INVALID. These are packets that should have hit the New connection from a local device in the address list. But are getting dropped. Also IPSEC connection between offices is now dropping pings. Call fro...

gotsprings

I don't know why people always use in-interface for port forwarding, it will bite them sooner or later. :) Because they saw it in some youtube tutorial, which was made on basis of having dynamic WAN address (e.g. PPPoE or DHCP) ... and if that's so, one can not really use dst-address as dst-nat cri...

gotsprings

No in interface.

The external IP is what you need.
A separate rule deals with local-address list to local-address list on Local interface.

gotsprings

Gotta use the EXTERNAL IP... interface won't do it.

Like SOB put it...
/ip firewall nat
add chain=dstnat dst-address=<public IP> protocol=tcp dst-port=80,443 action=dst-nat to-adresses=192.168.100.x

PUBLIC IP.

gotsprings

If you mean the srcnat rule with same src/dst-address=<LAN subnet>/<mask> used with hairpin NAT, that's not needed here. It's needed when client thinks that it communicates with some external address, but server would see client's real address from same subnet, would reply directly and that would n...

gotsprings

If you go lazy and do the DNS thing... You can only port forward to one IP. Not good if you have different services on different devices.

Sob left out the
Subenet back on subnet on interface rule.

gotsprings

Export your
/IP firewall nat

gotsprings

I'm using CAPSMAN and set Group-key-update to 01:00:00 and have had no luck with 2 doorbells. aes and WAP WPA2 on with now a shorter 8 character password. No issues connecting with any other device. Anyone else have experience? The device says has a problem connecting to the Internet. Seems like it...

gotsprings

The MoFi is averaging around 30M downloads sitting on my desk.

gotsprings

I got a wAP R-LTE US Kit. Got it working but some US frequencies seem to be missing. I like the form factor... but would really prefer having access to the US bands that i can with the https://www.sierrawireless.com/products-and-solutions/embedded-solutions/products/mc7455/ I bought a MoFi 4500 and ...

gotsprings

Thanks for the replies. No Verizon coverage is going to be a deal breaker for me, so I ordered a Sierra Wireless MC7455 card. Will RouterOS recognize this, or is there a way to install drivers? Kind of late... But that same wAP LTE KIT-US I used on T-Mobile. Is now running on Verizon wireless. I ha...

gotsprings

I never tried with the M2M plans from T-Mobile. I only did a prepaid plan for proof of concept. It showed me that I would have to mount the wAP R OUTSIDE to get a signal with T-Mobile. Keeping that in my back pocket for the next time one client I know of on AutoPay screws up his verizon account again.

gotsprings

I need a steady stream of packets that end up being ~4-6GB The $10 2GB plan just doesn't cut it and the 6GB plan is too expensive. M2M SIMs are a perfect fit, if I can find a modem that is allowed on that network and is mikrotik compatible. You need 4-6Gigs a month and $25 is too much? Wow. I stumb...

gotsprings

Info - I just updated the 207.32.194.24 btest server from 6.43.11 to 6.43.12

North Idaho Tom Jones

THANK YOU!!!

gotsprings

T-Mobile’s M2M service doesn’t work though. It’s imei filtered and the mikrotik LTE card isn’t on the approved list.

So get the $10 a month plan?

https://prepaid.t-mobile.com/plan-detai ... e-internet

gotsprings

https://mikrotik.com/product/wap_lte_kit_us I can confirm that this unit works with T-Mobile in the US. I had to set the APN to /interface lte apn add apn=fast.t-mobile.com default-route-distance=1 passthrough-interface=\ ether1 passthrough-mac=auto add apn=fast.t-mobile.com default-route-distance=1...

gotsprings

/caps-man channel
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ceee \
    frequency=5180 name="Channel 36 80mhz"

Try that

gotsprings

After bunches of emails and support files... I got nothing.

Switched out unit to a MoFi modem feeding a hAP AC2. No Problem with remote connection.

gotsprings

I have a hAP AC2 running as just a wireless access point. I have a ring connected to it on 5.0 Ghz. No real problems keeping it connected. I have the group key at 5 mins. WPA2 AES. Its been on for about 45 days now.

gotsprings

Well then you need to resolve those IPs and punch them in on changes.
"Scripting"

gotsprings

Seems you would want a SSID and ports per apartment. Then have the "public SSID" run across all the hardware?

gotsprings

If one of the routers lacks a public IP... connect that one using L2TP then setup a encryption inside that connection.

gotsprings

I mean I bought a static public IP so I could reach the device remotely.

Works with Cradlepoint as a modem to a TIk.

But using the Mikrotik wAP LTE as modem and router... It's showing the one IP as the IP and the gateway. A remote connection hits then drops. Makes my remote management a problem.

gotsprings

/interface wireless security-profiles

Then you need to select the security profile for each wireless network you want to connect to.

gotsprings

Got 975M on my tests over short distances. But a difference being that the line of site MEANS line of site. Off axis the throughput disappeared completely even at short range. So AIM and a clean LOS is key.

gotsprings

If its anything like the wAP LTE I am testing... its meant to work like a cellular modem. The one I am testing has problems with the gateway its picking up. So it not allowing remote connections. Making it unsuitable for the application I was planning for it. I emailed support and am looking for a C...

gotsprings

I found out that when the wAP LTE connects to the cellular provider (Verizon) it does get the Static IP From the ISP. Problem is that it gets the static IP and doesn't set a gateway that is one number higher than the static IP. Cradlepoints receive the IP from Verizon and show the IP as /29 IP = xxx...

gotsprings

I am testing a wAP R-2nD as a replacement for our CradlePoint installs. I have the unit configured like a home router with wireless 2.4 bridged to the ethernet port and LTE modem setup as the WAN. I can reach the internet and browse normally. However i noticed that I can't get winbox to load when I ...

gotsprings

Copy and past this whole thing in a New Terminal Window using RIGHT CLICK (Your mouse buttons) Copy and Paste. DO NOT USE CTRL+C and CTRL+P /ip cloud set ddns-enabled=yes /ip firewall address-list add address=192.168.88.0/24 list=GotSprings /ip firewall nat add action=masquerade chain=srcnat comment...

gotsprings

Something like /ip firewall nat add action=dst-nat chain=dstnat comment="Redirect Guest DNS" dst-address=!192.168.x.x \ dst-port=53 protocol=udp src-address-list=Local to-addresses=192.168.x.x and mkv was correct. have the dhcp server tell the clients to use your piehole... (Kind of sounds rude when...

gotsprings

That rule doesn't look like it is meant for external connections. add action=dst-nat chain=dstnat dst-port=81 in-interface=bridge protocol=tcp \ to-addresses=192.168.88.1 to-ports=80 That rule would take a request on port 81 coming from the bridge (Local interface) and forward it to 192.168.88.1 por...

gotsprings

OVPN has not worked on port 1194 for about 10 years now.

Also as for using those VPN services to "side step" geolocation... providers update their blacklists from time to time too.

gotsprings

I'm using DHCP-Server option 6 to forward all DHCP clients DNS to the PI-Hole server. /ip dhcp-server option print # NAME CODE VALUE RAW-VALUE 0 PIHole 6 '192.168.x.x' c0a80032 Where 192.168.x.x is the PI-Hole address. Would be even easier to put it in /ip dhcp-server network add address=192.168.2....

gotsprings

/ip firewall filter
export

gotsprings

Thanks Guys Wish I would Have found MikroTIK be for I started buying Cisco. Not that there is any thing wrong with cisco.
Maybe I may Ebay my Switch's and pick up a 48Port Poe MikroTiK

There are no 48 port Mikrotik switches.

So your Cisco makes sense.

gotsprings

Had this working for several months now.

hAP AC2 is the main router and I wanted to add it to the cap config that it is running three cAP AC.

/interface wireless cap
set certificate=request discovery-interfaces=bridge enabled=yes interfaces=wlan1,wlan2

gotsprings

pihole is a local dns server right?

You would set the dhcp-server to handout the pihole address to clients.

Then set up a rule to capture anything on port 53 and send it to your pihole server.

Any Tik should be able to do this.

gotsprings

Guys what can you say about roaming capability? Is this implemented in unifi is far better than mikrotik ones? Im consider which implement in my house.

Wysłane z mojego HTC 10 przy użyciu Tapatalka

Caps-Man can be MUCH MORE GRANULAR.

gotsprings

The cAP AC and hAP AC2 top out right around 300 at point blank range. But the R510 will actually hit the 866M you should get from a 2x2 AC-MU radio. True, but this is coming at four times the price of a cAP AC/Unifi AC Lite making the comparison unrealistic. Like said by someone else, it is all abo...

gotsprings

Quite happy with the performance of the capAC inside the home but range in 5Ghz is markedly and expectedly less than 2.4ghz.

That's pretty typical of 5GHZ. It is faster, but doesn't go through much, or very far.

gotsprings

How many AP's do you plan to install? aside from a singular AP performance, it's probably more relevant to assess the controller function and features along with the radio performance. The controller function and features along with the client compatibility unfortunately go hard against mtk enterpr...

gotsprings

At this moment bad, we tested 3 Intel Based AC Laptops and both are only able to connect to 54 MBit..... Kind of seems "par" for Mikrotik with wireless devices. They release them and it takes several months and routerOS/firmwares before they start showing acceptable results. I went through that wit...

Search found 661 matches