And are you sure your new internet is working properly?The result is that I don't have internet on the LAN
If you plug a computer/laptop directly into the new service does it get internet?
And are you sure your new internet is working properly?The result is that I don't have internet on the LAN
^^ This.Better off doing wireguard IMHO.
You can't do this.You need to connect to Starlink and change the internal network addressing. Instead of 192.168.1.1 set something like 192.168.231.1 then there will be no confusion.
Maybe. but we can't see what you have missed if you do not post more of your configuration..
Do I miss any more mangle rules that routing rules have under the hood?
^^ Yes thattry this way
What version of RouterOS? 6 or 7?Anyone ?
Why? Genuinely curious as to why anyone would use WebFig over Winbox if they have the option to use Winbox.Being a person that uses the webfig much more than winbox, this change:
What problem are you having? it might be better posting in the General forum for this type of help.so I need to know how to fix this.
And you have been told the answer a number of times. Add a rule for "Hairpin NAT". It really is that simple.
Again I can't stress this enough. Asus, Netgear, Linksys home/or gaming routers have this routing working out of the box. All I want to do is make Mikrotik do the same.
Well bugger me... I am sure I tested that yesterday and it did not work.Try to addto your client config.Code: Select alldata-ciphers-fallback AES-256-CBC
Have you tried upgrading?Have i bought an old AP that won't take newer ROS versions?
All the DST-NAT (port forwarding rules) are disabledHi,
I am having issues with port forwarding.
Your route for the remote 192.168 subnet is wrong. Use the remote WireGuard IP Address not the interface wg1 for the route destination.I set up the route for the wg net (18.1.1.4/30 and the network of the other location) with the wg1 interface on my mikrotik.
3_wg_routes_wg_interface.png
I guess people have to register a cheap domain and create a CNAME pointing to XXXXXX.mynetname.net. Not a big or expensive problem.Now I'm getting this errorNo more certificates for new users.[error] too many certificates already issued for "mynetname.net".
Conclusion: finding comment & editing only required fields is way better than yours.
Here is my script
That's the best burn I have seen in ages !The world is big. You wouldn't believe what happens in other places.
Why not just use 0.0.0.0/0 ? then you can just route anything you want down the wireguard connections.With ospf v2 and network type ptp, you need to add 224.0.0.0/24 to allowed address to both peer.
.
So, as soon as I created WG interface for every vpn connection everything worked out-of-the box ... routers mt1, ... mt4 are in full mesh (3 wg interfaces each )
...
I wish this column was shown by default......Set show columns to show "routing table"
NetinstallNow the rb2011 is deaded, it continue to reboot! How to solve the problem?
Turn on the PPP logging and post the logs. Those attachments don't show much that can be used for diagnostics.Here are the attachments.
When you connect to thousands of different routers, often using different IP's, this is not practical.You can do yourself saving the session as default session on winbox.
Will be fineIf upgrade The Dude Server to 7.2.x will it be able to use agent devices running on 6.48.4 ?
Just to close out this thread. Fix for this is in 7.3beta33
Is anyone else having issues with EAP-TLS in v7?
Ticket logged with support (SUP-67209) but just thought I would post here in case there was something stupid I am missing.
RB1100AHx4 Dude Edition RouterOS 7.2What is the RouterOS status of the agent device (server)?
No. But surely that is not a requirement?The remote devices are all 7.2?
Yes.aoakeley, did you upgrade your agent (server) to 7.2 as well?
I wonder if something else I did in 6.x before upgrading changed something..... I'll go back over my config and have another look tomorrow....Seems same to me, still works only with disabled forwarding.
So not the same config, or using ROSv7, but thanks for trying to help.In my setup I have eap-methods=eap-tls,passthrough but this is with RADIUS and a freeradius server. It works on v6 but I have not yet tested it on v7.
I still have one device very intermittently showing this issue, I will upgrade that unit and see how it goes.For others following this topic, please upgrade to 6.47.8 or newer, there are relevant fixed that will improve or remedy any issues described in this topic.
Yes. This has been a mess for a while now.it would be nice to have the tabs in a logical order to build a tunnel
Wireless is now working as of 7.1 beta1Wireless also not working on 2011UAS-2HnD
Factory default config on unit.
Could see SSID but unable to join on both Windows laptop and iPhone.
I will wait for Beta 4, and post full report then if still not working.
Yes, ReplacedI too doubt this is a hardware defect.
But that's easily disputed:
Has anyone gotten their board replaced? And if so, has that solved the problem?
^ This.Personally I am against dumbing stuff down to meet the lowest intelligence level of a potential user. If it matters to you then learn it and master it. If it is too complicated buy a Netgear.
RB2011 (mipsBE and only has 2.4 wireless) still cant join wireless network. Can see it fine but cant join.Has anyone tested beta8?The same issue. Only 5 Ghz worksHas anyone tested beta5 on mAP Lite?
Yes. see my previous posts
This is a reply from mikrotik support. Has anyone done this ?
Sorry - what's a standard configuration?
If you are not using a “standard configuration“ then you likely don’t want to use a firewall rule or wizard.
And yet another 1100AHX4 with this issue.
After obtaining supout.rif files by console cable, MikroTik have organised warranty replacement for the two 1100 units exhibiting this issue.
Advice for lifeDon't do important work using your phone or with a baby on your arms...
/ip firewall filter
add action=accept chain=input comment="Allow Http" dst-port=80 protocol=tcp
I have plenty running that have no issue. I think the devices with this issue are very few.... and I was just about buying a 4011 . . . should I do that or not .. it's for a main network gateway, PPPoE, dude, . . .
Christmas in July?Maybe Christmas giftAny news about date of release Ros v7?
Start by posting in the correct forum. Try Beginner Basics viewforum.php?f=13...
How to block access to my local network from guest IP range 192.168.101.0/24.
Thanks
YP
Please post in correct forum viewforum.php?f=13 , thank you!
Please help me fix it, thank you!
.
Your post has absolutely nothing to do with this topic, and really nothing to do with Mikrotik. You would be better off posting somewhere else.While attempting to get my wireless router working (a Netgear WPN824 v3), I managed to turn the DHCP off.
Thanks. That solves the route and DNS issue.configure the APN Profile in the LTE menu to not to add Default route and DNS.
Thanks. Now we know for sure.My correspondence with the MT support confirmed that PPP has speed issues: "when you will run a speedtest you will not get higher speeds that 25mbps on 4g, that is all.". .
Has anyone tested this in production using 6.2 final release? changelog says its fixed........Yeap, on 6.2 pre-release IPSec is still broken.