Community discussions

MikroTik App

Search found 361 matches

  • 1
  • 2
by evince
Tue Mar 26, 2024 3:41 pm
Forum: Beginner Basics
Topic: Same IP on different Ether interfaces
Replies: 10
Views: 600

Re: Same IP on different Ether interfaces

Yes,

ip dns set allow-remote-requests=yes servers=1.1.1.1 (or whatever dns server you want)
If you do that, make sure your firewall rules are properly configured.
by evince
Mon Mar 25, 2024 12:07 pm
Forum: Beginner Basics
Topic: Same IP on different Ether interfaces
Replies: 10
Views: 600

Re: Same IP on different Ether interfaces

Hello,

Change this : 10.0.0.1/24 to 10.0.0.1/32

Regards,
by evince
Mon Aug 21, 2023 5:47 pm
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 161965

Re: v7.11 [stable] is released!

Very nice upgrade,
*) netwatch - added "src-address" property;

Please add the option to be able the ping IP for failover in route. example: check gateway ping 1.1.1.1 that would helps
+1. It'd be very useful.
by evince
Mon Jul 03, 2023 10:28 am
Forum: Announcements
Topic: v7.10, 7.10.1 and more [stable] are released!
Replies: 369
Views: 129353

Re: v7.10 [stable] is released!

Since this Update my OpenVPN Windows Clients are unable to connect. Mikrotik to Mikrotik with OpenVPN is working. Anyone else see this Problem?
Working fine for me
by evince
Fri Dec 09, 2022 12:01 pm
Forum: Beginner Basics
Topic: Problem with L2TP VPN
Replies: 4
Views: 3410

Re: Problem with L2TP VPN

In theory, this entry is needed when behind nat device.

When you check the logs, the is not nat.
by evince
Wed Jul 27, 2022 9:34 am
Forum: Announcements
Topic: v7.4 [stable] is released!
Replies: 226
Views: 55157

Re: v7.4 [stable] is released!

*) lte - improved LTE interface detection for LtAP-2HnD devices;
Does this have to do with the LTE interface totally missing in some occasions ?
+1
by evince
Thu Jul 14, 2022 5:19 pm
Forum: Beginner Basics
Topic: VPN cyberghostvpn
Replies: 15
Views: 11723

Re: VPN cyberghostvpn

+1, unable to make it working,

I've tried with IKEv2 but same problem :/

If someone can tell me what are good configuration for phase1&phase2.

Thank you in advance,
by evince
Tue May 17, 2022 4:50 pm
Forum: Beginner Basics
Topic: converting .backup to plain text
Replies: 19
Views: 15346

Re: converting .backup to plain text

Hello,

You need to create .rsc file (readable)

Go to terminal and type : export file=(the-name-you-want), then go to FILES and download it.
by evince
Wed May 11, 2022 1:02 pm
Forum: Beginner Basics
Topic: L2TP server stopped working properly
Replies: 11
Views: 3175

Re: L2TP server stopped working properly

Hello,

Take a look at this, maybe it is the solution. https://docs.microsoft.com/en-us/troubl ... t-t-device

Regards,
by evince
Wed Apr 27, 2022 10:27 am
Forum: General
Topic: After Upgrade from 6.49.1 to 7.1 ipsec Site-Site not working
Replies: 45
Views: 23486

Re: After Upgrade from 6.49.1 to 7.1 ipsec Site-Site not working

Same problem for me,

L2TP clients are not able ton connect to my my hub vpn when ipsec is enabled.
by evince
Tue Jan 04, 2022 11:42 am
Forum: Announcements
Topic: v7.1.1 is released!
Replies: 443
Views: 224501

Re: v7.1.1 is released!

Hello pe1chl,

Thank your for your help.

My router woks as a L2TP/IPSec server. Sometimes my customers are able to connect with IPSec enabled, but I cannot join anything in their network. If I disable IPSec, I can join the whole network.

All was working before upgrading to ver.7.

Regards,
by evince
Tue Jan 04, 2022 11:28 am
Forum: Announcements
Topic: v7.1.1 is released!
Replies: 443
Views: 224501

Re: v7.1.1 is released!

After upgrade to 7.1.1 from v6 i have an issue with l2tp+ipsec with error

<ip>: authentication failed: peer didn't respond to CHAP challenge
Same for me. if i disable ipsec, all is working.
by evince
Fri Dec 03, 2021 11:58 pm
Forum: The Dude
Topic: cant add images to the dude from winbox [SOLVED]
Replies: 8
Views: 9979

Re: cant add images to the dude from winbox [SOLVED]

Same problem for me
by evince
Fri Sep 10, 2021 3:44 pm
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 309554

Re: ZeroTier added to RouterOS v7.1rc2

OK tank you Normis, but why under adresse liste it il showed unknow as interface ?
by evince
Fri Sep 10, 2021 2:48 pm
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 309554

Re: ZeroTier added to RouterOS v7.1rc2

Hi all, I have installed zerotier package, configured it and all is running. By the way I cannot see the "zerotier interface" under intercace list, only by cli. If I check the address list, it is displayed "unknow" as interface but I do have an IP address and the tunnel is workin...
by evince
Tue Sep 07, 2021 4:36 pm
Forum: Beginner Basics
Topic: NATting with Mikrotik
Replies: 5
Views: 1179

Re: NATting with Mikrotik

Hello, sipmly use masquerade rule :
/ip firewall nat
add action=masquerade chain=srcnat comment="masquerade" out-interface=Ether1 src-address=your_lan_subnet
by evince
Fri Jul 02, 2021 10:31 am
Forum: Beginner Basics
Topic: Simple queues not working
Replies: 1
Views: 592

Re: Simple queues not working

Check in your firewall rules if fasttrack is enabled, if it is you have to fine tune it for have it to work.
by evince
Fri May 14, 2021 4:01 pm
Forum: General
Topic: Same subnets to L2TP/IPsec, possible?
Replies: 3
Views: 1009

Re: Same subnets to L2TP/IPsec, possible?

Hello,

Take a look at this wonderful tip : viewtopic.php?t=148665

It works great :)
by evince
Mon Apr 26, 2021 12:18 pm
Forum: Beginner Basics
Topic: Port forwarding not working
Replies: 4
Views: 1068

Re: Port forwarding not working

Hello,

i cannot see any ip address for ether1, how is it configured?
by evince
Fri Mar 05, 2021 12:51 pm
Forum: General
Topic: VPN IPsec dual WAN (PCC) - phase1 negotiation failed due to send error [SOLVED]
Replies: 13
Views: 13305

Re: VPN IPsec - phase1 negotiation failed due to send error [SOLVED]

Hello,
Maybe add proxy-arp to your bridge?
by evince
Fri Feb 05, 2021 3:30 pm
Forum: Beginner Basics
Topic: Speed issue with Mikrotik CCR2004
Replies: 5
Views: 1328

Re: Speed issue with Mikrotik CCR2004

Hello, we you run your speedtest, check your cpu's :

/system resource monitor

Maybe 1 is 100% of load.
by evince
Tue Jan 19, 2021 11:06 am
Forum: Beginner Basics
Topic: NAT not working...
Replies: 45
Views: 8596

Re: NAT not working...

Hello, take a look at your masquerade rule, maybe out-interface is wrong.
by evince
Tue Jan 12, 2021 1:12 pm
Forum: Beginner Basics
Topic: Can I change user name in SwOS?
Replies: 4
Views: 1669

Re: Can I change user name in SwOS?

Hello, the best way is to create a new user with full rights and then disable default admin user.
by evince
Tue Dec 29, 2020 10:43 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 295
Views: 127556

Re: v6.48 [stable] is released!

*) branding - fixed LCD logo loading from new style branding package; How can we add a LCD logo? It would be great to add a custom image with our company logo and the Router-Name. Go to your Mikrotik account, At the bottom you see other. Click on branding maker. Here you can add your logo. Then you...
by evince
Mon Dec 14, 2020 5:06 pm
Forum: Beginner Basics
Topic: Port forwarding don't work, cannot access from WAN (new router)
Replies: 7
Views: 2299

Re: Port forwarding don't work, cannot access from WAN (new router)

Hello, you have an error on your NAT rule :

add action=dst-nat chain=dstnat dst-port=341 log=yes protocol=tcp to-addresses=192.168.1.5 to-ports=341

You need to add in-interface=ether1.

And your logs show : ==> 10.29.4.87.

Maybe your ISP uses CGNAT.
by evince
Fri Dec 04, 2020 3:30 pm
Forum: General
Topic: IP blocked
Replies: 23
Views: 3313

Re: IP blocked

Dear Sindy,

UPNP is enabled :(

/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=bridge2 type=internal
add interface=ether1 type=external
by evince
Mon Nov 23, 2020 5:22 pm
Forum: Beginner Basics
Topic: Blocking by MAC address on the external interface [SOLVED]
Replies: 4
Views: 2777

Re: Blocking by MAC address on the external interface [SOLVED]

Hello, if you get an address from sf1 interface it is because dhcp-client is enabled on this interface. Why don't you disable this dhcp-client instead?
by evince
Wed Sep 23, 2020 12:57 pm
Forum: Beginner Basics
Topic: Mikrotik LtAP LTE6 - DNS problem LTE AP
Replies: 3
Views: 953

Re: Mikrotik LtAP LTE6 - DNS problem LTE AP

Hello, the best is to post your config here : /export hide-sensitive
by evince
Thu Sep 10, 2020 12:31 pm
Forum: Beginner Basics
Topic: ddns or vpn to get static ip How to
Replies: 6
Views: 1423

Re: ddns or vpn to get static ip How to

Hello,

With a LTE connection, you'll not be able to forward ports.
by evince
Fri Sep 04, 2020 2:31 pm
Forum: RouterOS beta
Topic: Feature request : Ping check Gateway
Replies: 2
Views: 1053

Re: Feature request : Ping check Gateway

Thank you for your answer, but it'd be easier to implement it directly :)
by evince
Fri Sep 04, 2020 12:46 pm
Forum: RouterOS beta
Topic: Feature request : Ping check Gateway
Replies: 2
Views: 1053

Feature request : Ping check Gateway

Dear Mikrotik support, it would be great if it was possible to choose the gateway to ping in /IP route.

At the moment, only the gateway is possible. I'd like to be able to choose another IP as 8.8.4.4 for example.

Thank you in advance,
by evince
Wed Jul 29, 2020 4:39 pm
Forum: General
Topic: Add src-address param to /tool speedtest
Replies: 2
Views: 1194

Re: Add src-address param to /tool speedtest

+1 or interface
by evince
Tue Jul 28, 2020 12:58 pm
Forum: General
Topic: send all traffic through l2tp VPN
Replies: 8
Views: 7151

Re: send all traffic through l2tp VPN

Hello, add a default route 0.0.0.0/0 gw=your_l2tp_tunnel and a nat rule.
by evince
Fri Jun 19, 2020 10:30 am
Forum: Beginner Basics
Topic: ping time out
Replies: 1
Views: 810

Re: ping time out

Hello,

Check your firewall rules. Maybe you have to add an accept rule for ICMP
by evince
Mon May 25, 2020 3:03 pm
Forum: Wireless Networking
Topic: HAP: wireless clients don’t receive IP address from DHCP Server
Replies: 2
Views: 1260

Re: HAP: wireless clients don’t receive IP address from DHCP Server

Hello,

Make sure your HAP is configured in ap bridge mode.

Regards,
by evince
Fri Mar 13, 2020 3:51 pm
Forum: Beginner Basics
Topic: [SOLVED] Hairpin NAT issues
Replies: 5
Views: 2723

Re: Hairpin NAT issues

Hello, try this :

/ip firewall nat
add chain=srcnat src-address=192.168.0.0/24 \
dst-address=192.168.0.10 protocol=tcp dst-port=999 \
out-interface=bridge action=masquerade
Out interface name should be your bridge name.

Regards,
by evince
Fri Mar 13, 2020 12:01 pm
Forum: Beginner Basics
Topic: Routerboard 951UI 2HnD as wired to wireless bridges
Replies: 2
Views: 1902

Re: Routerboard 951UI 2HnD as wired to wireless bridges

Hello,

If you have bridged all the ports, you have to add dhcp client on that bridge, and then it will receive an ip address from your Huawei.

Regards,
by evince
Thu Mar 12, 2020 5:09 pm
Forum: Beginner Basics
Topic: Block FB and YT to all except...
Replies: 1
Views: 1760

Re: Block FB and YT to all except...

Hello, is it the right version of your Mikrotik??

Please upgrade your router first, then use TLS instead of layer7.

Regards,
by evince
Wed Mar 04, 2020 5:12 pm
Forum: Beginner Basics
Topic: PPTP server cannot be connected with log file
Replies: 1
Views: 2119

Re: PPTP server cannot be connected with log file

Hello, did you configure your profile? with local and remote addresses?
by evince
Tue Mar 03, 2020 2:07 pm
Forum: Announcements
Topic: v6.46.4 [stable] is released!
Replies: 106
Views: 77668

Re: v6.46.4 [stable] is released!

CHR updated to 6.46.4 (onlys used for dude).

now i can see in the terminal : 12:59:16 echo: system,error,critical login failure for user admin from 127.0.0.1 via winbox

by the way, no logs showed anymore in /logs.
by evince
Tue Mar 03, 2020 10:35 am
Forum: General
Topic: Use of public IP space on local hosts. 1:1 NAT?
Replies: 13
Views: 4961

Re: Use of public IP space on local hosts. 1:1 NAT?

No, you do not need NAT rule as you have a public subnet.

Depending to how is configured your connection, you can assign your wan ip directly on your devices.

First, you need to assign an ip address to your "bridge" if you have 1, and the use this address as gateway on your devices.
by evince
Fri Feb 28, 2020 1:29 pm
Forum: Beginner Basics
Topic: DHCPDISCOVER and DHCPOFFER spam on DHCP server from Mikrotik router
Replies: 10
Views: 4478

Re: DHCPDISCOVER and DHCPOFFER spam on DHCP server from Mikrotik router

Hello,

Do you have dhcp-client enabled on ether1?
by evince
Fri Feb 28, 2020 10:57 am
Forum: Announcements
Topic: v6.46.4 [stable] is released!
Replies: 106
Views: 77668

Re: v6.46.4 [stable] is released!

Hi!
I also have an error std failure: not allowed (9).
Installed v6.46.4 [stable], the user has full rights
Is there a solution?
Hello, did you upgrade your dude?
by evince
Mon Feb 17, 2020 6:18 pm
Forum: Beginner Basics
Topic: Connection between two LANs
Replies: 13
Views: 4522

Re: Connection between two LANs

Of course, the route needs to be on PFSENSE :) it seems logical :)
by evince
Mon Feb 17, 2020 6:14 pm
Forum: Beginner Basics
Topic: Connection between two LANs
Replies: 13
Views: 4522

Re: Connection between two LANs

OK, maybe you have a firewall rule that's blocks your request. Try to disable all drop rule first. If it works, then adjust them
by evince
Mon Feb 17, 2020 6:06 pm
Forum: Beginner Basics
Topic: Connection between two LANs
Replies: 13
Views: 4522

Re: Connection between two LANs

To resolve: a static route to the 192.168.5.0/24 network is needed on PF Sense using the IP of the 10.10.0.60 address on the MikroTik as the GW. Also create a gateway entry and FW rules if needed. If you look correctly, he need to route 192.168.0.0/16, as 192.168.5.1 is a part of this network
by evince
Mon Feb 17, 2020 5:39 pm
Forum: Beginner Basics
Topic: Connection between two LANs
Replies: 13
Views: 4522

Re: Connection between two LANs

Hello,

You'll need to add a route : ip route add dst-address=192.168.0.0/16 gateway=10.100.0.60 distance=1
by evince
Mon Feb 17, 2020 12:54 pm
Forum: General
Topic: How to spcific Dintance for routes in ppp->secret
Replies: 7
Views: 9904

Re: How to spcific Dintance for routes in ppp->secret

Hello,

Just add the distance at the end of your routes.

aaa.bbb.ccc.ddd/32 eee.fff.ggg.hhh 120

Reagrds,
by evince
Thu Feb 13, 2020 10:21 am
Forum: Beginner Basics
Topic: Using domain pointing to WAN ip internally
Replies: 2
Views: 1938

Re: Using domain pointing to WAN ip internally

Hello, you need hairpin nat rules.

Regards,
by evince
Fri Jan 03, 2020 10:43 am
Forum: General
Topic: Port Forwarding Error. [SOLVED]
Replies: 7
Views: 2337

Re: Port Forwarding Error. [SOLVED]

Ok, so do not use in-interface but dst-address instead.
by evince
Fri Jan 03, 2020 9:57 am
Forum: General
Topic: Port Forwarding Error. [SOLVED]
Replies: 7
Views: 2337

Re: Port Forwarding Error. [SOLVED]

Hello,

On your NAT rule, did you choose in-interface or dst-address?
by evince
Fri Jan 03, 2020 9:56 am
Forum: General
Topic: Kid control
Replies: 2
Views: 819

Re: Kid control

Hello,

You need to create a skin via webfig and the user the rights you want. And then assign the skin to this user.

Take a look at this : viewtopic.php?t=52184

Regards,
by evince
Wed Nov 27, 2019 11:31 am
Forum: Announcements
Topic: v6.45.7 [stable] is released!
Replies: 104
Views: 69883

Re: v6.45.7 [stable] is released!

Is the hotspot still broken on anything over 6.44.6?
Yes hotspot is still broken, need to install long term version.
by evince
Thu Oct 24, 2019 1:06 pm
Forum: RouterOS beta
Topic: 7.0beta3 available in testing?
Replies: 40
Views: 16847

Re: 7.0beta3 available in testing?

Upgrade successful, btw BGP is broken :(
by evince
Mon Oct 21, 2019 11:50 am
Forum: Beginner Basics
Topic: Connect to two servers with same port
Replies: 4
Views: 1447

Re: Connect to two servers with same port

Hello,

What are you trying to achieve? Do you want to accessyour servers from the Internet?

if so, you need 2 differents ports. And for security reason, change the default port and add an access list
by evince
Mon Oct 21, 2019 10:27 am
Forum: Beginner Basics
Topic: satic source nat not working
Replies: 11
Views: 4473

Re: satic source nat not working

Hello,

for your NAT rule, you need to specify your out-interface (ether1)

Regards,
by evince
Thu Sep 26, 2019 10:46 am
Forum: The Dude
Topic: The Dude Client for Android?
Replies: 13
Views: 15565

Re: The Dude Client for Android?

+1 it woul'd be very interesting.
by evince
Wed Sep 25, 2019 12:47 pm
Forum: Beginner Basics
Topic: DHCP OPTION 160
Replies: 3
Views: 4782

DHCP OPTION 160

Dear all,

Can you tell me if option 160 is working on Mikrotik? I'm not able to make it working.

Thank you in advance,
by evince
Wed Sep 25, 2019 12:02 pm
Forum: The Dude
Topic: Monitor PPPoE dynamic
Replies: 0
Views: 2475

Monitor PPPoE dynamic

Dear all,

I'd like to monitor a second WAN with PPPoE dynamic IP. Is there any way?

Thank you in advance,
by evince
Fri Sep 20, 2019 5:08 pm
Forum: General
Topic: New IP cloud is coming.
Replies: 84
Views: 46707

Re: New IP cloud is coming.

You think there is any chance in the future to support multi-wan setups? One option is to prepend or append the interface number to the dyndns hostname? pppoe-out1 = xxxxx-1.sn.mynetname.net pppoe-out2 = xxxxx-2.sn.mynetname.net This! We need to be able to monitor backup connections that have dynam...
by evince
Mon Jul 15, 2019 1:28 pm
Forum: Beginner Basics
Topic: Block Youtube but not with gmail
Replies: 12
Views: 9898

Re: Block Youtube but not with gmail

TLS is working, i do use it @ work. Where did you place your rule? do you have matching?
by evince
Thu Jul 11, 2019 12:53 pm
Forum: Beginner Basics
Topic: Block Youtube but not with gmail
Replies: 12
Views: 9898

Re: Block Youtube but not with gmail

No, do not use L7, but TLS Host.

/ip firewall filter
add action=reject chain=forward comment="block youtube" protocol=tcp reject-with=icmp-network-unreachable tls-host=*youtube*
by evince
Thu Jun 13, 2019 3:23 pm
Forum: Wireless Networking
Topic: Change network
Replies: 5
Views: 2943

Re: Change network

Hello, you need to brigde all the ports in order to make it work.(or at lease the uplink)
by evince
Thu Jun 06, 2019 2:28 pm
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 1009
Views: 1119503

Re: Public-Mikrotik-Bandwidth-Test-Server(s)

Same problem today, unable to connect :(
by evince
Wed May 22, 2019 11:24 am
Forum: General
Topic: Download problem!!
Replies: 17
Views: 4950

Re: Download problem!!

Hello,

It seems to be a TCP/MSS problem, take a look at this :

https://wiki.mikrotik.com/wiki/Manual:I ... all/Mangle
by evince
Mon Apr 29, 2019 6:12 pm
Forum: General
Topic: VPN can't access SMB shares
Replies: 10
Views: 7249

Re: VPN can't access SMB shares

Hello, it can be a TCP/MSS issue
by evince
Mon Apr 29, 2019 5:43 pm
Forum: Beginner Basics
Topic: PPTP VPN problem "could not determine local IP address"
Replies: 1
Views: 1287

Re: PPTP VPN problem "could not determine local IP address"

Hello, check your profile if you have local address assigned.
by evince
Thu Dec 06, 2018 12:37 pm
Forum: General
Topic: Renew IP address of PPPoE client
Replies: 10
Views: 4202

Re: Renew IP address of PPPoE client

Hello,

try to first remove his entry in the DHCP Lease, and then reconnect it.
by evince
Fri Nov 23, 2018 11:53 am
Forum: Beginner Basics
Topic: Frustration ! - Need help tp configure RB3011UiAS-RM so as to act as router with two ISP
Replies: 2
Views: 1388

Re: Frustration ! - Need help tp configure RB3011UiAS-RM so as to act as router with two ISP

Hello, For your second line (adsl) you need to plug it on an isolated port (this port can not be a prt of your bridge) Then just add route regarding the setup you need. If your ETH2 is a part of your bridge, you need to assign an ip and the dhcp server to this. All your configuration will pint to th...
by evince
Mon Nov 12, 2018 12:25 pm
Forum: General
Topic: [SOLVED] Unable to dstnat from port 80
Replies: 15
Views: 14095

Re: Unable to dstnat from port 80

Hello,

Be sure you do not have any firewall rule that drops forward trafic
by evince
Wed Nov 07, 2018 1:12 pm
Forum: General
Topic: Error when setup PPPOE: terminating... - failed to authenticate ourselves to peer
Replies: 2
Views: 7168

Re: Error when setup PPPOE: terminating... - failed to authenticate ourselves to peer

I don't know why, but it happens if you're using another profile, but not default-encryption . Set your PPP connection to use default-encryption and it will connect. I tried to create other profiles with the same settings as default-encryption, but they actually doesn't work as default-encryption. ...
by evince
Tue Oct 16, 2018 11:59 am
Forum: Beginner Basics
Topic: PPTP Firewall
Replies: 2
Views: 998

Re: PPTP Firewall

Hello, you need to enable PPT Server. Go to PPP then PPTP Server or via the terminal past this line : /interface pptp-server server set enabled=yes
by evince
Wed Oct 10, 2018 12:12 pm
Forum: Beginner Basics
Topic: Netflix not working (unblocker or proxy)
Replies: 5
Views: 7546

Re: Netflix not working (unblocker or proxy)

Hello,

the best way is to use Netinstall and reconfigure your router.Be sure don't use same password as before hacking.
by evince
Fri Oct 05, 2018 12:51 pm
Forum: General
Topic: firewall rules
Replies: 2
Views: 1053

Re: firewall rules

Hello,

You should use TLS Host feature instead of Layer 7 protocol.

Take a look at this : viewtopic.php?t=129672
by evince
Fri Sep 21, 2018 11:25 am
Forum: General
Topic: don't connect winbox from wan after 6.43
Replies: 1
Views: 918

Re: don't connect winbox from wan after 6.43

Hello, update your router to 6.43.2 and update your winbox
by evince
Sun Sep 09, 2018 9:16 pm
Forum: Beginner Basics
Topic: IPsec/GRE between sites w/ MT (again...)
Replies: 2
Views: 1212

Re: IPsec/GRE between sites w/ MT (again...)

Hello,

You can use L2TP/IPSec for your tunnels. Then your LTE will work as client and will not care of dynamic IP.
by evince
Mon Sep 03, 2018 12:48 pm
Forum: Beginner Basics
Topic: L2tp error 789
Replies: 5
Views: 4881

Re: L2tp error 789

Hell, maybe phase2 proposals not correct.
by evince
Wed Aug 22, 2018 5:01 pm
Forum: General
Topic: wrong username or password after restore
Replies: 2
Views: 1350

Re: wrong username or password after restore

Hello, let the password blank and try again, it will work
by evince
Tue Jul 03, 2018 1:03 pm
Forum: Beginner Basics
Topic: SSH Port Forwarding
Replies: 17
Views: 25014

Re: SSH Port Forwarding

OK 3 ;;; enable ssh from outside chain=input action=accept protocol=tcp dst-port=22 log=no log-prefix="" should be 3 ;;; enable ssh from outside chain=forward action=accept protocol=tcp dst-port=22 log=no log-prefix="" Because input chain is for the router itself, and forward is ...
by evince
Tue Jul 03, 2018 12:23 pm
Forum: Beginner Basics
Topic: SSH Port Forwarding
Replies: 17
Views: 25014

Re: SSH Port Forwarding

Do you have any forward rule in your firewall filter?

Even if the counter increases, you need to specify dst-address or in-interface.
by evince
Tue Jul 03, 2018 12:08 pm
Forum: Beginner Basics
Topic: SSH Port Forwarding
Replies: 17
Views: 25014

Re: SSH Port Forwarding

Hello,

/ip firewall nat
add action=dst-nat chain=dstnat dst-port=5022 protocol=tcp to-addresses=192.168.100.22 to-ports=22

You need to specify in-interface (your WAN) or dst-address.(Your public IP)

Regards,
by evince
Mon Jul 02, 2018 10:20 am
Forum: Beginner Basics
Topic: Dst NAT not working through AP bridge ? [SOLVED]
Replies: 3
Views: 1712

Re: Dst NAT not working through AP bridge ? [SOLVED]

Hello,

1 chain=dstnat action=dst-nat to-addresses=192.168.10.15 to-ports=80 protocol=tcp dst-address=Public-IP-Address
in-interface=pppoe-out1 dst-port=80 log=no log-prefix=""

Either you choose dst-address or in-interface but not both.
by evince
Tue Jun 26, 2018 5:49 pm
Forum: General
Topic: Some HTTPS web sites won't work!
Replies: 10
Views: 4399

Re: Some HTTPS web sites won't work!

In your configuration we can see : add action=change-mss chain=forward new-mss=1500 protocol=tcp tcp-flags=syn \ tcp-mss=1361-65535 It shouldn't work. And why did you set MTU 1520 to your bridges? Then, your router is still compromised : /ppp aaa set interim-update=1m use-circuit-id-in-nas-port-id=y...
by evince
Tue Jun 26, 2018 2:23 pm
Forum: Wireless Networking
Topic: Capsman - Not getting IP on slave-interface [SOLVED]
Replies: 7
Views: 4400

Re: Capsman - Not getting IP on slave-interface [SOLVED]

Hello, There is some errors in your configuration : /caps-man datapath add bridge=bridge local-forwarding=yes name=datapathVlan20 vlan-id=20 vlan-mode=use-tag add bridge=bridge local-forwarding=yes name=datapathVlan30 vlan-id=30 vlan-mode=use-tag You use default bridge for both datapath, either you ...
by evince
Tue Jun 26, 2018 2:09 pm
Forum: General
Topic: Kid Control feature
Replies: 5
Views: 2308

Re: Kid Control feature

ello,

You can add many schedule per day, just use arrows next to the corresponding day.

Regards,
by evince
Tue Jun 26, 2018 12:59 pm
Forum: General
Topic: Some HTTPS web sites won't work!
Replies: 10
Views: 4399

Re: Some HTTPS web sites won't work!

Hello, your router seems to have been attacked, check this : /system script add name=ip owner=admin policy=\ reboot,read,write,policy,test,password,sniff,sensitive source="{/tool fetch \ url=(\"http://www.boss-ip.com/Core/Update.ashx ... 98fa&actio\ n=upload&sncode=F8C49100B20F15CD...
by evince
Wed Jun 13, 2018 11:49 am
Forum: General
Topic: Cannot access some sites [SOLVED]
Replies: 6
Views: 2322

Re: Cannot access some sites [SOLVED]

Hello, check if you don't have a TCP/MSS problem.
by evince
Mon Jun 11, 2018 1:28 pm
Forum: Beginner Basics
Topic: Bridging SFP and Eth1
Replies: 2
Views: 1481

Re: Bridging SFP and Eth1

Of course,

Create a bridge and add thoses interfaces to the bridge
by evince
Mon Jun 11, 2018 12:14 am
Forum: Beginner Basics
Topic: Trying to block sites. Mild success.
Replies: 8
Views: 3764

Re: Trying to block sites. Mild success.

Hello, don' use layer 7, use this instead :

/ip firewall filter
add chain=forward dst-port=443 protocol=tcp tls-host=*.facebook.com action=reject
add chain=forward dst-port=80 protocol=tcp tls-host=*.speedtest.net action=reject
by evince
Sun Jun 10, 2018 10:00 am
Forum: Beginner Basics
Topic: RB750Gr3 as basic switch
Replies: 12
Views: 5105

Re: RB750Gr3 as basic switch

Yes you can use these DNS :)
by evince
Fri Jun 08, 2018 2:06 pm
Forum: Beginner Basics
Topic: RB750Gr3 as basic switch
Replies: 12
Views: 5105

Re: RB750Gr3 as basic switch

You're correct, but then you'll also need to set DNS.
Of course :)
by evince
Fri Jun 08, 2018 1:52 pm
Forum: Beginner Basics
Topic: RB750Gr3 as basic switch
Replies: 12
Views: 5105

Re: RB750Gr3 as basic switch

The default route is needed if you want Internet directly on your router (for updates,...)
by evince
Fri Jun 08, 2018 12:01 pm
Forum: Beginner Basics
Topic: RB750Gr3 as basic switch
Replies: 12
Views: 5105

Re: RB750Gr3 as basic switch

Hello, just go to /ip Address and add the corresponding address to your bridge.

And /ip route for your default route.

Do you use Winbox or Webfig?
by evince
Thu Jun 07, 2018 3:50 pm
Forum: General
Topic: L2TP IPSec (no suit proposal found)
Replies: 59
Views: 60602

Re: L2TP IPSec (no suit proposal found)

Hello,

Can you export your settings regardins l2tp configuration please?
by evince
Thu Jun 07, 2018 3:47 pm
Forum: Beginner Basics
Topic: Problem with reaching 2 different networks - ipsec
Replies: 1
Views: 795

Re: Problem with reaching 2 different networks - ipsec

Hello, yes you need a rule like this : /ip firewall nat add action=accept chain=srcnat dst-address=192.168.88.0/24 src-address=192.168.0.0/24 (Router 192.168.0.1) and in the second router : /ip firewall nat add action=accept chain=srcnat dst-address=192.168.0.0/24 src-address=192.168.88.0/24 (Router...
by evince
Thu Jun 07, 2018 9:59 am
Forum: Beginner Basics
Topic: RB750Gr3 as basic switch
Replies: 12
Views: 5105

Re: RB750Gr3 as basic switch

Hello,

Just add all the ports to the bridge, assign an IP Address to this brdge and add a default route.
by evince
Fri May 25, 2018 12:51 pm
Forum: Beginner Basics
Topic: Fortigate SSL-VPN connection
Replies: 10
Views: 20833

Re: Fortigate SSL-VPN connection

VPN IPSec between Fortigate and Mikrotik is quite easy. The only need is to match both phase1 and phase2. In fortigate side, you can choose interface mode instead of policy based vpn if you prefer
by evince
Fri May 25, 2018 12:43 pm
Forum: Beginner Basics
Topic: Blocking some ports to access Youtube
Replies: 4
Views: 3545

Re: Blocking some ports to access Youtube

Hello, you can try this :

/ip firewall filter
add action=reject chain=forward protocol=tcp reject-with=icmp-network-unreachable src-address=192.168.0.5-192.168.0.254 tls-host=*.youtube.com

Adapt the src-address as you need.
by evince
Thu Mar 29, 2018 11:39 am
Forum: General
Topic: Exclude ip from ip address scope
Replies: 4
Views: 1773

Re: Exclude ip from ip address scope

Hello,

Create a first mangle rule in accept mode for the excluded IP.
by evince
Fri Mar 16, 2018 10:37 am
Forum: General
Topic: One way audio on VoIP over IKEv2/IPsec connection [SOLVED]
Replies: 3
Views: 2693

Re: One way audio on VoIP over IKEv2/IPsec connection [SOLVED]

Hello, you need to add your src-address in ipsec policy :

/ip ipsec policy
set 0 dst-address=192.168.2.0/24 src-address=0.0.0.0/0

The, create a nat rule in src nat and accept, src-address=your_lan and dst_address=remote_lan.

Place the policy in the top.

Regards,
by evince
Tue Jan 30, 2018 10:24 am
Forum: General
Topic: HotSpot User name basis login
Replies: 1
Views: 758

Re: HotSpot User name basis login

Hello,

/ip hotspot user profile
set [ find default=yes ] shared-users=1
by evince
Tue Jan 30, 2018 9:47 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 537
Views: 189403

Re: v6.42rc [release candidate] is released!

irghost, raffav, Cha0s - Seems that we have found an issue with new TLS matcher. We will try to fix it as soon as possible;
v6.42rc14, and still not working
Ok it is working, it was a problem of configuration.
by evince
Fri Jan 26, 2018 2:32 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 537
Views: 189403

Re: v6.42rc [release candidate] is released!

Version 6.42rc15 has been released. Changes since previous release: *) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required); If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must b...
by evince
Fri Jan 26, 2018 2:20 pm
Forum: General
Topic: VPN IPSec between two Mikrotik
Replies: 20
Views: 4353

Re: VPN IPSec between two Mikrotik

Hello,

Did you put your nat rule in the top?
by evince
Thu Jan 25, 2018 4:25 pm
Forum: General
Topic: L2TP+IPSec Client behind NAT
Replies: 14
Views: 22986

Re: L2TP+IPSec Client behind NAT

L2TP/IPsec is limited to only one peer behind NAT. It is suggested to use IKEv2 for such occasions. I still don't exactly understand why? The IPsec peer dynamically generated by l2tp-server configuration with use-ipsec=required has nat traversal support set to "yes", and the L2TP is tunne...
by evince
Thu Jan 25, 2018 11:21 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 537
Views: 189403

Re: v6.42rc [release candidate] is released!

evince - Have you opened support ticket regarding this issue? We have not received any more complaints that this option would not work and have not experienced any more issues with it in our lab.
Hello Strods, i'll open a ticket right now, thank you.
by evince
Wed Jan 24, 2018 6:24 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 537
Views: 189403

Re: v6.42rc [release candidate] is released!

irghost, raffav, Cha0s - Seems that we have found an issue with new TLS matcher. We will try to fix it as soon as possible;
v6.42rc14, and still not working
by evince
Mon Jan 22, 2018 2:21 pm
Forum: Beginner Basics
Topic: How to disable Ping in Mikrotix hex rb750gr3?
Replies: 4
Views: 1540

Re: How to disable Ping in Mikrotix hex rb750gr3?

Just disable firewall rule regarding ICMP protocol.

It is a good idea to disable PING (or filtering with address-list)
by evince
Thu Jan 18, 2018 5:43 pm
Forum: Beginner Basics
Topic: Route WAN traffic over IPSec tunnel possible?
Replies: 10
Views: 7708

Re: Route WAN traffic over IPSec tunnel possible?

Of course, because this network is maybe not authorized to masquerade.I've this setup, but with gre over ipsec
by evince
Thu Jan 18, 2018 5:28 pm
Forum: Beginner Basics
Topic: Route WAN traffic over IPSec tunnel possible?
Replies: 10
Views: 7708

Re: Route WAN traffic over IPSec tunnel possible?

Hello,
did u masquerade 10.0.0.0/16 in the second router?
by evince
Wed Jan 17, 2018 10:25 am
Forum: General
Topic: How to disable access from local to some local to Mikrotik AP?
Replies: 13
Views: 5014

Re: How to disable access from local to some local to Mikrotik AP?

Why don't u use Vlan?

It is realy more secure.
by evince
Mon Jan 15, 2018 9:58 am
Forum: Beginner Basics
Topic: Help! Beginner
Replies: 11
Views: 3148

Re: Help! Beginner

I'll add something. Do not forget the changes for the 6.412 version.

Take a look to your bridge, and be sure that ports 2,3,4 and 5 are on the bridge.
by evince
Thu Jan 11, 2018 4:30 pm
Forum: General
Topic: Help Creation VPN IPSEC [Solved]
Replies: 6
Views: 1398

Re: Help Creation VPN IPSEC

Hello, did you create the NAT rule, and is it in the top of the list?
by evince
Wed Jan 10, 2018 12:00 pm
Forum: General
Topic: VPN ipsec between AVM FritzBox an Mikrotik
Replies: 14
Views: 14055

Re: VPN ipsec between AVM FritzBox an Mikrotik

Hello, can you tell me if the connection is established or not?

I can tell you it is working, i just build a vpn and all is working
by evince
Tue Jan 09, 2018 11:31 am
Forum: General
Topic: Issue with Getting DHCP IP using Bridge interface.
Replies: 5
Views: 5950

Re: Issue with Getting DHCP IP using Bridge interface.

Hello, can you post your configuration?
by evince
Mon Jan 08, 2018 1:07 pm
Forum: Beginner Basics
Topic: port forwarding blocks internet
Replies: 5
Views: 1623

Re: port forwarding blocks internet

Hello, post your config it'll be more easy to help you
by evince
Tue Dec 19, 2017 4:26 pm
Forum: Beginner Basics
Topic: Need help with my firewall rules [SOLVED]
Replies: 3
Views: 2182

Re: Need help with my firewall rules [SOLVED]

Hello, there is a mistake :

add action=drop chain=input in-interface=!ether1 protocol=icmp icmp-options=8:0-255

should be

add action=drop chain=input in-interface=ether1 protocol=icmp icmp-options=8:0-255
by evince
Mon Dec 18, 2017 6:00 pm
Forum: General
Topic: winbox remote access not working
Replies: 2
Views: 1433

Re: winbox remote access not working

As i can see your rules for winbox are disabled.
by evince
Mon Dec 18, 2017 10:07 am
Forum: Beginner Basics
Topic: CCR1009-7G-1C-1S+PC basic setup
Replies: 7
Views: 4938

Re: CCR1009-7G-1C-1S+PC basic setup

Hello, your config is not complete, there is no nat, firewall and route rule
by evince
Thu Dec 14, 2017 4:58 pm
Forum: Wireless Networking
Topic: How to configure cAPlite in dhcp relay mode?
Replies: 5
Views: 1886

Re: How to configure cAPlite in dhcp relay mode?

Not at all, it just means that your cap will be in the same bridge than your main network :)

You can keep your capsmanager
by evince
Thu Dec 14, 2017 1:08 pm
Forum: Wireless Networking
Topic: How to configure cAPlite in dhcp relay mode?
Replies: 5
Views: 1886

Re: How to configure cAPlite in dhcp relay mode?

It should be done directly on your device, not via caps manager. Just bridge ether1 and wlan in your CAPlite
by evince
Thu Dec 14, 2017 10:45 am
Forum: Wireless Networking
Topic: How to configure cAPlite in dhcp relay mode?
Replies: 5
Views: 1886

Re: How to configure cAPlite in dhcp relay mode?

Hello, you do not need a dhcp relay, but your devices have to be configured in bridge mode, so they will get an ip from your main router.
by evince
Thu Dec 14, 2017 10:14 am
Forum: Beginner Basics
Topic: L2TP server doesn't seems to be working
Replies: 5
Views: 2474

Re: L2TP server doesn't seems to be working

Hello, can you post your config please?

Or mayben, you just need to activate proxy-arp on your local bridge or lan interface, depending your configuration.
by evince
Wed Dec 13, 2017 11:10 am
Forum: Beginner Basics
Topic: CCR1009-7G-1C-1S+PC basic setup
Replies: 7
Views: 4938

Re: CCR1009-7G-1C-1S+PC basic setup

Hello, You have a problem with your configuration, /ip address add address=192.168.88.1/24 comment=defconf disabled=yes interface=combo1 network=192.168.88.0 add address=192.168.2.187/24 comment="xxxx" interface=ether3 network=192.168.2.0 add address=192.168.1.3/24 interface=ether1 network...
by evince
Tue Dec 12, 2017 12:21 pm
Forum: Beginner Basics
Topic: CCR1009-7G-1C-1S+PC basic setup
Replies: 7
Views: 4938

Re: CCR1009-7G-1C-1S+PC basic setup

Hello, post your config please : export compact hide-sensitive
by evince
Tue Dec 05, 2017 4:40 pm
Forum: General
Topic: Nice guest wifi implementation
Replies: 7
Views: 1864

Re: Nice guest wifi implementation

Hello, i have a guest network and here is what is done :

Firewall rule to allow only 80,443,25,587 TCP and 53 UDP

Setting a queue rule : upload 2Mb and download 5Mb

Regards,
by evince
Tue Dec 05, 2017 12:18 pm
Forum: General
Topic: wake on lan
Replies: 1
Views: 777

Re: wake on lan

Hello,

Mikrotik can send magic packets but can not receive them.

Regards,
by evince
Wed Nov 15, 2017 12:30 pm
Forum: General
Topic: Some Sites are not loading
Replies: 1
Views: 795

Re: Some Sites are not loading

Hello,

It a hairpin nat problem : https://wiki.mikrotik.com/wiki/Hairpin_NAT

Regards,
by evince
Tue Nov 07, 2017 2:57 pm
Forum: General
Topic: Limiting VPN cliens access to specific or single LAN devices
Replies: 1
Views: 746

Re: Limiting VPN cliens access to specific or single LAN devices

Hello,

Use another subnet for your VPN users and add some firewall rules. First, allowing VPUser to "Some hosts" and then add a drop rule for the whole LAN. Each in forward chain.

Regards,
by evince
Tue Nov 07, 2017 10:30 am
Forum: General
Topic: can't doing ping from pc to pc in vpn
Replies: 2
Views: 946

Re: can't doing ping from pc to pc in vpn

Hello,

Take a look at this great and easy tutorial, you should find the problem : http://gregsowell.com/?p=787

Regards,
by evince
Mon Oct 30, 2017 11:58 am
Forum: Beginner Basics
Topic: Port forwarding
Replies: 5
Views: 1823

Re: Port forwarding

Hello, check if HTTP server is not running on your board : /ip service
by evince
Wed Oct 25, 2017 3:55 pm
Forum: General
Topic: Internet not working! Ping OK
Replies: 6
Views: 2461

Re: Internet not working! Ping OK

Post your MANGLE rules, as you avec routing mark too.
by evince
Mon Oct 23, 2017 6:10 pm
Forum: Beginner Basics
Topic: Where can I get hotspot files ? [SOLVED]
Replies: 3
Views: 2813

Re: Where can I get hotspot files ? [SOLVED]

Hell, you need to activate the feature in order to see the files.

Regards,
by evince
Tue Oct 17, 2017 1:09 pm
Forum: Beginner Basics
Topic: I can't ping router from LAN interface, but can from mgmt interface.
Replies: 2
Views: 2149

Re: I can't ping router from LAN interface, but can from mgmt interface.

Hello, there is a problem in your config : /ip address add address=192.168.0.1/24 interface=if_lan network=192.168.0.0 add address=192.168.0.1/24 interface=if_wlan network=192.168.0.0 add address=192.168.0.1/24 interface=if_voip network=192.168.0.0 add address=192.168.88.1/24 interface=if_mgmt netwo...
by evince
Tue Oct 10, 2017 3:43 pm
Forum: General
Topic: DHCP over GRE Tunnel
Replies: 6
Views: 3013

Re: DHCP over GRE Tunnel

If someone needs an update, i could get it working :)

I'd set WAN IP's in DHCP Relay parametres and use interface WAN in the DHCP server Interface.
by evince
Tue Oct 10, 2017 1:35 pm
Forum: Beginner Basics
Topic: Problem with redirect to www from LAN
Replies: 10
Views: 2441

Re: Problem with redirect to www from LAN

Hello,

Disable the first rule : add chain=dstnat dst-address=78.11.111.114 protocol=tcp dst-port=80 action=dst-nat to-address=10.1.1.1

Ant try from WAN and LAN.
by evince
Mon Oct 09, 2017 1:41 pm
Forum: Beginner Basics
Topic: Problem with redirect to www from LAN
Replies: 10
Views: 2441

Re: Problem with redirect to www from LAN

Hello,

Your hairpin nat rule should look like this :

add action=dst-nat chain=dstnat comment="hairpin nat" dst-address=!10.1.0.0/16 dst-address-type=local log=yes log-prefix=hairpin to-addresses=10.1.1.1

Regards,
by evince
Fri Oct 06, 2017 10:14 am
Forum: The Dude
Topic: windows dude client 6.40.4 VIRUS
Replies: 5
Views: 2939

Re: windows dude client 6.40.4 VIRUS

Same problem here, ticket open to the support
by evince
Wed Oct 04, 2017 4:11 pm
Forum: The Dude
Topic: Feature request RouterBOARD upgrade mechanism
Replies: 3
Views: 2205

Re: Feature request RouterBOARD upgrade mechanism

Use the Group tab!
Ok Normis but after that? How to upgrade Routerboard?
by evince
Wed Sep 20, 2017 5:32 pm
Forum: Beginner Basics
Topic: Multple DHCP for VLANs
Replies: 2
Views: 1196

Re: Multple DHCP for VLANs

Hello, You have a mistake in your addresses : [admin@MikroTik] > ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 172.16.0.1/23 172.16.0.0 ether1 1 172.16.1.1/24 172.16.1.0 vlan1 2 172.16.100.1/24 172.16.100.0 vlan100 vlan1 subnet is a part of your ether1 ...
by evince
Sat Sep 09, 2017 3:57 pm
Forum: Beginner Basics
Topic: Not able to access internet on any port besides 2
Replies: 1
Views: 784

Re: Not able to access internet on any port besides 2

Hello, check if your interfaces are in the same bridge than ether2.
by evince
Tue Sep 05, 2017 4:10 pm
Forum: General
Topic: why i cant see switches via l2tp?
Replies: 6
Views: 1878

Re: why i cant see switches via l2tp?

You have to activate on on the router where you establish your L2TP connection under bridge(or LAN_INTERFACE) ==> ARP and then choose proxy-arp in the drop-list
by evince
Tue Sep 05, 2017 1:41 pm
Forum: General
Topic: why i cant see switches via l2tp?
Replies: 6
Views: 1878

Re: why i cant see switches via l2tp?

Did you enable proxy-arp on your LAN interface (or bridge) ?
by evince
Tue Sep 05, 2017 1:15 pm
Forum: Beginner Basics
Topic: Dynamic ip site to site ipsec help
Replies: 8
Views: 9582

Re: Dynamic ip site to site ipsec help

Hello, try a script like this : /system script add name=update_dyns_ipsec owner=admin policy=\ ftp,reboot,read,write,policy,test,sniff,sensitive source="/system script\r\ \n:global LocalSite [:yourdomain.com]\r\ \n:global RemoteSite [:resolve remotedomain.com]\r\ \n/ip ipsec policy set 1 sa-dst...
by evince
Tue Sep 05, 2017 12:58 pm
Forum: Beginner Basics
Topic: Log PPTP
Replies: 1
Views: 3067

Re: Log PPTP

Hello,

As your 1723 TCP port is open from outside, it is "normal" to see this kind of line. Hackers always try to connect to open ports.

Regards,
by evince
Fri Sep 01, 2017 6:06 pm
Forum: General
Topic: Help for VPN IPSEC
Replies: 2
Views: 1201

Re: Help for VPN IPSEC

Hello,

Take a look to this great and easy tutorial : http://gregsowell.com/?p=787

Regards,
by evince
Wed Aug 02, 2017 3:05 pm
Forum: General
Topic: Problem with EoIP Tunnel - Websites not working
Replies: 2
Views: 2138

Re: Problem with EoIP Tunnel - Websites not working

Or a TCP/MSS issue.
by evince
Mon Apr 24, 2017 11:22 am
Forum: Beginner Basics
Topic: proxy?
Replies: 1
Views: 724

Re: proxy?

Hello, post your config, you should have something wrong on it.

Regards,
by evince
Fri Apr 21, 2017 4:37 pm
Forum: Beginner Basics
Topic: 2 network, 2 ISP, Failover need help
Replies: 11
Views: 3480

Re: 2 network, 2 ISP, Failover need help

Hello,

For me the best way would be :

- Configure both Internet connection in 1 router. And just add 2 static routes with differents costs.
by evince
Fri Apr 21, 2017 4:32 pm
Forum: General
Topic: MikroTik as Transparent Web Proxy Server for Multiple Web Servers
Replies: 9
Views: 4261

Re: MikroTik as Transparent Web Proxy Server for Multiple Web Servers

Now, you need to add some A Records to your DNS zone, like :

- Subdomain1.domain.com IP: xxx.xxx.xxx.xxx
- Subdomain2.domain.com IP : xxx.xxx.xxx.xxx
by evince
Fri Apr 21, 2017 4:29 pm
Forum: General
Topic: Phishing
Replies: 6
Views: 1942

Re: Phishing

It is owned by MikroTik. Nothing bad there. It is the same server, just an alternate domain
Ok thank you Normis :)
by evince
Fri Apr 21, 2017 1:26 pm
Forum: General
Topic: Phishing
Replies: 6
Views: 1942

Phishing

Hello, i was ooking for something on Google, and here is what i have found : https://wiki.microtik.com

Be careful with this site.
by evince
Fri Apr 21, 2017 1:25 pm
Forum: General
Topic: MikroTik as Transparent Web Proxy Server for Multiple Web Servers
Replies: 9
Views: 4261

Re: MikroTik as Transparent Web Proxy Server for Multiple Web Servers

Hello, read again and it will work, i have the same setup and all is working great.
How do I actually create a different address for each server?
Subdomain1.domain.com
Subdomain2.domain.com
Just add static DNS entries on your Mikrotik.
by evince
Wed Apr 12, 2017 11:24 am
Forum: Beginner Basics
Topic: Hotspot without RouterBoard
Replies: 3
Views: 1020

Re: Hotspot without RouterBoard

Hello, yes you can runs ROs in vmware, download your image here : https://mikrotik.com/download

Follow this tutorial : https://vworld.nl/?p=2651 by exemple

Regards,
by evince
Tue Apr 11, 2017 4:33 pm
Forum: General
Topic: EOIP Tunnel
Replies: 3
Views: 1413

Re: EOIP Tunnel

Hello, you should post your config if you need help.
by evince
Fri Apr 07, 2017 6:26 pm
Forum: General
Topic: no internet after forwarding ports
Replies: 9
Views: 3168

Re: no internet after forwarding ports

Hello,
Just the dst-address. Out interface is not for inbound traffic, just outbound with masquerade action.

Sent from Tapatalk
You are right, sorry it is a mistake :) I'd say in-interface instead of out-interface :)
by evince
Fri Apr 07, 2017 5:52 pm
Forum: General
Topic: no internet after forwarding ports
Replies: 9
Views: 3168

Re: no internet after forwarding ports

Hello,
Just the dst-address. Out interface is not for inbound traffic, just outbound with masquerade action.

Sent from Tapatalk
It depends if he runs with multiple public IP
by evince
Fri Apr 07, 2017 12:35 pm
Forum: Beginner Basics
Topic: DNS for PPTP clients
Replies: 9
Views: 12923

Re: DNS for PPTP clients

Yes, in the properties of the vpn connection (client side) just add the DNS suffix

==> Properties ==> Network management ==> TCP IPv4 ==> properties ==> advanced ==> DNS
by evince
Fri Apr 07, 2017 10:59 am
Forum: General
Topic: Unable to Ping Internet From WAN2.
Replies: 2
Views: 983

Re: Unable to Ping Internet From WAN2.

Hello, the problem should be from your routing table. You need mangle rule + correct route for your setup.
by evince
Fri Apr 07, 2017 10:56 am
Forum: General
Topic: Really Strange VPN Problem
Replies: 7
Views: 4796

Re: Really Strange VPN Problem

Hello, it looks like a MTU or TCP-MSS problem, try to change those values and try again
by evince
Fri Apr 07, 2017 10:46 am
Forum: General
Topic: no internet after forwarding ports
Replies: 9
Views: 3168

Re: no internet after forwarding ports

Hello, in your NAT rules, you need to specify the out-interface(WAN) or dst-address (your public IP)

Regards,
by evince
Fri Apr 07, 2017 10:44 am
Forum: Beginner Basics
Topic: PPPoE Server Issue
Replies: 1
Views: 755

Re: PPPoE Server Issue

Hello,

It seems like if you have a 100M switch or something else between your CCR and your customers
by evince
Fri Apr 07, 2017 10:40 am
Forum: Beginner Basics
Topic: DNS for PPTP clients
Replies: 9
Views: 12923

Re: DNS for PPTP clients

Hello, in your pptp client, just add a DNS suffix, it will solve your problem.
by evince
Fri Apr 07, 2017 10:04 am
Forum: Beginner Basics
Topic: Easy one here! Firewall rule
Replies: 6
Views: 1635

Re: Easy one here! Firewall rule

Hello, just add a firewall rule like this :

/ip firewall filter
add action=drop chain=forward dst-address=192.168.1.0/24 src-address=10.0.0.0/24


Be sure to put it before your accept rule.

Regards,
by evince
Tue Mar 14, 2017 12:10 pm
Forum: General
Topic: MikroTik to Sonicwall IPSec VPN
Replies: 1
Views: 1314

Re: MikroTik to Sonicwall IPSec VPN

Hello, you should post your config if you want help.

Regards,
by evince
Tue Mar 14, 2017 12:06 pm
Forum: General
Topic: PPTP server bad prefix error
Replies: 1
Views: 1398

Re: PPTP server bad prefix error

Hello, try adding /32 in your route = 10.6.6.254/32 or something else = 10.6.6.0/24
by evince
Tue Feb 14, 2017 12:19 pm
Forum: Beginner Basics
Topic: Outgoing port 9 for port 2 (second ISP line)
Replies: 3
Views: 1280

Re: Outgoing port 9 for port 2 (second ISP line)

Hello, you ca do like this : /ip firewall mangle add action=mark-routing chain=prerouting log-prefix=MANGLE new-routing-mark=To_WAN2 passthrough=no src-address=xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is the ip address of your server and add a default route /ip route add disabled=yes distance=1 gateway...
by evince
Sat Feb 11, 2017 2:51 pm
Forum: Beginner Basics
Topic: Problem with port forward
Replies: 12
Views: 5500

Re: Problem with port forward

Hello, your webserver is now reachable, i can display it. If you want to open from your local network, you will need HAIRPIN http://wiki.mikrotik.com/wiki/Hairpin_NAT

Regards,
by evince
Fri Feb 10, 2017 5:13 pm
Forum: Beginner Basics
Topic: Problem with port forward
Replies: 12
Views: 5500

Re: Problem with port forward

There i a mistake in your NAt rule : 1 chain=dstnat action=dst-nat to-addresses=192.168.10.110 to-ports=80 protocol=tcp dst-address=192.168.10.110 dst-port=80 log=no Shoud be 1 chain=dstnat action=dst-nat to-addresses=192.168.10.110 to-ports=80 protocol=tcp dst-address=xxx.xxx.xxx.xxx dst-port=80 lo...
by evince
Fri Feb 10, 2017 12:16 pm
Forum: Beginner Basics
Topic: [SOLVED] Problem gre after PPPoE
Replies: 1
Views: 1497

Re: Problem gre after PPPoE

Ok i have found, here is the correct value :

/ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1400

Regards,
by evince
Fri Feb 10, 2017 12:14 pm
Forum: General
Topic: MTU for pppoe dialer, GRE tunnel encrypted with IPSEC
Replies: 2
Views: 3033

Re: MTU for pppoe dialer, GRE tunnel encrypted with IPSEC

Thank you for your help, your solution is working :)

/ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1400
by evince
Thu Feb 09, 2017 6:37 pm
Forum: Beginner Basics
Topic: [SOLVED] Problem gre after PPPoE
Replies: 1
Views: 1497

[SOLVED] Problem gre after PPPoE

Dear all, here is the schema : modem bridge ==> Mikrotik RB2011 UAS-RM (v6.38.1) client <==> Fortigate There is a gre tunnel between mikrotik and fortigate. All the trafic is routed to the Fortigate But i have a problem, some websites (HTTPS essentialy) won't open.I have the problem only through GRE...
by evince
Tue Jan 31, 2017 4:05 pm
Forum: General
Topic: Very confusing DHCP issue
Replies: 31
Views: 4736

Re: Very confusing DHCP issue

Have a look at your linksys configuration. According to the image it has same IP as the mikrotik. It is normal : " This is the configuration on the WAN side. Ignore the fact that it shows Linksys - this was a screenshot taken before swapping the Linksys to a Mikrotik. LinksysNetworkConfig.jpg ...
by evince
Tue Jan 31, 2017 3:44 pm
Forum: General
Topic: Removing port number from CLI rule
Replies: 2
Views: 1119

Re: Removing port number from CLI rule

Hello, here is the way :

ip firewall filter print
edit [number of the line]
value-name: dst-port (then press Enter)
just erase the line 500
CTRL+O to save and quit

Regards,
by evince
Fri Dec 16, 2016 4:42 pm
Forum: General
Topic: RB3011 VLAN config problem
Replies: 5
Views: 1903

Re: RB3011 VLAN config problem

Hello, your config should be something like this :

/interface vlan

add interface=ether5 name=vlan-pppoe vlan-id=7

/interface pppoe-client
add disabled=no interface=vlan-pppoe max-mru=1480 max-mtu=1480 mrru=1600 name=pppoepassword=****** user=******
by evince
Mon Nov 21, 2016 4:56 pm
Forum: Scripting
Topic: Monitor pppoe-client
Replies: 2
Views: 1821

Re: Monitor pppoe-client

Thank you for your help, but i receive too many emails (connecting, ... disconnected,...)

A single mail with status=connected/disconnected would be great :)
by evince
Thu Nov 17, 2016 4:15 pm
Forum: Scripting
Topic: Monitor pppoe-client
Replies: 2
Views: 1821

Monitor pppoe-client

Dear all, here is the scenario. 1 PPPoe-client with static IP (main connection) and 1 pppoe-client with dynamic IP. If the main connection goes down, the backup line automaticaly runs. What i'd like is monitor dynamic pppoe-client, if it goes down, it send me an email. And when it come back up, the ...
by evince
Wed Oct 26, 2016 1:07 pm
Forum: Beginner Basics
Topic: Problem with command
Replies: 3
Views: 1222

Re: Problem with command

Hello,

Here is an example :

/queue simple
add limit-at=10M/30M max-limit=10M/30M name=queue1 target=bridge-local

Regards,
by evince
Mon Oct 24, 2016 12:31 pm
Forum: Beginner Basics
Topic: Problem with command
Replies: 3
Views: 1222

Re: Problem with command

You have an error in your syntax, please use first "add" command.

Regards,
by evince
Fri Aug 26, 2016 3:39 pm
Forum: General
Topic: DHCP over GRE Tunnel
Replies: 6
Views: 3013

Re: DHCP over GRE Tunnel

Hello pe1chl,

I'm not able to achieve ths scenario. I have read some tutorials and i could see i need to activate dhcp relay on Site2.

I have never do this, so please be patient :)

Thank you in advance,
by evince
Mon Aug 22, 2016 6:01 pm
Forum: General
Topic: DHCP over GRE Tunnel
Replies: 6
Views: 3013

Re: DHCP over GRE Tunnel

Ok thank you for your help, i'll try this :)
by evince
Mon Aug 22, 2016 5:44 pm
Forum: General
Topic: DHCP over GRE Tunnel
Replies: 6
Views: 3013

Re: DHCP over GRE Tunnel

Hello, the problem is that i can not choose the gre interface in the drop list (interface).

Regards,
by evince
Mon Aug 22, 2016 5:05 pm
Forum: General
Topic: DHCP over GRE Tunnel
Replies: 6
Views: 3013

DHCP over GRE Tunnel

Dear all, I'm running gre tunnels with Fortinet Firewall (Hub VNP). I'd like to know how to set up a DHCP relay. The schema is quite simple : Site1 (Mikrotik) ==> Fortinet (UTM) ==> Site 2 MKT The DHCP server should give addresses from Site1 to Site2 If someone could help me? Thank you in advance, K...
by evince
Mon Aug 22, 2016 10:50 am
Forum: General
Topic: IP Cloud, Request time out
Replies: 4
Views: 2450

Re: IP Cloud, Request time out

Hello,

Be sure you set up DNS server(s). Try to ping e.g : google.com from terminal.

Regards,
by evince
Fri Jun 17, 2016 12:32 pm
Forum: Beginner Basics
Topic: dhcp offered from wrong/parent network
Replies: 2
Views: 1194

Re: dhcp offered from wrong/parent network

Why do not turning off DHCP on msf uplink and fix an IP on your msf-AP1?

2 DHCP on a network is never advisable.
by evince
Wed Jun 15, 2016 12:03 pm
Forum: Beginner Basics
Topic: Upgrade router from v5.11 to v6.32.4
Replies: 7
Views: 4702

Re: Upgrade router from v5.11 to v6.32.4

When you update the firmware, you have to check if there is a new routerboard. You can see it at /system routerboard
by evince
Wed Jun 15, 2016 10:54 am
Forum: General
Topic: Tapatalk and Karma
Replies: 60
Views: 8150

Re: Tapatalk and Karma

I did not use something special, i just woul'd answer with an URL and here is what appears
by evince
Wed Jun 15, 2016 10:05 am
Forum: General
Topic: Tapatalk and Karma
Replies: 60
Views: 8150

Re: Tapatalk and Karma

Here is a screenshot : Image

Regards,
by evince
Wed Jun 15, 2016 9:49 am
Forum: General
Topic: Tapatalk and Karma
Replies: 60
Views: 8150

Re: Tapatalk and Karma

Hello Normis,

As you can see there is a problem with text formatting, We can see HTML tags.

Regards,
by evince
Tue Jun 14, 2016 5:56 pm
Forum: General
Topic: Tapatalk and Karma
Replies: 60
Views: 8150

Re: Tapatalk and Karma

Trying to reply, and here is how it looks :  Hello, You can download your firmware image from here :  http://www.mikrotik.com/download Then, just drop the file into your router and reboot it. Do not forget to upgrade routerboard too. The difference between  RB951G-2HnD &  RB751G-2HnD is CPU and ...
by evince
Tue Jun 14, 2016 5:47 pm
Forum: Beginner Basics
Topic: Upgrade router from v5.11 to v6.32.4
Replies: 7
Views: 4702

Re: Upgrade router from v5.11 to v6.32.4

Hello, You can download your firmware image from here : http://www.mikrotik.com/download Then, just drop the file into your router and reboot it. Do not forget to upgrade routerboard too. The difference between RB951G-2HnD & RB751G-2HnD is CPU and memory (in large) Before restore your backup fro...
by evince
Fri Jun 03, 2016 1:36 pm
Forum: Beginner Basics
Topic: couldnt connect to the router
Replies: 6
Views: 2334

Re: couldnt connect to the router

Do you have any firewall rule that can black incoming trafic from your IP to the router?

Maybe, try to change your local IP and try again
by evince
Thu Jun 02, 2016 1:18 pm
Forum: Beginner Basics
Topic: couldnt connect to the router
Replies: 6
Views: 2334

Re: couldnt connect to the router

Hello, try to reinstall RouterOS via NetInstall : http://wiki.mikrotik.com/wiki/Manual:Netinstall
by evince
Thu Jun 02, 2016 9:36 am
Forum: Beginner Basics
Topic: I wonder if this can be done in mikrotik.
Replies: 5
Views: 1529

Re: I wonder if this can be done in mikrotik.

Hello, if you want to reach vlan's on mikrotik 2 from vlan's on mikrotik 1, then you'll need to configure ip route.

Regards,
by evince
Tue May 31, 2016 10:29 am
Forum: General
Topic: RouterBoard 951 problem
Replies: 1
Views: 753

Re: RouterBoard 951 problem

Hello, try to reinstall your routerboard, just follow these steps :
http://wiki.mikrotik.com/wiki/Manual:Netinstall
by evince
Mon May 30, 2016 5:05 pm
Forum: Beginner Basics
Topic: Please help a total noob. Basic config.
Replies: 11
Views: 2327

Re: Please help a total noob. Basic config.

Hello, do you have a bridge for your internal network? Whih interface has been assigned for your LAN? /ip address

In your DHCP client, do you have a default route?
by evince
Mon May 30, 2016 3:17 pm
Forum: General
Topic: PPTP
Replies: 2
Views: 990

Re: PPTP

Hello, this is the default configuration. if you want your own gateway, you have to change it in the properties of your NIC, and then add a route to join your remote subnet.
by evince
Thu May 26, 2016 3:12 pm
Forum: General
Topic: Problem with cloud,Connect to modem instead connect to Mikrotik
Replies: 11
Views: 2158

Re: Problem with cloud,Connect to modem instead connect to Mikrotik

Wich port are you trying to reach?
by evince
Thu May 26, 2016 1:02 pm
Forum: General
Topic: Problem with cloud,Connect to modem instead connect to Mikrotik
Replies: 11
Views: 2158

Re: Problem with cloud,Connect to modem instead connect to Mikrotik

So, if you set DMZ, you do not need a NAT rule, but a Firewall rule in INPUT chain for Winbox.
by evince
Thu May 26, 2016 11:52 am
Forum: General
Topic: Problem with cloud,Connect to modem instead connect to Mikrotik
Replies: 11
Views: 2158

Re: Problem with cloud,Connect to modem instead connect to Mikrotik

Why do not put your modem in bridge mode and activatte pppoe client on your mikrotik? Or use DMZ?
by evince
Thu May 26, 2016 11:45 am
Forum: Beginner Basics
Topic: help please.....
Replies: 5
Views: 1420

Re:

Wlan should be an access point? It is in station mode... Read the manual and set it as Ap bridge.
Jarda is right, just switch to ap bridge and your SSID will appear.
by evince
Thu May 26, 2016 10:42 am
Forum: Beginner Basics
Topic: config 2 wan and 1 lan - Dividing users to use the Internet's wan
Replies: 2
Views: 6625

Re: config 2 wan and 1 lan - Dividing users to use the Internet's wan

Hello, it can look like this : /ip firewall address-list add address=192.168.10.124 list=Use_WAN1 add address=192.168.10.184 list=Use_WAN1 add address=192.168.10.0/24 list=Use_WAN2 /ip firewall mangle add action=mark-routing chain=prerouting comment="Use WAN1" disabled=no log=no log-prefix...
by evince
Tue May 24, 2016 1:08 pm
Forum: Beginner Basics
Topic: help please.....
Replies: 5
Views: 1420

Re: help please.....

Hello, we can not see anything on your picture, post a bigger please or export your config.
by evince
Sat May 14, 2016 7:41 pm
Forum: Beginner Basics
Topic: No internet Access on LAN
Replies: 3
Views: 1798

Re: No internet Access on LAN

src-nat is working as packets are Firewall Filters. If needed, disable all drop rule and test again. You should find where the problem is.
by evince
Wed May 11, 2016 9:35 am
Forum: General
Topic: Remote connect to mikrotik behind NAT
Replies: 16
Views: 53703

Re: Remote connect to mikrotik behind NAT

Hello, go to PPP, and then add a pptp (or l2tp) client. Configure it to connect to your server using your credentials.
by evince
Tue May 10, 2016 5:37 pm
Forum: General
Topic: Remote connect to mikrotik behind NAT
Replies: 16
Views: 53703

Re: Remote connect to mikrotik behind NAT

Hello, it is not possible as your ISP provide you private ip address, so you are Natted.

You need to ask him for a public IP (it can be dynamic), but the risk is to pay more than now.
by evince
Mon May 02, 2016 6:16 pm
Forum: Beginner Basics
Topic: 2 WAN - Masquerade - Howto?
Replies: 5
Views: 2273

Re: 2 WAN - Masquerade - Howto?

Heelo, this one is the right :


chain=srcnat action=masquerade out-interface=ether1-gateway log=no log-prefix=""
chain=srcnat action=masquerade out-interface=ether2- gateway 2 log=no log-prefix=""

regards,
by evince
Mon May 02, 2016 6:13 pm
Forum: Beginner Basics
Topic: Can't access Internal Servers from WAN
Replies: 9
Views: 1915

Re: Can't access Internal Servers from WAN

Hello,

try disabling this rule and test again :

add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface=ether1-Iplan
by evince
Mon May 02, 2016 2:25 pm
Forum: Beginner Basics
Topic: HOTSPOT login
Replies: 2
Views: 1124

Re: HOTSPOT login

by evince
Fri Apr 29, 2016 3:43 pm
Forum: General
Topic: [SOLVED] HAIRPIN NAT not working
Replies: 27
Views: 35562

Re: HAIRPIN NAT not working

Ok, tahk you very much for your great help ;)
by evince
Fri Apr 29, 2016 3:19 pm
Forum: General
Topic: [SOLVED] HAIRPIN NAT not working
Replies: 27
Views: 35562

Re: HAIRPIN NAT not working

Your rule has in-interface=pppoe-explore. It won't match connections coming from LAN. Change it to: dst-address-type=local dst-address=!192.168.88.1 Ok i've added a new rule with your settings and it is working now, thank you :) Can you explain me wy a simple hairpin nat rule does not work anymore?
by evince
Fri Apr 29, 2016 3:16 pm
Forum: General
Topic: [SOLVED] HAIRPIN NAT not working
Replies: 27
Views: 35562

Re: HAIRPIN NAT not working

Hello, this rule is there to access the camero from outside (pppoe-explore)
by evince
Fri Apr 29, 2016 2:27 pm
Forum: General
Topic: [SOLVED] HAIRPIN NAT not working
Replies: 27
Views: 35562

Re: HAIRPIN NAT not working

Hello, here is : /ip firewall nat add action=masquerade chain=srcnat dst-address=192.168.88.129 src-address=192.168.88.0/24 add action=masquerade chain=srcnat out-interface=pppoe-explore src-address=192.168.88.0/24 add action=dst-nat chain=dstnat dst-port=80 in-interface=pppoe-explore protocol=tcp t...
by evince
Fri Apr 29, 2016 10:53 am
Forum: General
Topic: [SOLVED] HAIRPIN NAT not working
Replies: 27
Views: 35562

[SOLVED] HAIRPIN NAT not working

Hi all, i'm facing an issue with Hairpin. I have a basic setup (from scratch). Local lan : 192.168.88.0/24 Gateway : 192.168.88.1 WAN via PPPoE (IP 100.100.100.100) Version : 6.35 I have a NAT rule for direct acces to a camera, it is workin from outside. By the way, i i try to reach it from my local...
by evince
Wed Apr 27, 2016 9:54 am
Forum: Beginner Basics
Topic: RB2011UiAS-RM with 6.30.4 OS can't connect to internet
Replies: 10
Views: 3188

Re: RB2011UiAS-RM with 6.30.4 OS can't connect to internet

It depends how many Ethernet ports are used. What kind of socket are you talking about?
by evince
Tue Apr 26, 2016 1:24 pm
Forum: Beginner Basics
Topic: RB2011UiAS-RM with 6.30.4 OS can't connect to internet
Replies: 10
Views: 3188

Re: RB2011UiAS-RM with 6.30.4 OS can't connect to internet

Hello, This setup is quite simple. You should receive an ip address from your modem in ether1(mikrotik side) (in your dhcp-client). Check if default route in checked. Then, you should have a NAT rule (masquerade) out-interface=ether1. Then, you should have a default route to the ip address of your m...
by evince
Mon Apr 18, 2016 4:37 pm
Forum: Beginner Basics
Topic: Forward to Proxy
Replies: 4
Views: 17788

Re: Forward to Proxy

Hello, try this :

chain=dstnat action=dst-nat to-addresses=62.23.15.92 to-ports=3128 protocol=tcp src-address=192.168.88.0/24 log=no log-prefix=""
by evince
Mon Apr 18, 2016 3:06 pm
Forum: Beginner Basics
Topic: Forward to Proxy
Replies: 4
Views: 17788

Re: Forward to Proxy

Hello,

What you need is a transparent proxy. take a look at this : http://wiki.mikrotik.com/wiki/Manual:IP ... on_example

Regards,
by evince
Thu Apr 07, 2016 4:32 pm
Forum: Beginner Basics
Topic: NetWatch with VPN and PPPOE
Replies: 4
Views: 2001

Re: NetWatch with VPN and PPPOE

Hello,

Be sure ICMP is authorized in input.
by evince
Thu Apr 07, 2016 10:45 am
Forum: Beginner Basics
Topic: NetWatch with VPN and PPPOE
Replies: 4
Views: 2001

Re: NetWatch with VPN and PPPOE

Hello,

Just add a route dst-address=remote_subnet Gateway=bridge-local. Your Netwatch will work.

regards,
by evince
Wed Mar 16, 2016 11:14 am
Forum: Beginner Basics
Topic: Installation package
Replies: 2
Views: 1174

Re: Installation package

Hello, download your package and just drag/drop it to your router, then reboot it.

Regards,
by evince
Tue Mar 15, 2016 9:45 am
Forum: Beginner Basics
Topic: HTTP access to userman only
Replies: 2
Views: 1082

Re: HTTP access to userman only

Hello, if you want to reach usermanager, you need this URL : http://mikrotik_ip/userman

Regards,
by evince
Wed Mar 09, 2016 9:54 am
Forum: Beginner Basics
Topic: NAT port forwarding problems
Replies: 3
Views: 1976

Re: NAT port forwarding problems

Hello,

Your NAt rules are false. You need to set dst-port instead of src-port.

Kind Regards,
by evince
Mon Feb 29, 2016 12:55 pm
Forum: Beginner Basics
Topic: L2TP over IPsec not working
Replies: 2
Views: 1346

Re: L2TP over IPsec not working

Hello, change you input firewall rule with destination port 1701. It must be UDP instead of TCP.
by evince
Fri Feb 26, 2016 4:01 pm
Forum: General
Topic: MikroTik IPSEC Site-2-site to Sonicwall : specifications
Replies: 3
Views: 4921

Re: MikroTik IPSEC Site-2-site to Sonicwall : specifications

Hello,

I'm running IPSec VPN between Mikrotik and SonicWall without any problem. Here is my config :

- Passive : enabled
- Send Initial Contact : enabled
- Generate policy : no

You just need to match both phase1 and phase2 and all wil rock :

Regards,
by evince
Thu Jan 28, 2016 5:12 pm
Forum: Beginner Basics
Topic: IPSec tunnel connects, but unable to ping or connect to remote network [SOLVED]
Replies: 12
Views: 6477

Re: IPSec tunnel connects, but unable to ping or connect to remote network

Did you change your encryption domain in your IPSec policy?
by evince
Wed Jan 27, 2016 11:57 am
Forum: General
Topic: IP Cloud
Replies: 112
Views: 86157

Re: IP Cloud

Hello,

IP Cloud is a great feature, btw how to assign it to another interface if i run 2 ISP?

Thank you in advance,
by evince
Wed Jan 27, 2016 11:29 am
Forum: Beginner Basics
Topic: IPSec tunnel connects, but unable to ping or connect to remote network [SOLVED]
Replies: 12
Views: 6477

Re: IPSec tunnel connects, but unable to ping or connect to remote network

Hello,

Can you post your NAT rules? YOu need at least one on the top.

Take a look at this great guide : http://gregsowell.com/?p=787

Regards,
by evince
Mon Jan 18, 2016 12:13 pm
Forum: Beginner Basics
Topic: Separate IP ranges with CRS125 not really separated
Replies: 2
Views: 984

Re: Separate IP ranges with CRS125 not really separated

Hello,

It's because you do not have a forward chain in DROP.
by evince
Mon Dec 28, 2015 4:16 pm
Forum: Beginner Basics
Topic: Routing to website inside my network
Replies: 3
Views: 1601

Re: Routing to website inside my network

Yes of course, no problem :)
by evince
Mon Dec 28, 2015 1:26 pm
Forum: Beginner Basics
Topic: Routing to website inside my network
Replies: 3
Views: 1601

Re: Routing to website inside my network

Hello, you have to create a Hairpin NAT rule, take a look at this : http://wiki.mikrotik.com/wiki/Hairpin_NAT

Regards,
by evince
Mon Dec 28, 2015 1:23 pm
Forum: Beginner Basics
Topic: Simple Queue problem
Replies: 3
Views: 1405

Re: Simple Queue problem

Hello,

Edit your simple queue, go to Advanced tab and configure Target Upload and Target Download as in General Tab.

Regards,
by evince
Wed Dec 16, 2015 10:42 am
Forum: Wireless Networking
Topic: broadcasting an unwanted wifi network
Replies: 6
Views: 1789

Re: broadcasting an unwanted wifi network

Check your wlan interface, there is maybe a virtual
by evince
Wed Dec 16, 2015 10:35 am
Forum: General
Topic: trying to add website to wallgarden - won't open it
Replies: 5
Views: 1326

Re: trying to add website to wallgarden - won't open it

Hello,

In dst-host, try without http://
by evince
Tue Dec 08, 2015 6:02 pm
Forum: Beginner Basics
Topic: why log menu show single line ? how to config it
Replies: 2
Views: 1197

Re: why log menu show single line ? how to config it

Hello, take a look at system logging action memory, you can increase the number of lines.

Regards,
by evince
Mon Dec 07, 2015 2:55 pm
Forum: General
Topic: Port forwarding issue
Replies: 4
Views: 1424

Re: Port forwarding issue

Hello, take a look at this rule and change it like this :

add chain=forward comment="RDP" dst-port=53389 protocol=tcp

replace with this :
add chain=forward comment="RDP" dst-port=3389 protocol=tcp


Regards,
by evince
Fri Dec 04, 2015 4:23 pm
Forum: The Dude
Topic: The Dude is back! v6.34rc test build released
Replies: 269
Views: 103542

Re: The Dude is back! v6.34rc test build released

Happy to see that the Dude project is not dead :)
by evince
Mon Nov 30, 2015 1:26 pm
Forum: Beginner Basics
Topic: Open port
Replies: 2
Views: 1268

Re: Open port

Hello,

You need to add HAIRPIN NAT rule, see this : http://wiki.mikrotik.com/wiki/Hairpin_NAT

Regards,
by evince
Mon Nov 30, 2015 9:51 am
Forum: Beginner Basics
Topic: IPsec VPN site to site
Replies: 3
Views: 2872

Re: IPsec VPN site to site

Helle,

The src-address seems to be wrong, we can see in your logs 192.168.1.2. It should be a WAN IP.

Regards,
by evince
Wed Nov 25, 2015 1:33 pm
Forum: Beginner Basics
Topic: After enable Port 80 can not access router setting
Replies: 3
Views: 932

Re: After enable Port 80 can not access router setting

Hello, how did you configure your router the first time? via webfig or winbox?

Maybe you just disabled the www service instead of activate it.

Try to connectwith winbox and take a look at /ip services
by evince
Tue Nov 24, 2015 12:22 pm
Forum: Beginner Basics
Topic: loopback
Replies: 1
Views: 1144

Re: loopback

Hello, you have to add a NAT rule for HAIRPIN : http://wiki.mikrotik.com/wiki/Hairpin_NAT

Kind Regards,
by evince
Tue Nov 24, 2015 10:22 am
Forum: General
Topic: NAT'ing internal segment to Public IP
Replies: 1
Views: 719

Re: NAT'ing internal segment to Public IP

Hello, you are right, it's quite simple :)

/ip firewall nat
add action=src-nat chain=srcnat comment="NAT to 3.3.3.3" src-address=10.0.30.0/24 to-addresses=3.3.3.3

King Regards,
by evince
Mon Nov 23, 2015 11:28 am
Forum: General
Topic: Please, add the "Taskbar" in Winbox :)
Replies: 3
Views: 1803

Re: Please, add the "Taskbar" in Winbox :)

+1 :D
  • 1
  • 2