Community discussions

Search found 157 matches

by patrickmkt
Mon Aug 26, 2019 10:43 am
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 16
Views: 1934

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

I now have another problem with Windows. When attempting to use a second VPN connection to another Mikrotik with a different intermediate CA, I have the known problem of WIndows presenting the wrong certificate (the one of the first vpn connection) and refusing the authentication. To avoid this issu...
by patrickmkt
Sat Aug 24, 2019 6:32 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 16
Views: 1934

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

Yes I am aware of the split include limitation on Windows.

My issue was from my firewall rules. I had the VPN issue an IP from a dhcp pool that was managed by bridge rules, but obviously the ipsec connection is not an interface and not attached to a bridge. I had to add a new rule for the IP subnet.
by patrickmkt
Sat Aug 24, 2019 5:49 pm
Forum: General
Topic: IKE2 RSA signature - identity not found for peer: DER DN: [SOLVED]
Replies: 5
Views: 2216

Re: IKE2 RSA signature - identity not found for peer: DER DN: [SOLVED]

Same here, disabling doesn't help. The strange thing is, it works on iOS fine, but the windows client doesn't. Current RouterOS from today on CCR I had also problems of different behavior between Windows and IOS. You can see what worked eventually for me here: https://forum.mikrotik.com/viewtopic.p...
by patrickmkt
Sat Aug 24, 2019 5:00 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 16
Views: 1934

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

You're right. With the own ID to auto it does connect...
Thanks

Now I need to figure out why this difference behavior between iOS and Windows.
Also, I still need to fix the routing issue as windows does not get any gateway set up.
by patrickmkt
Sat Aug 24, 2019 12:05 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 16
Views: 1934

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

I have set up as follow:
remote id type= auto
match by=certificate


I also tried with match by id with all the different remote id type
by patrickmkt
Fri Aug 23, 2019 11:17 am
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 16
Views: 1934

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

With the same series of certificate: When I successfully connect from an Iphone: aug/22 16:05:54 ipsec ike auth: respond aug/22 16:05:54 ipsec processing payload: ID_I aug/22 16:05:54 ipsec ID_I (FQDN): My_Client_Cert aug/22 16:05:54 ipsec processing payload: ID_R aug/22 16:05:54 ipsec ID_R (FQDN): ...
by patrickmkt
Wed Aug 21, 2019 10:03 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 16
Views: 1934

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

I believe that I tried with machine certificate before without success also and eventually reading that both could be used as long as the certificates and chain were in the proper stores (user or machine). But to make sure I tried again. I even put all the certificates in both chain. Still the same ...
by patrickmkt
Wed Aug 21, 2019 9:19 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 16
Views: 1934

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

I had selected the option to have windows asking me which client certificate to use each time. And indeed I have a dropdown box letting me chose at the connection time.
by patrickmkt
Wed Aug 21, 2019 7:34 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 16
Views: 1934

Re: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

Thanks, I had all the chain of trust of the CA in both the client and server. The client certificate had its key too. I am really surprised not to find any information how to get a better error log on the windows vpn client... That would point me into the right direction instead of playing half blin...
by patrickmkt
Mon Aug 19, 2019 9:24 pm
Forum: RouterBOARD hardware
Topic: PowerBox Pro not powering with POE in
Replies: 3
Views: 450

Re: PowerBox Pro not powering with POE in

Then you would need to revise the brochure as it is clearly stated:
"It also supports passive or standard 802.3at/af PoE input/output."

That was for me the main interest of the Powerbox Pro compared to the standard one (in addition to the sfp).
by patrickmkt
Mon Aug 19, 2019 12:47 pm
Forum: RouterBOARD hardware
Topic: PowerBox Pro not powering with POE in
Replies: 3
Views: 450

PowerBox Pro not powering with POE in

I just received a new PowerBox Pro this morning. I can power it through the power jack without problem, however, when I plug eth1 into a POE switch (even with a short cable), the Powerbox Pro does not power on. Is there a hidden setting somewhere that I need to change to accept 802.3af for POE in? O...
by patrickmkt
Sun Aug 18, 2019 1:35 pm
Forum: General
Topic: Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]
Replies: 16
Views: 1934

Windows 10 ikev2 13801: IKE authentication credentials are unacceptable error [SOLVED]

I am loosing my mind trying to do a certificate authentication between a Mkt server and a windows 10 client using ikev2. I can log in to the Mkt server from an iPhone, however, I got the dreaded error from Windows saying: "IKE authentication credentials are unacceptable". I am also lost how to find ...
by patrickmkt
Sat Aug 03, 2019 4:21 pm
Forum: General
Topic: Winbox 3.19 login problem
Replies: 1
Views: 582

Winbox 3.19 login problem

I have a few routers that refuse to let me log in via Winbox anymore. I can however log in through webfig in local to confirm that the login and password are correct. The logs don't show any other error logs than the failed winbox attempt that displayed as "login failure attempt for user xxx from x....
by patrickmkt
Thu Apr 26, 2018 9:41 pm
Forum: General
Topic: Windows Port Knock Application
Replies: 24
Views: 7295

Re: Windows Port Knock Application

Bitdefender fund a trojan in the file :-(
by patrickmkt
Sun Jul 23, 2017 1:01 pm
Forum: Scripting
Topic: DNS resolve and address list
Replies: 7
Views: 4735

Re: DNS resolve and address list

Why so difficult? Just put the hostname in the address field and the router resolves it automatically and at the correct frequency (TTL of the DNS record). No need for a script. First of all, the automatic resolving of hostname is quite recent in the functionnalities of ROS. Second, some of the hos...
by patrickmkt
Sun Jul 23, 2017 8:27 am
Forum: Scripting
Topic: DNS resolve and address list
Replies: 7
Views: 4735

DNS resolve and address list

I have multiple firewall rules based on address-list filters. My address lists are updated regularly by the standard script that resolve the hostname to an ip: :local comment :local newip :local oldip # Loop through each entry in the address list. :foreach i in=[/ip firewall address-list find] do={ ...
by patrickmkt
Sat Oct 22, 2016 8:12 pm
Forum: General
Topic: [Solved] OpenVPN Routing Problem
Replies: 4
Views: 4522

Re: OpenVPN Routing Problem

did you create an OVPN server binding in PPP interface and add forward rule for that interface in your firewall to allow the traffic from the VPN to your LAN?
by patrickmkt
Wed Oct 12, 2016 4:13 pm
Forum: Beginner Basics
Topic: NEED OF VERY STRONG WIFI INDOOR ROUTER
Replies: 13
Views: 1968

Re: NEED OF VERY STRONG WIFI INDOOR ROUTER

what did the log show? If you don't know how to configure the log look here http://wiki.mikrotik.com/wiki/Manual:System/Log.
by patrickmkt
Tue Oct 11, 2016 6:57 pm
Forum: Beginner Basics
Topic: NEED OF VERY STRONG WIFI INDOOR ROUTER
Replies: 13
Views: 1968

Re: NEED OF VERY STRONG WIFI INDOOR ROUTER

did you perform an upgrade of the AP recently? If so could you check that the wireless package is current and active. Also check the config as some wireless setup may have been changed from the upgrade.
by patrickmkt
Sat Oct 01, 2016 5:33 pm
Forum: Announcements
Topic: v6.37 [current] is released!
Replies: 197
Views: 34889

Re: v6.37 [current] is released!

I just had a really strange problem with the upgrade from 6.36 to 6.37 When I did the upgrade (using the Mikrotik check-for-upgrade via winbox), the Mikrotik (RB435G) did the upgrade to 6.37 however in Winbox, there was no Wireless section In packages there were two wireless packages, one was 6.37 ...
by patrickmkt
Sun Jul 17, 2016 11:03 pm
Forum: Beginner Basics
Topic: Small Home/Office setup
Replies: 3
Views: 1439

Re: Small Home/Office setup

Your setup is pretty simple, your office, voip and home are all using different devices. You probably don't need any vlan at all. Just your three network with different IP subnets as described on your diagram. Then two bridges to get the wlan_home and lan_home together, and the wlan_business and lan...
by patrickmkt
Wed Jul 06, 2016 4:13 pm
Forum: Beginner Basics
Topic: Complicated VLAN setup
Replies: 21
Views: 3178

Re: Complicated VLAN setup

I have a new question however concerning the VLANing APs. Packets from the wifi are getting tagged however I don't think it can tag management packets. Can I do the following: [admin@Mikrotik] /interface bridge port> add interface=ether3-master bridge=bridge-management [admin@Mikrotik] /interface b...
by patrickmkt
Wed Jul 06, 2016 4:06 pm
Forum: Beginner Basics
Topic: Complicated VLAN setup
Replies: 21
Views: 3178

Re: Complicated VLAN setup

Hi, I tried what patrickmkt suggested because it seemed really straightforward. I created the bridges and assigned ports to it (not every port so far) . However I cannot create srcnat between a bridge and the ehter1 interface: [admin@Mikrotik] /ip firewall nat> add chain=srcnat in-interface=bridge-...
by patrickmkt
Tue Jul 05, 2016 3:11 am
Forum: Beginner Basics
Topic: Complicated VLAN setup
Replies: 21
Views: 3178

Re: Complicated VLAN setup

do you need to have eth2 and eth4 tagged? is your POS and front desk PC playing well with VLAN? My initial thoughts on your setup would be to setup two bridges: one for management and one for public. You will be using a bit more cpu compare to the switch chip but will have much more control of your ...
by patrickmkt
Sun Nov 08, 2015 7:47 pm
Forum: General
Topic: Feature request: OpenVPN compression LZO and UDP
Replies: 200
Views: 93459

Re: Feature request: OpenVPN compression LZO and UDP

Already voted on that years ago. And I'm still asking for it :?
by patrickmkt
Sun Sep 06, 2015 7:56 am
Forum: Scripting
Topic: DynDNS update script periodically doesn't update
Replies: 3
Views: 744

Re: DynDNS update script periodically doesn't update

How often does your script run? Is there a limitation on your ddns server /checkip target that would refuse too many request within a short timeframe? Same thing with the dns update, you've set the force to true. Your ddns will probably blacklist you when too many request to change an IP that hasn't...
by patrickmkt
Tue Jun 30, 2015 9:54 pm
Forum: General
Topic: Crooks Use Hacked Routers to Aid Cyberheists
Replies: 5
Views: 3370

Crooks Use Hacked Routers to Aid Cyberheists

"Recently, researchers at the Fujitsu Security Operations Center in Warrington, UK began tracking Upatre being served from hundreds of compromised home routers — particularly routers powered by MikroTik and Ubiquiti’s AirOS." “The consistency in which the botnet is communicating with compromised rou...
by patrickmkt
Thu Jun 25, 2015 9:22 pm
Forum: SwOS
Topic: MikroTik Firmware Version
Replies: 1
Views: 1893

Re: MikroTik Firmware Version

http://www.mikrotik.com/download

1.14 is the latest version.
by patrickmkt
Wed Apr 22, 2015 6:14 pm
Forum: Beginner Basics
Topic: OVPN client certificate based authentication
Replies: 1
Views: 377

Re: OVPN client certificate based authentication

If your server requires LZO and/or UDP, Mikrotik OVPN will not be compatible with it. Only TCP and no compression.
by patrickmkt
Mon Apr 20, 2015 4:23 am
Forum: General
Topic: SSTP VPN - certificate cannot be verified
Replies: 1
Views: 5543

Re: SSTP VPN - certificate cannot be verified

On Windows 7 Client go to Control Panel > Intenet Options > Content > Certificates > Trusted Root Certificate Autorities > Import - Select C:\OpenSSL-Win32\bin\client.crt You maybe want to import in the "Trusted Root Certificate Autorities" the ca.crt. Then you import the client.crt + client.key in...
by patrickmkt
Sun Mar 01, 2015 7:26 pm
Forum: General
Topic: Windows Port Knock Application
Replies: 24
Views: 7295

Re: Windows Port Knock Application

Any update on the compiled version that incorporate the DNS and delay?
by patrickmkt
Sat Feb 21, 2015 3:46 am
Forum: SwOS
Topic: Feature Request - DHCP
Replies: 7
Views: 2925

Re: Feature Request - DHCP

I agree, that may help in some deployment
by patrickmkt
Thu Jan 22, 2015 4:39 pm
Forum: Beginner Basics
Topic: OpenVPN Connection problems
Replies: 3
Views: 1571

Re: OpenVPN Connection problems

what do you get on the routerboard log (with ovpn debug option in the logging options)?
by patrickmkt
Wed Nov 05, 2014 5:32 pm
Forum: General
Topic: OVPN and certificates.
Replies: 1
Views: 4254

Re: OVPN and certificates.

ROS 6.21.1 certificate and CRL handling corrections seem to have fixed my problem with the TLS error. :)
by patrickmkt
Wed Nov 05, 2014 5:31 pm
Forum: General
Topic: OpenVPN Server error: TLS failed
Replies: 43
Views: 77236

Re: OpenVPN Server error: TLS failed

ROS 6.21.1 certificate and CRL handling corrections seem to have fixed my problem with the TLS error. :)
by patrickmkt
Wed Nov 05, 2014 6:50 am
Forum: General
Topic: v6.21.1 released
Replies: 112
Views: 27540

Re: v6.21.1 released

What's new in 6.21.1 (2014-Nov-03 15:20):

*) certificate - fix CRL handling in trust chain;
Great my ovpn remote access is working again. I don't know if it was related to it or not, but it solved my TLS error during connection.
by patrickmkt
Mon Oct 27, 2014 10:00 am
Forum: General
Topic: Cert and CRL bug?
Replies: 0
Views: 616

Cert and CRL bug?

The same way that the bug with the Certs with CRL for OVPN is still not fixed, I stumbled into another issue with CRL on an SSTP link. I have an SSTP link between two ROS routers using certificates and CA. The CA is linked to an http URI for the CRL. The link was working fine until last week when I ...
by patrickmkt
Mon Oct 13, 2014 9:10 pm
Forum: Beginner Basics
Topic: Firewall Mangle rule shows no traffic
Replies: 10
Views: 2327

Re: Firewall Mangle rule shows no traffic

Did you activate the connection tracking ?
by patrickmkt
Sat Oct 04, 2014 6:46 pm
Forum: General
Topic: action=del-src-from-address-list
Replies: 3
Views: 1121

Re: action=del-src-from-address-list

I am already using the time out option, however I was considering using some port knocking scenario to shut down access in addition to open them.
by patrickmkt
Sat Oct 04, 2014 7:34 am
Forum: General
Topic: action=del-src-from-address-list
Replies: 3
Views: 1121

action=del-src-from-address-list

There are action=add-src-to-address-list and action=add-dest-to-address-list in NAT, Mangle and Filter.

How can I remove an address from a list as an action too?

Wouldn't it be nice to have also action=del-src-from-address-list and action=del-dest-from-address-list?
by patrickmkt
Fri Aug 22, 2014 11:55 pm
Forum: General
Topic: OpenVPN Server error: TLS failed
Replies: 43
Views: 77236

Re: OpenVPN Server error: TLS failed

Yes I have the same problem since v6.9+.

see http://forum.mikrotik.com/viewtopic.php?f=2&t=86739
http://forum.mikrotik.com/viewtopic.php?f=2&t=87297

but so far no answer to this problem
by patrickmkt
Thu Jul 24, 2014 6:24 pm
Forum: General
Topic: ROS OpenVPN Client with Linux OpenVPN server
Replies: 5
Views: 5653

Re: ROS OpenVPN Client with Linux OpenVPN server

Or we should have Mikrotik fix what is not working first before implementing new stuff. :?
by patrickmkt
Tue Jul 22, 2014 11:47 pm
Forum: General
Topic: openvpn iOS tls failed
Replies: 7
Views: 9015

Re: openvpn iOS tls failed

It's not only ios. I can't connect anymore from windows GUI with a config that was operational before.
See http://forum.mikrotik.com/viewtopic.php?f=2&t=87297
by patrickmkt
Tue Jul 22, 2014 8:56 pm
Forum: General
Topic: OVPN and certificates.
Replies: 1
Views: 4254

OVPN and certificates.

Since around ROS 6.5 or 6.6 I can't connect anymore to ROS OVPN server with certificates. It does work if I uncheck the Require Client Certificate on the OVPN server tab, but I got a TLS failure log entry if it's checked. It was working before with the certificates. There were a lot of certificates ...
by patrickmkt
Fri Jun 13, 2014 11:22 pm
Forum: General
Topic: v6.15 released
Replies: 302
Views: 103354

Re: v6.15 released

Hi Normis SSTP does not work at all on 6.15. (It also didn't work on 6.14?) Do both devices have to be on 6.15 to work? If i downgrade to 5.26, it works fine. Upgrade to 6.15 it breaks, its also enabled under PPP. Dont understand... SSTP client does work for me from 6.15 to server 6.15, 6.14 or 6.1...
by patrickmkt
Thu May 22, 2014 12:07 am
Forum: General
Topic: v6.13 released!
Replies: 177
Views: 48973

Re: v6.13 released!

In this case I can see two options: 1) Wait for 6.14 release, there are also some SSTP bug fixes 2) Generate support file and send it to MK support The third possible option can be selecting a different interface in firewall rule, apply configuration, then select back the sstp-server interface and ...
by patrickmkt
Wed May 21, 2014 7:45 pm
Forum: General
Topic: v6.13 released!
Replies: 177
Views: 48973

Re: v6.13 released!

Something I just noticed after updating two routers to 6.13: When I connect via SSTP from one ROS client to one ROS Server, the firewall rule associated with this SSTP connection stays red on the server after connection. It was working before on previous versions. Is there a new parameter that I di...
by patrickmkt
Wed May 21, 2014 7:53 am
Forum: General
Topic: v6.13 released!
Replies: 177
Views: 48973

Re: v6.13 released!

Something I just noticed after updating two routers to 6.13: When I connect via SSTP from one ROS client to one ROS Server, the firewall rule associated with this SSTP connection stays red on the server after connection. It was working before on previous versions. Is there a new parameter that I did...
by patrickmkt
Tue May 20, 2014 9:03 pm
Forum: General
Topic: Access to the Routerboard via OpenVPN
Replies: 1
Views: 641

Re: Access to the Routerboard via OpenVPN

Hi, since a year now. i have a routerboard installation successfully rolled out with openvpn. today i tried to upgrade from 6.5 to 6.13. Well, there is one RB2011-RM configured as the server and 2 RB750 configured as clients. Also from time to time i am using the vpn link to administrate the boards...
by patrickmkt
Tue May 13, 2014 6:09 pm
Forum: Beginner Basics
Topic: Problems getting NTP to work
Replies: 3
Views: 760

Re: Problems getting NTP to work

Last time I checked you can only enter an IP address in the NTP field, no FQDN. You can write a script to change the address regularly if you want to ease the load on the ntp server. /system ntp client set primary-ntp=[:resolve 0.us.pool.ntp.org] /system ntp client set secondary-ntp=[:resolve 1.us.p...
by patrickmkt
Tue Apr 01, 2014 7:28 am
Forum: General
Topic: v7.0 Released! (april fools joke)
Replies: 11
Views: 2952

Re: v7.0 Released!


Installed on all of our routers. Not a single problem.

That's the part that woke me up.
by patrickmkt
Tue Mar 25, 2014 3:34 pm
Forum: General
Topic: v6.11 released
Replies: 260
Views: 79989

Re: v6.11 released

Unfortunately 90% of issues posted here, are never reported to support, even if we ask for more info. Many issues are config problems and some issues are very specific to the config user has made in their device. Normis, how can you do a supout of a router but omitting private information like pass...
by patrickmkt
Mon Mar 24, 2014 8:46 pm
Forum: General
Topic: OVPN:require client certificate not working anymore [SOLVED]
Replies: 11
Views: 3183

Re: OVPN: require client certificate not working anymore

Same problem for me.
I have CA and intermediate CA with LT status in ROS.
by patrickmkt
Mon Mar 24, 2014 3:15 pm
Forum: General
Topic: sstp not working after Router OS upgrade from 6.7 to 6.9
Replies: 20
Views: 7673

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

did you check that the sstp profile does not have the Use encryption set to required. It seems to be a setting not concerning sstp but creating conflict since 6.9+. Change it to default or no.
by patrickmkt
Mon Mar 24, 2014 3:11 am
Forum: General
Topic: v6.11 released
Replies: 260
Views: 79989

Re: v6.11 released

I upgraded a rb2011uas-2HnD from 6.9 to 6.11 and now I can't connect my windows OVPN client to the ROS OVPN server anymore. The log show: disconnected <TLS failed> I've checked that the CA and intermediate CA have both a LT status, while the rb2011 cert has a KT status. If I uncheck the 'require cli...
by patrickmkt
Tue Mar 18, 2014 3:55 am
Forum: RouterBOARD hardware
Topic: POE out not working on OmniTIK UPA 5HnD
Replies: 14
Views: 12385

Re: POE out not working on OmniTIK UPA 5HnD

With longer cable you probably want to increase the voltage of the power supply. Also check the amp rating of your psu. Do you have enough margin of power to supply both unit together including the increased loss in the cable?
by patrickmkt
Sat Mar 08, 2014 6:55 am
Forum: General
Topic: v6.10 released
Replies: 248
Views: 82390

Re: v6.10 released

"Encryption negotiation rejected” This is a SSTP configuration error, not a bug. Please check your config. I see several people with this config mistake. For the PPP profile that you use in SSTP, turn off encryption, this setting is only used for PPTP. If you have enabled encryption in the PPP prof...
by patrickmkt
Fri Feb 28, 2014 9:54 pm
Forum: RouterBOARD hardware
Topic: WARNING! CCR and two power supplies
Replies: 10
Views: 2680

Re: WARNING! CCR and two power supplies

Did you put a diode to protect the second power supply from being back fed by the primary? If so, even a short on the second shouldn't impact anything.
by patrickmkt
Fri Feb 14, 2014 8:14 pm
Forum: General
Topic: v6.10 released
Replies: 248
Views: 82390

Re: v6.10 released

SSTP still broken as described in v6.9

Can not connect from a RB1100AH v6.10 client to a RB2011 v6.7 server. "Encryption negotiation rejected"

It was working perfectly from a v6.7 to v6.7
by patrickmkt
Fri Feb 14, 2014 3:11 am
Forum: Beginner Basics
Topic: Odd IP blocking
Replies: 4
Views: 1036

Re: Odd IP blocking

If you want to block the access to the network behind the router change chain=input to chain=forward. You also need to make sure that this rule is above the other rules that would let it pass.
by patrickmkt
Thu Feb 06, 2014 8:56 pm
Forum: Beginner Basics
Topic: SSTP VPN for multiple client
Replies: 5
Views: 3046

Re: SSTP VPN for multiple client

SSTP is not working as I expected. I have created certificate Manually as per this link: http://wiki.mikrotik.com/wiki/Manual:Create_Certificates#Import_certificates Certificate Installed in SSTP server: server.crt + ca.crt Certificate Installed in SSTP client: client.crt + ca.crt Certificated sele...
by patrickmkt
Tue Feb 04, 2014 5:45 pm
Forum: General
Topic: 6.9 released!
Replies: 223
Views: 79626

Re: 6.9 released!

For those of you having issues with 6.9: after updating and also updating the firmware to 3.10, then you'll need to do a system reset-configuration and then manually apply your custom settings. You mean that for every upgrade we have to completely reset the router, reprogram manually all the config...
by patrickmkt
Tue Feb 04, 2014 4:54 pm
Forum: Beginner Basics
Topic: SSTP VPN for multiple client
Replies: 5
Views: 3046

Re: SSTP VPN for multiple client

You should be able to use a different client certificates in each client as long as it is signed by the same ca. Serveur: CA.crt + Server.crt (signed by CA) + Server.key Client1: CA.crt + Client1.crt (signed by CA) + Client1.key Client2: CA.crt + Client2.crt (signed by CA) + Client2.key I have been ...
by patrickmkt
Sat Feb 01, 2014 4:11 pm
Forum: General
Topic: 6.9 released!
Replies: 223
Views: 79626

Re: 6.9 released!

updated from 6.7 to 6.9 on a rb1100ah and now I have on one of my sstp link to another routerboard still on 6.7:
Encryption negociation rejected.
by patrickmkt
Wed Jan 22, 2014 3:19 pm
Forum: Beginner Basics
Topic: src-nat problem
Replies: 4
Views: 1809

Re: src-nat problem

can you show us your firewall rules in order?
by patrickmkt
Thu Jan 16, 2014 3:15 pm
Forum: Beginner Basics
Topic: NAT & SIP
Replies: 7
Views: 12098

Re: NAT & SIP

The lines will come in handy at a different time that's for sure. I hate to sound like a complete newbie, but what would I be best in to using, I got a elastix box setup but it's confusing. Should I just go for a simple Linux Distro and Asterix setup? Or can FreeSwitch/Elastix/ etc.. do the same fe...
by patrickmkt
Wed Jan 15, 2014 11:08 pm
Forum: Beginner Basics
Topic: NAT & SIP
Replies: 7
Views: 12098

Re: NAT & SIP

Then that may make more sense and worth to setup. So my provider allows me to make four accounts within my account panel and assign four users with four different DID numbers. I can plug those four accounts straight in to Asterik? And then I can assign each line on the phone an account from Asteris...
by patrickmkt
Wed Jan 15, 2014 6:49 pm
Forum: Beginner Basics
Topic: NAT & SIP
Replies: 7
Views: 12098

Re: NAT & SIP

I'm currently not using a PBX/Trunking and just a commercial SIP Line in. I would like to avoid PBX but can you use PBX (asterisk / freeswitch) without a trunking account? Your 'commercial SIP line' is the PBX. You can always add your own PBX if you need too, a PBX is not acting differently than a ...
by patrickmkt
Wed Jan 15, 2014 5:33 pm
Forum: Beginner Basics
Topic: NAT & SIP
Replies: 7
Views: 12098

Re: NAT & SIP

I would assume that you are using your 7960 with the SIP firmware? Don't forget that for SIP in addition to the signalization channel (usually 5060) you also need to open the RTP range (the voice part of the communication). That's what you probably did for your other phone (src-port=16384-32766). Ch...
by patrickmkt
Sun Jan 05, 2014 5:26 am
Forum: General
Topic: DONE OpenVPN with require-client-certificate = yes
Replies: 2
Views: 1370

Re: OpenVPN with require-client-certificate = yes

What is your config?

Did you select the correct certificate with your openvpn config?
What kind of algo/key size/hash are you using for your certs?
by patrickmkt
Thu Dec 19, 2013 4:38 pm
Forum: General
Topic: The SIP does not work from behind the ROS NAT
Replies: 1
Views: 574

Re: The SIP does not work from behind the ROS NAT

Don't forget that for SIP not only you have the signaling usually on port 5060, but the voice RTP is on other ports (depending on your phone and pbx config may be in the 10000 to 20000). You may have to open these ports too.
by patrickmkt
Thu Dec 12, 2013 4:50 pm
Forum: General
Topic: v6.7 released
Replies: 225
Views: 109466

Re: v6.7 released

I got a new issue with 6.7 on a RB1100ah. Never had that problem before. When connecting with winbox, some of my firewalls rules are red with unknown interface, some ppp connection disappeared from the list, etc... That's the second time I see it happened over a two weeks period. When I reboot the r...
by patrickmkt
Sun Dec 08, 2013 6:53 pm
Forum: Beginner Basics
Topic: Powering TP Link TL-WA5210G using Mikrotik RB750UP
Replies: 9
Views: 5948

Re: Powering TP Link TL-WA5210G using Mikrotik RB750UP

Seems that your TPLink does not appreciate 24V input. I couldn't find on the datasheet the voltage specifications for it, but it could be the culprit. You may try to use a 12V power supply for your RB750 that can deliver more than 1A as all your other devices together will need much more than that @...
by patrickmkt
Sun Dec 08, 2013 4:00 pm
Forum: General
Topic: Outgoing IAX2 connections don't work on Mikrotik
Replies: 3
Views: 1200

Re: Outgoing IAX2 connections don't work on Mikrotik

I have two different asterisk PABX using IAX trunks and IAX peers, and multiple IAX clients all behind Mikrotik routers and I never had a problem.
by patrickmkt
Tue Dec 03, 2013 4:17 pm
Forum: Scripting
Topic: DynDNS
Replies: 4
Views: 1112

Re: DynDNS

what is not working?

I had on mine to add some policy rights for the scripts and also on the /tool fetch command I had to change the address= with an IP (resolved in the beginning of the script) instead of FQDN and add host=FQDN in the line.
by patrickmkt
Mon Dec 02, 2013 9:05 pm
Forum: General
Topic: v6.7 released
Replies: 225
Views: 109466

Re: v6.7 released

patrickmkt
I have same issue. Created the ticket: Ticket#2013120266000693
But you can do this via terminal:

ros code

certificate set numbers=0 name=TestName
yes same problem as reported in v6.6
by patrickmkt
Mon Dec 02, 2013 4:55 pm
Forum: General
Topic: v6.7 released
Replies: 225
Views: 109466

Re: v6.7 released

Still unable to change a certificate name in winbox (error certificate subject is read only), while it is possible in terminal mode.
by patrickmkt
Mon Dec 02, 2013 2:54 am
Forum: RouterBOARD hardware
Topic: RB2011 port disconnecting
Replies: 6
Views: 1929

Re: RB2011 port disconnecting

change the cable on that port.
by patrickmkt
Fri Nov 29, 2013 11:24 pm
Forum: General
Topic: Winbox for android, when?
Replies: 52
Views: 50336

Re: Winbox for android, when?

I understand that it may be a PITA to have to enter a secured password for webfig while working on a mast. To avoid lowering the security of the login, why not having a certificate authentication available for webfig? You would just need to load the proper cert in your browser cert store and then yo...
by patrickmkt
Thu Nov 21, 2013 10:44 pm
Forum: Forwarding Protocols
Topic: How to limit OVPN user access to one server?
Replies: 3
Views: 1358

Re: How to limit OVPN user access to one server?

When a user log in it will create a temporary interface, you can not use this one with filter rules as this interface is temporary (unless you do it dynamically). That's why you want to 'reserve' an interface name for your client connection by creating a binding ones. In winbox: ppp/interface add ne...
by patrickmkt
Thu Nov 21, 2013 7:50 pm
Forum: Forwarding Protocols
Topic: How to limit OVPN user access to one server?
Replies: 3
Views: 1358

Re: How to limit OVPN user access to one server?

you need to create a binding ovpn server in your ppp interface (with the proper user info for that user).
You can then use that interface for your routing rules.
by patrickmkt
Thu Nov 21, 2013 7:48 pm
Forum: General
Topic: OpenVPN Server on RouterOS, mode=ip (tun) and Windows client
Replies: 7
Views: 9341

Re: OpenVPN Server on RouterOS, mode=ip (tun) and Windows cl

just put in your client .ovpn config file something like

route 192.168.100.0 255.255.255.0
by patrickmkt
Mon Nov 18, 2013 8:20 pm
Forum: General
Topic: Need to open firewall for NAT?
Replies: 3
Views: 637

Re: Need to open firewall for NAT?

I just looked again at the ROS 6.x workflow chart and it seems that the NAT test is now after the filter rules. It would then explain it. What I don't understand is why on other routers not using ppoe I haven't seen this issue yet. Also, it does not seem to happens all the time. That's what is frust...
by patrickmkt
Mon Nov 18, 2013 4:12 pm
Forum: General
Topic: Need to open firewall for NAT?
Replies: 3
Views: 637

Need to open firewall for NAT?

Hi, I'm lost. I have installed many routers before and this one is giving me a headache. It's an RB2011UAS-2HnD with ROS 6.6. As all my other install, I have a few servers that needs some ports to be natted. I have a basic netmat dstnat NAT rule with a dst port and src address list condition that is...
by patrickmkt
Fri Nov 15, 2013 11:31 pm
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 72679

Re: RouterOS v6.6 released

Also, cannot rename the certificate, it says "certificate subject is read only!" - it has nothing to do with the cert subject, I just want to change its internal name in ROS. I already signaled this one earlier. However if you really need to change it, you can still do it in the terminal mode. You ...
by patrickmkt
Fri Nov 08, 2013 6:58 pm
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 72679

Re: RouterOS v6.6 released

What's new in 6.6 (2013-Nov-07 13:04):

*) certificates - fixed certificate import;

Good I can import fine now, however, I can't change the internal name of the certificate anymore:
'couldn't change certificate xxx - certificate subject is read only'
by patrickmkt
Thu Oct 31, 2013 10:58 pm
Forum: General
Topic: V7 soon ?
Replies: 20
Views: 7788

Re: V7 soon ?

Before talking about a V7, let's focus on having a functional V6. Right now the only stable version is V5, V6 is still buggy, every new release corrects new bugs but creates new ones too that are a stopper.
by patrickmkt
Mon Oct 21, 2013 4:44 pm
Forum: General
Topic: after upgrade to 6.3 cannot generate certificate-request
Replies: 33
Views: 26344

Re: after upgrade to 6.3 cannot generate certificate-request

I have problem to import certificate on 6.5 too.
by patrickmkt
Mon Sep 23, 2013 9:56 pm
Forum: General
Topic: Locating a rogue client?
Replies: 7
Views: 1861

Re: Locating a rogue client?

I would just use a Mikrotik device with a directional antenna and run the wireless snooper, look for the mac. Go foxhunting! Thats really the only option you got: Time, hard work, and a really good antenna. Get a good compass and GPS, go to several locations more than a few degrees apart (relative ...
by patrickmkt
Fri Sep 20, 2013 3:05 am
Forum: General
Topic: Locating a rogue client?
Replies: 7
Views: 1861

Re: Locating a rogue client?

Again the issue is not to deny, block or improve the network security. I'm looking for a way to locate a rogue client device. I have directional antennas, but I don't know what would be the best receiver that can sniff & lock on a specific MAC and give me a constant RSSI output for me to do the trac...
by patrickmkt
Thu Sep 19, 2013 11:22 pm
Forum: General
Topic: Locating a rogue client?
Replies: 7
Views: 1861

Re: Locating a rogue client?

Define rogue client.

Do you mean rogue dhcp server?

Do you mean unauthorized client that hacked into the network?

Do you mean rogue AP that is mirroring yours?
I mean an unauthorized client that hacked into the network.
And I'm looking for a cheaper solution than buying a Fluke Aircheck ;-)
by patrickmkt
Thu Sep 19, 2013 9:45 pm
Forum: General
Topic: Locating a rogue client?
Replies: 7
Views: 1861

Locating a rogue client?

I'm trying to locate a rogue client on one of my AP. Without disrupting the AP, what could I use to locate this client. My guess is to use another radio module with a directive antenna and doing some radio direction finding based on the RSSI. However I don't know how to setup a device that will give...
by patrickmkt
Sat Aug 10, 2013 3:28 am
Forum: Beginner Basics
Topic: Simple queue and V6 help
Replies: 1
Views: 609

Re: Simple queue and V6 help

nobody?
by patrickmkt
Sun Aug 04, 2013 5:08 pm
Forum: Beginner Basics
Topic: Simple queue and V6 help
Replies: 1
Views: 609

Simple queue and V6 help

I'm playing around with the v6.2 and I'm confused about how to migrate some of my previous config to use the simple queue to do some bandwidth management per user. Let's say I have on eth1 my WAN and multiple LAN on the other eth. My goal is to create a rule to limit the bandwidth going to/from the ...
by patrickmkt
Mon Feb 25, 2013 4:55 pm
Forum: Beginner Basics
Topic: Connecting iPhone to mikrotik vpn error!
Replies: 20
Views: 14522

Re: Connecting iPhone to mikrotik vpn error!

Here is m Blog on how I setup Windows 7 and Iphone 4 to use L2TP. Im no expert but it works

http://www.nasa-security.net/2013/02/20 ... ith-ipsec/

Travis
Nice tuto. +1 karma

However, does anyone achieved to use certificates with the IPSEC policy on the iphone and ROS?
by patrickmkt
Thu Feb 21, 2013 9:45 pm
Forum: General
Topic: OpenVPN - UDP, LZ0?
Replies: 16
Views: 7321

Re: OpenVPN - UDP, LZ0?

It's one of the most requested features for years, but still no plan to do it...

You better ask for a pink with green dot router, you'll have better chance to see it done.
by patrickmkt
Fri Feb 15, 2013 11:35 pm
Forum: General
Topic: RouterOS v6rc10 pre-released
Replies: 79
Views: 15529

Re: RouterOS v6rc10 pre-released

*) sstp, ipsec - respect CRLs;
*) certificates - for certificates marked as trusted=yes,
CRL will be automaticly updated once in hour from http sources;
Great, checking CRL was a must that many of us were waiting for.
by patrickmkt
Thu Feb 14, 2013 9:49 pm
Forum: Beginner Basics
Topic: Share printer in other subnet
Replies: 2
Views: 1432

Re: Share printer in other subnet

Can't you nat from one network to the other if your printer doesnt allow another network. If the printer is not the issue, it's just a matter of checking that your firewall rules allow you to connect to the printer from your second network and configuring your computer to point to the proper printer...
by patrickmkt
Tue Jan 29, 2013 3:51 am
Forum: Beginner Basics
Topic: Simple Dual WAN Dual LAN question
Replies: 3
Views: 1211

Re: Simple Dual WAN Dual LAN question

In mangle, add a routing mark WAN2 for all the traffic !local coming from interface LAN2
add routing mark WAN1 for all the traffic !local coming from interface LAN1
In route, add a route for all the routing mark WAN2 to go through WAN2, and same for WAN1.

There are plenty of examples on the wiki
by patrickmkt
Sun Jan 20, 2013 7:00 pm
Forum: General
Topic: Route Socks Server Over VPN
Replies: 1
Views: 507

Re: Route Socks Server Over VPN

I have the same question
by patrickmkt
Sun Jan 20, 2013 5:58 pm
Forum: General
Topic: How to force an application to a specific gateway? SOCKS?
Replies: 0
Views: 265

How to force an application to a specific gateway? SOCKS?

All my normal routing goes through my main gateway (lets say on eth1) However I have another gateway I want to use for specific use (lets say eth2). I want to be able from the computer side to have some applications going through gateway 2 while the others still use gateway 1. These apps may use dif...
by patrickmkt
Mon Jan 14, 2013 4:16 pm
Forum: General
Topic: OVPN on new versoins ROS 6.0 and 5.1...
Replies: 61
Views: 19588

Re: OVPN on new versoins ROS 6.0 and 5.1...

I am too voting for a full OVPN support in ROS.
by patrickmkt
Sun Dec 16, 2012 5:34 pm
Forum: General
Topic: 5.22 released!
Replies: 104
Views: 47814

Re: 5.22 released!

When removing an UPS, or changing the serial port of an UPS, the previous serial port is still assigned to the UPS and unable to be reused by any other process. Am I the only one with this problem? what do you mean by "changing the port"? how many serial ports does your device have, and why are you...
by patrickmkt
Sat Dec 15, 2012 3:02 am
Forum: RouterBOARD hardware
Topic: 2011 power cord retainer
Replies: 34
Views: 6417

Re: 2011 power cord retainer

Thank you all for suggestions. In future, we will have something along these lines:
Screen Shot 2012-12-07 at 10.00.14 AM.png
Looks great. Then also please update the power supply with a 90 degree angle plug to avoid a sharp bend on the cable to go back to the grooves and also saving space.
by patrickmkt
Fri Dec 07, 2012 3:34 am
Forum: General
Topic: 5.22 released!
Replies: 104
Views: 47814

Re: 5.22 released!

When removing an UPS, or changing the serial port of an UPS, the previous serial port is still assigned to the UPS and unable to be reused by any other process. Am I the only one with this problem? what do you mean by "changing the port"? how many serial ports does your device have, and why are you...
by patrickmkt
Wed Dec 05, 2012 2:24 pm
Forum: General
Topic: 5.22 released!
Replies: 104
Views: 47814

Re: 5.22 released!

When removing an UPS, or changing the serial port of an UPS, the previous serial port is still assigned to the UPS and unable to be reused by any other process.
Am I the only one with this problem?
by patrickmkt
Tue Nov 27, 2012 3:56 pm
Forum: General
Topic: 5.22 released!
Replies: 104
Views: 47814

Re: 5.22 released!

When removing an UPS, or changing the serial port of an UPS, the previous serial port is still assigned to the UPS and unable to be reused by any other process.
by patrickmkt
Sun Nov 25, 2012 3:18 pm
Forum: Beginner Basics
Topic: 4 cameras ip and rb 750gl
Replies: 1
Views: 376

Re: 4 cameras ip and rb 750gl

post here your config and more info on your network if you want us to try to help you.

You would probably have to setup port forwarding from a different port to each camera port.
by patrickmkt
Sat Nov 24, 2012 4:18 pm
Forum: The User Manager
Topic: PayPal - bad http response
Replies: 12
Views: 4825

Re: PayPal - bad http response

What's new in 5.22 (2012-Nov-23 09:28):

*) userman - fix PayPal "bad HTTP response";
by patrickmkt
Wed Nov 21, 2012 6:41 pm
Forum: General
Topic: problem with Graphic in router
Replies: 6
Views: 3064

Re: problem with Graphic in router

check that the 'store on disk' option is enabled in the graphing setup.
by patrickmkt
Mon Nov 19, 2012 2:48 am
Forum: General
Topic: Avoiding Multiple NAT
Replies: 6
Views: 1614

Re: Avoiding Multiple NAT

Can someone explain to me why double nat or even triple nat wouldn't work?
It's not elegant nor efficient but why wouldn't it work?

If on the ADSL you do a port forwarding to the ip of the mikrotik router then from there a port forwarding to your client there shouldn't be a problem?
by patrickmkt
Sun Nov 18, 2012 6:28 pm
Forum: Wireless Networking
Topic: Suggestion for 30 miles link
Replies: 11
Views: 1657

Re: Suggestion for 30 miles link

I have a repeater in between but that site is unmanaged. Hence I want to have the link from my managed site. I don't think Horizontal antennas can help with signal strength. Increasing the height at other end seems to be a probable and possible solution. No but horizontal polarization can improve y...
by patrickmkt
Sat Nov 17, 2012 3:12 pm
Forum: General
Topic: DNS Packets going Missing
Replies: 3
Views: 1794

Re: DNS Packets going Missing

Interesting. I have some DNS timeout in my setup with the RB as DNS server/cache when some of the queues are loaded, despite a low cpu usage.

I'll be following your thread to see if it gives me some pointers to solve my issue.
by patrickmkt
Fri Nov 16, 2012 12:58 am
Forum: Wireless Networking
Topic: Hiding SSID but someone is using wlan
Replies: 3
Views: 672

Re: Hiding SSID but someone is using wlan

Hidden doesn't mean it can't be found...
Look at traffic and the connection and you'll see who is on it.
by patrickmkt
Fri Nov 09, 2012 2:50 pm
Forum: Beginner Basics
Topic: RouterBoard 1100AH
Replies: 3
Views: 1476

Re: RouterBoard 1100AH

Try to change the eth port you connect your router to.
With winbox, do a discovery (the ... box next to the connect to line).
by patrickmkt
Thu Nov 08, 2012 6:42 pm
Forum: General
Topic: QOS Help!!! DNS timeout
Replies: 1
Views: 532

Re: QOS Help!!! DNS timeout

nobody?

Why the priority is not working and a fully loaded queue child would block other children even with higher priority or before reaching their limit at?
by patrickmkt
Thu Nov 01, 2012 3:31 pm
Forum: General
Topic: QOS Help!!! DNS timeout
Replies: 1
Views: 532

QOS Help!!! DNS timeout

When I though I understood how to manage QOS, I'm questioning myself again.. I have an RB1100AH, ROS 5.21 I put the following queue tree. All queues are pcq. When I put the max limit of my RS812 queue to 350k all the computers on the network can't resolve DNS anymore from the RB1100AH (timeout). Why...
by patrickmkt
Tue Oct 23, 2012 2:03 am
Forum: Beginner Basics
Topic: Destination NAT
Replies: 4
Views: 662

Re: Destination NAT

really have only one chance to get it right, as this is production router and I cant afford to play around and learn by mistake :) Not so Fearless after all :lol: /ip firewall nat add action=dst-nat chain=dstnat dst-address=Y.Y.Y.Y dst-port=8090 protocol=\ tcp to-addresses=X.X.X.X Shouldn't it be a...
by patrickmkt
Thu Oct 18, 2012 3:54 pm
Forum: General
Topic: Static IP issued from Bellsouth\ATT DSL configuration
Replies: 15
Views: 9765

Re: Static IP issued from Bellsouth\ATT DSL configuration

To reach the modem page when in bridge mode, you just need to set a static IP in the same subnet to the eth port that is connected to it. If your modem was 192.168.1.254 before you put it in bridge mode, just assign IP 192.168.1.10 to your interface, and you should be able to connect to 192.168.1.25...
by patrickmkt
Thu Oct 18, 2012 3:48 pm
Forum: General
Topic: Status of OpenVPN in RouterOS?
Replies: 22
Views: 8650

Re: Status of OpenVPN in RouterOS?

When you see even consumer routers/modems offering openVPN with all functionalities (like lzo and udp), you wonder why a supposedly better grade router can't do it... We are also considering alternate options than ROS to continue to provide openVPN services for our users. Will be sad to change again...
by patrickmkt
Tue Oct 16, 2012 3:59 pm
Forum: General
Topic: tftp-server-name option in DHCP-SERVER
Replies: 16
Views: 22542

Re: tftp-server-name option in DHCP-SERVER

Also the option is defined for all dhcp server on all interfaces. Is there a way to define an option for one interface/dhcp server only.
I need option 150 with different value on different interfaces...
by patrickmkt
Mon Oct 15, 2012 4:52 pm
Forum: General
Topic: HUge POrt Flap!
Replies: 14
Views: 1927

Re: HUge POrt Flap!

bad cable? bad connector?
by patrickmkt
Sun Oct 14, 2012 5:57 pm
Forum: General
Topic: 5.21 released
Replies: 78
Views: 19022

Re: 5.21 released

Can anyone explain, why system routerboard on 2.38 like my pict?
Per http://routerboard.com/RB1200 the latest firmware for the RB1200 is 2.38
by patrickmkt
Sat Oct 13, 2012 11:27 pm
Forum: General
Topic: Can't connect APC serial UPS
Replies: 4
Views: 1193

Re: Can't connect APC serial UPS

doesn't work with 5.21 either. Now the UPS shows as invalid.
by patrickmkt
Sat Oct 13, 2012 11:24 pm
Forum: General
Topic: 5.21 released
Replies: 78
Views: 19022

Re: 5.21 released

I don't have the 'can't add ups' error anymore, but the ups shows as invalid :(
by patrickmkt
Sat Oct 13, 2012 7:06 pm
Forum: General
Topic: Supported UPS`s
Replies: 49
Views: 32231

Re: Supported UPS`s

Also, why not supporting APC UPS that have an ethernet network card? For a router, connecting an UPS via IP seems better than using the only single serial port of the router.
by patrickmkt
Sat Oct 13, 2012 5:15 pm
Forum: RouterBOARD hardware
Topic: serial1 on RB1100
Replies: 4
Views: 997

Re: serial1 on RB1100

I understyand that the RB1100 has one physiccal port witch is serial0, but is it possible to use serial1? Is there a pin out on the board to add an extra DB9? Did you read the manual for the RB1100??? It tells you how to do this. There is a serial header already soldered to the motherboard for conn...
by patrickmkt
Sat Oct 13, 2012 4:58 pm
Forum: General
Topic: Can't connect APC serial UPS
Replies: 4
Views: 1193

Can't connect APC serial UPS

I have an APC smart UPS 3000 RM connected with a genuine APC smart ups cable. I can dialog with the UPS properly trough the '/system serial-terminal serial0' ROS command. However, when I am trying to add this UPS to ROS I have 'Couldn't add New UPS error - opening serial port failed: 2 9 (6)' This U...
by patrickmkt
Fri Oct 12, 2012 3:53 pm
Forum: General
Topic: Problem with ssh client, user option not working
Replies: 6
Views: 2887

Re: Problem with ssh client, user option not working

Thanks, that make sense.

I'll give it a try.
by patrickmkt
Fri Oct 12, 2012 3:33 pm
Forum: General
Topic: Problem with ssh client, user option not working
Replies: 6
Views: 2887

Re: Problem with ssh client, user option not working

You're maybe right, but then how to make a script send an ssh command with authentication?
Would the script have the right to use the remoteuser certificate?
Or are you stuck to use the same cert for ssh as admin to the mikrotik and then to install the same cert in all the server you want to ssh to?
by patrickmkt
Thu Oct 11, 2012 5:00 pm
Forum: General
Topic: Problem with ssh client, user option not working
Replies: 6
Views: 2887

Problem with ssh client, user option not working

Hi, on ROS 5.20 I have an issue when using '/system ssh 1.1.1.1 user=myremoteuser' I am trying to ssh to a remote server 1.1.1.1 using certificate authentication. I have created on this server a user myremoteuser with proper keys. I have created the same myremoteuser on the routerboard and imported ...
by patrickmkt
Wed Oct 10, 2012 2:55 pm
Forum: General
Topic: [Feature request] /ip firewall protocol-port-list
Replies: 9
Views: 3533

Re: [Feature request] /ip firewall protocol-port-list

Yes that's one feature I would like too. We can do without, but it would made the configuration much more easier to read.
Another feature for me would be to be able to be able to associate an alias to a mac address instead of trying to remember who is who during debug.
by patrickmkt
Sat Oct 06, 2012 2:35 am
Forum: General
Topic: EoIP slow high latency
Replies: 13
Views: 6868

Re: EoIP slow high latency

weird, I'm using Airmax on my link and I'm not seeing this problem...
by patrickmkt
Thu Oct 04, 2012 6:42 pm
Forum: Beginner Basics
Topic: Queue Tree Limit At error?
Replies: 2
Views: 800

Re: Queue Tree Limit At error?

That mean that you need to put manually the same 'max limit' to every child of a tree and that the parent one is useless. I would consider that as a bug in the entry test routine that is just trying to check that 'max limit'>'limit at' and does not consider that 'max limit'=0 is an exception to refe...
by patrickmkt
Thu Oct 04, 2012 12:15 am
Forum: General
Topic: EoIP slow high latency
Replies: 13
Views: 6868

Re: EoIP slow high latency

I have two RB2011 linked by a pair of ubnt Nanobridge. I have two EOIP tunnel on this link. I get a good steady 4~6ms response from both side of the tunnel from end devices.
by patrickmkt
Sat Sep 29, 2012 3:45 am
Forum: Beginner Basics
Topic: Queue Tree Limit At error?
Replies: 2
Views: 800

Queue Tree Limit At error?

Hi, I have a queue tree where I have put a 'Max Limit' to a parent and would like to define some 'limit at' for some of the children. However, when I try to set a 'limit at' for the children, I have an error saying that the 'limit at' can't be below the 'Max limit'. I don't want to set a 'max limit'...
by patrickmkt
Tue Sep 25, 2012 7:44 pm
Forum: General
Topic: NAS offline or online checking script/program
Replies: 1
Views: 342

Re: NAS offline or online checking script/program

/Tools/netwatch

When the ip of your NAS wont answer the script linked in Down will activate. When it's coming back up, the script in Up will be triggered.

In you up and down script you can choose to do whatever action you want (send email, reroute to another nas, etc...)
by patrickmkt
Sun Sep 23, 2012 2:39 pm
Forum: RouterBOARD hardware
Topic: RB433AH voltage monitor
Replies: 15
Views: 3458

Re: RB433AH voltage monitor

I know next to nothing about electronics. Is there a device that can sit between the batteries and the routerboard which will cut in at, say, 26V and stop the voltage to the boards going any higher? Yes you can find plenty of devices. From the simple zener diode that will drop the voltage (but not ...
by patrickmkt
Fri Sep 21, 2012 4:21 pm
Forum: General
Topic: Is there any chance to set up this OVPN conf in RouterOS?
Replies: 5
Views: 1721

Re: Is there any chance to set up this OVPN conf in RouterOS

did you import your certificate in the mikrotik?
Did you create an OVPN client with the proper address, login and password?
You are lucky that your university is using tcp as ROS only support tcp for ovpn. I don't see anything else that could block you to make it work.
by patrickmkt
Wed Sep 19, 2012 2:44 pm
Forum: Forwarding Protocols
Topic: Remote connection
Replies: 11
Views: 2031

Re: Remote connection

Check that ip/services allow www from anywere
Check that you opened your :80 port from outside (/ip firewall filter add action=accept chain=input comment="RouterOS www Management" disabled=no dst-port=80 protocol=tcp)
by patrickmkt
Wed Sep 19, 2012 2:34 pm
Forum: Beginner Basics
Topic: RB 750 GL - No DNS
Replies: 11
Views: 4440

Re: RB 750 GL - No DNS

Would it be a conflict with the config on the two ppoe setup to use the remote dns that would override it? If you disable temporarily the unused ppoe does it work? I have also noticed that when you have the ppoe dns enabled, you can't add with winbox additional static DNS. Only the dynamic ones crea...
by patrickmkt
Mon Sep 17, 2012 10:16 pm
Forum: Forwarding Protocols
Topic: Remote connection
Replies: 11
Views: 2031

Re: Remote connection

What do you want to do? To access the setup of your router from anywhere (ie winbox or ssh to the router)? To let someone from anywhere to access to your network (ie all the computers in your local network, not the router)? To let everyone from anywhere to access one service on one local server? For...
by patrickmkt
Mon Sep 03, 2012 5:22 pm
Forum: Beginner Basics
Topic: Unable to bridge PPPoE client?
Replies: 1
Views: 2097

Unable to bridge PPPoE client?

When using routerOS as PPPoE client, another virtual interface is created for PPPoE. However how can I add this virtual interface to a bridge? It does not appears in the bridge port list. My goal is to be able to switch easily from one internet access to another by script. All my filters rules where...
by patrickmkt
Sat Sep 01, 2012 3:56 am
Forum: Beginner Basics
Topic: RB1200 access & Restriction
Replies: 3
Views: 761

Re: RB1200 access & Restriction

In winbox go to IP / Services and edit the 'available from' field to the only IP you want to give access to winbox or other services.
by patrickmkt
Thu Aug 30, 2012 9:26 pm
Forum: Scripting
Topic: email smtp server address check
Replies: 1
Views: 1342

email smtp server address check

My first script for a pretty simple stuff. My smtp server is using a FQDN name and not an ip address. Even if I'm sure they are not changing their IP daily, it may happen. Then here's just a small script to check and update the ip address in case it has changed. :local ipsmtp :set ipsmtp [:resolve s...
by patrickmkt
Wed Aug 29, 2012 2:21 pm
Forum: Beginner Basics
Topic: Is bridging 1 port bad?
Replies: 0
Views: 340

Is bridging 1 port bad?

Hi, I've noticed that often I have to add a free port to a LAN for a few hours for testing. I then need to create a bridge, add all the ports to the bridge and change all my firewall rules from the original eth port to the new bridge. Now, I have taken the habit of creating a bridge for all ports, e...
by patrickmkt
Wed Aug 29, 2012 2:16 pm
Forum: Beginner Basics
Topic: Firewall rules between two LAN help
Replies: 13
Views: 7626

Re: Firewall rules between two LAN help

Thanks. makes things a little bit more clear in my head ;-)
by patrickmkt
Sun Aug 26, 2012 11:43 pm
Forum: Beginner Basics
Topic: Firewall rules between two LAN help
Replies: 13
Views: 7626

Re: Firewall rules between two LAN help

Is conntrack enabled? Yes I just checked. I'm probably doing something blatantly stupid here but I can't point my finger on it. Could it be on the established rule? Should the dest and source address been from the inbound point of view or the return path? Maybe I've put it the wrong way? I haven't ...
by patrickmkt
Sun Aug 26, 2012 4:00 pm
Forum: Beginner Basics
Topic: Firewall rules between two LAN help
Replies: 13
Views: 7626

Re: Firewall rules between two LAN help

nobody?
by patrickmkt
Fri Aug 17, 2012 6:14 pm
Forum: Beginner Basics
Topic: Is Vlans the answer or is there an easier way?
Replies: 18
Views: 3012

Re: Is Vlans the answer or is there an easier way?

Can you do a VLAN for two different subnets? I'm a beginner too, but the way I would have solve this situation: RB2011: port 1-WAN port 2 link to RB751-LAN C (with another address assigned 172.20.0.1 for instance) other ports either LANA or LANB as described RB751: port 1: link to RB2011 - LAN C (17...
by patrickmkt
Fri Aug 17, 2012 5:27 pm
Forum: Beginner Basics
Topic: Firewall rules between two LAN help
Replies: 13
Views: 7626

Re: Firewall rules between two LAN help

Ok I was maybe not clear enough in my prose, here's the order of my rules: ;;; from A to B chain=forward action=accept dst-address-list=listB in-interface=ether2-LANA out-interface=ether3-LANB chain=forward action=accept connection-state=established src-address-list=listA in-interface=ether2-LANA ou...
by patrickmkt
Fri Aug 17, 2012 8:13 am
Forum: Beginner Basics
Topic: Firewall rules between two LAN help
Replies: 13
Views: 7626

Firewall rules between two LAN help

Hi, I have the following setup: ether1-gateway : WAN 192.168.1.1/24 ether2-LANA: LAN A 192.168.20.1/24 ether3-LANB: LAN B 192.168.30.1/24 With the default setup, there is no access from the WAN to any LAN, but each LAN can connect to the other LAN or WAN. Now I want to isolate both LAN: chain=forwar...
by patrickmkt
Sat Jul 28, 2012 5:43 pm
Forum: Beginner Basics
Topic: first bridge project on a RB2011L
Replies: 0
Views: 343

first bridge project on a RB2011L

Hi, I have a small project that I would like create with two RB2011L. That's my first encounter with RouterOS so I'm a little bit confused. I had some experience with some Cisco ASA. I have two separate buildings (A & B), each of them have their own ADSL access. I also have a UBNT wireless bridge be...