Community discussions

MikroTik App

Search found 41 matches

by gargola
Wed Jun 03, 2020 6:13 pm
Forum: Forwarding Protocols
Topic: Google Cloud Platform GCP - VPN - BGP [SOLVED]
Replies: 27
Views: 11909

Re: Google Cloud Platform GCP - VPN - BGP [SOLVED]

Hi eset, djdrastic. I'm using policy based: Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default 0 T * group=default src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=all proposal=default template=yes 1 A peer=peer2 tunnel=yes src-address=169.254.0.5/32 src-port=an...
by gargola
Mon Mar 30, 2020 12:56 am
Forum: General
Topic: rb750Gr3 keeps rebooting
Replies: 16
Views: 2503

Re: rb750Gr3 keeps rebooting

Hi @MasteRTriX Did you find any solution? I have an RB750UPr2 that Netinstall says it worked and reboot the router, but after rebooting it, it gets again in the rebooting loop, within netinstall it can stay on for hours, so no problem there. I have tried with 6.45.6 6.45.8 and 6.4 (i think that was ...
by gargola
Thu Mar 26, 2020 11:47 pm
Forum: RouterBOARD hardware
Topic: RB3011 port flopping - bad design
Replies: 95
Views: 25185

Re: RB3011 port flopping - bad design

Good knews short story. At least for me it is fixed with the 6.45.6 in the RB3011UiAS. Long story I was having 3 RB3011UiAS with the port flapping issues, then I upgraded them to the 6.45.6 and it was fixed. That was several months ago, then I had to replace on of the 3 RB3011UiAS in one site and I ...
by gargola
Sat Mar 21, 2020 3:02 am
Forum: Scripting
Topic: Ethernet Port Rate Reporter - Useful Script for Telegram
Replies: 1
Views: 1872

Re: Ethernet Port Rate Reporter - Useful Script for Telegram

Thanks a lot Katem. It helped me out to do my script, the truth is that I don't know what I''m doing, but this is how I made it work. #Start Monitoring of All Ethernet Ports #Edit The X to the desired Ethernet port Name /interface ethernet monitor etherX once do={ :if ($"rate" != "1Gbps") do={ /tool...
by gargola
Fri Mar 20, 2020 6:37 pm
Forum: RouterBOARD hardware
Topic: RB3011 port flopping - bad design
Replies: 95
Views: 25185

Re: RB3011 port flopping - bad design

RB3011UiAS v6.45.8 all ports in switch 2 flapping constantly, all connections are at 1Gb Mikrotik's response on this looks like a joke.
by gargola
Tue Feb 11, 2020 5:21 am
Forum: Forwarding Protocols
Topic: Google Cloud Platform GCP - VPN - BGP [SOLVED]
Replies: 27
Views: 11909

Re: Google Cloud Platform GCP - VPN - BGP [SOLVED]

@edo89b I'm neither a BGP expert, but there are several ways to indicate to BGP which path to take, like costs in OSPF, in BGP some of them are: Weight Local Preference Network or Aggregate Shortest AS_PATH Lowest origin type Lowest multi-exit discriminator (MED) Take a look at them and which one is...
by gargola
Tue Dec 03, 2019 7:39 pm
Forum: Forwarding Protocols
Topic: Google Cloud Platform GCP - VPN - BGP [SOLVED]
Replies: 27
Views: 11909

Re: Google Cloud Platform GCP - VPN - BGP [SOLVED]

@eset yes, sometimes and randomly the ipsec tunnel is connected but no traffic passing through, so the bgp goes down. I have to reset everything manually and it comes back, I got almost fixed it setting the timers a google request them on their manual, but still having some random issues. The easies...
by gargola
Tue Dec 03, 2019 7:36 pm
Forum: Forwarding Protocols
Topic: Google Cloud Platform GCP - VPN - BGP [SOLVED]
Replies: 27
Views: 11909

Re: Google Cloud Platform GCP - VPN - BGP [SOLVED]

Try adding these exceptions to your NAT: /ip firewall nat add action=accept chain=srcnat comment="IPSEC NAT Exception" dst-address=169.254.0.6 src-address=169.254.0.5 add action=accept chain=srcnat comment="IPSEC NAT Exception" dst-address=10.0.X.X/29 @gargola i tried your configuration. Our vpn tun...
by gargola
Sat Sep 21, 2019 11:41 pm
Forum: Forwarding Protocols
Topic: Google Cloud Platform GCP - VPN - BGP [SOLVED]
Replies: 27
Views: 11909

Re: Google Cloud Platform GCP - VPN - BGP [SOLVED]

Hi Pete Here is the configuration on the router: /interface bridge add name="BGP GCP VPN" protocol-mode=none /ip address add address=169.254.0.1/30 comment="BGP GCP" interface="BGP GCP VPN" network=169.254.0.0 /ip ipsec profile add dh-group=modp1024 enc-algorithm=aes-128 lifetime=10h10m name=profile...
by gargola
Thu Sep 19, 2019 7:37 pm
Forum: Forwarding Protocols
Topic: Google Cloud Platform GCP - VPN - BGP [SOLVED]
Replies: 27
Views: 11909

Re: Google Cloud Platform GCP - VPN - BGP [SOLVED]

Hi all.

Just give me the opportunity to have some time from my job and i'll publish the configuration.
by gargola
Fri Jul 05, 2019 7:27 pm
Forum: Forwarding Protocols
Topic: Google Cloud Platform GCP - VPN - BGP [SOLVED]
Replies: 27
Views: 11909

Re: Google Cloud Platform GCP - VPN - BGP [SOLVED]

Hi Eset.

Sorry for the late response, I didn't received a notification email. I'm using the VPN service from GCP. What config do you need? router side or GCP platform?
by gargola
Wed Dec 05, 2018 2:10 am
Forum: Forwarding Protocols
Topic: Google Cloud Platform GCP - VPN - BGP [SOLVED]
Replies: 27
Views: 11909

Re: Google Cloud Platform GCP - VPN - BGP help [SOLVED]

Finally made it. To be able to route to the VPN I created a bridge to use it as the interface that has the ip for the BGP session and it turned in to my gateway to the cloud. If you're going to use static routes or policy based VPN is enough with the IPSEC Policies. Any doubt feel free to contact me.
by gargola
Sun Dec 02, 2018 7:56 pm
Forum: Forwarding Protocols
Topic: Google Cloud Platform GCP - VPN - BGP [SOLVED]
Replies: 27
Views: 11909

Re: Google Cloud Platform GCP - VPN - BGP help [SOLVED]

Well, some sleep hours helped, I could figured it out after search a little, I had to add the NAT exception from the src/dst networks. Now I'm able to ping both ways. So the IPSEC tunnel is working. But at this time is configured with static segments (only 10.0.5.0/29 to 10.168.0.02/0) I have to mak...
by gargola
Sun Dec 02, 2018 12:04 pm
Forum: Forwarding Protocols
Topic: Google Cloud Platform GCP - VPN - BGP [SOLVED]
Replies: 27
Views: 11909

Re: Google Cloud Platform GCP - VPN - BGP help [SOLVED]

Hi sri2007. Thank you for your response, here is the configuration: /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=aes-128-cbc,3des lifetime=30m name=default pfs-group=modp1024 /ip ipsec peer add address=XX.XX.17.122/32 auth-method=pre-shared-key dh-group...
by gargola
Sat Dec 01, 2018 1:50 am
Forum: Forwarding Protocols
Topic: Google Cloud Platform GCP - VPN - BGP [SOLVED]
Replies: 27
Views: 11909

Google Cloud Platform GCP - VPN - BGP [SOLVED]

Hi guys. I'm trying to establish a vpn to GCP network but I have a doubt still can't resolve. I can establish the ipsec tunnel, but I don't have any interface o idea to where to configure the ip to create the bgp sessión. Is the same if I configure the VPN on GCP for static routing, the ipsec works,...
by gargola
Fri Nov 30, 2018 4:50 am
Forum: General
Topic: GCP VPN On Mikrotik
Replies: 3
Views: 1723

Re: GCP VPN On Mikrotik

Hi @eset.

I know there's a lot of time since this post, but meaybe you can read it or another member can help.

Were you able to find how to add routing? I'm with the same doubt than you, I can establish de ipsec tunnel, but I need an interface to add the ip and create the BGP.

Best regards.
by gargola
Fri Jul 14, 2017 10:23 am
Forum: Forwarding Protocols
Topic: send prefix only from 1 upstream to transit
Replies: 2
Views: 803

Re: send prefix only from 1 upstream to transit

I'm not familiar with the BGP process in Mikrotik, but you can degrade for example you transit B adding repeatedly your AS in the AS-PATH via prepend. Take a look at that.

Sent from my Nexus 6P using Tapatalk
by gargola
Mon Apr 03, 2017 8:15 am
Forum: Scripting
Topic: Failover testing not using ping
Replies: 2
Views: 741

Re: Failover testing not using ping

Is your script testing to your gateway? Or to what ip are you sending the icmp?

Sent from my Nexus 6P using Tapatalk
by gargola
Wed Mar 08, 2017 8:58 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 97199

Re: v6.39rc [release candidate] is released

"Lesson lerned ...." There are three branches: bugfix, current and RC (read it as beta/alpha/test version) It should be obvious that production system should not go further than "current" despite the name of device manufacturer. I was having issues with the DHCP offered lease without success, that ...
by gargola
Wed Mar 08, 2017 7:54 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 97199

Re: v6.39rc [release candidate] is released

The trouble is, MikroTik's naming is not exactly what many people expect. Personally I'd call their "RC" beta if I'd like to be nice, or alpha if I want to be safe. Yeap, I'll prefer to name them like that. RB1100aHX2 BRICKED, man, this is a RC, not an alpha, can't even think how this happend. Tryi...
by gargola
Wed Mar 08, 2017 9:43 am
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 97199

Re: v6.39rc [release candidate] is released

RB1100aHX2 BRICKED, man, this is a RC, not an alpha, can't even think how this happend. Trying to downgrade to earlier version, unfortunately at this time i'm 250 miles away from the RB, so only can connect through layer2 (MAC) and i'm lossing the connection every X seconds and I can't upload de 11M...
by gargola
Sun Feb 05, 2017 8:49 am
Forum: General
Topic: ROS 6.38 serious DHCP server problem
Replies: 98
Views: 39323

Re: ROS 6.38 serious DHCP server problem

I was having the same issue with the "offering lease without success" for some customers. It was happening with a RB1100AHx2, after several reboots and tshoot, they were remaining around 7 customers that couldn't get ip, all of them with routers TP-Link WR720N. I Tested versions 6.38.1 and 6.39rc25 ...
by gargola
Tue Oct 21, 2014 9:51 pm
Forum: General
Topic: (Solved) URGENT something is blocking my LAN network
Replies: 4
Views: 1077

Re: URGENT something is blocking my LAN network

No, CPU is perfect 0 to 3%, WAN is working like a charm. Is like if a have a filter rule blocking that network.
Can you help me via teamviewer?

I cleared DNS cache, rebooted all CPEs, tried everything.
by gargola
Tue Oct 21, 2014 9:25 pm
Forum: General
Topic: (Solved) URGENT something is blocking my LAN network
Replies: 4
Views: 1077

Re: URGENT something is blocking my LAN network

Thank for your reply. Yes, ether1 is active, and torch show some activity. some clients can navigate, if a restart the router other clients navgite is something randome. This happened from one minute to another. Allready restarted the router, reset to default configuration and restore yesterday back...
by gargola
Tue Oct 21, 2014 8:23 pm
Forum: General
Topic: (Solved) URGENT something is blocking my LAN network
Replies: 4
Views: 1077

(Solved) URGENT something is blocking my LAN network

Hi, From nothing something is blocking my lan network, we didn't move anything and can't connect to my customers routers. I added a firewall filter rule to free everything and didn't work. Can somebody helpme remotelly please. I can connect to everything without any problem, RB, CPEs, VPN, Switches,...
by gargola
Fri Apr 25, 2014 11:18 pm
Forum: General
Topic: RB1100AHx2 bad performance, wired network with ping timeout.
Replies: 4
Views: 1428

Re: RB1100AHx2 bad performance, wired network with ping time

You were right. Days looking for the solution and the problem was in my cablemodem provider :P
Sometimes we just need another point of view.
I'm waiting my provider to give me another modem and do some tests.

Regards!

EDIT: After the change of the cablemodem , everything is working like a charm! :D
by gargola
Fri Apr 25, 2014 8:07 pm
Forum: General
Topic: RB1100AHx2 bad performance, wired network with ping timeout.
Replies: 4
Views: 1428

RB1100AHx2 bad performance, wired network with ping timeout.

Hello colleagues. I searched for that, but they are only topics related to wireless. This is my network: RB750GL (Load Balance) --> RB1100AHx2 (Core router) ---> then, wireless to the clients. I'm connected directly to the RB1100, tested various cables, and nothing, still have "ping timeout" to seve...
by gargola
Tue Mar 18, 2014 1:54 am
Forum: General
Topic: Webproxy walled garden or something
Replies: 6
Views: 2440

Re: Webproxy walled garden or something

So, with my HTTPS web server, I'll be able to redirect the HTTPS requests to the proxy and show the alert? I'm already working on a laboratory, lets see what happens. I can't get it work :( /ip firewall nat add action=redirect chain=dstnat comment=\ "Payment" dst-port=80 protocol=tcp \ src-address-l...
by gargola
Mon Mar 17, 2014 9:38 pm
Forum: General
Topic: Webproxy walled garden or something
Replies: 6
Views: 2440

Re: Webproxy walled garden or something

So if I'm not wrong.
HTTP -> One NAT rule, One webproxy, One web server.
HTTPS -> One NAT rule, One webproxy, One web server with HTTPS certificate?
by gargola
Mon Mar 17, 2014 7:50 am
Forum: General
Topic: Webproxy walled garden or something
Replies: 6
Views: 2440

Re: Webproxy walled garden or something

Thank You, works perfect :D Could You know why my rule isn't working with https? I add to the rule the port 443, but, if some IP in the address list tries to navigate still can see https pages. /ip firewall nat add action=redirect chain=dstnat comment="Payment" dst-port=80,443 in-interface=ether5-LA...
by gargola
Sat Mar 15, 2014 11:12 pm
Forum: General
Topic: Webproxy walled garden or something
Replies: 6
Views: 2440

Webproxy walled garden or something

Hello colleagues: This is my situation, I'm redirecting users to the webproxy to show alerts about payment. /ip firewall nat add action=redirect chain=dstnat comment="Payment" dst-port=80 in-interface=ether5-LAN1 protocol=tcp src-address-list=alert to-ports=999 /ip proxy set enabled=yes port=999 ip ...
by gargola
Wed Feb 12, 2014 8:26 pm
Forum: Scripting
Topic: Mikrotik php API
Replies: 4
Views: 1477

Re: Mikrotik php API

Your questions are all answered in the wiki. Give it a try, it doesn't bite ;-)
anyway, if you are trying to access from outside (WAN) then, IP is your public IP. User and password are the router board login info.

Enviado desde mi LG-D805 mediante Tapatalk
by gargola
Wed Feb 12, 2014 8:21 pm
Forum: Beginner Basics
Topic: Clarification needed: 1 megabit = ? kilobits
Replies: 4
Views: 1947

Re: Clarification needed: 1 megabit = ? kilobits

Only in the data storage is where 1M = 1024K :-)

Enviado desde mi LG-D805 mediante Tapatalk
by gargola
Wed Feb 12, 2014 8:07 pm
Forum: RouterBOARD hardware
Topic: doubts about dimensioning number of users for hardware.
Replies: 5
Views: 1819

Re: doubts about dimensioning number of users for hardware.

The problem here is that every network is a totally different world. The mikrotik performance depends on how many rules do you have. Every rule you add to firewall, mangle, queue, nat, etc. Will be reflected on you router CPU. If you search in the mikrotik page, on each router can tell you the perfo...
by gargola
Mon Aug 26, 2013 7:01 am
Forum: Wireless Networking
Topic: Remote winbox/webbox from internet
Replies: 3
Views: 1519

Re: Remote winbox/webbox from internet

Normally the mobile companies share their public IP addresses with other users, so you are behind a NAT. You can't connect because you need to do a port forwarding. But you don't have access to the routers company..

Sent from my GT-I9300 using Tapatalk 4
by gargola
Sat Aug 24, 2013 9:12 am
Forum: General
Topic: Webfig remote access with different port than 80 and DNS
Replies: 2
Views: 1759

Re: Webfig remote access with different port than 80 and DNS

Yea thanks I already made it. I had to put a Webhope on dyndns with the port :-D

Sent from my GT-I9300 using Tapatalk 4
by gargola
Wed Aug 14, 2013 9:07 am
Forum: Beginner Basics
Topic: Removing the default bridge in rb951g-2hnd
Replies: 4
Views: 1876

Re: Removing the default bridge in rb951g-2hnd

You need to set master port to none on each interface for they can act as independent interface! Then if you don't want that the ports could communicate you need to delete the routes!

This is what I understood that you want to do.

Sent from my GT-I9300 using Tapatalk 2
by gargola
Wed Aug 14, 2013 9:01 am
Forum: Beginner Basics
Topic: VLAN with "dumb" switch?
Replies: 4
Views: 1597

Re: VLAN with "dumb" switch?

Your scenario is possible just like you describe it!

Sent from my GT-I9300 using Tapatalk 2
by gargola
Wed Aug 07, 2013 8:36 pm
Forum: Scripting
Topic: Dynamic DNS: One script to rule them all
Replies: 29
Views: 18092

Re: Dynamic DNS: One script to rule them all

This script works perfect on 6.2 version, no problem updating dyndns host :D
by gargola
Wed Aug 07, 2013 8:33 pm
Forum: General
Topic: Has 6.1 broken my dyndns updater script?
Replies: 5
Views: 1723

Re: Has 6.1 broken my dyndns updater script?

Thank you aldoir your script works perfect on 6.2 :D
by gargola
Mon Jun 17, 2013 7:49 am
Forum: General
Topic: Webfig remote access with different port than 80 and DNS
Replies: 2
Views: 1759

Webfig remote access with different port than 80 and DNS

Hi guys. I'm trying to configure an RB750GL to get remote access to the webfig, but with a different port than 80 (for security reasons). If I put http://publicip:port I can access with out any problem, but if I try to access through http://domain.com:port it can't resolve it. I think is a NAT rule ...