Community discussions

MikroTik App

Search found 41 matches

by dcavni
Tue Jan 12, 2021 6:37 pm
Forum: RouterOS v7 BETA
Topic: Wireguard on Ac2 behind Ac3
Replies: 12
Views: 1325

Re: Wireguard on Ac2 behind Ac3

I was thinking more in a way of full port range to one client. But it's not a problem if it isn't possible. I will probably never use it in such way anyway. Thank you again for all your help.
by dcavni
Tue Jan 12, 2021 2:10 pm
Forum: RouterOS v7 BETA
Topic: Wireguard on Ac2 behind Ac3
Replies: 12
Views: 1325

Re: Wireguard on Ac2 behind Ac3

Just follow the the instructions for source NAT here: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Source_NAT You have to follow the instructions on your ac2 with the out-interface being your LAN interface. This will "hide" your WireGuard clients "behind" the local IP a...
by dcavni
Mon Jan 11, 2021 11:36 pm
Forum: RouterOS v7 BETA
Topic: Wireguard on Ac2 behind Ac3
Replies: 12
Views: 1325

Re: Wireguard on Ac2 behind Ac3

How can i do this? I don't realy need acces to clients. Sorry for begginers questions, i'm still learning.
by dcavni
Thu Jan 07, 2021 11:28 pm
Forum: RouterOS v7 BETA
Topic: Wireguard on Ac2 behind Ac3
Replies: 12
Views: 1325

Re: Wireguard on Ac2 behind Ac3

Ok, mystery solved. I had to disable the drop forward invalid rule on my main router and everything started to work. So i added an exception for Wireguard IP range and now it works. The question that still remains is, why is my main router (Ac3) dropping this connections from Wireguard on (Ac2) as i...
by dcavni
Thu Jan 07, 2021 7:12 pm
Forum: RouterOS v7 BETA
Topic: Wireguard on Ac2 behind Ac3
Replies: 12
Views: 1325

Re: Wireguard on Ac2 behind Ac3

The issue might be that there is no route from your devices back to the WireGuard subnet (10.0.0.0/24). When a WireGuard client is sending traffic to a local device, the packets will go client -> ac2 -> local device and then the local devices will try to send an answer to the 10.0.0.0/24 network. T...
by dcavni
Wed Jan 06, 2021 1:53 am
Forum: RouterOS v7 BETA
Topic: Wireguard on Ac2 behind Ac3
Replies: 12
Views: 1325

Re: Wireguard on Ac2 behind Ac3

Hi, Perhaps try the following. /ip firewall nat add action=masquerade chain=srcnat src-address=10.0.0.0/24 out-interface=bridge-local And probably change where the local network ip address is placed (on bridge-local rather than ether2) ** Probably not exactly this (would need to remove/disable exis...
by dcavni
Tue Jan 05, 2021 11:39 pm
Forum: RouterOS v7 BETA
Topic: Wireguard on Ac2 behind Ac3
Replies: 12
Views: 1325

Wireguard on Ac2 behind Ac3

Hi I already posted this in another older topic, but apparenly it's not visible enough. I'm having some problems with Wireguard on Hap Ac2 (7.1 beta3). I manage to get port forwarding working on my main router (Hap AC3) and now i would like to make a wireguard server on one of the CAPsMAN client (Ha...
by dcavni
Mon Jan 04, 2021 1:26 am
Forum: RouterOS v7 BETA
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 6244

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

Hi I'm having some problems with Wireguard on Hap Ac2 (7.1 beta3). I somehow manage to get port forwarding working on my main router (Hap AC3) and now i would like to make a wireguard server on one of the CAPsMAN client (HapAC2). It seems, that connection is working, since i can ping my phone's IP f...
by dcavni
Wed Dec 09, 2020 11:58 pm
Forum: Beginner Basics
Topic: HAP Ac3 5 Ghz speed problem
Replies: 6
Views: 686

Re: HAP Ac3 5 Ghz speed problem

Ok. I tried the proposed option but no firewall rules was imported. So i did everything manualy. But i am still quite disappointed because AC2 with internal antennas gave me 200 Mbit without problem, but AC3 on the same location now gives me arround 130 Mbit. And this is with external antennas. When...
by dcavni
Wed Dec 09, 2020 8:21 pm
Forum: Beginner Basics
Topic: HAP Ac3 5 Ghz speed problem
Replies: 6
Views: 686

Re: HAP Ac3 5 Ghz speed problem

Yes i see. So exporting configuration is not the same thing as backup? Ok, i will try this in about two hours when i get back inside. I must load backup to ac2 first because i changed some things before. Then export this configuration, reset ac3 to factory default and then import this configuration ...
by dcavni
Wed Dec 09, 2020 7:54 pm
Forum: Beginner Basics
Topic: HAP Ac3 5 Ghz speed problem
Replies: 6
Views: 686

Re: HAP Ac3 5 Ghz speed problem

I transfered configuration with backup since devices are not so different so that seemed like a good idea. What would be the correct way to transfer all configuration, because i have quite a few rules in firewall. Version is latest on both devices. I can export wireless config after i come back in h...
by dcavni
Wed Dec 09, 2020 7:38 pm
Forum: Beginner Basics
Topic: HAP Ac3 5 Ghz speed problem
Replies: 6
Views: 686

HAP Ac3 5 Ghz speed problem

Hi, I bought Hap Ac3 to replace Ac2, that i plan to use when traveling. I transferred all the settings that was on Ac2 5 ghz wifi to Ac3 5 ghz wifi but this thing simply don't work ok. I have 200 Mbit DL speed on 5 Ghz wifi of Ac2 (connection speed 866 Mbit). When i connect to Ac3 connection speed i...
by dcavni
Sat Dec 05, 2020 11:55 am
Forum: General
Topic: L2TP with IPSEC terminating connection exactly every 30 minutes
Replies: 7
Views: 474

Re: L2TP with IPSEC terminating connection exactly every 30 minutes

I tried that, first with ping and tunnel survived the 30 minutes disconnection. After that i added L2TP server IP in Netwatch as suggested and it works perfectly. I already have 13 hours uptime without disconnection. Thank you for advice and all the help.
by dcavni
Fri Dec 04, 2020 4:07 pm
Forum: General
Topic: L2TP with IPSEC terminating connection exactly every 30 minutes
Replies: 7
Views: 474

Re: L2TP with IPSEC terminating connection exactly every 30 minutes

Probably. Is there any option to generate some traffic in Mikrotik and send it through L2TP every 25 minutes? The user of the other Hap Ac² is saying that he didn't use the tunnel for 10 hours, because we only use it to authenticate one web page with the correct ip adress through mangle rules, but y...
by dcavni
Fri Dec 04, 2020 3:51 pm
Forum: General
Topic: L2TP with IPSEC terminating connection exactly every 30 minutes
Replies: 7
Views: 474

Re: L2TP with IPSEC terminating connection exactly every 30 minutes

Thank you for the answer.

Apparently there is an idle timeout option in USG, that cannot be changed. Interesting thing is, that even keepalive packets don't help in maintaining the connection and that the other Hap Ac² has no problems with disconnections.
by dcavni
Fri Dec 04, 2020 2:27 pm
Forum: General
Topic: L2TP with IPSEC terminating connection exactly every 30 minutes
Replies: 7
Views: 474

L2TP with IPSEC terminating connection exactly every 30 minutes

Hi I have an L2TP with IPSEC from HAP Ac2 to Ubiqiti USG L2TP server. The connection drops exactly every 30 minutes and i can't find the reason why. There is also another client from different IP adress to this server using completly the same setup (HAP Ac2, L2TP with IPSEC) and he has no problems w...
by dcavni
Fri Nov 06, 2020 7:24 pm
Forum: Wireless Networking
Topic: hap ac^2 - Group Key Exchange timeout / No Reconnect possible
Replies: 63
Views: 20032

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Now here is something new...

wlan1: reject 10:44:00:51:56:56, banned (last failure - unicast key exchange timeout)

And on phone: Acces to network has been rejected.

Is this wrong password at the phone?
by dcavni
Thu Nov 05, 2020 9:38 pm
Forum: Wireless Networking
Topic: hap ac^2 - Group Key Exchange timeout / No Reconnect possible
Replies: 63
Views: 20032

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

I did not try that yet, because the router is 300 km from me. They usualy just pull the plug and then it works again for a day or two. There are mostly just two clients. One LG G7 phone and one Huawei phone. I also have Hap Ac2 at home and it works flawlessly so i don't realy know what could be the ...
by dcavni
Thu Nov 05, 2020 2:45 pm
Forum: Wireless Networking
Topic: hap ac^2 - Group Key Exchange timeout / No Reconnect possible
Replies: 63
Views: 20032

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

Anything new around this topic? I have a case of Hap AC2 with newest firmware, that has this error: wlan1: disconnected, group key exchange timeout For now i tried to enable WMM and change group key timeout to 1 hour, but i doubt this will help, phones are just stuck on Acquiering IP adress. Sometim...
by dcavni
Wed Apr 29, 2020 7:40 pm
Forum: RouterOS v7 BETA
Topic: Feature Request - Wireguard Protocol
Replies: 165
Views: 55335

Re: Feature Request - Wireguard Protocol

+1 Here also. Now i'm running wireguard on SBC behind Mikrotik.
by dcavni
Wed Jun 29, 2016 2:18 pm
Forum: General
Topic: IGMP Snooping
Replies: 137
Views: 69270

Re: IGMP Snooping

At least we know you are working on it :) 

I used cheapest 8 port TPLink smart switch for that purpose, since it has IGMP snooping. It worked as aspected, no IPTV traffic flood on Mikrotik.
by dcavni
Fri Dec 11, 2015 9:23 pm
Forum: Beginner Basics
Topic: /ip adress Adresses keep disapearing
Replies: 6
Views: 1413

Re: /ip adress Adresses keep disapearing

Thank you. Please check configuration when you will find time, to see if everything is in order. For now it seems stable. I'm guessing, that there is a chance, that those adresses get lost, when i'm changing anything on router or network. Also they get lost sometimes on Router updates and sometimes ...
by dcavni
Fri Dec 11, 2015 9:23 am
Forum: Beginner Basics
Topic: /ip adress Adresses keep disapearing
Replies: 6
Views: 1413

Re: /ip adress Adresses keep disapearing

I checked it and that option is disabled. It's also a default configuration (preset from when RB2011 was new). Should i delete that?
by dcavni
Fri Dec 11, 2015 8:19 am
Forum: Beginner Basics
Topic: /ip adress Adresses keep disapearing
Replies: 6
Views: 1413

Re: /ip adress Adresses keep disapearing

Can you tell me where is this set? In /ip address i'm using static IP 192.168.1.2 on ether1 that i can acess modem that has an IP 192.168.1.1 to check the DSL connection. Otherwise i'm using PPPoE through ether1 to get to internet. IPv6 is using DHCP client through PPPoE connection to get the IPv6 a...
by dcavni
Fri Dec 11, 2015 1:29 am
Forum: Beginner Basics
Topic: /ip adress Adresses keep disapearing
Replies: 6
Views: 1413

/ip adress Adresses keep disapearing

Hi I'm setting quite complicated (for me) settings on RB2011. Im using RB2011 as my main router and acess to internet. I have 2 bridges set, one is on 192.168.3.0 (ports from 2-5) and the other one on 192.168.4.0 on port 6. Ether1 is used for PPPoE connection to my ISP. I use this configuration to D...
by dcavni
Mon Aug 24, 2015 12:41 am
Forum: Announcements
Topic: 6.31 released
Replies: 227
Views: 58955

Re: 6.31 released

Well, i waited a few days before upgrading from 6.30, to 6.31 stupidly thinking, that everything should be ok. Well, that was a bad idea. After an upgrade RB2011 worked until i tried to manualy add adress in adress list. Then it rebooted itself and after reboot PPPoE connection didn't work anymore. ...
by dcavni
Sat Apr 25, 2015 10:23 pm
Forum: Announcements
Topic: RouterOS v6.28 released
Replies: 229
Views: 72991

Re: RouterOS v6.28 released

Every update of RouterOS kills my Ip Adress list, so i have to manualy reconfigure it. Is this a bug or a feature? Is your Address List dynamic or have a timeout? I have have an Address List of 3900 IP's (my blacklist), I have never lost it during an update. One entry is dynamic (PPPoE connection) ...
by dcavni
Fri Apr 24, 2015 11:51 pm
Forum: Announcements
Topic: RouterOS v6.28 released
Replies: 229
Views: 72991

Re: RouterOS v6.28 released

Every update of RouterOS kills my Ip Adress list, so i have to manualy reconfigure it. Is this a bug or a feature?
by dcavni
Tue Feb 24, 2015 12:25 am
Forum: General
Topic: Automatic blocking from block lists
Replies: 2
Views: 1864

Re: Automatic blocking from block lists

I solved this by using Raspberry PI as Adblocking DNS server in my network. Works perfectly. All requests for ads are returned as a blank web page.

It would be nice if Mikrotik would support something like this out of the box, since ads on internet are getting more and more annoying.
by dcavni
Thu Jan 29, 2015 12:29 pm
Forum: General
Topic: Limiting traffic for 1 IP when other devices need full conn.
Replies: 6
Views: 1413

Re: Limiting traffic for 1 IP when other devices need full c

Ok, i think that PCQ works, since my upload droped to half.

Yes, i want that one IP adress would get maximum when needed if this is possible or that it limits 1 IP to 1 Mbit for example when other computers in network need full bandwith. How can i do this?
by dcavni
Thu Jan 29, 2015 12:07 pm
Forum: General
Topic: Limiting traffic for 1 IP when other devices need full conn.
Replies: 6
Views: 1413

Re: Limiting traffic for 1 IP when other devices need full c

If i understand this correctly this would split my connection into 2 halves so that each client gets half of the connection. If this is the best option i will try it.

Can i use pcq together with packet marking? (www, p2p, other) ?
by dcavni
Thu Jan 29, 2015 11:58 am
Forum: General
Topic: Multicast traffic problem, IPTV Artifacts using RB2011
Replies: 0
Views: 1375

Multicast traffic problem, IPTV Artifacts using RB2011

Hello, My configuration: DSL modem with ports 1-Data, 2-Data, 3-Video, 4-Video port 1 from the modem connected to Ether 1 Gateway on Mikrotik with PPPoE connection for Internet, port 3 from the modem connected to the LAN part of the Mikrotik, port 4 from the modem connected to IPTV reciever in my ho...
by dcavni
Thu Jan 29, 2015 11:13 am
Forum: General
Topic: Limiting traffic for 1 IP when other devices need full conn.
Replies: 6
Views: 1413

Re: Limiting traffic for 1 IP when other devices need full c

Since nobody reply's i'm guessing that this probably can't be done :)
by dcavni
Sat Jan 24, 2015 12:53 pm
Forum: General
Topic: RouterOS v6.25
Replies: 110
Views: 37558

Re: RouterOS v6.25

When i check the "Vpn Acess" option in "Quick set" menu and press "Apply" the option doesn't stay checked. VPN still works afterwards, just the option isn't checked. RB2011UiAS-2HnD.
by dcavni
Tue Jan 20, 2015 11:36 pm
Forum: General
Topic: Limiting traffic for 1 IP when other devices need full conn.
Replies: 6
Views: 1413

Limiting traffic for 1 IP when other devices need full conn.

I have a situation on my home network, where a separate hotspot (IP for hotspot is static) makes a VPN connection through my network to the server somewhere on the other side of the country and offers free internet to anyone who want's it. My problem now is, that sometimes that hotspot is using all ...
by dcavni
Tue Oct 28, 2014 11:12 am
Forum: Beginner Basics
Topic: Problems with VPN passing through RB2011UAS-2HnD-IN
Replies: 1
Views: 1046

Re: Problems with VPN passing through RB2011UAS-2HnD-IN

Let me just anwer to myself, if anyone will have the same problem. I changed the MTU and MRU in PPPoE connection to the internet from 1480 (default) to 1492. It works much better now :) It does come to "Request time out" from time to time, but i suppose it will get better when i change int...
by dcavni
Sun Oct 26, 2014 1:38 pm
Forum: Scripting
Topic: Wget Afraid - FREEDNS script help
Replies: 17
Views: 16999

Re: Wget Afraid - FREEDNS script help

I use this simple own script. Just copy and run in command line. Than you have to update System/Scheduler script with your external interface and update key. This script gets ip address from pppoe-client interface. However, you can easily change that. /system scheduler add disabled=no interval=30s ...
by dcavni
Fri Oct 24, 2014 11:58 pm
Forum: Beginner Basics
Topic: Problems with VPN passing through RB2011UAS-2HnD-IN
Replies: 1
Views: 1046

Problems with VPN passing through RB2011UAS-2HnD-IN

Hello, I'm a complete newbie with Mikrotik Routers (just bought a first one 2 days ago), and i'm already having problems. I'm connecting to internet through modem connected to ETH1 using PPPoE connection. Everything works completly OK on the computers and phones connected directly to RB2011, but i a...
by dcavni
Wed Oct 22, 2014 1:50 pm
Forum: General
Topic: IGMP Snooping
Replies: 137
Views: 69270

Re: IGMP Snooping

I just bought an 2011 router to use it in home network and somehow i expected, that it supports IGMP snooping out of the box. It seem's to me, that i will run in to a lot of problems, since i have a lot of Multicast traffic in my network. Looking it this way, it's realy sad, that i can use IGMP snoo...
by dcavni
Thu Jul 04, 2013 6:19 pm
Forum: Wireless Networking
Topic: Metal 2 shpn Problem in WIFI
Replies: 151
Views: 90191

Re: Metal 2 shpn Problem in WIFI

It look's like support is on vacation...
by dcavni
Sun Mar 31, 2013 6:26 pm
Forum: Wireless Networking
Topic: Metal 2 shpn Problem in WIFI
Replies: 151
Views: 90191

Re: Metal 2 shpn Problem in WIFI

Just when i was thinking of buying a Metal 2 for my home AP. I will reconsider my decision now and wait for a while if they fix it.