Can you please share your config?
/export hide-sensitive file=anythingyoulike
I have no clue if the VPN service is prohibited to a single interface...
Ehm...perhaps you can explain a bit more...?My goal with the wide netmask is to be able to identify devices by IP address quickly.
add action=dst-nat chain=dstnat comment="SSH server" dst-address=220.127.116.11 dst-port=3999 protocol=tcp src-address=[fill in the allowed IP address] to-addresses=10.0.0.2 to-ports=22
Sorry, I always use "ACTIVE TOPICS", hence the misunderstanding. Hope support can help you, have you already created a support file?I already did, but this forum section is also specifically to report issues with v7.
Do you mean on both radio's or on the 5G radio?sad to say but omitting the channel did not help...
Gladly a wireless bridge is...wireless.Unfortunately only wifi is an option :(
Mixed solution? Wireless bridge across road and utp cable from road to first client in garage?
Though connection wise a good advice...I would never ever use TKIP.Try it with Tkip instead of AES. Some Xiaomi models have the same problem, solved by switching to Tkip.
Sure this isn't caused by the regulations on the DFS channels to scan for 10 minutes?Thats perfectly ok - but it would be nice if it said this on the package... "connect and wait 8 minutes for all services to start..".
You don't have to define channels (CAPsMAN can do auto), but you should want to. Good luck(But I still think having to manually define channels for CAPsMAN is a bug!)
That's correct.Thank you! Would I need to enable CAP for the new cAP AC and setup configuration container and provisioner?
So...then don't configure that part.Thank you for your reply, I am not wanting to use it to broadcast any wifi rather to recieve network connection via wifi and then only use lan ports to provide network access?
Why? And more important, can you explain what mesh is according to you?I need to build a mesh network with many nodes
Writing code...nearly science fiction ;-)Unlike erlindan I refuse to speculate ;-PPPP
Message: dstnat: in:ether1 out:(unknown 0), src-mac xx:xx:xx:xx:xx:xx, ad:04:20, proto TCP (SYN), 18.104.22.168:449730->47.187.xxx.xxx:65532, len 60
Correct, and will have a default IP address of 192.168.88.1. Don't forget to set a fixed IP address on your LAN adapter.For my plain simple switch. using ROS, its not accessible by winbox but by IP address only.
add action=dst-nat chain=dstnat comment="Port translation (or any other comment)" dst-address-list=[fill in the public IP address] dst-port=443 log=yes protocol=tcp to-addresses=[fill in the private IP address] to-ports 9152
add action=drop chain=forward comment="Block guest network except WAN" in-interface=GUEST_VLAN out-interface-list=!WAN
Correct, there are a lot of reasons why you don't want multiple NAT in your network (and you have found one of them ;-)).ok I understand, but then I have to reconfigure ASUS Wlan to be an AP instead of an router. In AP Mode NAT is not required. Is that correct ?
There is your problem: because of NAT on the Asus, all traffic is blocked (as should be) from WAN to LAN. Please reread my earlier reply.yes the ASUS Router is configured as router, therefore NAT is active and required.
Thank you very much Chupaka, all I had to do is add the internal DNS server to the list that iukatech quoted. It is now working!Yep, they are designed to pass good traffic for further processing by firewall
Do these rules have to be at the top of the firewall?01/13/2021 Still works like a charm on the newer firm as we just went through the same issue
Disabled is disabled...so it won't interfere.OK have done it.
Will be a problem with the disabled Masquerade? Is needed to delete it or it can be disabled?
Can you please share your config?Did you found any solution to that problem or I purchased a dummy wifi router with big antennas?
You can choose either the interface "Orange Optic" or the interface list WAN (assuming the interface is added tot the list as WAN).Ok and what should I choose in the out. Interface (list)? - LAN, Wan, all, dynamic, none and static
Open a new topic with your specific environment and all the information that is relevant. Unless you are also failing on trying to export pdf and have a compromised RB.Hey, I have the same ptroblem, but I'm not that handy with stuff like this, so I just feel lost at the moment.
Thanks, saved my day! Got it working!!Yes, that's what should be set to none IMHO.
Look at first line, dh-group=modp4096 is used for dh in phase 1 and for PFS in phase 2.
Well, actually...No, it does not depend...