Community discussions

Search found 982 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 20
by msatter
Mon Dec 31, 2018 6:23 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 221
Views: 71185

Re: Feature Request: OpenVPN [ovpn] udp tunnels

NordVPN says no. RouterOS is getting outdated.
by msatter
Sun Dec 30, 2018 9:09 pm
Forum: General
Topic: NordVpn and mikrotik?
Replies: 11
Views: 623

Re: NordVpn and mikrotik?

I just checked and it is not going to happen till ROS 7.

viewtopic.php?p=650295
by msatter
Sun Dec 30, 2018 7:52 pm
Forum: General
Topic: NordVpn and mikrotik?
Replies: 11
Views: 623

Re: NordVpn and mikrotik?

Hmmmm, interesting. I thought IKEv2 client could not do this. Going test this on a later moment.
by msatter
Sun Dec 30, 2018 1:09 pm
Forum: General
Topic: NordVpn and mikrotik?
Replies: 11
Views: 623

Re: NordVpn and mikrotik?

No go, as stated on that page.
by msatter
Fri Dec 28, 2018 12:57 pm
Forum: RouterBOARD hardware
Topic: RB750 Aluminum Electrolytic Capacitor SMD need replacement
Replies: 3
Views: 331

Re: RB750 Aluminum Electrolytic Capacitor SMD need replacement

Write an e-mail to support@mikrotik.com and hope they can give you specific info.
by msatter
Thu Dec 27, 2018 10:37 pm
Forum: General
Topic: Post Very good ... Thank you for that.
Replies: 3
Views: 267

Re: Post Very good ... Thank you for that.

Just keep reporting those posts.
Anyone can create an account and if they missbehave then they will be removed.
by msatter
Wed Dec 26, 2018 4:31 pm
Forum: General
Topic: Winbox port 8291 is invalid !
Replies: 7
Views: 288

Re: Winbox port 8291 is invalid !

Just to add: once also before this time I couldn't login from the outside, and I found that the winbox service was "disabled" !
Define outside?
by msatter
Mon Dec 24, 2018 1:10 pm
Forum: Beginner Basics
Topic: Help with firewall settings
Replies: 3
Views: 229

Re: Help with firewall settings

It looks sound but then I am not a expert on that.
by msatter
Mon Dec 24, 2018 1:00 pm
Forum: General
Topic: Adblocking with address lists
Replies: 4
Views: 295

Re: Adblocking with address lists

Pi-hole is running in low power usage, and not that expensive devices. Pi-hole also features Regex so Facebook and Google can be caught and blocked. Youtube advertising is not blockable by DNS.
by msatter
Mon Dec 24, 2018 12:55 pm
Forum: General
Topic: Pihole Hairpin NAT
Replies: 4
Views: 204

Re: Pihole Hairpin NAT

My answer did mentioning two places (DNS and DHCP) to change setting towards Pi-hole. If you have done that and it seemed you did because either with or witout those two lines it worked.

Those two lines, still can be omited.
by msatter
Mon Dec 24, 2018 12:20 am
Forum: Beginner Basics
Topic: Help with firewall settings
Replies: 3
Views: 229

Re: Help with firewall settings

Look at your DNS servers and those are going to Google and Cloudflare. Better is to use the DNS from IPVanish.

https://support.ipvanish.com/hc/en-us/a ... -DNS-Leaks
by msatter
Sun Dec 23, 2018 11:42 pm
Forum: General
Topic: Pihole Hairpin NAT
Replies: 4
Views: 204

Re: Pihole Hairpin NAT

This is a catcher for traffic that want to passby the normal path. That are line one and two. First you are going to tell the clients in DHCP that they are going to use the pi-hole as DNS. If that works then you are pointing the DNS of the router itself to pi-hole. If that works then you are doing s...
by msatter
Wed Dec 19, 2018 8:54 pm
Forum: General
Topic: Add 160.000 statics dns entries
Replies: 7
Views: 472

Re: Add 160.000 statics dns entries

I put that in NAT and the only DNS traffic allowed out is from the Pi-hole. Any other traffic on port 53, 5353, 853 is forced to the Pi-hole. Lets hope it ignores fake DNS traffic that eas not intended for DNS servers. ;-)
by msatter
Wed Dec 19, 2018 12:30 pm
Forum: General
Topic: Add 160.000 statics dns entries
Replies: 7
Views: 472

Re: Add 160.000 statics dns entries

RouterOS converts domains to IP addresses and stores those. Not efficient to do it that way and better keep using Pi-hole like I do.
by msatter
Mon Dec 17, 2018 2:04 pm
Forum: General
Topic: firewall is pushing the cpu
Replies: 25
Views: 1111

Re: firewall is pushing the cpu

My firewall more made for domestic use and the tips from the last posting members where more appropiate for you. I can't go without connection tracking and I go do some tuning for myself.
by msatter
Sun Dec 16, 2018 1:51 pm
Forum: General
Topic: firewall is pushing the cpu
Replies: 25
Views: 1111

Re: firewall is pushing the cpu

"tune (=reduce) conn tracking timeouts" is only relevant if you want to do connection tracking. Do you? If yes: you could reduce the timeout timing, so that connections are cleaned up sooner. Ex: "TCP established timeout" /ip firewall connection tracking settings Further make sure FastTrack rule is...
by msatter
Fri Dec 14, 2018 12:38 pm
Forum: Announcements
Topic: Product comparison matrix
Replies: 28
Views: 1915

Re: Product comparison matrix

Great table and it would be awesome if products of interest can be selected and viewed/compared in a dedicated table.
by msatter
Fri Dec 14, 2018 12:31 pm
Forum: General
Topic: 2 NAT masquerade
Replies: 11
Views: 474

Re: 2 NAT masquerade

by msatter
Fri Dec 14, 2018 12:28 pm
Forum: Scripting
Topic: netcut rolls need some fix
Replies: 1
Views: 140

Re: netcut rolls need some fix

p <---
by msatter
Thu Dec 13, 2018 11:57 pm
Forum: General
Topic: MikroTik did you confirm that?
Replies: 6
Views: 420

Re: MikroTik did you confirm that?

It is just an interface that interact with the settings of the router.The text produced has a lot of spelling errors so hope the code is better.

If you look at APP by Mikrotik for Android/iPad/iPhone then you see a new interface that also could be ported to PC and Mac.
by msatter
Mon Dec 10, 2018 2:51 pm
Forum: RouterBOARD hardware
Topic: Transceiver S-35LC20D/S-53LC20D - Modulation 10M
Replies: 1
Views: 161

Re: Transceiver S-35LC20D/S-53LC20D - Modulation 10M

Switch off auto negotiation. If possible set to 1000Mb or 1Gb
by msatter
Sun Dec 09, 2018 12:22 pm
Forum: General
Topic: SIP ALG
Replies: 2
Views: 155

Re: SIP ALG

This forum is using English as language so please post in English.
by msatter
Sat Dec 08, 2018 11:54 am
Forum: General
Topic: Using action=route in Mangle
Replies: 4
Views: 198

Re: Using action=route in Mangle

Thanks shiyiqiang08, it did not make it working. I used torch and nothing went over the connection when using the Local Address (gateway). When I used the Remote Address packets were visible but they did not return. Looking at the connection table I see a difference between NAT and Direct. NAT 192.1...
by msatter
Sat Dec 08, 2018 12:04 am
Forum: General
Topic: Using action=route in Mangle
Replies: 4
Views: 198

Re: Using action=route in Mangle

I want to do without the NAT and the SSTP is to a VPN provider.

Because I received (invalid) packets back, pointing to the correct client and port I think the other side is natting.

Next I will look with torch what traffic is passing and what direction.
by msatter
Fri Dec 07, 2018 10:31 pm
Forum: General
Topic: Using action=route in Mangle
Replies: 4
Views: 198

Using action=route in Mangle

I want to use action=route in Mangle with a SSTP connection. And in that rule I put in DST-address, the Local Address of the SSTP connection. It seems to work but the packets returning back from the SSTP are not arriving back at my client. After a few seconds I get (ACK/RST) back on OUTPUT and those...
by msatter
Fri Dec 07, 2018 1:54 pm
Forum: Beginner Basics
Topic: Forwarding Avaya via VPN
Replies: 2
Views: 265

Re: Forwarding Avaya via VPN

How do I route to VPN without NAT?

I only find example with NAT and my im thoughts are that I need the normal entry in IP-Route to the VPN and tag/point in Mangle to the route of theVPN.
Till now I always needed a SRC-NAT to gateway of the VPN.
by msatter
Sun Dec 02, 2018 2:38 pm
Forum: General
Topic: question about no track action in raw firewall rules
Replies: 11
Views: 417

Re: question about no track action in raw firewall rules

By marking them notrack you convey the handling to an other device or an other part of the router. I use notrack for IPSEC because IPSEC can handle itself the connections.

Any traffic, even if dropped, will still use CPU power but not as much as connection tracking would take and terminate it then.
by msatter
Sun Dec 02, 2018 1:06 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: OpenVPN SHA256 + UDP
Replies: 26
Views: 12603

Re: OpenVPN SHA256 + UDP

I don't think RouterOS v7 is that far away. Some v7 features are already implemented in v6.

On the DNS part there are better programs like Unbound that do that all, in a excellent way.
by msatter
Sun Dec 02, 2018 12:57 pm
Forum: General
Topic: Poor VPN Performance with SSTP VPN
Replies: 9
Views: 553

Re: Poor VPN Performance with SSTP VPN

I am using SSTP as client since a short while and I have my MTU set to 1500. Test yours on this the ping under tools and tag the box df (do not defragment).

I read in wiki examples that the mrru was set to 1600 but that killed my connection also try it with disabled mrru.
by msatter
Sun Dec 02, 2018 12:41 pm
Forum: General
Topic: Position of the firewall rules
Replies: 2
Views: 1007

Re: Position of the firewall rules

I have to move the newly created rule not that much. I use copy wich duplicates the rule neighbouring is openend. There could be added a extra button which does the same as copy but defaults all the settings in that new rule. You have still to move the rule one up if you want it at the top of the ru...
by msatter
Sat Dec 01, 2018 10:28 pm
Forum: General
Topic: question about no track action in raw firewall rules
Replies: 11
Views: 417

Re: question about no track action in raw firewall rules

Notrack won't help because connction tracking is already disabled by you.

viewtopic.php?f=2&t=114664&p=599785&hil ... os#p605976
by msatter
Sat Dec 01, 2018 1:24 pm
Forum: Wireless Networking
Topic: lost configuration on every reboot
Replies: 4
Views: 301

Re: lost configuration on every reboot

Just thinking. Do you have them well grounded (earth)?

The best is to send a request for support to Mikrotik by e-mail: support@mikrotik.com

Explain what you kind of problem you have, and how you mounted them.
by msatter
Sat Dec 01, 2018 1:14 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 317
Views: 51902

Re: v6.44beta [testing] is released!

...and bgp multithreading support when?
First the hell has to freeze over. ;-)

viewtopic.php?f=1&t=141920#p699481
by msatter
Fri Nov 30, 2018 3:43 pm
Forum: Beginner Basics
Topic: Firewall what is untracked
Replies: 4
Views: 323

Re: Firewall what is untracked

Untracked are connection that are not steered by Connection Tracking wich looks like a "mother chicken", if those connection are known to ther and were the have to go. When a connection is stray and not know it will not pass her beak (control) and be removed. Untracked traffic is traffic that is mar...
by msatter
Fri Nov 30, 2018 3:28 pm
Forum: General
Topic: SFP+ copper module (FS 10G-T) incompatible with Mikrotik CRS 3xx?
Replies: 5
Views: 294

Re: SFP+ copper module (FS 10G-T) incompatible with Mikrotik CRS 3xx?

It is indeed meshy. About mixed usage the wiki talks about that, almost at the bottom of the page:
https://wiki.mikrotik.com/wiki/MikroTik ... lity_table
by msatter
Fri Nov 30, 2018 11:59 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 317
Views: 51902

Re: v6.44beta [testing] is released!

Thanks Emils and this morning I tried drag and drop from the Files window in Winbox and it worked again. :D I hope that it was a temporary problem and downloading/install and clearing the Winbox cache did not work. One thing that is interesting now it working again I could not connect to the router ...
by msatter
Thu Nov 29, 2018 11:38 pm
Forum: Beginner Basics
Topic: ARP List Filter wildcards?
Replies: 6
Views: 226

Re: ARP List Filter wildcards?

Youre welcome and Mikrotik gave us great tools to get insight.
by msatter
Thu Nov 29, 2018 11:35 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 317
Views: 51902

Re: v6.44beta [testing] is released!

With the last two betas if have Winbox glitching and crashing. I re-downloaded Winbox but it still sometimes does not the windows and while typing all the windows disappear. Only a restart helps and then I have still sometimes manually reload the layout. I find this strange because Winbox always wor...
by msatter
Thu Nov 29, 2018 11:27 pm
Forum: Beginner Basics
Topic: ARP List Filter wildcards?
Replies: 6
Views: 226

Re: ARP List Filter wildcards?

What if you sort on MAC or interface. Also you have the find box in the right top corner with which you can highlight the address you want to track visually.
by msatter
Thu Nov 29, 2018 11:12 pm
Forum: Beginner Basics
Topic: ARP List Filter wildcards?
Replies: 6
Views: 226

Re: ARP List Filter wildcards?

What if you search 10.81.37 or 192.168.3 if you seek that?
by msatter
Thu Nov 29, 2018 1:50 pm
Forum: General
Topic: (ask) how to use two internet connections simultaneously
Replies: 1
Views: 112

Re: (ask) how to use two internet connections simultaneously

You can look in the wiki.mikrotik.com for examples.

Splitting csn be done in Mangle with NTH or PCC and only Routing-mark New connections so that the streams are complete going trough one or the other port.

In IP - Routing you can use that routingmark to select the gateway (ISP) of the connection.
by msatter
Thu Nov 29, 2018 12:28 am
Forum: General
Topic: Having Problems Matching Host with Firewall [SOLVED]
Replies: 3
Views: 158

Re: Having Problems Matching Host with Firewall [SOLVED]

I am not a expert on this but some things are explainable. MAC addresses outside your router are not know so you can only use MAC addresses inside your local network. The device is requesting the traffic and that could be why it is shown as source. I would add the dst-IP to the addresslist on basis ...
by msatter
Wed Nov 28, 2018 2:41 pm
Forum: Scripting
Topic: Hide the fetch log
Replies: 3
Views: 267

Re: Hide the fetch log

Topic: ....gps info kvm.... manual add prefix fetch and toggle !

You can also try with Topic: store and I csn't test it where I am right now.
by msatter
Wed Nov 28, 2018 2:23 pm
Forum: General
Topic: SFP+ copper module (FS 10G-T) incompatible with Mikrotik CRS 3xx?
Replies: 5
Views: 294

Re: SFP+ copper module (FS 10G-T) incompatible with Mikrotik CRS 3xx?

Did you disable the auto stuff in the Mikrotik for that SPF.

FS offers to program the settings in the recognisation section with wished information.
by msatter
Wed Nov 28, 2018 2:08 pm
Forum: Scripting
Topic: Hide the fetch log
Replies: 3
Views: 267

Re: Hide the fetch log

Try onder System-Logging to add under Rules - Topic info Prefix line !fetch
by msatter
Wed Nov 28, 2018 1:45 pm
Forum: Beginner Basics
Topic: Route all traffic through NordVPN?
Replies: 13
Views: 1608

Re: Route all traffic through NordVPN?

NordVPN dropped support of l2tp.
Is going to drop support for it on the 1st of December.

https://nordvpn.com/blog/l2tp-pptp-protocol-update/

Come on Mikrotik. We can't use OpenVPN or IKEv2 with NordVPN so which protocol are we going to use? SSTP is only possible with a few providers.
by msatter
Wed Nov 28, 2018 12:38 pm
Forum: General
Topic: How to sniff traffic between wifi clients (same subnet)
Replies: 11
Views: 569

Re: Packet sniffer does not sniff UDP packets

Did you take in account that traffic between devices in the same network is not going through the router but are connected through the switch? This switching is often done on hardware level and so invisible for the sniffer. The funny thing is that I have to place filters to keep out that local traff...
by msatter
Tue Nov 27, 2018 8:54 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 317
Views: 51902

Re: v6.44beta [testing] is released!

Isn't the answer two posts above?.. i use this config in 6.4.34 in all clients, in the new beta no work the peer, the port-override and main-l2tp no work if upgrade to next version all vpn l2tp/ipsec with this config will they stop working? . . /ip ipsec peer add exchange-mode=main-l2tp generate-po...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 20