Community discussions

Search found 38 matches

by khaverblad
Thu Oct 10, 2019 9:53 pm
Forum: General
Topic: Mikrotik does not support IPSec, L2TP or OpenVPN connections to any VPN provider
Replies: 10
Views: 4327

Re: Mikrotik does not support IPSec, L2TP or OpenVPN connections to any VPN provider

What about if you just want to route web traffic via vpn provider, lets say that you utilize the Mikrotik as proxy and push traffic out via vpn provider. Wouldn't that be possible? Meaning instead of configure the client web browser with vpn settings the mikrotik is used for proxy settings. Possible?
by khaverblad
Mon Sep 09, 2019 5:12 pm
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 16
Views: 6993

Re: Add DNS over HTTPS (DoH) support

Well, doesn't necessary have to be the client side who wants to implement it :-)
by khaverblad
Mon Sep 09, 2019 4:49 pm
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 16
Views: 6993

Re: Add DNS over HTTPS (DoH) support

And that is my point, if Mikrotik implemented it, it wouldn't break anything as it would if enabled on the client side.
by khaverblad
Mon Sep 09, 2019 2:58 pm
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 16
Views: 6993

Re: Add DNS over HTTPS (DoH) support

@Mikrotik are you considering implementation of DNS over HTTPS or DNSCrypt? Would be great with an update on this topic.
by khaverblad
Thu Jan 17, 2019 9:42 pm
Forum: General
Topic: Guide to Setup Graphical Traffic log? [SOLVED]
Replies: 1
Views: 263

Re: Guide to Setup Graphical Traffic log? [SOLVED]

Me bad in the frustration of not getting it to work I've forgotten that I had disabled web service within RouterOS.... But, for others still looking for how to set it up here is a brief article.
by khaverblad
Thu Jan 17, 2019 11:51 am
Forum: General
Topic: Guide to Setup Graphical Traffic log? [SOLVED]
Replies: 1
Views: 263

Guide to Setup Graphical Traffic log? [SOLVED]

Been looking around but haven't really found anything, but what I would like to setup is a way to set the traffic activity for incoming and outgoing for specific port (for example WAN-port, DMZ-port, etc). Preferably this should be for the last 24h broken down per hour including weekly and monthly. ...
by khaverblad
Fri Dec 14, 2018 8:37 pm
Forum: General
Topic: v6.43.4 + v6.43.7 corrupts the use of Address Lists
Replies: 5
Views: 655

Re: v6.43.4 + v6.43.7 corrupts the use of Address Lists

Correct, here is the rule which suddenly stopped working which make use of src-address-list: add action=dst-nat chain=dstnat dst-port=32400 in-interface=sfp1-gateway protocol=tcp src-address-list=WhiteList to-addresses=192.168.10.10 to-ports=32400 and the whitelist looks something like this: add add...
by khaverblad
Sat Dec 08, 2018 1:23 am
Forum: General
Topic: v6.43.4 + v6.43.7 corrupts the use of Address Lists
Replies: 5
Views: 655

Re: v6.43.4 + v6.43.7 corrupts the use of Address Lists

Will do. Suggestion which version that still works with Address Lists feature?
by khaverblad
Sat Dec 08, 2018 12:11 am
Forum: General
Topic: v6.43.4 + v6.43.7 corrupts the use of Address Lists
Replies: 5
Views: 655

v6.43.4 + v6.43.7 corrupts the use of Address Lists

I've been using the Address Lists for various whitelisting rules in my NAT rules but noticed when I upgraded to v6.43.4 a week or so ago that the rules stopped work and same issue with v6.43.7. Don't remember exactly which version I had previously when the NAT rules worked, but it was v6.42.x someth...
by khaverblad
Sun Feb 11, 2018 10:24 pm
Forum: General
Topic: Change in Firewall Rule Timeout Setting?
Replies: 2
Views: 471

Re: Change in Firewall Rule Timeout Setting?

Well, in the past I used address-list-timeout=2w and after upgade it was altered to the new default but if I change to 2w its not accepted and gives the following error, Error in Timeout - time interval in range [00:00:00:248d 13:13:56] expected! , and I've tried a bit of everything and it only acce...
by khaverblad
Sun Feb 11, 2018 10:06 pm
Forum: General
Topic: DMZ firewall setup rule help
Replies: 4
Views: 554

Re: DMZ firewall setup rule help

I have a dev router behind a main production router. I would like the dev router to be in the DMZ for testing purposes. I have the an ether7 setup as the DMZ interface on my 2011 production router with a separate network setup for it. I have a DHCP server running on ether7 it to test DHCP clients o...
by khaverblad
Sun Feb 11, 2018 8:13 pm
Forum: General
Topic: Change in Firewall Rule Timeout Setting?
Replies: 2
Views: 471

Change in Firewall Rule Timeout Setting?

Noticed recently in ROS v6.4.1 that the Timeout value in the Action tab has changed to none dynamic and none static where as in earlier releases one could set a value such as 7d, etc. How is this to be handled now?
by khaverblad
Sun Feb 11, 2018 4:15 pm
Forum: General
Topic: Master/Slave Ports vs Interface Lists [SOLVED]
Replies: 6
Views: 3811

Re: Master/Slave Ports vs Interface Lists [SOLVED]

Yes, I'm aware and just to make this respond a bitter more informative; these are example of fw rules that I'm using: add action=drop chain=forward comment="Block connections between DMZ and LAN" dst-address=192.168.0.0/24 src-address=172.16.0.0/24 add action=drop chain=forward comment="Block connec...
by khaverblad
Sun Feb 11, 2018 3:07 pm
Forum: General
Topic: Master/Slave Ports vs Interface Lists [SOLVED]
Replies: 6
Views: 3811

Re: Master/Slave Ports vs Interface Lists [SOLVED]

So the config you have now doesn't match your description. If you still want separate L2 domains like you had before, you simply create a new bridge and then add ports to it. So from your description, your "old" setup equivalent would have 3 to 5 assigned to bridge1, and 6 to 10 to bridge2. That's ...
by khaverblad
Sun Feb 11, 2018 3:16 am
Forum: General
Topic: Master/Slave Ports vs Interface Lists [SOLVED]
Replies: 6
Views: 3811

Re: Master/Slave Ports vs Interface Lists [SOLVED]

Here goes: # RouterOS 6.41.1 # model = RouterBOARD 3011UiAS /interface bridge add auto-mac=no fast-forward=no name=bridge-local /interface bridge port add bridge=bridge-local interface=ether3 add bridge=bridge-local interface=ether6 add bridge=bridge-local interface=ether4 add bridge=bridge-local in...
by khaverblad
Sun Feb 11, 2018 12:34 am
Forum: General
Topic: Master/Slave Ports vs Interface Lists [SOLVED]
Replies: 6
Views: 3811

Master/Slave Ports vs Interface Lists [SOLVED]

In general since the Master/Slave port concept is gone (in the later versions of ROS that is), does this also mean that one is stuck wiht the existing Master/Slave configuration from the past? Meaning, I noticed when I was trying to setup a fw filter rule for ether6 (using RB3011) I got an error mes...
by khaverblad
Fri Feb 09, 2018 12:05 pm
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 106
Views: 15539

Re: v6.41.1 [current]

In general since the Master/Slave port concept is gone, does this also mean that one is stuck wiht the existing Master/Slave configuration from the past? Meaning, I noticed when I was trying to setup a fw filter rule for ether6 (using RB3011) I got an error message saying that the port was setup as ...
by khaverblad
Thu Feb 08, 2018 11:56 am
Forum: General
Topic: RB3011 SFP Configuration Question [SOLVED]
Replies: 9
Views: 2173

Re: RB3011 SFP Configuration Question [SOLVED]

Ah! Okay, got it sounds smooth. So worthwhile looking into and utilise.
by khaverblad
Thu Feb 08, 2018 12:23 am
Forum: General
Topic: RB3011 SFP Configuration Question [SOLVED]
Replies: 9
Views: 2173

Re: RB3011 SFP Configuration Question [SOLVED]

First of all, thanks for being a patient responder, highly appreciated! Regarding the new firewall - You wouldn't have a link to which explains the changes? I mean what and how much have changed since I'm using WinBox to configure and maintain the units, so from that perspective it feels like minimu...
by khaverblad
Wed Feb 07, 2018 9:09 pm
Forum: General
Topic: RB3011 SFP Configuration Question [SOLVED]
Replies: 9
Views: 2173

Re: RB3011 SFP Configuration Question [SOLVED]

Thanks for the suggestions which will be the route I'll take. Just need to understand the changes of not using the Master Port concept anymore and what changed in regards of the bridge function before take this action.
by khaverblad
Wed Feb 07, 2018 8:14 pm
Forum: General
Topic: RB3011 SFP Configuration Question [SOLVED]
Replies: 9
Views: 2173

Re: RB3011 SFP Configuration Question [SOLVED]

I'm on ROS v6.41.1. So what you're saying is that to get everything in place in a proper way I shold make a factory reset (reset t odefault) to get everything in place? But, would there be any issues then to recover previous configuration or should that work out just fine? Asking if invalid config d...
by khaverblad
Wed Feb 07, 2018 5:36 pm
Forum: Beginner Basics
Topic: 6.41 new features
Replies: 2
Views: 676

Re: 6.41 new features

Regarding Q2 I didn't see any issues so far jumping up to 6.41 version in terms of usage of master ports, having said that I'm still myself uncertain with what the benefit and the implications. For example this would mean that one can't group ports to a master, but does this also mean that you don't...
by khaverblad
Wed Feb 07, 2018 2:34 pm
Forum: General
Topic: RB3011 SFP Configuration Question [SOLVED]
Replies: 9
Views: 2173

RB3011 SFP Configuration Question [SOLVED]

Installed a SFP module to my RB3011, which it seems to pick up when I check the Interfaces section for the sfp port it seems good. So far so good then. When it comes to configuration setup, it would be a matter of adding dhcp client to the sfp interface and of course altering the existing firewall f...
by khaverblad
Wed Aug 16, 2017 4:21 pm
Forum: General
Topic: Issues with Portforwarding to 2nd Sub-Net defined as DMZ
Replies: 9
Views: 1206

Re: Issues with Portforwarding to 2nd Sub-Net defined as DMZ

And master-port=none is correct for ether2-dmz, if you want to have it as independent interface. Just for clarification to avoid missunderstandings; when it comes to whether the ether2 ports should be set to master-port=none or not. Would it make any difference in this particular case whether I act...
by khaverblad
Tue Aug 15, 2017 11:45 pm
Forum: General
Topic: Issues with Portforwarding to 2nd Sub-Net defined as DMZ
Replies: 9
Views: 1206

Re: Issues with Portforwarding to 2nd Sub-Net defined as DMZ

Ah, okay makes sense and thanks for quick response!
by khaverblad
Tue Aug 15, 2017 10:13 am
Forum: General
Topic: Issues with Portforwarding to 2nd Sub-Net defined as DMZ
Replies: 9
Views: 1206

Re: Issues with Portforwarding to 2nd Sub-Net defined as DMZ

As you say it should work but it doesn't; so as already mentioned the test device is a Rpi3 with Rasbian which I initial setup to make use of 172.16.0.0/24 where it seems that the dns lookups isn't working and where I was using the following settings within /etc/dhcpcd.conf: static ip_address=172.16...
by khaverblad
Tue Aug 15, 2017 12:04 am
Forum: General
Topic: Issues with Portforwarding to 2nd Sub-Net defined as DMZ
Replies: 9
Views: 1206

Re: Issues with DNS & Portforwarding to 2nd Sub-Net defined as DMZ

Okay, One down and still another issue that seems related to the above configuration. It seems that when I attach a device to the 172.16.0.0/24 network dns lookups/entries doesn't seem to work out as it should as I keep getting time outs all the time. Taking the same device, an Rpi3, and changing th...
by khaverblad
Sun Aug 13, 2017 12:20 am
Forum: General
Topic: Issues with Portforwarding to 2nd Sub-Net defined as DMZ
Replies: 9
Views: 1206

Re: Issues with Portforwarding to 2nd Sub-Net defined as DMZ

Wrong address: to-addresses=172.168.0.5
Argh! :shock: This one I missed... Okay, thanks. Just got totally blind on this one. And thank you for the QA :D
by khaverblad
Sat Aug 12, 2017 8:54 pm
Forum: General
Topic: Issues with Portforwarding to 2nd Sub-Net defined as DMZ
Replies: 9
Views: 1206

Issues with Portforwarding to 2nd Sub-Net defined as DMZ

Trying to figure out what I'm forgetting to get the NAT rules to work with portforwarding to ether2 which has been dedicated for 172.16.0.0/24 subnet for dmz which I can't get to work. Having said that my other NAT rules works fine for 192.168.0.0/24. Currently now, I've kind of stuck and need some ...
by khaverblad
Fri Nov 18, 2016 11:40 pm
Forum: General
Topic: Firewall Rules Question for allowing NAT'ed traffic
Replies: 5
Views: 2142

Re: Firewall Rules Question for allowing NAT'ed traffic

Sob, I get now how the filter rule work and I agree that it's far better way of using that the connection-nat-state=dstnat rule from maintenance perspective. So I'll stick with your suggestion. Thanks!
by khaverblad
Thu Nov 17, 2016 12:03 am
Forum: General
Topic: Firewall Rules Question for allowing NAT'ed traffic
Replies: 5
Views: 2142

Re: Firewall Rules Question for allowing NAT'ed traffic

Thanks, but that is exactly what I want to avoid to have. So an universal "allow all forwarded ports" rule is not for me. I could then stick with my old out-of-the-box config :-) I'll rather create several rules which open for the necessary external incoming traffic based on my needs. So what I've d...
by khaverblad
Wed Nov 16, 2016 5:47 pm
Forum: General
Topic: Firewall Rules Question for allowing NAT'ed traffic
Replies: 5
Views: 2142

Re: Firewall Rules Question for allowing NAT'ed traffic

Well, the wiki is great source and seems that the following rule did the trick:
add chain=forward comment="Allow NAT Connections" \
dst-port=80 protocol=tcp
But, still open for some good suggestions and pointers when it comes to basic setup.
by khaverblad
Wed Nov 16, 2016 5:27 pm
Forum: General
Topic: Firewall Rules Question for allowing NAT'ed traffic
Replies: 5
Views: 2142

Firewall Rules Question for allowing NAT'ed traffic

Hi, Haven't really looked that deep into the fw rules which one can create in RouterOS and in the past been lazy and making use of the simply guides to create some basic rules. While going basic again, but wanting to do much more, here is an example of fw rules below (which works out fine) but reali...
by khaverblad
Fri Jan 02, 2015 1:13 am
Forum: General
Topic: Script for Joker.com dynamic DNS service?
Replies: 0
Views: 506

Script for Joker.com dynamic DNS service?

Quick question whether there is script already available for Joker.com dynamic DNS service?
by khaverblad
Wed Dec 31, 2014 12:50 am
Forum: General
Topic: Guide for vpn on-demand based on filter triggering?
Replies: 0
Views: 383

Guide for vpn on-demand based on filter triggering?

Assume that I'm not the only one been looking for this; but would anyone be able to point to a guide on how to setup a vpn on-demand based on filter triggering (ports)?
by khaverblad
Tue Dec 30, 2014 2:08 pm
Forum: Beginner Basics
Topic: RB2011UiAS-IN issues when it comes to port forwarding
Replies: 3
Views: 720

Re: RB2011UiAS-IN issues when it comes to port forwarding

Ah, Okay. That interesting. Nice that it has been added but bad that I didn't notice; here is the basic rules out of the box from RouterOS v6.12 which I've upgraded to 6.20 with the suggestion you made. But, you then are saying is that this forwarding chain needs to includes all port forwadings whic...
by khaverblad
Sat Dec 27, 2014 12:58 pm
Forum: Beginner Basics
Topic: RB2011UiAS-IN issues when it comes to port forwarding
Replies: 3
Views: 720

RB2011UiAS-IN issues when it comes to port forwarding

Been trying to wrap my head around why I can't get this RB2011UiAS-IN to work as it used to do when it was initially setup using RouterOS v6.12 together with the default configation. Setting up the NAT rules for standard ports work without any issues. After a couple of month running smoothly and due...
by khaverblad
Wed May 07, 2014 9:41 pm
Forum: General
Topic: SNMP Queury to monitor gateway bandwidth?
Replies: 0
Views: 319

SNMP Queury to monitor gateway bandwidth?

Been browsing and digging for a while to find simply example of snmp queries to pull bandwith usage for the various interfaces on the Mikrotik and specific the total gateway bandwidth including CPU load, memory usage and CPU/Unit temperatur. Would anyone be able to share how this is done from comand...