Community discussions

Search found 95 matches

by lotnybartek
Fri Sep 13, 2019 10:03 am
Forum: General
Topic: IKEv2 for RW - proxy-arp PROBLEM, local-proxy-arp WORKS
Replies: 0
Views: 238

IKEv2 for RW - proxy-arp PROBLEM, local-proxy-arp WORKS

Hi I'm using for 2 years SSTP with certs - works fine. But it's TCP. Few users have unstable connections at their end and we have frequent drops when they are using RDP. So we set up IKEv2. IKEv2 set up based on: https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_using_IKEv2_with_RSA_...
by lotnybartek
Wed Jul 11, 2018 10:13 pm
Forum: Wireless Networking
Topic: wAP 60G experience
Replies: 289
Views: 40298

Re: wAP 60G experience

Fixed ;)

Image

Image

Everything works as expected ;)
by lotnybartek
Tue Jul 10, 2018 12:46 pm
Forum: Wireless Networking
Topic: wAP 60G experience
Replies: 289
Views: 40298

Re: wAP 60G experience

Slave is mounted to the window sill and this is the only way - house owner do not allow us to mount it in any other way. I mounted it using quickmount pro, but I'll try to mount it using quickmount pro lhg - it should be in correct position. https://viva-telecom.org/images/MIKROTIK/quickmount-pro-lh...
by lotnybartek
Mon Jul 09, 2018 9:49 pm
Forum: Wireless Networking
Topic: wAP 60G experience
Replies: 289
Views: 40298

Re: wAP 60G experience

Need your advice. I just installed wAP60g kit but horizontally. Left is MASTER, right is SLAVE. Is this supported? Should I cover any holes where water could potentially leak? With what? Silicone? Anyway, it works well. Even with heavy rain - and I mean heavy as fcuk. https://i.imgur.com/reh5Ron.jpg...
by lotnybartek
Thu Jul 05, 2018 11:46 pm
Forum: General
Topic: RBwAPG-60ad kit - sites A and B have their own "Internet", DHCP servers = problems
Replies: 3
Views: 410

RBwAPG-60ad kit - sites A and B have their own "Internet", DHCP servers = problems

Need a little help my friends from another land. Got site A and site B. Site A has it's own Internet, DHCP server running on RB2011 (192.168.10.0/24). Site B has it's own Internet, DHCP server running on RB2011 (192.168.20.0/24). Both sites are connected using IPSec - runs great for 2 years (site B ...
by lotnybartek
Mon Jul 02, 2018 9:32 am
Forum: General
Topic: RBwAPG-60ad kit - how to adjust positions on pole vertically?
Replies: 3
Views: 473

Re: RBwAPG-60ad kit - how to adjust positions on pole vertically?

Thank you ;) Normis, all in all, I need to attach RBwAPG-60ad to something ;)
by lotnybartek
Sun Jul 01, 2018 10:02 pm
Forum: General
Topic: RBwAPG-60ad kit - how to adjust positions on pole vertically?
Replies: 3
Views: 473

RBwAPG-60ad kit - how to adjust positions on pole vertically?

Hi I need to connect two sites with RBwAPG-60ad kit. "Client" window is about 3m higher than "Server" window. I'm going to mount both on poles. How can I adjust the position of both RBwAPG-60ad on pole. It'll be my first mounting outside so yeah I'm unexperienced. Stock mounting kit allows to mount ...
by lotnybartek
Mon May 21, 2018 10:39 pm
Forum: RouterBOARD hardware
Topic: CAP ac bad Antenna design?
Replies: 95
Views: 21293

Re: CAP ac bad Antenna design?

Man, I'm looking for a 5GHz device - Mikrotik is a 1st one to choose, but this thread is a real show stopper for me.

Right now I have RB2011 but it lacks power now and almost all my devices support 5GHz.

What a bummer.;(
by lotnybartek
Tue Mar 13, 2018 11:00 pm
Forum: RouterBOARD hardware
Topic: hAP ac² vs RB2011 WiFi coverage
Replies: 5
Views: 1432

hAP ac² vs RB2011 WiFi coverage

For people that already have the new hAP ac². What do you think about WiFi coverage? Do you think comparing it to RB2011 coverage should be better?
by lotnybartek
Mon Jan 29, 2018 9:10 am
Forum: General
Topic: [MAC]@wlan1:reassocsiating, disconnected,ok, wlan1:[MAC] not in local ACL, by default accept, [MAC]@wlan1:connected SPAM
Replies: 2
Views: 429

Re: [MAC]@wlan1:reassocsiating, disconnected,ok, wlan1:[MAC] not in local ACL, by default accept, [MAC]@wlan1:connected

Tried almost every combination, no go. Hmm, there is a problem with two laptops and both have Intel WiFi/Bluetooth cards. But, I reinstalled 4-5 revision of WiFi drivers and still no go. Im lost.
by lotnybartek
Fri Jan 26, 2018 10:28 am
Forum: General
Topic: [MAC]@wlan1:reassocsiating, disconnected,ok, wlan1:[MAC] not in local ACL, by default accept, [MAC]@wlan1:connected SPAM
Replies: 2
Views: 429

[MAC]@wlan1:reassocsiating, disconnected,ok, wlan1:[MAC] not in local ACL, by default accept, [MAC]@wlan1:connected SPAM

Hi there I have a RB2011 and Intel 8260 Intel WiFi card in laptop. After I upgraded to 6.41 software along with 6.41 firmware - LOG gets flooded with this messages: https://i.imgur.com/nSrcrh5.png https://i.imgur.com/QIJWE34.jpg Lately (3-4 days) I've been downloading a lot of data ~ 300GB - 500GB a...
by lotnybartek
Mon Dec 18, 2017 9:10 am
Forum: General
Topic: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC
Replies: 18
Views: 2122

Re: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC

Yeah, I'm going to stick with "fans" version, If there is problem with high pitch noise (well, if someone here will cry becasue of it) I'll repleace stock fans with:

Noctua NF-A4x20 PWM.

Thx for answers people ;)
by lotnybartek
Sun Dec 17, 2017 9:31 pm
Forum: General
Topic: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC
Replies: 18
Views: 2122

Re: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC

Hmm, the PC model can also be attached to RACK and also has redundant power supplies (POE and DC) though. Hmm, dunno, I'll probably go with "with fans" option.
by lotnybartek
Sun Dec 17, 2017 1:44 pm
Forum: General
Topic: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC
Replies: 18
Views: 2122

CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC

I'm going to buy one of these. They are the same, but: first one is with fans, second has passive cooling.

Any benefits of having passive colling - other than that it's just silent? Anyone got temperature charts or smth? I don't rly care about the noise.

Anyone?
by lotnybartek
Wed Oct 04, 2017 8:59 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 25683

Re: v6.40.4 [current]

lotnybartek, eddieb - Send supout file from 6.40.4 which would be generated after problem has appeared to support@mikrotik.com and refer to this forum post; Lakis - You did see this tab under "Wireless/Security Profiles" on 6.40.3 version and it disappeared on 6.40.4? I updated to 6.40.4 one more t...
by lotnybartek
Wed Oct 04, 2017 11:54 am
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 25683

Re: v6.40.4 [current]

Problem with SSTP. RB2011 here. I have 22 clients connecting to various services from their homes using SSTP with cert. After upgrading to v6.40.4 I'm able to establish the connection, but for example - I can't RDP to Windows PCs. I can't ping any internal address from my IP pool. After downgrade to...
by lotnybartek
Tue Oct 03, 2017 9:45 pm
Forum: General
Topic: Clients behind TP-LINK connected using WiFi to RB2011 can't get their IP from its DHCP
Replies: 2
Views: 567

Re: Clients behind TP-LINK connected using WiFi to RB2011 can't get their IP from its DHCP

Below it's a log from RB2011 with DHCP details, still this problem is unresolved. # oct/ 3/2017 20:34:44 by RouterOS 6.40.4 # software id = 6RHL-AT74 # 15:32:44 system,info verified routeros-mipsbe-6.40.4.npk 15:32:47 system,info installed routeros-mipsbe-6.40.4 15:32:48 system,info router rebooted ...
by lotnybartek
Mon Oct 02, 2017 2:41 pm
Forum: General
Topic: Clients behind TP-LINK connected using WiFi to RB2011 can't get their IP from its DHCP
Replies: 2
Views: 567

Re: ... offering lease [IP] for [MAC1] to [MAC2] without success

Bump. I tried the same configuration with TP-Link 1043ND with LEDE/LUCI firmware but problem persist. I'm flooded (in RB2011) with: ... offering lease [IP] for [MAC1] to [MAC2] without success ... biuro (name of DHCP server) offering lease 192.168.10.11 for AC:22:0B:95:84:01 (my PC connected using w...
by lotnybartek
Mon Sep 25, 2017 2:14 pm
Forum: General
Topic: Clients behind TP-LINK connected using WiFi to RB2011 can't get their IP from its DHCP
Replies: 2
Views: 567

Clients behind TP-LINK connected using WiFi to RB2011 can't get their IP from its DHCP

Here is the deal: I have TP-LINK 941 v5 (kind of repeater with AP) (stock firmware) connected to RB2011 using Wifi. Clients connected to TP-LINK 941 v5 get their IP from DHCP on RB2011. This setup worked almost 18 months. Now, my RB2011 is flooded with this message: ... offering lease [IP] for [MAC1...
by lotnybartek
Tue Aug 08, 2017 9:56 am
Forum: Announcements
Topic: v6.40.1 [current]
Replies: 74
Views: 23062

Re: v6.40.1 [current]

IPSec site to site is extremely slow on 6.40.1. Reverted back to 3.39.2 - now is "as usual" - good.
by lotnybartek
Sun Aug 06, 2017 6:14 pm
Forum: Announcements
Topic: v6.40.1 [current]
Replies: 74
Views: 23062

Re: v6.40.1 [current]

*) rb2011 - fixed possible LCD blinking along with ethernet LED (introduced in 6.40);

Not true. All my 4x RB2011 LCD's are blinking constantly AFTER boot. I need to manually turn them off using WinBox - for example.
by lotnybartek
Thu Aug 03, 2017 11:25 am
Forum: General
Topic: wAP ac as repeater without splitting speed in half
Replies: 3
Views: 787

wAP ac as repeater without splitting speed in half

Hi

Wireless repeaters almost always split speed in half - because they have one radio - so they receive and transmit with the same radio. What is the situation with wAP ac? It has two radios. Is it possible to set it up as wireless repeater that receive and transmit with full speed?
by lotnybartek
Tue Apr 25, 2017 9:02 am
Forum: General
Topic: HBO GO on Samsung Smart TV doesn't work on RB2011 WiFi BUT works on WIRED connection
Replies: 8
Views: 1891

Re: HBO GO on Samsung Smart TV doesn't work on RB2011 WiFi BUT works on WIRED connection

Thank you normis for your answer. Yes, while attempting to solve the issue I also tried changing DNS to static on TV - no go.

I know as strange as it looks like, but enabling Allow Remote Requests fixed the issue - but I rly can't explain why.
by lotnybartek
Sun Apr 23, 2017 10:03 pm
Forum: General
Topic: HBO GO on Samsung Smart TV doesn't work on RB2011 WiFi BUT works on WIRED connection
Replies: 8
Views: 1891

Re: HBO GO on Samsung Smart TV doesn't work on RB2011 WiFi BUT works on WIRED connection

Yes, I used this code:
/ip firewall filter
add chain=input in-interface=pppoe-out1 protocol=tcp dst-port=53 connection-state=new action=drop
add chain=input in-interface=pppoe-out1 protocol=udp dst-port=53 connection-state=new action=drop
by lotnybartek
Sun Apr 23, 2017 8:51 pm
Forum: General
Topic: HBO GO on Samsung Smart TV doesn't work on RB2011 WiFi BUT works on WIRED connection
Replies: 8
Views: 1891

Re: HBO GO on Samsung Smart TV doesn't work on RB2011 WiFi BUT works on WIRED connection

For some weird reason, enabling IP-->DNS-->Allow Remote Request, makes HBO GO works again on WiFi . After disabling it, HBO GO stops working. I don't know how to explain this, on wired connection HBO GO works as normal. Now, I need to check if DNS will be abused because of remote requests. Any thoug...
by lotnybartek
Sat Apr 22, 2017 4:50 pm
Forum: General
Topic: HBO GO on Samsung Smart TV doesn't work on RB2011 WiFi BUT works on WIRED connection
Replies: 8
Views: 1891

Re: HBO GO on Samsung Smart TV doesn't work on RB2011 WiFi but works on WIRED connection !!?

Ok, look what I found so far. HBO GO WORKS LIKE A CHARM WITH WIRED CONNECTION. DOES NOT WORK ON WIFI Test were done using The Sopranos S01E01. First of all, I checked to which IP TV is connecting to while streaming. It's 93.184.221.133:80. This is how connection looks like while streaming video on w...
by lotnybartek
Thu Apr 20, 2017 10:39 pm
Forum: General
Topic: HBO GO on Samsung Smart TV doesn't work on RB2011 WiFi BUT works on WIRED connection
Replies: 8
Views: 1891

Re: HBO GO on Samsung Smart TV doesn't work (RB2011 WiFi) BUT works on LTE, READ FIRST

My bad. It's Mikrotik thats blocking (somehow) HBO GO. I connected TV directly to modem - wifi - modem has router function and everything works like a charm.

How the hell I should troubleshoot this?

Heeeeelp me ;)
by lotnybartek
Thu Apr 13, 2017 10:42 am
Forum: General
Topic: HBO GO on Samsung Smart TV doesn't work on RB2011 WiFi BUT works on WIRED connection
Replies: 8
Views: 1891

HBO GO on Samsung Smart TV doesn't work on RB2011 WiFi BUT works on WIRED connection

RB2011 here. So I've posted similar thread on polish website (a'la Mikrotik forum) but they were unable to help me. So I'm trying here. My gear is: TV: Samsung UE55H6400 - latest firmware, everything is up to date Router: RouterBoard RB2011UAS-2HnD-IN - latest firmware, everything is up to date Inte...
by lotnybartek
Thu Mar 30, 2017 9:16 am
Forum: General
Topic: LARGEST EVER new product announcement at the MUM Europe 2017
Replies: 4
Views: 1126

LARGEST EVER new product announcement at the MUM Europe 2017

So I'm little hyped to see RB2011UiAS-2HnD-IN successor with AC wifi and stuff, what do you think Mikrotik will reveal?
by lotnybartek
Wed Mar 22, 2017 12:21 pm
Forum: General
Topic: Route Cache Size Overflow, High CPU Usage, Internal IP Spam, UPNP XML? RB2011
Replies: 3
Views: 592

Re: Route Cache Size Overflow, High CPU Usage, Internal IP Spam, UPNP XML? RB2011

I've restarted Hyper-v Guest and Server and everything is fine now. Dunno what caused it.
by lotnybartek
Tue Mar 21, 2017 1:04 pm
Forum: General
Topic: Route Cache Size Overflow, High CPU Usage, Internal IP Spam, UPNP XML? RB2011
Replies: 3
Views: 592

Route Cache Size Overflow, High CPU Usage, Internal IP Spam, UPNP XML? RB2011

Hi there. RB2011 here. Everything was wine for years until last month. Look at this: http://i.imgur.com/chZPO5n.png To explain: - 192.168.10.1 is RB2011 IP - 192.168.10.113 is Windows 10 Pro Hyper-V Guest So 192.168.10.113 is spamming router to the point, where CPU is on 100% (or vice versa?)constan...
by lotnybartek
Fri Dec 23, 2016 12:12 pm
Forum: Announcements
Topic: v6.38rc [release candidate] is released
Replies: 331
Views: 75161

Re: v6.38rc [release candidate] is released

Can someone tell how is CPU usage with site 2 site VPN connection using IKEv2?
by lotnybartek
Mon Dec 19, 2016 12:18 pm
Forum: General
Topic: IPSec RAW firewall tables to bypass connection tracking - No CPU Usage difference
Replies: 6
Views: 1995

Re: IPSec RAW firewall tables to bypass connection tracking - No CPU Usage difference

Changing algorithms - Hash and Encryption to MD5 and AES-128, reduced CPU load by about 10-12%.

What algorithms do you use in your IPSec connection?
by lotnybartek
Mon Dec 19, 2016 9:58 am
Forum: General
Topic: IPSec RAW firewall tables to bypass connection tracking - No CPU Usage difference
Replies: 6
Views: 1995

Re: IPSec RAW firewall tables to bypass connection tracking - No CPU Usage difference

Right now I'm using: Hash Algorithm SHA1 and Encryption Algorithm AES-256. Today I'll try MD5 and AES-128. Wonder if I see any noticeable difference. What algorithms do you use? BTW, Wiki says about a better way of bypassing ipsec policies - RAW firewall tables instead of normal filter rules - not a...
by lotnybartek
Sun Dec 18, 2016 11:21 pm
Forum: General
Topic: IPSec Site to Site - All works but Can't Ping [SOLVED]
Replies: 3
Views: 2361

Re: IPSec Site to Site - All works but Can't Ping

Problem solved.

Firewall filter rule:

add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp

was blocking PING.

Now, everything works.
by lotnybartek
Sun Dec 18, 2016 9:17 pm
Forum: General
Topic: IPSec RAW firewall tables to bypass connection tracking - No CPU Usage difference
Replies: 6
Views: 1995

IPSec RAW firewall tables to bypass connection tracking - No CPU Usage difference

Hi I made site to site IPSec connection 2xRB2011. From Mikrotik Wiki: If you have fasttrack enabled, packet bypasses ipsec policies. So we need to add accept rule before fasttrack /ip firewall filter add chain=forward action=accept place-before=1 src-address=10.1.101.0/24 dst-address=10.1.202.0/24 c...
by lotnybartek
Sun Dec 18, 2016 4:02 pm
Forum: General
Topic: IPSec Site to Site - All works but Can't Ping [SOLVED]
Replies: 3
Views: 2361

Re: IPSec Site to Site - All works but Can't Ping

Yes, I am using Windows computers. I disabled windows firewall on 2 PCs but symptoms are still the same.
by lotnybartek
Sun Dec 18, 2016 2:17 pm
Forum: General
Topic: IPSec Site to Site - All works but Can't Ping [SOLVED]
Replies: 3
Views: 2361

IPSec Site to Site - All works but Can't Ping [SOLVED]

Hi So there is IPSec between two RB2011 - both sites have dynamic IP. Both routers acts as pppoe-clients (modems on both sites are in Bridge modes). Everything was done as described here: http://blog.pessoft.com/2016/05/29/mikrotik-ipsec-tunnel-with-ddns-and-nat/ ====================================...
by lotnybartek
Wed Dec 14, 2016 10:30 pm
Forum: General
Topic: Telnet bruteforcers - firewall doesn't work - read my firewall config
Replies: 3
Views: 668

Re: Telnet bruteforcers - firewall doesn't work - read my firewall config

Problem sorted.

I imported firewall again and now it works as expected.
by lotnybartek
Wed Dec 14, 2016 9:14 pm
Forum: General
Topic: Telnet bruteforcers - firewall doesn't work - read my firewall config
Replies: 3
Views: 668

Re: Telnet bruteforcers - firewall doesn't work - read my firewall config

Hmm, it's not this I think. I've checked rule by rule between routers and they are the same. I'm lost here.
by lotnybartek
Wed Dec 14, 2016 8:20 pm
Forum: General
Topic: Telnet bruteforcers - firewall doesn't work - read my firewall config
Replies: 3
Views: 668

Telnet bruteforcers - firewall doesn't work - read my firewall config

hi RB2011 here. i have 4 RB2011 - in all of them I'm using protection rules, read below: # nov/30/2016 15:17:24 by RouterOS 6.37.1 # software id = 5N19-V7VV # /ip firewall address-list add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons add address=10.0.0.0/8 comment="Private[...
by lotnybartek
Tue Nov 29, 2016 11:31 pm
Forum: General
Topic: Connect Two RB2011 via VPN tunnel. L2TP/IPSEC or SSTP?
Replies: 4
Views: 969

Re: Connect Two RB2011 via VPN tunnel. L2TP/IPSEC or SSTP?

Thank you for your answers. One more thing, both sites have ADSL with dynamic IPs.

Quesion is: Can I use dns names in IPSec configuration instead of static IPs?
by lotnybartek
Tue Nov 29, 2016 10:24 am
Forum: General
Topic: Connect Two RB2011 via VPN tunnel. L2TP/IPSEC or SSTP?
Replies: 4
Views: 969

Connect Two RB2011 via VPN tunnel. L2TP/IPSEC or SSTP?

Hello there We are opening second office and I have a task to make a stable, secured connections between them. Both offices have 80/8mbit vdsl2 connections. Now, what would you advise for a VPN: L2TP/IPSec or SSTP? We have people working remotely using SSTP and Certs and it's work great. But which o...
by lotnybartek
Mon Sep 05, 2016 10:55 am
Forum: General
Topic: Multiple DHCP Servers On One Bridge (Multiple WLANS, Same Subnet, Different DHCP Ranges) Help Please
Replies: 5
Views: 1194

Re: Multiple DHCP Servers On One Bridge (Multiple WLANS, Same Subnet, Different DHCP Ranges) Help Please

Can't you set up another virtual AP just for the TV decoders? This would be the easiest thing to do, but not here. wlan2 and wlan 3 (virtual aps) are here for Repeater purposes. There are two other devices (TP-LINKS) connecting to wlan2 and wlan3. If I would create wlan4 - signal would be too weak ...
by lotnybartek
Sat Sep 03, 2016 12:18 pm
Forum: General
Topic: Multiple DHCP Servers On One Bridge (Multiple WLANS, Same Subnet, Different DHCP Ranges) Help Please
Replies: 5
Views: 1194

Multiple DHCP Servers On One Bridge (Multiple WLANS, Same Subnet, Different DHCP Ranges) Help Please

RB2011. Now I have 1 WLAN and 2 Virtual AP - so 3 networks. All WLANS have their own bridge, different subnets, different DHCP and so on. WLAN1 192.168.10.0/24 WLAN2 192.168.20.0/24 WLAN3 192.168.30.0/24 Now, our TV decoders require to be connected to the network with same subnet (let's say It'll be...
by lotnybartek
Sat Aug 13, 2016 6:10 pm
Forum: Announcements
Topic: v6.36 [current] is released!
Replies: 183
Views: 42054

Re: v6.36 [current] is released!

RB2011 on 6.36 wifi clients gets randomly disconnected - all of them with log: mac address@wlan1 or wlan2 or wlan3: disconnected, received deauth: unspecified (1). After couple of seconds they get connected to the AP again. Nothing like this happened in previous versions.
by lotnybartek
Wed Aug 10, 2016 9:03 pm
Forum: General
Topic: Simple PCQ equal bandwidth shaping Upload counting as Download ; /
Replies: 8
Views: 3539

Re: Simple PCQ equal bandwidth shaping Upload counting as Download ; /

This one works fine here: (from polish trzepak.pl forum where I made the same thread) /ip firewall mangle add chain=forward action=mark-packet new-packet-mark=all_download in-interface=ether1 passthrough=no /ip firewall mangle add chain=forward action=mark-packet new-packet-mark=all_upload out-inter...
by lotnybartek
Wed Aug 10, 2016 2:36 pm
Forum: General
Topic: Simple PCQ equal bandwidth shaping Upload counting as Download ; /
Replies: 8
Views: 3539

Simple PCQ equal bandwidth shaping Upload counting as Download ; /

Hi so I created few rules to be able to do simple PCQ equal bandwidth shaping. Modem (bridge mode) connected to --> ether1 on RB2011 (PPPoE) --> wlan + 2x Virtual Ap's My code is: /ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=all passthrough=no /queue type add name="PCQ...
by lotnybartek
Mon Jul 18, 2016 12:39 pm
Forum: General
Topic: [SOLVED] Failover script for 2xWAN (PPPoE Client and USB 4G LTE) with E-Mail Notification
Replies: 7
Views: 4669

Re: Failover script do not switch from backup link to normal link (recursive route lookup fails?)

This one works: BEFORE you run it, set manually SentUpFlag and SetDownFlag to FALSE. #Set variables :global InternetStatus; :global SentUpFlag; :global SentDownFlag; #Match condition :if (($InternetStatus = "UP") && ($SentUpFlag = "FALSE")) do={ :set SentUpFlag "TRUE" :set SentDownFlag "FALSE" :dela...
by lotnybartek
Mon Jul 18, 2016 9:09 am
Forum: General
Topic: [SOLVED] Failover script for 2xWAN (PPPoE Client and USB 4G LTE) with E-Mail Notification
Replies: 7
Views: 4669

Re: Failover script do not switch from backup link to normal link (recursive route lookup fails?)

Thank you jarda for your suggestions. I made this script (do not laugh, It's first time I wrote it from A-Z): #Set variables :global InternetStatus; :global SentUpFlag; :global SentDownFlag; #Match condition :if (($InternetStatus = "UP") && ($SentUpFlag = "FALSE")) do={ /tool e-mail send to="XXX@XXX...
by lotnybartek
Sat Jul 16, 2016 12:57 am
Forum: General
Topic: [SOLVED] Failover script for 2xWAN (PPPoE Client and USB 4G LTE) with E-Mail Notification
Replies: 7
Views: 4669

Re: Failover script do not switch from backup link to normal link (recursive route lookup fails?)

yeah blackhole was the thing I needed. Works now. Ip route export: /ip route add comment="ISP1 MONITORING FOR 8.8.4.4" distance=1 \ dst-address=8.8.4.4/32 gateway=pppoe-out1 add comment="ISP1 BLACKHOLE FOR 8.8.4.4" distance=2 dst-address=\ 8.8.4.4/32 type=blackhole add comment="ISP1 MONITORING FOR 8...
by lotnybartek
Thu Jul 14, 2016 8:41 pm
Forum: General
Topic: [SOLVED] Failover script for 2xWAN (PPPoE Client and USB 4G LTE) with E-Mail Notification
Replies: 7
Views: 4669

Re: Failover script do not switch from backup link to normal link (script inside)

Ok so after I read tons of posts here, there is one nice workaround posted by "aacable" user - but still don't know if I'm doing it properly. You can simply create a route for target host, for example if you are monitoring 8.8.8.8 , then create a route for 8.8.8.8 that should always goes via WAN1. T...
by lotnybartek
Thu Jul 14, 2016 9:24 am
Forum: General
Topic: [SOLVED] Failover script for 2xWAN (PPPoE Client and USB 4G LTE) with E-Mail Notification
Replies: 7
Views: 4669

[SOLVED] Failover script for 2xWAN (PPPoE Client and USB 4G LTE) with E-Mail Notification

Hi In our office, we have now USB LTE dongle (Huawei E3372h-153 LTE - HiLink) which works great with RB2011UiAS-2HnD-IN. So: RB2011 is connected via ETHER1 to VDSL2 modem which is in bridge mode. RB2011 act as PPPOE Client. Now, I configured LTE modem as usual. So, I added DHCP Client and did NAT on...
by lotnybartek
Wed May 25, 2016 3:31 pm
Forum: General
Topic: Install RapidSSL Wildcart Cert. into Mikrotik to use with WebFig
Replies: 0
Views: 406

Install RapidSSL Wildcart Cert. into Mikrotik to use with WebFig

Hi there So I bought a RapidSSL wildcart SSL cert for company I work for. So I got two files: 1) Actual Wildcart cert for my domain 2) Intermediate cert I often use webfig on https://vpn.domain.com:port It works fine with self-signed cert but not with RapidSSL wildcart SSL cert. I've imported Interm...
by lotnybartek
Thu Apr 28, 2016 9:13 am
Forum: Wireless Networking
Topic: Wireless repeater - Client in range of 2 APs - to which one will connect? To the one with stronger signal?
Replies: 9
Views: 1183

Re: Wireless repeater - Client in range of 2 APs - to which one will connect? To the one with stronger signal?

EDIT: Bam, found cable to 2011 so it is connected now to 951 (sorry but new building and not my initial setup). Still I can't understand how can 951 act as wireless extender for 3 WiFi networks that broadcast 2011. To clarify. 2011 is main router. On ether1 there is Internet, ether 5 is connected to...
by lotnybartek
Tue Apr 26, 2016 1:30 pm
Forum: Wireless Networking
Topic: Wireless repeater - Client in range of 2 APs - to which one will connect? To the one with stronger signal?
Replies: 9
Views: 1183

Re: Wireless repeater - Client in range of 2 APs - to which one will connect? To the one with stronger signal?

Yeah, I want to avoid situation, where PC7, 8, 9, 10 would still connect to RB2011 despite the fact they can get better signal from RB951 - because Wifi names are the same. Found a topic with similar problem here: http://forum.mikrotik.com/viewtopic.php?t=81128#p406287 My setup seems to work as far ...
by lotnybartek
Tue Apr 26, 2016 1:12 pm
Forum: Wireless Networking
Topic: Wireless repeater - Client in range of 2 APs - to which one will connect? To the one with stronger signal?
Replies: 9
Views: 1183

Wireless repeater - Client in range of 2 APs - to which one will connect? To the one with stronger signal?

http://i.imgur.com/MKtvzUN.jpg RB2011 is main router serving 3 wifi (AP + 2 Virtual APs) networks with different subnets. In theory RB951 configured as bridge and as a repeater of those 3 wifi networks - so WiFi network names are the same. PC7, PC8, PC9, PC10 are far away from RB2011 but still in r...
by lotnybartek
Thu Apr 14, 2016 8:52 pm
Forum: General
Topic: Block access from IP range (10.10.10.4-10.10.10.254) to an IP (10.10.10.3) or how to isolate clients in LAN subnet
Replies: 3
Views: 793

Block access from IP range (10.10.10.4-10.10.10.254) to an IP (10.10.10.3) or how to isolate clients in LAN subnet

This one is connected with this thread: http://forum.mikrotik.com/viewtopic.php?f=2&t=107244 So I have this restaurant PC (10.10.10.3)that I need to block access to it from other PCs in this very same subnet (10.10.10.0/24). So: block access to 10.10.10.3 from 10.10.10.4-10.10.10.254 My Firewall loo...
by lotnybartek
Thu Apr 14, 2016 4:01 pm
Forum: General
Topic: Allow only one IP from first subnet (10.10.10.0) to communicate with second subnet (192.168.1.0)
Replies: 2
Views: 505

Allow only one IP from first subnet (10.10.10.0) to communicate with second subnet (192.168.1.0)

Here's the problem. Ether 1 - 192.168.1.0/24, has it's own DHCP network etc. (office network) Ether 6 - 10.10.10.0/24, has it's own DHCP network etc. (restaurant network) Communication between subnet is blocked with one firewall rule. There is one PC (10.10.10.3) in restaurant (Ether 6 subnet), that...
by lotnybartek
Thu Apr 14, 2016 9:12 am
Forum: General
Topic: Exclude one IP from FastTrack - to do simple queues on that IP
Replies: 7
Views: 1789

Re: Exclude one IP from FastTrack - to do simple queues on that IP

This is awesome.

WORKS LIKE A CHARM. Very useful.

Thank you very much.
by lotnybartek
Wed Apr 13, 2016 5:04 pm
Forum: General
Topic: Exclude one IP from FastTrack - to do simple queues on that IP
Replies: 7
Views: 1789

Re: Exclude one IP from FastTrack - to do simple queues on that IP

Hmm, doesn't work. Upload is still not limited to 1Mbit.

Your first and third rules are doing the same thing. Or am I wrong?
by lotnybartek
Wed Apr 13, 2016 4:34 pm
Forum: General
Topic: Exclude one IP from FastTrack - to do simple queues on that IP
Replies: 7
Views: 1789

Re: Exclude one IP from FastTrack - to do simple queues on that IP

Thank you for your answer. I'm newbie, can you tell me in specific what to add before fasttrack rule? Accept...?
by lotnybartek
Wed Apr 13, 2016 3:22 pm
Forum: General
Topic: Exclude one IP from FastTrack - to do simple queues on that IP
Replies: 7
Views: 1789

Exclude one IP from FastTrack - to do simple queues on that IP

Hi there. My gear: 2011UiAS-2HnD - 6.34.4 On my network I have one IP (192.168.1.251) that I'd like to exclude from FastTrack to do simple queues on that IP. I enabled FastTrack with these two commands: /ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,re...
by lotnybartek
Sat Jan 02, 2016 10:19 pm
Forum: General
Topic: Did we loose IP cloud?
Replies: 155
Views: 26185

Re: Did we loose IP cloud?

Yup, IP Cloud is gone here. Can't connect to any of my routers.
by lotnybartek
Tue Aug 25, 2015 8:07 pm
Forum: General
Topic: Feature request: OpenVPN compression LZO and UDP
Replies: 200
Views: 93398

Re: Feature request: OpenVPN compression LZO and UDP

+1 for UDP support.
by lotnybartek
Wed Jul 22, 2015 2:46 pm
Forum: General
Topic: L2TP/IPsec priority - how to?
Replies: 0
Views: 454

L2TP/IPsec priority - how to?

Hello I set up L2TP/IPsec server on my RB2011 - around 6-10 users are constantly connected to it and work from home. I'd like to give this VPN highest priority because from 06:00 to 16:00 there are few programs that are eating up connection a lot, that affects stability and comfort of VPN connection...
by lotnybartek
Fri Jul 10, 2015 12:17 am
Forum: Announcements
Topic: 6.30 released
Replies: 180
Views: 42388

Re: 6.30 released

DynDNS update script not working after update to 6.30 # Set needed variables :local username "XXXXXX" :local password "XXXXXX" :local hostname "XXXXXX.dyndns.org" :global dyndnsForce "" :global previousIP "$previousIP" # print some debug info :log info ("UpdateDynDNS: username = $username") :log inf...
by lotnybartek
Fri Jul 10, 2015 12:03 am
Forum: General
Topic: DynDNS update script not working after update to 6.30 - can someone check this one?
Replies: 3
Views: 4709

DynDNS update script not working after update to 6.30 - can someone check this one?

Hi So I have been using this code for over a year without a problem: # Set needed variables :local username "XXXXXX" :local password "XXXXXX" :local hostname "XXXXXX.dyndns.org" :global dyndnsForce "" :global previousIP "$previousIP" # print some debug info :log info ("UpdateDynDNS: username = $user...
by lotnybartek
Tue Jun 30, 2015 7:32 pm
Forum: General
Topic: How does the client choose which DHCP server to get an address from?
Replies: 4
Views: 757

Re: How does the client choose which DHCP server to get an address from?

ok this is clear to me.

It's not the problem for me to set up TP-LINK as access point. I just want Mikrotik to give out IPs and separate restaurant clients from office employees - that's all actually. I wanted to do that with VLAN. So it's even doable?
by lotnybartek
Tue Jun 30, 2015 5:02 pm
Forum: General
Topic: How does the client choose which DHCP server to get an address from?
Replies: 4
Views: 757

How does the client choose which DHCP server to get an address from?

Router: 2011UiAS-2HnD I have one DHCP server serving 192.168.1.1-192.168.1.252. "Internet" is on eth1. Router acts as PPPoE Client to VDSL2 modem. There is also TP-LINK 1043ND - it gets it's IP from 2011UiAS-2HnD. It's mainly for serving WiFi for restaurant clients and TP-LINK has it's own DHCP serv...
by lotnybartek
Wed Sep 10, 2014 1:06 pm
Forum: General
Topic: Two subnets on one interface, can’t reach each other
Replies: 1
Views: 511

Re: Two subnets on one interface, can’t reach each other

Man, I have almost same problem here:

http://forum.mikrotik.com/viewtopic.php?f=2&t=88907

Can someone from gurus help us?
by lotnybartek
Mon Sep 08, 2014 1:02 pm
Forum: General
Topic: Can't reach LAN Subnet (WR1043ND) from other Subnet (MT)
Replies: 0
Views: 771

Can't reach LAN Subnet (WR1043ND) from other Subnet (MT)

Hello there. So I have: 1) RB2011UiAS-2HnD-IN - acting as PPPoE dialer on LAN 1, DHCP, DNS on LAN 2 (well, whole network is on LAN 2) - 192.168.1.253, SUBNET: 192.168.1.0 2) TP-link WR1043ND with latest DD-WRT set up in Gateway mode - it's WAN is connected to MIKROTIK LAN 2 (through few switches) so...
by lotnybartek
Tue Sep 02, 2014 1:20 pm
Forum: General
Topic: fetch: file "dyndns.checkip.html" downloaded
Replies: 13
Views: 3128

Re: fetch: file "dyndns.checkip.html" downloaded

Thanks janisk. Simple as that.
by lotnybartek
Fri Aug 29, 2014 10:34 am
Forum: General
Topic: fetch: file "dyndns.checkip.html" downloaded
Replies: 13
Views: 3128

Re: fetch: file "dyndns.checkip.html" downloaded

Yes, I run such script.

I was talking about BOLD entry:

fetch: file "dyndns.checkip.html" downloaded

I have not seen this entry before 6.19.
by lotnybartek
Thu Aug 28, 2014 10:41 pm
Forum: General
Topic: fetch: file "dyndns.checkip.html" downloaded
Replies: 13
Views: 3128

fetch: file "dyndns.checkip.html" downloaded

Hi there. Since I upgraded my RB2011s to 6.19 I can see in my log: UpdateDynDNS: username = xxxxxx UpdateDynDNS: hostname = xxxxxxxxxxxxxxxxxxxxxxxxx UpdateDynDNS: previousIP = xx.xx.xx.xx fetch: file "dyndns.checkip.html" downloaded UpdateDynDNS: currentIP = xx.xx.xx.xx UpdateDynDNS: No dyndns upda...
by lotnybartek
Sun Jul 20, 2014 11:14 am
Forum: General
Topic: Can't reach RB2011 via dyndns - other two are reachable
Replies: 4
Views: 948

Re: Can't reach RB2011 via dyndns - other two are reachable

EDIT: PROBLEM IS SOLVED I reinstalled Eset Smart Security. Everything is working normal now. I swear to God, I was trying to access the website dozen time from my laptop, wife laptop, smartphone etc - no luck. Meh - thank you for tips dear friend. ============================= In attachment you can...
by lotnybartek
Sat Jul 19, 2014 10:05 pm
Forum: General
Topic: Can't reach RB2011 via dyndns - other two are reachable
Replies: 4
Views: 948

Re: Can't reach RB2011 via dyndns - other two are reachable

One more thing - I can normally connect from home to third RB2011 via L2TP/IPSec.

rextended - what information do you need?
by lotnybartek
Sat Jul 19, 2014 9:52 pm
Forum: General
Topic: Can't reach RB2011 via dyndns - other two are reachable
Replies: 4
Views: 948

Can't reach RB2011 via dyndns - other two are reachable

Hello So after I bought first RB2011 - I bought another one and another one ;-) First RB2011 is in my home - reachable from outside via "https://a.dyndns.org:port" Second RB2011 is @ 1st work - reachable from home via "https://b.dyndns.org:port" Third RB2011 is @ 2nd work - NOT reachable from home v...
by lotnybartek
Fri May 23, 2014 8:51 am
Forum: General
Topic: Crashplan Cloud Backup eating all bandwidth - QoS help
Replies: 4
Views: 1975

Re: Crashplan Cloud Backup eating all bandwidth - QoS help

Thank you very much sir for you input. THANX. ;-)
by lotnybartek
Wed May 21, 2014 10:04 am
Forum: General
Topic: Crashplan Cloud Backup eating all bandwidth - QoS help
Replies: 4
Views: 1975

Re: Crashplan Cloud Backup eating all bandwidth - QoS help

Crashplan is on Windows 2003 Server SBS so it might work. Thank for the tip.

But how to set up queues to make the traffic low priority?
by lotnybartek
Tue May 20, 2014 8:53 pm
Forum: General
Topic: Crashplan Cloud Backup eating all bandwidth - QoS help
Replies: 4
Views: 1975

Crashplan Cloud Backup eating all bandwidth - QoS help

Dear Users - this is my problem. We are using Crashplan backup service to backup all our data. Now, their app is using almost all the upload bandwidth. That was the problem at the beginning, because first we've done backup of all our files ~ 70GB. Now, we backup continuously every file in real time,...
by lotnybartek
Tue May 20, 2014 8:31 pm
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD stops responding spontaneously
Replies: 42
Views: 12058

Re: RB2011UAS-2HnD stops responding spontaneously

So I can only confirm. This one is fixed in 6.13. No problems for couple of days.

Thank you Mikrotik ;-)
by lotnybartek
Fri May 16, 2014 8:29 am
Forum: General
Topic: v6.12 released
Replies: 237
Views: 57405

Re: v6.12 released

Hmm, what about fixing L2TP/IPSec cache not flushing? I HOPE this is fixed in 6.13.

WHERE Can I download 6.13?
by lotnybartek
Thu May 15, 2014 9:22 pm
Forum: General
Topic: v6.12 released
Replies: 237
Views: 57405

Re: v6.12 released

How can I get 6.13?
by lotnybartek
Mon May 05, 2014 11:00 pm
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD stops responding spontaneously
Replies: 42
Views: 12058

Re: RB2011UAS-2HnD stops responding spontaneously

Apparently this issue has been fixed in 6.13. From yesterday, all clients (6 clients using L2TP/IPSec) were connected. Today cache size is 56 now. Normally it would be something between 2k-4k.
by lotnybartek
Fri May 02, 2014 3:53 pm
Forum: General
Topic: RB2011UiAS-2HnD-IN - High CPU Usage - Watch Video To See
Replies: 3
Views: 903

Re: RB2011UiAS-2HnD-IN - High CPU Usage - Watch Video To See

ethernet, firewall, networking. These three are spiking causing heavy load. Don't know if there is anything I can do to prevent such high load (example now: 1 client connected, downloading at 3.6 MB/s ~ 30 Mbit/s) - CPU usage as shown on vid.
by lotnybartek
Wed Apr 30, 2014 1:38 pm
Forum: General
Topic: RB2011UiAS-2HnD-IN - High CPU Usage - Watch Video To See
Replies: 3
Views: 903

RB2011UiAS-2HnD-IN - High CPU Usage - Watch Video To See

Hello RB2011UiAS-2HnD-IN with 3.14 / 6.12 working as PPPoE client to VDSL2 line (30 Mbit/s down) 10 clients connected via DHCP all doing almost nothing (in terms of bandwidth usage). 1 client downloading at 3,5 MB/s. Is this CPU usage normal? Spikes from 5% to almost 70% every now and then? Watch th...
by lotnybartek
Mon Apr 28, 2014 11:21 pm
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD stops responding spontaneously
Replies: 42
Views: 12058

Re: RB2011UAS-2HnD stops responding spontaneously

:local act [/ip route cache get cache-size] :local max [/ip route cache get max-cache-size] # print some debug info :log info ("Actual route cache size: $act") :log info ("Max. route cache size: $max") :log info ("If active route cache size: $act>=14336 reboot required") if (($max-$act)<=2048) do={...
by lotnybartek
Mon Apr 28, 2014 4:30 pm
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD stops responding spontaneously
Replies: 42
Views: 12058

Re: RB2011UAS-2HnD stops responding spontaneously

Yes, I have 6.12 / 3.14.
by lotnybartek
Mon Apr 28, 2014 3:36 pm
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD stops responding spontaneously
Replies: 42
Views: 12058

Re: RB2011UAS-2HnD stops responding spontaneously

Same problem here using RB2011UAS-2HnD and latest firmware / software. Happened few times already (I have this router for 3 weeks), always while L2TP/IPSec clients connected (last time crash - 5 clients connected). I can't ping it, I can't login into it (ssh, telnet, winbox, web). Only reboot fix th...
by lotnybartek
Wed Apr 23, 2014 1:48 pm
Forum: General
Topic: Possible ongoing attack on my MT from China IPs - Help me...
Replies: 4
Views: 797

Re: Possible ongoing attack on my MT from China IPs - Help m

No, I do not use SSH and I already disabled it. Also, I do not use common names in login and/or password.

For the time being I'll just drop the inbound.

Thank you for tips.
by lotnybartek
Wed Apr 23, 2014 11:22 am
Forum: General
Topic: Possible ongoing attack on my MT from China IPs - Help me...
Replies: 4
Views: 797

Possible ongoing attack on my MT from China IPs - Help me...

Hello there dear community So after days of configuring my RB2011UiAS-2HnD-IN, everything is set up. So: Modem (bridge mode) ---> Router (PPPoE), WLAN, DynDNS Today when I logged in into WinBox in Logs I spotted this: http://i.imgur.com/lyzzbml.jpg http://i.imgur.com/oRvXMBm.jpg I checked IPs, they ...