Community discussions

MikroTik App

Search found 54 matches

by cyon
Mon Feb 08, 2021 11:36 am
Forum: Useful user articles
Topic: Mikrotik (behind NAT) to Mikrotik IPSEC/IKE2 tunnel + EoIP on top of that
Replies: 6
Views: 1598

Re: Mikrotik (behind NAT) to Mikrotik IPSEC/IKE2 tunnel + EoIP on top of that

Hello @erkexzcx

I'm looking for a VPN for my iPhone to my Mikrotik?
by cyon
Tue Dec 08, 2020 4:31 pm
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Re: Ipsec not traffic passing

Too much time has elapsed and too much changes have been done during that time. Post the current configurations.
I delete everything and starting from the beginning. Will post everything when done.
by cyon
Tue Dec 08, 2020 4:25 pm
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Re: Ipsec not traffic passing

Going to start over!
Is it the new version that is causing not to get the traffic passing trough the nat? as I did all the steps that you sent.
by cyon
Fri Dec 04, 2020 7:06 am
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Re: Ipsec not traffic passing

You may think I am paranoid, however the sad truth is that even if no one may be interested in your data and network in particular, botnets crawl the net automatically and try to seize every device they find.
Can you send some good firewall rules?
by cyon
Fri Dec 04, 2020 6:16 am
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Re: Ipsec not traffic passing

ok, Now I learned alot. Thank you
by cyon
Thu Dec 03, 2020 5:30 pm
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Re: Ipsec not traffic passing

/ip firewall nat remove [find !(action~"masquerade")]
why remove this>?
by cyon
Wed Dec 02, 2020 3:44 pm
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Re: Ipsec not traffic passing

[/quote] OK, so you've attempted to use an EoIP tunnel to connect the sites rather than using an IPsec policy to directly match the traffic. This is also a possible approach (which costs a couple of bytes per packet more), but as EoIP is an L2 tunnel, you cannot use the tunnel name as a gateway of a...
by cyon
Wed Dec 02, 2020 2:03 pm
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Re: Ipsec not traffic passing

Here is the config of eash router
by cyon
Wed Dec 02, 2020 1:25 pm
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Re: Ipsec not traffic passing

I have done that and no winnings. I miss something, I have played with nat and Routes.

router.PNG
by cyon
Tue Dec 01, 2020 8:40 am
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Re: Ipsec not traffic passing

Apologies, but I'm lost now. I have fixed the nat rules, Router A /ip firewall nat add action=src-nat chain=srcnat dst-address=10.22.22.2 to-addresses=10.22.22.1 add action=masquerade chain=srcnat /ip ipsec policy group add name="My group" /ip ipsec policy set 0 disabled=yes add dst-addres...
by cyon
Mon Nov 30, 2020 9:30 am
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Re: Ipsec not traffic passing

Router A @*****VM > export # nov/30/2020 09:00:04 by RouterOS 6.47.8 # software id = # # # /interface bridge add name=loopback /interface ethernet set [ find default-name=ether1 ] comment=MirotikSW-Router disable-running-check=no name=ether1-external set [ find default-name=ether3 ] comment=ISSA-VM ...
by cyon
Mon Nov 30, 2020 8:57 am
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Re: Ipsec not traffic passing

Hope the log will help.
by cyon
Sun Nov 29, 2020 5:47 pm
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Re: Ipsec not traffic passing

Hey, I got it working, Thank you.

so Noob question: Router A is 192.168.1.0/24 and Router is 10.59.10.0/24. if I add the Nat I can't ping the Linux box on 192.168.1.18 from 10.59.10.40.
How do I go about this with the IPsec?
by cyon
Fri Nov 27, 2020 9:07 pm
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Re: Ipsec not traffic passing

Check my guide: viewtopic.php?f=23&t=169538

I think you are missing bridge/interface for VPN server as well as NAT rule for internal networks. I've mentioned everything there.
Not Working!
by cyon
Fri Nov 27, 2020 3:50 pm
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Re: Ipsec not traffic passing

I did add the nat rule, ?
by cyon
Fri Nov 27, 2020 2:58 pm
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Re: Ipsec not traffic passing

Check my guide: https://forum.mikrotik.com/viewtopic.php?f=23&t=169538 I think you are missing bridge/interface for VPN server as well as NAT rule for internal networks. I've mentioned everything there. I have followed the guys setup. https://www.informaticar.net/how-to-establish-site-to-site-v...
by cyon
Fri Nov 27, 2020 2:31 pm
Forum: General
Topic: Ipsec not traffic passing
Replies: 26
Views: 1448

Ipsec not traffic passing

Hello all. I have set up the IPsec and I don't get the traffic passing. I have done Firewall Nat and no luck. Please can you help me what am I missing? Thank you Router 2 /ip ipsec> export # nov/27/2020 13:49:56 by RouterOS 6.47.8 # /ip ipsec peer add address=1.1.1.1/32 exchange-mode=ike2 local-addr...
by cyon
Wed Jun 24, 2020 9:21 pm
Forum: General
Topic: couldn't add new DHCP client - can not run on slave interface
Replies: 9
Views: 4903

Re: couldn't add new DHCP client - can not run on slave interface

so the people have put a wireless device in the roof but never done the setup, so its plug in the ether 3 port, and it has a DHCP 192.168.0.1/24.
I want to connect to the Wifi web interface that is on 192.168.0.1. The Mikrotik network is 192.168.1.0/24 where that PC on.
by cyon
Wed Jun 24, 2020 5:07 pm
Forum: General
Topic: couldn't add new DHCP client - can not run on slave interface
Replies: 9
Views: 4903

Re: couldn't add new DHCP client - can not run on slave interface

Thank you I have removed the bridge 2 from ether3 and I got it working. so either 2 network is on 192.168.1.0/24, ether 3 - I have a device that needs to get in the web interface that is in 192.168.0.1. how can I get on to the web 192.168.0.1 on the client PC that is on 192.168.1.25 I just need to c...
by cyon
Wed Jun 24, 2020 4:34 pm
Forum: General
Topic: couldn't add new DHCP client - can not run on slave interface
Replies: 9
Views: 4903

Re: couldn't add new DHCP client - can not run on slave interface

Your port is member of a bridge. Put the dhcp client on the bridge.
I don't understand. I can do it on Ether 1 but I can't do it with Ether 3?
by cyon
Wed Jun 24, 2020 3:55 pm
Forum: General
Topic: couldn't add new DHCP client - can not run on slave interface
Replies: 9
Views: 4903

couldn't add new DHCP client - can not run on slave interface

Good day all

I busy setting up erth3 DHCP Clint but I can't.
"couldn't add new DHCP client - can not run on slave interface"
we on 6.47 firmware on Mikrotik, how do you fix the port not to be a slave anymore?

What can I do?
by cyon
Wed Oct 09, 2019 12:53 pm
Forum: General
Topic: ECMP - Cloud script
Replies: 0
Views: 581

ECMP - Cloud script

Good day I have a problem. I got 2 Internet connections(WAN1 & WAN2) with ECMP and I make use of cloud DDNS, for the VPN Connection to this router. so when the DDNS updates, it takes that WAN2 public IP Address and that WAN2 IP points to a diffrent Router with no VPN setup. Is there a way I can ...
by cyon
Fri Sep 06, 2019 4:12 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 203
Views: 78946

Re: RouterOS v7.0beta1 (ARM)

what VPN are you running?
PPTP- and OpenVPN-clients both work fine. OpenVPN server in UDP mode works as well (just tried it)!
IKEv2 to ios 12.4?
by cyon
Fri Sep 06, 2019 2:40 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 203
Views: 78946

Re: RouterOS v7.0beta1 (ARM)

Whoa! Just installed 7.0beta1 on a hAP ac^2. Wireless/EoIP/VPN all work.
Routing stack seems to have changed quite dramatically though!
I lost BGP, but I gained /routing/pimsm and /routing/fantasy, although I have no clue what that last one does yet.
what VPN are you running?
by cyon
Fri Sep 06, 2019 11:59 am
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 203
Views: 78946

Re: RouterOS v7.0beta1 (ARM)

I can't read that!
by cyon
Tue Sep 03, 2019 11:15 pm
Forum: General
Topic: IKEv2 Drops after 8 mins IOS12.4
Replies: 0
Views: 632

IKEv2 Drops after 8 mins IOS12.4

Hi all Can someone help me? I have been searching the internet and can't find why the iPhone - ios12 drops after 8mins. I have change encryptions and test. The firewall filters is working, can get out to the internet and the local lan. I just can't get it to stay connected. # sep/03/2019 22:07:56 by...
by cyon
Tue Sep 03, 2019 11:15 am
Forum: Beginner Basics
Topic: IPSEC IKEv2 setup cannot access LAN. Only can access router.
Replies: 5
Views: 2141

Re: IPSEC IKEv2 setup cannot access LAN. Only can access router.

Hi Imperia

Did you come right with this?
I can connect to the VPN and ping only the router but none of my services on the LAN.
by cyon
Sun Sep 01, 2019 8:37 pm
Forum: General
Topic: CRS112-8G-4S > No 100mbps fiber [SOLVED]
Replies: 11
Views: 2592

Re: CRS112-8G-4S > No 100mbps fiber [SOLVED]

Thank you

speed is much better..
will save now for a better router to get the full fiber speed.
Capture.PNG
by cyon
Sat Aug 31, 2019 9:26 pm
Forum: General
Topic: CRS112-8G-4S > No 100mbps fiber [SOLVED]
Replies: 11
Views: 2592

Re: CRS112-8G-4S > No 100mbps fiber [SOLVED]

Thank you so much vodokotlic! it is working awesome.
by cyon
Sat Aug 31, 2019 6:48 am
Forum: General
Topic: CRS112-8G-4S > No 100mbps fiber [SOLVED]
Replies: 11
Views: 2592

Re: CRS112-8G-4S > No 100mbps fiber [SOLVED]

Hi understand.

Fast track is on! I can't afford to buy some new.

What until will worth saving for? More then 8 ports / rack mount and have an lots of power two. Need to connect vpn as well do lots of firewall rules
by cyon
Sat Aug 31, 2019 12:12 am
Forum: General
Topic: CRS112-8G-4S > No 100mbps fiber [SOLVED]
Replies: 11
Views: 2592

Re: CRS112-8G-4S > No 100mbps fiber [SOLVED]

Hi

Here is the screenshot.

so I need to add more rules in the firewall?
Untitled2.png
by cyon
Fri Aug 30, 2019 11:47 pm
Forum: General
Topic: CRS112-8G-4S > No 100mbps fiber [SOLVED]
Replies: 11
Views: 2592

Re: CRS112-8G-4S > No 100mbps fiber [SOLVED]

Hi, I haven't confi the firewall. nothing in the bush. Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload # INTERFACE BRIDGE HW PVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZON 0 H ether3 Skynet yes 1 0x80 10 10 none 1 H ether4 Skynet yes 1 0x80 10 10 none 2 H ether5 Skynet yes 1 0x80 ...
by cyon
Fri Aug 30, 2019 11:06 pm
Forum: General
Topic: CRS112-8G-4S > No 100mbps fiber [SOLVED]
Replies: 11
Views: 2592

CRS112-8G-4S > No 100mbps fiber [SOLVED]

Hi All. Hope you can help. I had this device for almost 3 years. I understand it is not a Router, But at that time I received it as a gift. CRS112-8G-4S I always had ADSL 12mbps and now My work installed me 100mbps Fiber. I reconfigure the unit and I only get 22mbps (Speedtest) out of the unit. I ha...
by cyon
Fri Aug 30, 2019 12:18 pm
Forum: General
Topic: Best Practice filter rules?
Replies: 1
Views: 680

Best Practice filter rules?

Hi, all the Mikrotik lovers!

I need your help?
I'm looking for a best practice for the Mikrotik Firewall Filer Rules.
Maybe someone has a best practice for the Firewall filter rules in one place. This will help me a lot.

Thank you
C
by cyon
Thu Aug 29, 2019 9:34 am
Forum: General
Topic: L2TP --> Dying!
Replies: 4
Views: 2027

Re: L2TP --> Dying!

Just an update, so I change the DNS server to a different server and the connection never drop one's un till now 8 am this morning. I could see it gets a new key every hour.
I'm getting new internet installed soon. maybe the line speed is just too small.
by cyon
Wed Aug 28, 2019 5:48 pm
Forum: General
Topic: L2TP --> Dying!
Replies: 4
Views: 2027

Re: L2TP --> Dying!

I don't understand why! Here is the log 14:48:01 ipsec,info purging ISAKMP-SA 1xx.xx.xx.xx[4500]<=>1xx.xx.xx.xx[11659] spi=59bd8xxc0a02160c:2181ecxxxx57. 14:48:01 ipsec,info ISAKMP-SA deleted 10x.xx.xx.xx[4500]-1xx.xx.xx.xx[11659] spi:59bd8xxc0a02160c:2181ec3xxxxc57 r ekey:1 15:34:03 ipsec,info ISAK...
by cyon
Wed Aug 28, 2019 3:43 pm
Forum: General
Topic: L2TP --> Dying!
Replies: 4
Views: 2027

L2TP --> Dying!

Hello. I'm really struggling with this. I connect with no problem and then after some time, it starts to "dying" out and disconnect. What can I do to keep the connection going? or did I miss something? 13:09:12 ipsec,info ISAKMP-SA dying 10x.xx.xx.xx[4500]-100.xx.xx.xx[4219 3b7:xxxxxxxxxc5...
by cyon
Mon Aug 26, 2019 1:17 pm
Forum: General
Topic: L2TP -> Iphone 12.4
Replies: 0
Views: 702

L2TP -> Iphone 12.4

Hi All I try to set up an L2TP with my Iphone8 (12.4) to Mikrotik 6.45.2 connection I google it but all the content is for older Mikrotik, some of the settings is not anymore in Mikrotik 6.45.2 or on diffrent places. Can someone help me? I keep getting this error: 12:09:54 ipsec,info respond new pha...
by cyon
Fri Aug 02, 2019 11:45 am
Forum: General
Topic: Block Ping request
Replies: 12
Views: 12820

Re: Block Ping request

Block ICMP packets and allow router to show as a hop on traceroutes; /ip firewall filter add action=drop chain=forward disabled=yes icmp-options=8:0 protocol=icmp Doesn't Work! Of course, disabled=yes is a very effective way to make non-working firewall rules :) I did see that LoL. but still not wo...
by cyon
Fri Aug 02, 2019 11:26 am
Forum: General
Topic: Block Ping request
Replies: 12
Views: 12820

Re: Block Ping request

Block ICMP packets and allow router to show as a hop on traceroutes;

/ip firewall filter add action=drop chain=forward disabled=yes icmp-options=8:0 protocol=icmp
Doesn't Work!
by cyon
Fri Jul 26, 2019 11:08 am
Forum: General
Topic: RouterBOARD 750UP - no Respones> Reset with no Default Configuration
Replies: 1
Views: 617

RouterBOARD 750UP - no Respones> Reset with no Default Configuration

Good day I have a RouterBOARD 750UP, I've Hard reset the unit, log-in and select 'No Default Configuration' and then it reboots. After reboot, I can't get back in with the MAC Address. Then after restart the eth port 2 to 5 just goes ON and OFF every 10 sec. Then I have Hard Reset the device again a...
by cyon
Tue Jun 25, 2019 12:43 pm
Forum: General
Topic: Block Teamviewer
Replies: 24
Views: 20817

Re: Block Teamviewer

Think as we are not the same country.


I do more work on it
by cyon
Mon Jun 24, 2019 10:57 am
Forum: General
Topic: Block Teamviewer
Replies: 24
Views: 20817

Re: Block Teamviewer

So I did some digging and saw that TeamViewer Connect to a domain, 188.172.217.0/24
by cyon
Fri Jun 21, 2019 4:08 pm
Forum: General
Topic: Block Teamviewer
Replies: 24
Views: 20817

Re: Block Teamviewer

Did anyone get this right? I want to mark the packages for QoS.
by cyon
Thu Jun 20, 2019 1:22 pm
Forum: General
Topic: CRS125-24G-1S-RM (Discontinued?) [SOLVED]
Replies: 1
Views: 751

CRS125-24G-1S-RM (Discontinued?) [SOLVED]

Hi

What happened with CRS125-24G-1S-RM unit?

see it is discontinued! why?

Thank you
by cyon
Wed Jun 19, 2019 7:12 pm
Forum: General
Topic: Route the Fiber [SOLVED]
Replies: 7
Views: 1641

Re: Route the Fiber [SOLVED]

I understand the situation that you have.

Lucky enough I'm the firts call tech support for the family.

Thank you. 8)
by cyon
Wed Jun 19, 2019 4:04 pm
Forum: Announcements
Topic: MikroTik News June 2019 (Issue #89)
Replies: 38
Views: 18419

Re: MikroTik News June 2019 (Issue #89)

Still no CRS354 switches..
Announced more then year ago. Another RouterOS v7?
I'm waiting as well!
by cyon
Wed Jun 19, 2019 3:14 pm
Forum: General
Topic: Route the Fiber [SOLVED]
Replies: 7
Views: 1641

Re: Route the Fiber [SOLVED]

Well, sometimes the situation can be tricky. For example, for me it is not possible to get fiber, but for the people across the street it is. My street is the border of the area where you can get fiber. If I would get internet from the people across the street (I don't, I have my own VDSL connectio...
by cyon
Wed Jun 19, 2019 11:33 am
Forum: General
Topic: Route the Fiber [SOLVED]
Replies: 7
Views: 1641

Re: Route the Fiber [SOLVED]

Thank you for your support.

8)
by cyon
Sat Jun 15, 2019 10:00 pm
Forum: Beginner Basics
Topic: capsman configuration with AP ubiquiti
Replies: 3
Views: 4608

Re: capsman configuration with AP ubiquiti

Hi, Did you come right? I also want to know. Hello guys, i need to setup up a hotspot with router os but after i really want to know if access point ubiquiti (UNIFI) is compatible with capsman router os, if is the right configuration, i have the following scenario: 1x RB2011iL 4x UNIFI AP is possibl...
by cyon
Sat Jun 15, 2019 9:00 pm
Forum: General
Topic: Route the Fiber [SOLVED]
Replies: 7
Views: 1641

Re: Route the Netflix to my neighbor's Fiber [SOLVED]

Hi

So I re-did everything and still have some problems with the DNS.

Got it working.
by cyon
Wed Jun 12, 2019 5:54 pm
Forum: General
Topic: Route the Fiber [SOLVED]
Replies: 7
Views: 1641

Route the Fiber [SOLVED]

Hi all. let's hope this post will stay! So I'm still an n00b when it comes to Mikrotik. Hope someone can help me with this problem Last week my Neighbors told me that I can connect to their fiber across the street. So I thought to go VLAN but then my Friend comes up with a diffrent way. I got everyt...