Community discussions

MikroTik App

Search found 11 matches

by EnigmAX
Sat May 23, 2020 2:17 am
Forum: Beginner Basics
Topic: Problems with setting VPN and repeater on hap ac2
Replies: 3
Views: 556

Re: Problems with setting VPN and repeater on hap ac2

In /ip firewall mangle, I think your dst-address should be 0.0.0.0/0.
Also enable logging for your mangle rule and check your logs that it actually matches your traffic.
by EnigmAX
Sat May 23, 2020 12:54 am
Forum: General
Topic: Hairpin nat issue [SOLVED]
Replies: 8
Views: 1573

Re: Hairpin nat issue [SOLVED]

But now if you disabled it, you'll want to do something with firewall filter, because it allows pretty much anything to pass. Yes, I completely agree. Input is pretty much blocked from the outside. Forwarding however is almost allowed anywhere, with the exception of some bogon rules and invalid sta...
by EnigmAX
Sat May 23, 2020 12:47 am
Forum: General
Topic: Hairpin nat issue [SOLVED]
Replies: 8
Views: 1573

Re: Hairpin nat issue [SOLVED]

If you look at the log line you've quoted, it says in:bridge-hq(ether7-trunk-zolder) , whereas it should actually say in:hq-vlan10 . So the rule acts too early, already when the frame is processed at bridge level, which breaks something in the subsequent processing. To fix that, it might be suffici...
by EnigmAX
Sat May 23, 2020 12:24 am
Forum: General
Topic: Hairpin nat issue [SOLVED]
Replies: 8
Views: 1573

Re: Hairpin nat issue [SOLVED]

I added the log rule, I was already checking on prerouting, forwarding, postrouting to figure out where stuff was going south. However, this did not help anything. Traffic not reaching forwaring at all I guess. (*) The only suspect would be bridge's use-ip-firewall=yes, use-ip-firewall-for-vlan=yes....
by EnigmAX
Fri May 22, 2020 9:27 pm
Forum: General
Topic: Flooding UDP port 1194
Replies: 14
Views: 2150

Re: Flooding UDP port 1194

Check out this (old) piece of information, and focus on the content of a "failed login" with openvpn:

https://wiki.mikrotik.com/wiki/Brutefor ... prevention
by EnigmAX
Fri May 22, 2020 9:04 pm
Forum: General
Topic: Hairpin nat issue [SOLVED]
Replies: 8
Views: 1573

Hairpin nat issue [SOLVED]

Hello all, Long time Mikrotik user here, running a CCR for quite some time. While not being a network export, I can get around network topics. Some time ago I extended my network a bit and updated my bridge configuration and started using vlan filtering. Around that time, my hairpin nat stopped work...
by EnigmAX
Mon Oct 29, 2018 11:51 pm
Forum: General
Topic: DNS forward based on domain name
Replies: 18
Views: 5944

Re: DNS forward based on domain name

Same issue. Found this post. Request is now open for at least 10 years. I guess we can wait another 10.
It truly amazes me, with all the crazy shit my CCR can do, this basic option is still unavailable.
by EnigmAX
Wed Dec 27, 2017 3:43 pm
Forum: General
Topic: Webfig won't allow editing firewall filter rules
Replies: 14
Views: 3142

Re: Webfig won't allow editing firewall filter rules

Same problem here.Chrome user. CCR1009 running 6.41.

Tried incognito mode and it works.
Disabled both lastpass and ublock origin. Closed my browser and it worked in normal (non-incognito) mode.
Enabled both lastpass and ublock origin. Closed my browser and it worked in normal (non-incognito) mode. :?
by EnigmAX
Mon Nov 03, 2014 11:44 pm
Forum: General
Topic: GRE over IPSEC, CCR, VERY SLOW
Replies: 39
Views: 17068

Re: GRE over IPSEC, CCR, VERY SLOW

In my test setup between two CCRs, gre over ipsec had no problems fowarding 500Mbps with 1450 byte packets. Its pretty obvious that your perfect conditions test case doesn't reflect real world performance. I landed on this page, because I'm having *exactly* the issue described in this topic. @mrz: ...
by EnigmAX
Mon May 26, 2014 4:13 pm
Forum: General
Topic: 6rd support?
Replies: 23
Views: 9842

Re: 6rd support?

I've sent an e-mail to support@mikrotik.com asking for more information. The official reply I got was: from: MikroTik support [Janis Krumins] <support@mikrotik.com> date: Fri, May 23, 2014 at 3:34 PM Hello, currently RouterOS does not support 6rd. It is not scheduled anytime soon. Regards, Janis Kru...
by EnigmAX
Mon May 26, 2014 4:12 pm
Forum: General
Topic: Feature request for v7.x
Replies: 273
Views: 70296

Re: Feature request for v7.x

Hi, It would be a must for mikrotik products .... please could you add 6RD (ipv6 rapid deployment) available for many ISP :-) Thank you maxspeed I've sent an e-mail to support@mikrotik.com asking for more information. The official reply I got was: from: MikroTik support [Janis Krumins] <support@mik...